Collapse ssl3_state_st (s3) into ssl_st

With the removal of SSLv2, the s3 structure is always allocated, so
there is little point in having it be an allocated pointer. Collapse
the ssl3_state_st structure into ssl_st and fixup any references.

This should be faster than going through an indirection and due to
fewer allocations, but I'm not seeing any significant performance
improvement; it seems to be within the margin of error in timing.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7888)
This commit is contained in:
Todd Short 2018-12-12 13:09:50 -05:00 committed by Matt Caswell
parent d7fcf1feac
commit 555cbb328e
25 changed files with 868 additions and 883 deletions

View File

@ -41,22 +41,22 @@ int dtls1_dispatch_alert(SSL *s)
unsigned char *ptr = &buf[0]; unsigned char *ptr = &buf[0];
size_t written; size_t written;
s->s3->alert_dispatch = 0; s->s3.alert_dispatch = 0;
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
*ptr++ = s->s3->send_alert[0]; *ptr++ = s->s3.send_alert[0];
*ptr++ = s->s3->send_alert[1]; *ptr++ = s->s3.send_alert[1];
i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written); i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written);
if (i <= 0) { if (i <= 0) {
s->s3->alert_dispatch = 1; s->s3.alert_dispatch = 1;
/* fprintf( stderr, "not done with alert\n" ); */ /* fprintf( stderr, "not done with alert\n" ); */
} else { } else {
if (s->s3->send_alert[0] == SSL3_AL_FATAL) if (s->s3.send_alert[0] == SSL3_AL_FATAL)
(void)BIO_flush(s->wbio); (void)BIO_flush(s->wbio);
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert,
2, s, s->msg_callback_arg); 2, s, s->msg_callback_arg);
if (s->info_callback != NULL) if (s->info_callback != NULL)
@ -65,7 +65,7 @@ int dtls1_dispatch_alert(SSL *s)
cb = s->ctx->info_callback; cb = s->ctx->info_callback;
if (cb != NULL) { if (cb != NULL) {
j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]; j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1];
cb(s, SSL_CB_WRITE_ALERT, j); cb(s, SSL_CB_WRITE_ALERT, j);
} }
} }

View File

@ -374,10 +374,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->rwstate = SSL_NOTHING; s->rwstate = SSL_NOTHING;
/*- /*-
* s->s3->rrec.type - is the type of record * s->s3.rrec.type - is the type of record
* s->s3->rrec.data, - data * s->s3.rrec.data, - data
* s->s3->rrec.off, - offset into 'data' for next read * s->s3.rrec.off, - offset into 'data' for next read
* s->s3->rrec.length, - number of bytes. * s->s3.rrec.length, - number of bytes.
*/ */
rr = s->rlayer.rrec; rr = s->rlayer.rrec;
@ -442,8 +442,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* we now have a packet which can be read and processed */ /* we now have a packet which can be read and processed */
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, if (s->s3.change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */ * reset by ssl3_get_finished */
&& (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) { && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
/* /*
* We now have application data between CCS and Finished. Most likely * We now have application data between CCS and Finished. Most likely
@ -574,7 +574,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
} }
if (alert_level == SSL3_AL_WARNING) { if (alert_level == SSL3_AL_WARNING) {
s->s3->warn_alert = alert_descr; s->s3.warn_alert = alert_descr;
SSL3_RECORD_set_read(rr); SSL3_RECORD_set_read(rr);
s->rlayer.alert_count++; s->rlayer.alert_count++;
@ -607,7 +607,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
char tmp[16]; char tmp[16];
s->rwstate = SSL_NOTHING; s->rwstate = SSL_NOTHING;
s->s3->fatal_alert = alert_descr; s->s3.fatal_alert = alert_descr;
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_READ_BYTES, SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_READ_BYTES,
SSL_AD_REASON_OFFSET + alert_descr); SSL_AD_REASON_OFFSET + alert_descr);
BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
@ -761,10 +761,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* application data at this point (session renegotiation not yet * application data at this point (session renegotiation not yet
* started), we will indulge it. * started), we will indulge it.
*/ */
if (s->s3->in_read_app_data && if (s->s3.in_read_app_data &&
(s->s3->total_renegotiations != 0) && (s->s3.total_renegotiations != 0) &&
ossl_statem_app_data_allowed(s)) { ossl_statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2; s->s3.in_read_app_data = 2;
return -1; return -1;
} else { } else {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
@ -818,7 +818,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
} }
/* If we have an alert to send, lets send it */ /* If we have an alert to send, lets send it */
if (s->s3->alert_dispatch) { if (s->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s); i = s->method->ssl_dispatch_alert(s);
if (i <= 0) if (i <= 0)
return i; return i;

View File

@ -172,7 +172,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
/* /*
* If extend == 0, obtain new n-byte packet; if extend == 1, increase * If extend == 0, obtain new n-byte packet; if extend == 1, increase
* packet by another n bytes. The packet will be in the sub-array of * packet by another n bytes. The packet will be in the sub-array of
* s->s3->rbuf.buf specified by s->packet and s->packet_length. (If * s->s3.rbuf.buf specified by s->packet and s->packet_length. (If
* s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus * s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus
* s->packet_length bytes if extend == 1].) * s->packet_length bytes if extend == 1].)
* if clearold == 1, move the packet to the start of the buffer; if * if clearold == 1, move the packet to the start of the buffer; if
@ -288,7 +288,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
int ret; int ret;
/* /*
* Now we have len+left bytes at the front of s->s3->rbuf.buf and * Now we have len+left bytes at the front of s->s3.rbuf.buf and
* need to read in more until we have len+n (up to len+max if * need to read in more until we have len+n (up to len+max if
* possible) * possible)
*/ */
@ -461,7 +461,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
break; break;
} }
if (s->s3->alert_dispatch) { if (s->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s); i = s->method->ssl_dispatch_alert(s);
if (i <= 0) { if (i <= 0) {
/* SSLfatal() already called if appropriate */ /* SSLfatal() already called if appropriate */
@ -630,7 +630,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
* next chunk of data should get another prepended empty fragment * next chunk of data should get another prepended empty fragment
* in ciphersuites with known-IV weakness: * in ciphersuites with known-IV weakness:
*/ */
s->s3->empty_fragment_done = 0; s->s3.empty_fragment_done = 0;
if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS && if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS &&
!SSL_IS_DTLS(s)) !SSL_IS_DTLS(s))
@ -675,7 +675,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
} }
/* If we have an alert to send, lets send it */ /* If we have an alert to send, lets send it */
if (s->s3->alert_dispatch) { if (s->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s); i = s->method->ssl_dispatch_alert(s);
if (i <= 0) { if (i <= 0) {
/* SSLfatal() already called if appropriate */ /* SSLfatal() already called if appropriate */
@ -713,13 +713,13 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* /*
* 'create_empty_fragment' is true only when this function calls itself * 'create_empty_fragment' is true only when this function calls itself
*/ */
if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { if (!clear && !create_empty_fragment && !s->s3.empty_fragment_done) {
/* /*
* countermeasure against known-IV weakness in CBC ciphersuites (see * countermeasure against known-IV weakness in CBC ciphersuites (see
* http://www.openssl.org/~bodo/tls-cbc.txt) * http://www.openssl.org/~bodo/tls-cbc.txt)
*/ */
if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) { if (s->s3.need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
/* /*
* recursive function call with 'create_empty_fragment' set; this * recursive function call with 'create_empty_fragment' set; this
* prepares and buffers the data for an empty fragment (these * prepares and buffers the data for an empty fragment (these
@ -744,7 +744,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
} }
} }
s->s3->empty_fragment_done = 1; s->s3.empty_fragment_done = 1;
} }
if (BIO_get_ktls_send(s->wbio)) { if (BIO_get_ktls_send(s->wbio)) {
@ -1148,7 +1148,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
return -1; return -1;
} }
/* if s->s3->wbuf.left != 0, we need to call this /* if s->s3.wbuf.left != 0, we need to call this
* *
* Return values are as per SSL_write() * Return values are as per SSL_write()
*/ */
@ -1385,8 +1385,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* we now have a packet which can be read and processed */ /* we now have a packet which can be read and processed */
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, if (s->s3.change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */ * reset by ssl3_get_finished */
&& (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) { && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
@ -1558,7 +1558,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (alert_level == SSL3_AL_WARNING if (alert_level == SSL3_AL_WARNING
|| (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) { || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) {
s->s3->warn_alert = alert_descr; s->s3.warn_alert = alert_descr;
SSL3_RECORD_set_read(rr); SSL3_RECORD_set_read(rr);
s->rlayer.alert_count++; s->rlayer.alert_count++;
@ -1583,7 +1583,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
char tmp[16]; char tmp[16];
s->rwstate = SSL_NOTHING; s->rwstate = SSL_NOTHING;
s->s3->fatal_alert = alert_descr; s->s3.fatal_alert = alert_descr;
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES, SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES,
SSL_AD_REASON_OFFSET + alert_descr); SSL_AD_REASON_OFFSET + alert_descr);
BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
@ -1767,7 +1767,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* started), we will indulge it. * started), we will indulge it.
*/ */
if (ossl_statem_app_data_allowed(s)) { if (ossl_statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2; s->s3.in_read_app_data = 2;
return -1; return -1;
} else if (ossl_statem_skip_early_data(s)) { } else if (ossl_statem_skip_early_data(s)) {
/* /*

View File

@ -1224,11 +1224,11 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
int t; int t;
if (sending) { if (sending) {
mac_sec = &(ssl->s3->write_mac_secret[0]); mac_sec = &(ssl->s3.write_mac_secret[0]);
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer); seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash; hash = ssl->write_hash;
} else { } else {
mac_sec = &(ssl->s3->read_mac_secret[0]); mac_sec = &(ssl->s3.read_mac_secret[0]);
seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer); seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
hash = ssl->read_hash; hash = ssl->read_hash;
} }
@ -1377,8 +1377,8 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
md, &md_size, md, &md_size,
header, rec->input, header, rec->input,
rec->length + md_size, rec->orig_len, rec->length + md_size, rec->orig_len,
ssl->s3->read_mac_secret, ssl->s3.read_mac_secret,
ssl->s3->read_mac_secret_size, 0) <= 0) { ssl->s3.read_mac_secret_size, 0) <= 0) {
EVP_MD_CTX_free(hmac); EVP_MD_CTX_free(hmac);
return 0; return 0;
} }
@ -1805,11 +1805,11 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
rr->off = 0; rr->off = 0;
/*- /*-
* So at this point the following is true * So at this point the following is true
* ssl->s3->rrec.type is the type of record * ssl->s3.rrec.type is the type of record
* ssl->s3->rrec.length == number of bytes in record * ssl->s3.rrec.length == number of bytes in record
* ssl->s3->rrec.off == offset to first valid byte * ssl->s3.rrec.off == offset to first valid byte
* ssl->s3->rrec.data == where to take bytes from, increment * ssl->s3.rrec.data == where to take bytes from, increment
* after use :-). * after use :-).
*/ */
/* we have pulled in a full packet so zero things */ /* we have pulled in a full packet so zero things */
@ -1833,9 +1833,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
* It will return <= 0 if more data is needed, normally due to an error * It will return <= 0 if more data is needed, normally due to an error
* or non-blocking IO. * or non-blocking IO.
* When it finishes, one packet has been decoded and can be found in * When it finishes, one packet has been decoded and can be found in
* ssl->s3->rrec.type - is the type of record * ssl->s3.rrec.type - is the type of record
* ssl->s3->rrec.data, - data * ssl->s3.rrec.data - data
* ssl->s3->rrec.length, - number of bytes * ssl->s3.rrec.length - number of bytes
*/ */
/* used only by dtls1_read_bytes */ /* used only by dtls1_read_bytes */
int dtls1_get_record(SSL *s) int dtls1_get_record(SSL *s)

View File

@ -84,12 +84,12 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
* To get here we must have selected a ciphersuite - otherwise ctx would * To get here we must have selected a ciphersuite - otherwise ctx would
* be NULL * be NULL
*/ */
if (!ossl_assert(s->s3->tmp.new_cipher != NULL)) { if (!ossl_assert(s->s3.tmp.new_cipher != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }
alg_enc = s->s3->tmp.new_cipher->algorithm_enc; alg_enc = s->s3.tmp.new_cipher->algorithm_enc;
} }
if (alg_enc & SSL_AESCCM) { if (alg_enc & SSL_AESCCM) {

View File

@ -51,8 +51,8 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
|| !EVP_DigestUpdate(s1, buf, k) || !EVP_DigestUpdate(s1, buf, k)
|| !EVP_DigestUpdate(s1, s->session->master_key, || !EVP_DigestUpdate(s1, s->session->master_key,
s->session->master_key_length) s->session->master_key_length)
|| !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE) || !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE)
|| !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE) || !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE)
|| !EVP_DigestFinal_ex(s1, smd, NULL) || !EVP_DigestFinal_ex(s1, smd, NULL)
|| !EVP_DigestInit_ex(m5, EVP_md5(), NULL) || !EVP_DigestInit_ex(m5, EVP_md5(), NULL)
|| !EVP_DigestUpdate(m5, s->session->master_key, || !EVP_DigestUpdate(m5, s->session->master_key,
@ -101,8 +101,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
size_t n, i, j, k, cl; size_t n, i, j, k, cl;
int reuse_dd = 0; int reuse_dd = 0;
c = s->s3->tmp.new_sym_enc; c = s->s3.tmp.new_sym_enc;
m = s->s3->tmp.new_hash; m = s->s3.tmp.new_hash;
/* m == NULL will lead to a crash later */ /* m == NULL will lead to a crash later */
if (!ossl_assert(m != NULL)) { if (!ossl_assert(m != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
@ -110,10 +110,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto err; goto err;
} }
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
if (s->s3->tmp.new_compression == NULL) if (s->s3.tmp.new_compression == NULL)
comp = NULL; comp = NULL;
else else
comp = s->s3->tmp.new_compression->method; comp = s->s3.tmp.new_compression->method;
#endif #endif
if (which & SSL3_CC_READ) { if (which & SSL3_CC_READ) {
@ -151,7 +151,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
} }
#endif #endif
RECORD_LAYER_reset_read_sequence(&s->rlayer); RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]); mac_secret = &(s->s3.read_mac_secret[0]);
} else { } else {
s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
if (s->enc_write_ctx != NULL) { if (s->enc_write_ctx != NULL) {
@ -187,13 +187,13 @@ int ssl3_change_cipher_state(SSL *s, int which)
} }
#endif #endif
RECORD_LAYER_reset_write_sequence(&s->rlayer); RECORD_LAYER_reset_write_sequence(&s->rlayer);
mac_secret = &(s->s3->write_mac_secret[0]); mac_secret = &(s->s3.write_mac_secret[0]);
} }
if (reuse_dd) if (reuse_dd)
EVP_CIPHER_CTX_reset(dd); EVP_CIPHER_CTX_reset(dd);
p = s->s3->tmp.key_block; p = s->s3.tmp.key_block;
mdi = EVP_MD_size(m); mdi = EVP_MD_size(m);
if (mdi < 0) { if (mdi < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
@ -222,7 +222,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
n += k; n += k;
} }
if (n > s->s3->tmp.key_block_length) { if (n > s->s3.tmp.key_block_length) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
goto err; goto err;
@ -251,7 +251,7 @@ int ssl3_setup_key_block(SSL *s)
int ret = 0; int ret = 0;
SSL_COMP *comp; SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0) if (s->s3.tmp.key_block_length != 0)
return 1; return 1;
if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) { if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) {
@ -260,12 +260,12 @@ int ssl3_setup_key_block(SSL *s)
return 0; return 0;
} }
s->s3->tmp.new_sym_enc = c; s->s3.tmp.new_sym_enc = c;
s->s3->tmp.new_hash = hash; s->s3.tmp.new_hash = hash;
#ifdef OPENSSL_NO_COMP #ifdef OPENSSL_NO_COMP
s->s3->tmp.new_compression = NULL; s->s3.tmp.new_compression = NULL;
#else #else
s->s3->tmp.new_compression = comp; s->s3.tmp.new_compression = comp;
#endif #endif
num = EVP_MD_size(hash); num = EVP_MD_size(hash);
@ -283,8 +283,8 @@ int ssl3_setup_key_block(SSL *s)
return 0; return 0;
} }
s->s3->tmp.key_block_length = num; s->s3.tmp.key_block_length = num;
s->s3->tmp.key_block = p; s->s3.tmp.key_block = p;
/* Calls SSLfatal() as required */ /* Calls SSLfatal() as required */
ret = ssl3_generate_key_block(s, p, num); ret = ssl3_generate_key_block(s, p, num);
@ -294,15 +294,15 @@ int ssl3_setup_key_block(SSL *s)
* enable vulnerability countermeasure for CBC ciphers with known-IV * enable vulnerability countermeasure for CBC ciphers with known-IV
* problem (http://www.openssl.org/~bodo/tls-cbc.txt) * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
*/ */
s->s3->need_empty_fragments = 1; s->s3.need_empty_fragments = 1;
if (s->session->cipher != NULL) { if (s->session->cipher != NULL) {
if (s->session->cipher->algorithm_enc == SSL_eNULL) if (s->session->cipher->algorithm_enc == SSL_eNULL)
s->s3->need_empty_fragments = 0; s->s3.need_empty_fragments = 0;
#ifndef OPENSSL_NO_RC4 #ifndef OPENSSL_NO_RC4
if (s->session->cipher->algorithm_enc == SSL_RC4) if (s->session->cipher->algorithm_enc == SSL_RC4)
s->s3->need_empty_fragments = 0; s->s3.need_empty_fragments = 0;
#endif #endif
} }
} }
@ -312,9 +312,9 @@ int ssl3_setup_key_block(SSL *s)
void ssl3_cleanup_key_block(SSL *s) void ssl3_cleanup_key_block(SSL *s)
{ {
OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length); OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length);
s->s3->tmp.key_block = NULL; s->s3.tmp.key_block = NULL;
s->s3->tmp.key_block_length = 0; s->s3.tmp.key_block_length = 0;
} }
int ssl3_init_finished_mac(SSL *s) int ssl3_init_finished_mac(SSL *s)
@ -327,8 +327,8 @@ int ssl3_init_finished_mac(SSL *s)
return 0; return 0;
} }
ssl3_free_digest_list(s); ssl3_free_digest_list(s);
s->s3->handshake_buffer = buf; s->s3.handshake_buffer = buf;
(void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); (void)BIO_set_close(s->s3.handshake_buffer, BIO_CLOSE);
return 1; return 1;
} }
@ -339,31 +339,31 @@ int ssl3_init_finished_mac(SSL *s)
void ssl3_free_digest_list(SSL *s) void ssl3_free_digest_list(SSL *s)
{ {
BIO_free(s->s3->handshake_buffer); BIO_free(s->s3.handshake_buffer);
s->s3->handshake_buffer = NULL; s->s3.handshake_buffer = NULL;
EVP_MD_CTX_free(s->s3->handshake_dgst); EVP_MD_CTX_free(s->s3.handshake_dgst);
s->s3->handshake_dgst = NULL; s->s3.handshake_dgst = NULL;
} }
int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len)
{ {
int ret; int ret;
if (s->s3->handshake_dgst == NULL) { if (s->s3.handshake_dgst == NULL) {
/* Note: this writes to a memory BIO so a failure is a fatal error */ /* Note: this writes to a memory BIO so a failure is a fatal error */
if (len > INT_MAX) { if (len > INT_MAX) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
SSL_R_OVERFLOW_ERROR); SSL_R_OVERFLOW_ERROR);
return 0; return 0;
} }
ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len); ret = BIO_write(s->s3.handshake_buffer, (void *)buf, (int)len);
if (ret <= 0 || ret != (int)len) { if (ret <= 0 || ret != (int)len) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
} else { } else {
ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); ret = EVP_DigestUpdate(s->s3.handshake_dgst, buf, len);
if (!ret) { if (!ret) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -379,32 +379,32 @@ int ssl3_digest_cached_records(SSL *s, int keep)
long hdatalen; long hdatalen;
void *hdata; void *hdata;
if (s->s3->handshake_dgst == NULL) { if (s->s3.handshake_dgst == NULL) {
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); hdatalen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata);
if (hdatalen <= 0) { if (hdatalen <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
SSL_R_BAD_HANDSHAKE_LENGTH); SSL_R_BAD_HANDSHAKE_LENGTH);
return 0; return 0;
} }
s->s3->handshake_dgst = EVP_MD_CTX_new(); s->s3.handshake_dgst = EVP_MD_CTX_new();
if (s->s3->handshake_dgst == NULL) { if (s->s3.handshake_dgst == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
ERR_R_MALLOC_FAILURE); ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
md = ssl_handshake_md(s); md = ssl_handshake_md(s);
if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL) if (md == NULL || !EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL)
|| !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) { || !EVP_DigestUpdate(s->s3.handshake_dgst, hdata, hdatalen)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
} }
if (keep == 0) { if (keep == 0) {
BIO_free(s->s3->handshake_buffer); BIO_free(s->s3.handshake_buffer);
s->s3->handshake_buffer = NULL; s->s3.handshake_buffer = NULL;
} }
return 1; return 1;
@ -421,7 +421,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
return 0; return 0;
} }
if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) { if (EVP_MD_CTX_type(s->s3.handshake_dgst) != NID_md5_sha1) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
SSL_R_NO_REQUIRED_DIGEST); SSL_R_NO_REQUIRED_DIGEST);
return 0; return 0;
@ -433,7 +433,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
ERR_R_MALLOC_FAILURE); ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) { if (!EVP_MD_CTX_copy_ex(ctx, s->s3.handshake_dgst)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
ret = 0; ret = 0;
@ -494,9 +494,9 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
|| EVP_DigestUpdate(ctx, salt[i], || EVP_DigestUpdate(ctx, salt[i],
strlen((const char *)salt[i])) <= 0 strlen((const char *)salt[i])) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, &(s->s3->client_random[0]), || EVP_DigestUpdate(ctx, &(s->s3.client_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestUpdate(ctx, &(s->s3->server_random[0]), || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
/* TODO(size_t) : convert me */ /* TODO(size_t) : convert me */
|| EVP_DigestFinal_ex(ctx, buf, &n) <= 0 || EVP_DigestFinal_ex(ctx, buf, &n) <= 0

View File

@ -3292,11 +3292,6 @@ int ssl3_handshake_write(SSL *s)
int ssl3_new(SSL *s) int ssl3_new(SSL *s)
{ {
SSL3_STATE *s3;
if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
goto err;
s->s3 = s3;
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
if (!SSL_SRP_CTX_init(s)) if (!SSL_SRP_CTX_init(s))
@ -3313,57 +3308,56 @@ int ssl3_new(SSL *s)
void ssl3_free(SSL *s) void ssl3_free(SSL *s)
{ {
if (s == NULL || s->s3 == NULL) if (s == NULL)
return; return;
ssl3_cleanup_key_block(s); ssl3_cleanup_key_block(s);
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->peer_tmp); EVP_PKEY_free(s->s3.peer_tmp);
s->s3->peer_tmp = NULL; s->s3.peer_tmp = NULL;
EVP_PKEY_free(s->s3->tmp.pkey); EVP_PKEY_free(s->s3.tmp.pkey);
s->s3->tmp.pkey = NULL; s->s3.tmp.pkey = NULL;
#endif #endif
OPENSSL_free(s->s3->tmp.ctype); OPENSSL_free(s->s3.tmp.ctype);
sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
OPENSSL_free(s->s3->tmp.ciphers_raw); OPENSSL_free(s->s3.tmp.ciphers_raw);
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
OPENSSL_free(s->s3->tmp.peer_sigalgs); OPENSSL_free(s->s3.tmp.peer_sigalgs);
OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
ssl3_free_digest_list(s); ssl3_free_digest_list(s);
OPENSSL_free(s->s3->alpn_selected); OPENSSL_free(s->s3.alpn_selected);
OPENSSL_free(s->s3->alpn_proposed); OPENSSL_free(s->s3.alpn_proposed);
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
SSL_SRP_CTX_free(s); SSL_SRP_CTX_free(s);
#endif #endif
OPENSSL_clear_free(s->s3, sizeof(*s->s3)); memset(&s->s3, 0, sizeof(s->s3));
s->s3 = NULL;
} }
int ssl3_clear(SSL *s) int ssl3_clear(SSL *s)
{ {
ssl3_cleanup_key_block(s); ssl3_cleanup_key_block(s);
OPENSSL_free(s->s3->tmp.ctype); OPENSSL_free(s->s3.tmp.ctype);
sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
OPENSSL_free(s->s3->tmp.ciphers_raw); OPENSSL_free(s->s3.tmp.ciphers_raw);
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
OPENSSL_free(s->s3->tmp.peer_sigalgs); OPENSSL_free(s->s3.tmp.peer_sigalgs);
OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->tmp.pkey); EVP_PKEY_free(s->s3.tmp.pkey);
EVP_PKEY_free(s->s3->peer_tmp); EVP_PKEY_free(s->s3.peer_tmp);
#endif /* !OPENSSL_NO_EC */ #endif /* !OPENSSL_NO_EC */
ssl3_free_digest_list(s); ssl3_free_digest_list(s);
OPENSSL_free(s->s3->alpn_selected); OPENSSL_free(s->s3.alpn_selected);
OPENSSL_free(s->s3->alpn_proposed); OPENSSL_free(s->s3.alpn_proposed);
/* NULL/zero-out everything in the s3 struct */ /* NULL/zero-out everything in the s3 struct */
memset(s->s3, 0, sizeof(*s->s3)); memset(&s->s3, 0, sizeof(s->s3));
if (!ssl_free_wbio_buffer(s)) if (!ssl_free_wbio_buffer(s))
return 0; return 0;
@ -3396,17 +3390,17 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_GET_CLIENT_CERT_REQUEST: case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
break; break;
case SSL_CTRL_GET_NUM_RENEGOTIATIONS: case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
ret = s->s3->num_renegotiations; ret = s->s3.num_renegotiations;
break; break;
case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
ret = s->s3->num_renegotiations; ret = s->s3.num_renegotiations;
s->s3->num_renegotiations = 0; s->s3.num_renegotiations = 0;
break; break;
case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
ret = s->s3->total_renegotiations; ret = s->s3.total_renegotiations;
break; break;
case SSL_CTRL_GET_FLAGS: case SSL_CTRL_GET_FLAGS:
ret = (int)(s->s3->flags); ret = (int)(s->s3.flags);
break; break;
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH: case SSL_CTRL_SET_TMP_DH:
@ -3571,7 +3565,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
const SSL_CIPHER *cipher; const SSL_CIPHER *cipher;
if (!s->server) if (!s->server)
return 0; return 0;
cipher = s->s3->tmp.new_cipher; cipher = s->s3.tmp.new_cipher;
if (cipher == NULL) if (cipher == NULL)
return 0; return 0;
/* /*
@ -3580,9 +3574,9 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
*/ */
if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
return 2; return 2;
if (s->s3->tmp.cert == NULL) if (s->s3.tmp.cert == NULL)
return 0; return 0;
s->cert->key = s->s3->tmp.cert; s->cert->key = s->s3.tmp.cert;
return 1; return 1;
} }
return ssl_cert_set_current(s->cert, larg); return ssl_cert_set_current(s->cert, larg);
@ -3648,11 +3642,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_GET_CLIENT_CERT_TYPES: case SSL_CTRL_GET_CLIENT_CERT_TYPES:
{ {
const unsigned char **pctype = parg; const unsigned char **pctype = parg;
if (s->server || !s->s3->tmp.cert_req) if (s->server || !s->s3.tmp.cert_req)
return 0; return 0;
if (pctype) if (pctype)
*pctype = s->s3->tmp.ctype; *pctype = s->s3.tmp.ctype;
return s->s3->tmp.ctype_len; return s->s3.tmp.ctype_len;
} }
case SSL_CTRL_SET_CLIENT_CERT_TYPES: case SSL_CTRL_SET_CLIENT_CERT_TYPES:
@ -3670,24 +3664,24 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return ssl_cert_set_cert_store(s->cert, parg, 1, larg); return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
case SSL_CTRL_GET_PEER_SIGNATURE_NID: case SSL_CTRL_GET_PEER_SIGNATURE_NID:
if (s->s3->tmp.peer_sigalg == NULL) if (s->s3.tmp.peer_sigalg == NULL)
return 0; return 0;
*(int *)parg = s->s3->tmp.peer_sigalg->hash; *(int *)parg = s->s3.tmp.peer_sigalg->hash;
return 1; return 1;
case SSL_CTRL_GET_SIGNATURE_NID: case SSL_CTRL_GET_SIGNATURE_NID:
if (s->s3->tmp.sigalg == NULL) if (s->s3.tmp.sigalg == NULL)
return 0; return 0;
*(int *)parg = s->s3->tmp.sigalg->hash; *(int *)parg = s->s3.tmp.sigalg->hash;
return 1; return 1;
case SSL_CTRL_GET_PEER_TMP_KEY: case SSL_CTRL_GET_PEER_TMP_KEY:
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
if (s->session == NULL || s->s3->peer_tmp == NULL) { if (s->session == NULL || s->s3.peer_tmp == NULL) {
return 0; return 0;
} else { } else {
EVP_PKEY_up_ref(s->s3->peer_tmp); EVP_PKEY_up_ref(s->s3.peer_tmp);
*(EVP_PKEY **)parg = s->s3->peer_tmp; *(EVP_PKEY **)parg = s->s3.peer_tmp;
return 1; return 1;
} }
#else #else
@ -3696,11 +3690,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_GET_TMP_KEY: case SSL_CTRL_GET_TMP_KEY:
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
if (s->session == NULL || s->s3->tmp.pkey == NULL) { if (s->session == NULL || s->s3.tmp.pkey == NULL) {
return 0; return 0;
} else { } else {
EVP_PKEY_up_ref(s->s3->tmp.pkey); EVP_PKEY_up_ref(s->s3.tmp.pkey);
*(EVP_PKEY **)parg = s->s3->tmp.pkey; *(EVP_PKEY **)parg = s->s3.tmp.pkey;
return 1; return 1;
} }
#else #else
@ -4255,8 +4249,8 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
* key exchange scheme skip tests. * key exchange scheme skip tests.
*/ */
if (!SSL_IS_TLS13(s)) { if (!SSL_IS_TLS13(s)) {
mask_k = s->s3->tmp.mask_k; mask_k = s->s3.tmp.mask_k;
mask_a = s->s3->tmp.mask_a; mask_a = s->s3.tmp.mask_a;
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
if (s->srp_ctx.srp_Mask & SSL_kSRP) { if (s->srp_ctx.srp_Mask & SSL_kSRP) {
mask_k |= SSL_kSRP; mask_k |= SSL_kSRP;
@ -4298,7 +4292,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
continue; continue;
#if !defined(OPENSSL_NO_EC) #if !defined(OPENSSL_NO_EC)
if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
&& s->s3->is_probably_safari) { && s->s3.is_probably_safari) {
if (!ret) if (!ret)
ret = sk_SSL_CIPHER_value(allow, ii); ret = sk_SSL_CIPHER_value(allow, ii);
continue; continue;
@ -4335,7 +4329,7 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
/* Get mask of algorithms disabled by signature list */ /* Get mask of algorithms disabled by signature list */
ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK); ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
#ifndef OPENSSL_NO_GOST #ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST)) if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
@ -4411,11 +4405,11 @@ int ssl3_shutdown(SSL *s)
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
/* /*
* our shutdown alert has been sent now, and if it still needs to be * our shutdown alert has been sent now, and if it still needs to be
* written, s->s3->alert_dispatch will be true * written, s->s3.alert_dispatch will be true
*/ */
if (s->s3->alert_dispatch) if (s->s3.alert_dispatch)
return -1; /* return WANT_WRITE */ return -1; /* return WANT_WRITE */
} else if (s->s3->alert_dispatch) { } else if (s->s3.alert_dispatch) {
/* resend it if not sent */ /* resend it if not sent */
ret = s->method->ssl_dispatch_alert(s); ret = s->method->ssl_dispatch_alert(s);
if (ret == -1) { if (ret == -1) {
@ -4438,7 +4432,7 @@ int ssl3_shutdown(SSL *s)
} }
if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
!s->s3->alert_dispatch) !s->s3.alert_dispatch)
return 1; return 1;
else else
return 0; return 0;
@ -4447,7 +4441,7 @@ int ssl3_shutdown(SSL *s)
int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written) int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
{ {
clear_sys_error(); clear_sys_error();
if (s->s3->renegotiate) if (s->s3.renegotiate)
ssl3_renegotiate_check(s, 0); ssl3_renegotiate_check(s, 0);
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
@ -4460,13 +4454,13 @@ static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
int ret; int ret;
clear_sys_error(); clear_sys_error();
if (s->s3->renegotiate) if (s->s3.renegotiate)
ssl3_renegotiate_check(s, 0); ssl3_renegotiate_check(s, 0);
s->s3->in_read_app_data = 1; s->s3.in_read_app_data = 1;
ret = ret =
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
peek, readbytes); peek, readbytes);
if ((ret == -1) && (s->s3->in_read_app_data == 2)) { if ((ret == -1) && (s->s3.in_read_app_data == 2)) {
/* /*
* ssl3_read_bytes decided to call s->handshake_func, which called * ssl3_read_bytes decided to call s->handshake_func, which called
* ssl3_read_bytes to read handshake data. However, ssl3_read_bytes * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
@ -4480,7 +4474,7 @@ static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
len, peek, readbytes); len, peek, readbytes);
ossl_statem_set_in_handshake(s, 0); ossl_statem_set_in_handshake(s, 0);
} else } else
s->s3->in_read_app_data = 0; s->s3.in_read_app_data = 0;
return ret; return ret;
} }
@ -4500,7 +4494,7 @@ int ssl3_renegotiate(SSL *s)
if (s->handshake_func == NULL) if (s->handshake_func == NULL)
return 1; return 1;
s->s3->renegotiate = 1; s->s3.renegotiate = 1;
return 1; return 1;
} }
@ -4516,7 +4510,7 @@ int ssl3_renegotiate_check(SSL *s, int initok)
{ {
int ret = 0; int ret = 0;
if (s->s3->renegotiate) { if (s->s3.renegotiate) {
if (!RECORD_LAYER_read_pending(&s->rlayer) if (!RECORD_LAYER_read_pending(&s->rlayer)
&& !RECORD_LAYER_write_pending(&s->rlayer) && !RECORD_LAYER_write_pending(&s->rlayer)
&& (initok || !SSL_in_init(s))) { && (initok || !SSL_in_init(s))) {
@ -4526,9 +4520,9 @@ int ssl3_renegotiate_check(SSL *s, int initok)
* state. * state.
*/ */
ossl_statem_set_renegotiate(s); ossl_statem_set_renegotiate(s);
s->s3->renegotiate = 0; s->s3.renegotiate = 0;
s->s3->num_renegotiations++; s->s3.num_renegotiations++;
s->s3->total_renegotiations++; s->s3.total_renegotiations++;
ret = 1; ret = 1;
} }
} }
@ -4544,13 +4538,13 @@ int ssl3_renegotiate_check(SSL *s, int initok)
long ssl_get_algorithm2(SSL *s) long ssl_get_algorithm2(SSL *s)
{ {
long alg2; long alg2;
if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL) if (s->s3.tmp.new_cipher == NULL)
return -1; return -1;
alg2 = s->s3->tmp.new_cipher->algorithm2; alg2 = s->s3.tmp.new_cipher->algorithm2;
if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) { if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
} else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) { } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384)) if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF; return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
} }
@ -4600,13 +4594,13 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
int free_pms) int free_pms)
{ {
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
int ret = 0; int ret = 0;
if (alg_k & SSL_PSK) { if (alg_k & SSL_PSK) {
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
unsigned char *pskpms, *t; unsigned char *pskpms, *t;
size_t psklen = s->s3->tmp.psklen; size_t psklen = s->s3.tmp.psklen;
size_t pskpmslen; size_t pskpmslen;
/* create PSK premaster_secret */ /* create PSK premaster_secret */
@ -4627,10 +4621,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
memcpy(t, pms, pmslen); memcpy(t, pms, pmslen);
t += pmslen; t += pmslen;
s2n(psklen, t); s2n(psklen, t);
memcpy(t, s->s3->tmp.psk, psklen); memcpy(t, s->s3.tmp.psk, psklen);
OPENSSL_clear_free(s->s3->tmp.psk, psklen); OPENSSL_clear_free(s->s3.tmp.psk, psklen);
s->s3->tmp.psk = NULL; s->s3.tmp.psk = NULL;
if (!s->method->ssl3_enc->generate_master_secret(s, if (!s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,pskpms, pskpmslen, s->session->master_key,pskpms, pskpmslen,
&s->session->master_key_length)) { &s->session->master_key_length)) {
@ -4661,7 +4655,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
OPENSSL_cleanse(pms, pmslen); OPENSSL_cleanse(pms, pmslen);
} }
if (s->server == 0) if (s->server == 0)
s->s3->tmp.pms = NULL; s->s3.tmp.pms = NULL;
return ret; return ret;
} }
@ -4829,8 +4823,8 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
} }
} else { } else {
/* Save premaster secret */ /* Save premaster secret */
s->s3->tmp.pms = pms; s->s3.tmp.pms = pms;
s->s3->tmp.pmslen = pmslen; s->s3.tmp.pmslen = pmslen;
pms = NULL; pms = NULL;
rv = 1; rv = 1;
} }

View File

@ -18,14 +18,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
else else
i = SSL3_CHANGE_CIPHER_CLIENT_READ; i = SSL3_CHANGE_CIPHER_CLIENT_READ;
if (s->s3->tmp.key_block == NULL) { if (s->s3.tmp.key_block == NULL) {
if (s->session == NULL || s->session->master_key_length == 0) { if (s->session == NULL || s->session->master_key_length == 0) {
/* might happen if dtls1_read_bytes() calls this */ /* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
return 0; return 0;
} }
s->session->cipher = s->s3->tmp.new_cipher; s->session->cipher = s->s3.tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s)) { if (!s->method->ssl3_enc->setup_key_block(s)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
@ -56,9 +56,9 @@ int ssl3_send_alert(SSL *s, int level, int desc)
if ((level == SSL3_AL_FATAL) && (s->session != NULL)) if ((level == SSL3_AL_FATAL) && (s->session != NULL))
SSL_CTX_remove_session(s->session_ctx, s->session); SSL_CTX_remove_session(s->session_ctx, s->session);
s->s3->alert_dispatch = 1; s->s3.alert_dispatch = 1;
s->s3->send_alert[0] = level; s->s3.send_alert[0] = level;
s->s3->send_alert[1] = desc; s->s3.send_alert[1] = desc;
if (!RECORD_LAYER_write_pending(&s->rlayer)) { if (!RECORD_LAYER_write_pending(&s->rlayer)) {
/* data still being written out? */ /* data still being written out? */
return s->method->ssl_dispatch_alert(s); return s->method->ssl_dispatch_alert(s);
@ -77,12 +77,12 @@ int ssl3_dispatch_alert(SSL *s)
void (*cb) (const SSL *ssl, int type, int val) = NULL; void (*cb) (const SSL *ssl, int type, int val) = NULL;
size_t written; size_t written;
s->s3->alert_dispatch = 0; s->s3.alert_dispatch = 0;
alertlen = 2; alertlen = 2;
i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0, i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3.send_alert[0], &alertlen, 1, 0,
&written); &written);
if (i <= 0) { if (i <= 0) {
s->s3->alert_dispatch = 1; s->s3.alert_dispatch = 1;
} else { } else {
/* /*
* Alert sent to BIO - now flush. If the message does not get sent due * Alert sent to BIO - now flush. If the message does not get sent due
@ -91,7 +91,7 @@ int ssl3_dispatch_alert(SSL *s)
(void)BIO_flush(s->wbio); (void)BIO_flush(s->wbio);
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert,
2, s, s->msg_callback_arg); 2, s, s->msg_callback_arg);
if (s->info_callback != NULL) if (s->info_callback != NULL)
@ -100,7 +100,7 @@ int ssl3_dispatch_alert(SSL *s)
cb = s->ctx->info_callback; cb = s->ctx->info_callback;
if (cb != NULL) { if (cb != NULL) {
j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]; j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1];
cb(s, SSL_CB_WRITE_ALERT, j); cb(s, SSL_CB_WRITE_ALERT, j);
} }
} }

View File

@ -516,13 +516,13 @@ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s) const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
{ {
return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL; return s->s3.tmp.peer_ca_names;
} }
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
{ {
if (!s->server) if (!s->server)
return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL; return s->s3.tmp.peer_ca_names;
return s->client_ca_names != NULL ? s->client_ca_names return s->client_ca_names != NULL ? s->client_ca_names
: s->ctx->client_ca_names; : s->ctx->client_ca_names;
} }

View File

@ -1421,12 +1421,10 @@ size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
{ {
size_t ret = 0; size_t ret = 0;
if (s->s3 != NULL) { ret = s->s3.tmp.finish_md_len;
ret = s->s3->tmp.finish_md_len; if (count > ret)
if (count > ret) count = ret;
count = ret; memcpy(buf, s->s3.tmp.finish_md, count);
memcpy(buf, s->s3->tmp.finish_md, count);
}
return ret; return ret;
} }
@ -1435,12 +1433,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
{ {
size_t ret = 0; size_t ret = 0;
if (s->s3 != NULL) { ret = s->s3.tmp.peer_finish_md_len;
ret = s->s3->tmp.peer_finish_md_len; if (count > ret)
if (count > ret) count = ret;
count = ret; memcpy(buf, s->s3.tmp.peer_finish_md, count);
memcpy(buf, s->s3->tmp.peer_finish_md, count);
}
return ret; return ret;
} }
@ -2277,10 +2273,7 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
RECORD_LAYER_set_read_ahead(&s->rlayer, 1); RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
return 1; return 1;
case SSL_CTRL_GET_RI_SUPPORT: case SSL_CTRL_GET_RI_SUPPORT:
if (s->s3) return s->s3.send_connection_binding;
return s->s3->send_connection_binding;
else
return 0;
case SSL_CTRL_CERT_FLAGS: case SSL_CTRL_CERT_FLAGS:
return (s->cert->cert_flags |= larg); return (s->cert->cert_flags |= larg);
case SSL_CTRL_CLEAR_CERT_FLAGS: case SSL_CTRL_CLEAR_CERT_FLAGS:
@ -2288,10 +2281,10 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_GET_RAW_CIPHERLIST: case SSL_CTRL_GET_RAW_CIPHERLIST:
if (parg) { if (parg) {
if (s->s3->tmp.ciphers_raw == NULL) if (s->s3.tmp.ciphers_raw == NULL)
return 0; return 0;
*(unsigned char **)parg = s->s3->tmp.ciphers_raw; *(unsigned char **)parg = s->s3.tmp.ciphers_raw;
return (int)s->s3->tmp.ciphers_rawlen; return (int)s->s3.tmp.ciphers_rawlen;
} else { } else {
return TLS_CIPHER_LEN; return TLS_CIPHER_LEN;
} }
@ -2891,13 +2884,11 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned int *len) unsigned int *len)
{ {
*data = NULL; *data = ssl->s3.alpn_selected;
if (ssl->s3)
*data = ssl->s3->alpn_selected;
if (*data == NULL) if (*data == NULL)
*len = 0; *len = 0;
else else
*len = (unsigned int)ssl->s3->alpn_selected_len; *len = (unsigned int)ssl->s3.alpn_selected_len;
} }
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
@ -3306,7 +3297,7 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
void ssl_set_masks(SSL *s) void ssl_set_masks(SSL *s)
{ {
CERT *c = s->cert; CERT *c = s->cert;
uint32_t *pvalid = s->s3->tmp.valid_flags; uint32_t *pvalid = s->s3.tmp.valid_flags;
int rsa_enc, rsa_sign, dh_tmp, dsa_sign; int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
unsigned long mask_k, mask_a; unsigned long mask_k, mask_a;
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
@ -3412,15 +3403,15 @@ void ssl_set_masks(SSL *s)
mask_k |= SSL_kECDHEPSK; mask_k |= SSL_kECDHEPSK;
#endif #endif
s->s3->tmp.mask_k = mask_k; s->s3.tmp.mask_k = mask_k;
s->s3->tmp.mask_a = mask_a; s->s3.tmp.mask_a = mask_a;
} }
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
{ {
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) { if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
/* key usage, if present, must allow signing */ /* key usage, if present, must allow signing */
if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) { if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
@ -3436,7 +3427,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
size_t *serverinfo_length) size_t *serverinfo_length)
{ {
CERT_PKEY *cpk = s->s3->tmp.cert; CERT_PKEY *cpk = s->s3.tmp.cert;
*serverinfo_length = 0; *serverinfo_length = 0;
if (cpk == NULL || cpk->serverinfo == NULL) if (cpk == NULL || cpk->serverinfo == NULL)
@ -3628,7 +3619,7 @@ int SSL_get_error(const SSL *s, int i)
return SSL_ERROR_WANT_CLIENT_HELLO_CB; return SSL_ERROR_WANT_CLIENT_HELLO_CB;
if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) (s->s3.warn_alert == SSL_AD_CLOSE_NOTIFY))
return SSL_ERROR_ZERO_RETURN; return SSL_ERROR_ZERO_RETURN;
return SSL_ERROR_SYSCALL; return SSL_ERROR_SYSCALL;
@ -3958,7 +3949,7 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s) const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
{ {
return s->s3->tmp.new_cipher; return s->s3.tmp.new_cipher;
} }
const COMP_METHOD *SSL_get_current_compression(const SSL *s) const COMP_METHOD *SSL_get_current_compression(const SSL *s)
@ -4176,20 +4167,20 @@ long SSL_get_verify_result(const SSL *ssl)
size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
{ {
if (outlen == 0) if (outlen == 0)
return sizeof(ssl->s3->client_random); return sizeof(ssl->s3.client_random);
if (outlen > sizeof(ssl->s3->client_random)) if (outlen > sizeof(ssl->s3.client_random))
outlen = sizeof(ssl->s3->client_random); outlen = sizeof(ssl->s3.client_random);
memcpy(out, ssl->s3->client_random, outlen); memcpy(out, ssl->s3.client_random, outlen);
return outlen; return outlen;
} }
size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
{ {
if (outlen == 0) if (outlen == 0)
return sizeof(ssl->s3->server_random); return sizeof(ssl->s3.server_random);
if (outlen > sizeof(ssl->s3->server_random)) if (outlen > sizeof(ssl->s3.server_random))
outlen = sizeof(ssl->s3->server_random); outlen = sizeof(ssl->s3.server_random);
memcpy(out, ssl->s3->server_random, outlen); memcpy(out, ssl->s3.server_random, outlen);
return outlen; return outlen;
} }
@ -4519,7 +4510,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
size_t *hashlen) size_t *hashlen)
{ {
EVP_MD_CTX *ctx = NULL; EVP_MD_CTX *ctx = NULL;
EVP_MD_CTX *hdgst = s->s3->handshake_dgst; EVP_MD_CTX *hdgst = s->s3.handshake_dgst;
int hashleni = EVP_MD_CTX_size(hdgst); int hashleni = EVP_MD_CTX_size(hdgst);
int ret = 0; int ret = 0;
@ -5295,7 +5286,7 @@ int ssl_log_secret(SSL *ssl,
{ {
return nss_keylog_int(label, return nss_keylog_int(label,
ssl, ssl,
ssl->s3->client_random, ssl->s3.client_random,
SSL3_RANDOM_SIZE, SSL3_RANDOM_SIZE,
secret, secret,
secret_len); secret_len);
@ -5321,9 +5312,9 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
return 0; return 0;
} }
OPENSSL_free(s->s3->tmp.ciphers_raw); OPENSSL_free(s->s3.tmp.ciphers_raw);
s->s3->tmp.ciphers_raw = NULL; s->s3.tmp.ciphers_raw = NULL;
s->s3->tmp.ciphers_rawlen = 0; s->s3.tmp.ciphers_rawlen = 0;
if (sslv2format) { if (sslv2format) {
size_t numciphers = PACKET_remaining(cipher_suites) / n; size_t numciphers = PACKET_remaining(cipher_suites) / n;
@ -5339,13 +5330,13 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
* problem. * problem.
*/ */
raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN); raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
s->s3->tmp.ciphers_raw = raw; s->s3.tmp.ciphers_raw = raw;
if (raw == NULL) { if (raw == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
ERR_R_MALLOC_FAILURE); ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
for (s->s3->tmp.ciphers_rawlen = 0; for (s->s3.tmp.ciphers_rawlen = 0;
PACKET_remaining(&sslv2ciphers) > 0; PACKET_remaining(&sslv2ciphers) > 0;
raw += TLS_CIPHER_LEN) { raw += TLS_CIPHER_LEN) {
if (!PACKET_get_1(&sslv2ciphers, &leadbyte) if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
@ -5356,16 +5347,16 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
&& !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
SSL_R_BAD_PACKET); SSL_R_BAD_PACKET);
OPENSSL_free(s->s3->tmp.ciphers_raw); OPENSSL_free(s->s3.tmp.ciphers_raw);
s->s3->tmp.ciphers_raw = NULL; s->s3.tmp.ciphers_raw = NULL;
s->s3->tmp.ciphers_rawlen = 0; s->s3.tmp.ciphers_rawlen = 0;
return 0; return 0;
} }
if (leadbyte == 0) if (leadbyte == 0)
s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN; s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN;
} }
} else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw, } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw,
&s->s3->tmp.ciphers_rawlen)) { &s->s3.tmp.ciphers_rawlen)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
@ -5558,9 +5549,9 @@ int SSL_stateless(SSL *s)
ERR_clear_error(); ERR_clear_error();
s->s3->flags |= TLS1_FLAGS_STATELESS; s->s3.flags |= TLS1_FLAGS_STATELESS;
ret = SSL_accept(s); ret = SSL_accept(s);
s->s3->flags &= ~TLS1_FLAGS_STATELESS; s->s3.flags &= ~TLS1_FLAGS_STATELESS;
if (ret > 0 && s->ext.cookieok) if (ret > 0 && s->ext.cookieok)
return 1; return 1;

View File

@ -334,8 +334,8 @@
|| (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \ || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \
|| (s)->hello_retry_request == SSL_HRR_PENDING) || (s)->hello_retry_request == SSL_HRR_PENDING)
# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \ # define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3.tmp.finish_md_len == 0 \
|| (s)->s3->tmp.peer_finish_md_len == 0) || (s)->s3.tmp.peer_finish_md_len == 0)
/* See if we need explicit IV */ /* See if we need explicit IV */
# define SSL_USE_EXPLICIT_IV(s) \ # define SSL_USE_EXPLICIT_IV(s) \
@ -374,8 +374,8 @@
# define GET_MAX_FRAGMENT_LENGTH(session) \ # define GET_MAX_FRAGMENT_LENGTH(session) \
(512U << (session->ext.max_fragment_len_mode - 1)) (512U << (session->ext.max_fragment_len_mode - 1))
# define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ) # define SSL_READ_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ)
# define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE) # define SSL_WRITE_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE)
/* Mostly for SSLv3 */ /* Mostly for SSLv3 */
# define SSL_PKEY_RSA 0 # define SSL_PKEY_RSA 0
@ -1081,6 +1081,8 @@ struct ssl_ctx_st {
void *async_cb_arg; void *async_cb_arg;
}; };
typedef struct cert_pkey_st CERT_PKEY;
struct ssl_st { struct ssl_st {
/* /*
* protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
@ -1134,7 +1136,179 @@ struct ssl_st {
* ssl3_get_message() */ * ssl3_get_message() */
size_t init_num; /* amount read/written */ size_t init_num; /* amount read/written */
size_t init_off; /* amount read/written */ size_t init_off; /* amount read/written */
struct ssl3_state_st *s3; /* SSLv3 variables */
struct {
long flags;
size_t read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
size_t write_mac_secret_size;
unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
unsigned char server_random[SSL3_RANDOM_SIZE];
unsigned char client_random[SSL3_RANDOM_SIZE];
/* flags for countermeasure against known-IV weakness */
int need_empty_fragments;
int empty_fragment_done;
/* used during startup, digest all incoming/outgoing packets */
BIO *handshake_buffer;
/*
* When handshake digest is determined, buffer is hashed and
* freed and MD_CTX for the required digest is stored here.
*/
EVP_MD_CTX *handshake_dgst;
/*
* Set whenever an expected ChangeCipherSpec message is processed.
* Unset when the peer's Finished message is received.
* Unexpected ChangeCipherSpec messages trigger a fatal alert.
*/
int change_cipher_spec;
int warn_alert;
int fatal_alert;
/*
* we allow one fatal and one warning alert to be outstanding, send close
* alert via the warning alert
*/
int alert_dispatch;
unsigned char send_alert[2];
/*
* This flag is set when we should renegotiate ASAP, basically when there
* is no more data in the read or write buffers
*/
int renegotiate;
int total_renegotiations;
int num_renegotiations;
int in_read_app_data;
struct {
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
size_t finish_md_len;
unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
size_t peer_finish_md_len;
size_t message_size;
int message_type;
/* used to hold the new cipher we are going to use */
const SSL_CIPHER *new_cipher;
# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY *pkey; /* holds short lived DH/ECDH key */
# endif
/* used for certificate requests */
int cert_req;
/* Certificate types in certificate request message. */
uint8_t *ctype;
size_t ctype_len;
/* Certificate authorities list peer sent */
STACK_OF(X509_NAME) *peer_ca_names;
size_t key_block_length;
unsigned char *key_block;
const EVP_CIPHER *new_sym_enc;
const EVP_MD *new_hash;
int new_mac_pkey_type;
size_t new_mac_secret_size;
# ifndef OPENSSL_NO_COMP
const SSL_COMP *new_compression;
# else
char *new_compression;
# endif
int cert_request;
/* Raw values of the cipher list from a client */
unsigned char *ciphers_raw;
size_t ciphers_rawlen;
/* Temporary storage for premaster secret */
unsigned char *pms;
size_t pmslen;
# ifndef OPENSSL_NO_PSK
/* Temporary storage for PSK key */
unsigned char *psk;
size_t psklen;
# endif
/* Signature algorithm we actually use */
const struct sigalg_lookup_st *sigalg;
/* Pointer to certificate we use */
CERT_PKEY *cert;
/*
* signature algorithms peer reports: e.g. supported signature
* algorithms extension for server or as part of a certificate
* request for client.
* Keep track of the algorithms for TLS and X.509 usage separately.
*/
uint16_t *peer_sigalgs;
uint16_t *peer_cert_sigalgs;
/* Size of above arrays */
size_t peer_sigalgslen;
size_t peer_cert_sigalgslen;
/* Sigalg peer actually uses */
const struct sigalg_lookup_st *peer_sigalg;
/*
* Set if corresponding CERT_PKEY can be used with current
* SSL session: e.g. appropriate curve, signature algorithms etc.
* If zero it can't be used at all.
*/
uint32_t valid_flags[SSL_PKEY_NUM];
/*
* For servers the following masks are for the key and auth algorithms
* that are supported by the certs below. For clients they are masks of
* *disabled* algorithms based on the current session.
*/
uint32_t mask_k;
uint32_t mask_a;
/*
* The following are used by the client to see if a cipher is allowed or
* not. It contains the minimum and maximum version the client's using
* based on what it knows so far.
*/
int min_ver;
int max_ver;
} tmp;
/* Connection binding to prevent renegotiation attacks */
unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
size_t previous_client_finished_len;
unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
size_t previous_server_finished_len;
int send_connection_binding; /* TODOEKR */
# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* Set if we saw the Next Protocol Negotiation extension from our peer.
*/
int npn_seen;
# endif
/*
* ALPN information (we are in the process of transitioning from NPN to
* ALPN.)
*/
/*
* In a server these point to the selected ALPN protocol after the
* ClientHello has been processed. In a client these contain the protocol
* that the server selected once the ServerHello has been processed.
*/
unsigned char *alpn_selected;
size_t alpn_selected_len;
/* used by the server to know what options were proposed */
unsigned char *alpn_proposed;
size_t alpn_proposed_len;
/* used by the client to know if it actually sent alpn */
int alpn_sent;
# ifndef OPENSSL_NO_EC
/*
* This is set to true if we believe that this is a version of Safari
* running on OS X 10.6 or newer. We wish to know this because Safari on
* 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
*/
char is_probably_safari;
# endif /* !OPENSSL_NO_EC */
/* For clients: peer temporary key */
# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
/* The group_id for the DH/ECDH key */
uint16_t group_id;
EVP_PKEY *peer_tmp;
# endif
} s3;
struct dtls1_state_st *d1; /* DTLSv1 variables */ struct dtls1_state_st *d1; /* DTLSv1 variables */
/* callback that allows applications to peek at protocol messages */ /* callback that allows applications to peek at protocol messages */
void (*msg_callback) (int write_p, int version, int content_type, void (*msg_callback) (int write_p, int version, int content_type,
@ -1520,8 +1694,6 @@ typedef struct tls_group_info_st {
# define TLS_CURVE_CHAR2 0x1 # define TLS_CURVE_CHAR2 0x1
# define TLS_CURVE_CUSTOM 0x2 # define TLS_CURVE_CUSTOM 0x2
typedef struct cert_pkey_st CERT_PKEY;
/* /*
* Structure containing table entry of certificate info corresponding to * Structure containing table entry of certificate info corresponding to
* CERT_PKEY entries * CERT_PKEY entries
@ -1531,178 +1703,6 @@ typedef struct {
uint32_t amask; /* authmask corresponding to key type */ uint32_t amask; /* authmask corresponding to key type */
} SSL_CERT_LOOKUP; } SSL_CERT_LOOKUP;
typedef struct ssl3_state_st {
long flags;
size_t read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
size_t write_mac_secret_size;
unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
unsigned char server_random[SSL3_RANDOM_SIZE];
unsigned char client_random[SSL3_RANDOM_SIZE];
/* flags for countermeasure against known-IV weakness */
int need_empty_fragments;
int empty_fragment_done;
/* used during startup, digest all incoming/outgoing packets */
BIO *handshake_buffer;
/*
* When handshake digest is determined, buffer is hashed and
* freed and MD_CTX for the required digest is stored here.
*/
EVP_MD_CTX *handshake_dgst;
/*
* Set whenever an expected ChangeCipherSpec message is processed.
* Unset when the peer's Finished message is received.
* Unexpected ChangeCipherSpec messages trigger a fatal alert.
*/
int change_cipher_spec;
int warn_alert;
int fatal_alert;
/*
* we allow one fatal and one warning alert to be outstanding, send close
* alert via the warning alert
*/
int alert_dispatch;
unsigned char send_alert[2];
/*
* This flag is set when we should renegotiate ASAP, basically when there
* is no more data in the read or write buffers
*/
int renegotiate;
int total_renegotiations;
int num_renegotiations;
int in_read_app_data;
struct {
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
size_t finish_md_len;
unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
size_t peer_finish_md_len;
size_t message_size;
int message_type;
/* used to hold the new cipher we are going to use */
const SSL_CIPHER *new_cipher;
# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY *pkey; /* holds short lived DH/ECDH key */
# endif
/* used for certificate requests */
int cert_req;
/* Certificate types in certificate request message. */
uint8_t *ctype;
size_t ctype_len;
/* Certificate authorities list peer sent */
STACK_OF(X509_NAME) *peer_ca_names;
size_t key_block_length;
unsigned char *key_block;
const EVP_CIPHER *new_sym_enc;
const EVP_MD *new_hash;
int new_mac_pkey_type;
size_t new_mac_secret_size;
# ifndef OPENSSL_NO_COMP
const SSL_COMP *new_compression;
# else
char *new_compression;
# endif
int cert_request;
/* Raw values of the cipher list from a client */
unsigned char *ciphers_raw;
size_t ciphers_rawlen;
/* Temporary storage for premaster secret */
unsigned char *pms;
size_t pmslen;
# ifndef OPENSSL_NO_PSK
/* Temporary storage for PSK key */
unsigned char *psk;
size_t psklen;
# endif
/* Signature algorithm we actually use */
const SIGALG_LOOKUP *sigalg;
/* Pointer to certificate we use */
CERT_PKEY *cert;
/*
* signature algorithms peer reports: e.g. supported signature
* algorithms extension for server or as part of a certificate
* request for client.
* Keep track of the algorithms for TLS and X.509 usage separately.
*/
uint16_t *peer_sigalgs;
uint16_t *peer_cert_sigalgs;
/* Size of above arrays */
size_t peer_sigalgslen;
size_t peer_cert_sigalgslen;
/* Sigalg peer actually uses */
const SIGALG_LOOKUP *peer_sigalg;
/*
* Set if corresponding CERT_PKEY can be used with current
* SSL session: e.g. appropriate curve, signature algorithms etc.
* If zero it can't be used at all.
*/
uint32_t valid_flags[SSL_PKEY_NUM];
/*
* For servers the following masks are for the key and auth algorithms
* that are supported by the certs below. For clients they are masks of
* *disabled* algorithms based on the current session.
*/
uint32_t mask_k;
uint32_t mask_a;
/*
* The following are used by the client to see if a cipher is allowed or
* not. It contains the minimum and maximum version the client's using
* based on what it knows so far.
*/
int min_ver;
int max_ver;
} tmp;
/* Connection binding to prevent renegotiation attacks */
unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
size_t previous_client_finished_len;
unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
size_t previous_server_finished_len;
int send_connection_binding; /* TODOEKR */
# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* Set if we saw the Next Protocol Negotiation extension from our peer.
*/
int npn_seen;
# endif
/*
* ALPN information (we are in the process of transitioning from NPN to
* ALPN.)
*/
/*
* In a server these point to the selected ALPN protocol after the
* ClientHello has been processed. In a client these contain the protocol
* that the server selected once the ServerHello has been processed.
*/
unsigned char *alpn_selected;
size_t alpn_selected_len;
/* used by the server to know what options were proposed */
unsigned char *alpn_proposed;
size_t alpn_proposed_len;
/* used by the client to know if it actually sent alpn */
int alpn_sent;
# ifndef OPENSSL_NO_EC
/*
* This is set to true if we believe that this is a version of Safari
* running on OS X 10.6 or newer. We wish to know this because Safari on
* 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
*/
char is_probably_safari;
# endif /* !OPENSSL_NO_EC */
/* For clients: peer temporary key */
# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
/* The group_id for the DH/ECDH key */
uint16_t group_id;
EVP_PKEY *peer_tmp;
# endif
} SSL3_STATE;
/* DTLS structures */ /* DTLS structures */
# ifndef OPENSSL_NO_SCTP # ifndef OPENSSL_NO_SCTP
@ -2070,8 +2070,8 @@ typedef enum downgrade_en {
#define TLSEXT_KEX_MODE_FLAG_KE 1 #define TLSEXT_KEX_MODE_FLAG_KE 1
#define TLSEXT_KEX_MODE_FLAG_KE_DHE 2 #define TLSEXT_KEX_MODE_FLAG_KE_DHE 2
#define SSL_USE_PSS(s) (s->s3->tmp.peer_sigalg != NULL && \ #define SSL_USE_PSS(s) (s->s3.tmp.peer_sigalg != NULL && \
s->s3->tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS) s->s3.tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS)
/* A dummy signature value not valid for TLSv1.2 signature algs */ /* A dummy signature value not valid for TLSv1.2 signature algs */
#define TLSEXT_signature_rsa_pss 0x0101 #define TLSEXT_signature_rsa_pss 0x0101

View File

@ -438,7 +438,7 @@ int ssl_get_new_session(SSL *s, int session)
ss->verify_result = X509_V_OK; ss->verify_result = X509_V_OK;
/* If client supports extended master secret set it in session */ /* If client supports extended master secret set it in session */
if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
ss->flags |= SSL_SESS_FLAG_EXTMS; ss->flags |= SSL_SESS_FLAG_EXTMS;
return 1; return 1;
@ -620,13 +620,13 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
/* Check extended master secret extension consistency */ /* Check extended master secret extension consistency */
if (ret->flags & SSL_SESS_FLAG_EXTMS) { if (ret->flags & SSL_SESS_FLAG_EXTMS) {
/* If old session includes extms, but new does not: abort handshake */ /* If old session includes extms, but new does not: abort handshake */
if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)) { if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_GET_PREV_SESSION, SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_GET_PREV_SESSION,
SSL_R_INCONSISTENT_EXTMS); SSL_R_INCONSISTENT_EXTMS);
fatal = 1; fatal = 1;
goto err; goto err;
} }
} else if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
/* If new session includes extms, but old does not: do not resume */ /* If new session includes extms, but old does not: do not resume */
goto err; goto err;
} }

View File

@ -1030,8 +1030,8 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
if (s->server) if (s->server)
return 1; return 1;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
alg_a = s->s3->tmp.new_cipher->algorithm_auth; alg_a = s->s3.tmp.new_cipher->algorithm_auth;
/* /*
* If we are client and using an elliptic curve cryptography cipher * If we are client and using an elliptic curve cryptography cipher
@ -1092,7 +1092,7 @@ static int init_status_request(SSL *s, unsigned int context)
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
static int init_npn(SSL *s, unsigned int context) static int init_npn(SSL *s, unsigned int context)
{ {
s->s3->npn_seen = 0; s->s3.npn_seen = 0;
return 1; return 1;
} }
@ -1100,13 +1100,13 @@ static int init_npn(SSL *s, unsigned int context)
static int init_alpn(SSL *s, unsigned int context) static int init_alpn(SSL *s, unsigned int context)
{ {
OPENSSL_free(s->s3->alpn_selected); OPENSSL_free(s->s3.alpn_selected);
s->s3->alpn_selected = NULL; s->s3.alpn_selected = NULL;
s->s3->alpn_selected_len = 0; s->s3.alpn_selected_len = 0;
if (s->server) { if (s->server) {
OPENSSL_free(s->s3->alpn_proposed); OPENSSL_free(s->s3.alpn_proposed);
s->s3->alpn_proposed = NULL; s->s3.alpn_proposed = NULL;
s->s3->alpn_proposed_len = 0; s->s3.alpn_proposed_len = 0;
} }
return 1; return 1;
} }
@ -1134,8 +1134,8 @@ static int final_alpn(SSL *s, unsigned int context, int sent)
static int init_sig_algs(SSL *s, unsigned int context) static int init_sig_algs(SSL *s, unsigned int context)
{ {
/* Clear any signature algorithms extension received */ /* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_sigalgs); OPENSSL_free(s->s3.tmp.peer_sigalgs);
s->s3->tmp.peer_sigalgs = NULL; s->s3.tmp.peer_sigalgs = NULL;
return 1; return 1;
} }
@ -1143,8 +1143,8 @@ static int init_sig_algs(SSL *s, unsigned int context)
static int init_sig_algs_cert(SSL *s, unsigned int context) static int init_sig_algs_cert(SSL *s, unsigned int context)
{ {
/* Clear any signature algorithms extension received */ /* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
s->s3->tmp.peer_cert_sigalgs = NULL; s->s3.tmp.peer_cert_sigalgs = NULL;
return 1; return 1;
} }
@ -1168,7 +1168,7 @@ static int init_etm(SSL *s, unsigned int context)
static int init_ems(SSL *s, unsigned int context) static int init_ems(SSL *s, unsigned int context)
{ {
s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
return 1; return 1;
} }
@ -1180,7 +1180,7 @@ static int final_ems(SSL *s, unsigned int context, int sent)
* Check extended master secret extension is consistent with * Check extended master secret extension is consistent with
* original session. * original session.
*/ */
if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) != if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) !=
!(s->session->flags & SSL_SESS_FLAG_EXTMS)) { !(s->session->flags & SSL_SESS_FLAG_EXTMS)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
SSL_R_INCONSISTENT_EXTMS); SSL_R_INCONSISTENT_EXTMS);
@ -1193,8 +1193,8 @@ static int final_ems(SSL *s, unsigned int context, int sent)
static int init_certificate_authorities(SSL *s, unsigned int context) static int init_certificate_authorities(SSL *s, unsigned int context)
{ {
sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
s->s3->tmp.peer_ca_names = NULL; s->s3.tmp.peer_ca_names = NULL;
return 1; return 1;
} }
@ -1331,9 +1331,9 @@ static int final_key_share(SSL *s, unsigned int context, int sent)
* send a HelloRetryRequest * send a HelloRetryRequest
*/ */
if (s->server) { if (s->server) {
if (s->s3->peer_tmp != NULL) { if (s->s3.peer_tmp != NULL) {
/* We have a suitable key_share */ /* We have a suitable key_share */
if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0 if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0
&& !s->ext.cookieok) { && !s->ext.cookieok) {
if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
/* /*
@ -1377,7 +1377,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent)
if (i < num_groups) { if (i < num_groups) {
/* A shared group exists so send a HelloRetryRequest */ /* A shared group exists so send a HelloRetryRequest */
s->s3->group_id = group_id; s->s3.group_id = group_id;
s->hello_retry_request = SSL_HRR_PENDING; s->hello_retry_request = SSL_HRR_PENDING;
return 1; return 1;
} }
@ -1391,7 +1391,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent)
return 0; return 0;
} }
if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0 if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0
&& !s->ext.cookieok) { && !s->ext.cookieok) {
if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
/* /*
@ -1539,7 +1539,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
void *hdata; void *hdata;
hdatalen = hdatalen_l = hdatalen = hdatalen_l =
BIO_get_mem_data(s->s3->handshake_buffer, &hdata); BIO_get_mem_data(s->s3.handshake_buffer, &hdata);
if (hdatalen_l <= 0) { if (hdatalen_l <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
SSL_R_BAD_HANDSHAKE_LENGTH); SSL_R_BAD_HANDSHAKE_LENGTH);

View File

@ -22,8 +22,8 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
|| !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished, || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished,
s->s3->previous_client_finished_len) s->s3.previous_client_finished_len)
|| !WPACKET_close(pkt)) { || !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -387,7 +387,7 @@ EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
s->s3->alpn_sent = 0; s->s3.alpn_sent = 0;
if (s->ext.alpn == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) if (s->ext.alpn == NULL || !SSL_IS_FIRST_HANDSHAKE(s))
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
@ -402,7 +402,7 @@ EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
} }
s->s3->alpn_sent = 1; s->s3.alpn_sent = 1;
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
@ -591,7 +591,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
EVP_PKEY *key_share_key = NULL; EVP_PKEY *key_share_key = NULL;
size_t encodedlen; size_t encodedlen;
if (s->s3->tmp.pkey != NULL) { if (s->s3.tmp.pkey != NULL) {
if (!ossl_assert(s->hello_retry_request == SSL_HRR_PENDING)) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_PENDING)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -600,7 +600,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
/* /*
* Could happen if we got an HRR that wasn't requesting a new key_share * Could happen if we got an HRR that wasn't requesting a new key_share
*/ */
key_share_key = s->s3->tmp.pkey; key_share_key = s->s3.tmp.pkey;
} else { } else {
key_share_key = ssl_generate_pkey_group(s, curve_id); key_share_key = ssl_generate_pkey_group(s, curve_id);
if (key_share_key == NULL) { if (key_share_key == NULL) {
@ -630,13 +630,13 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
* going to need to be able to save more than one EVP_PKEY. For now * going to need to be able to save more than one EVP_PKEY. For now
* we reuse the existing tmp.pkey * we reuse the existing tmp.pkey
*/ */
s->s3->tmp.pkey = key_share_key; s->s3.tmp.pkey = key_share_key;
s->s3->group_id = curve_id; s->s3.group_id = curve_id;
OPENSSL_free(encoded_point); OPENSSL_free(encoded_point);
return 1; return 1;
err: err:
if (s->s3->tmp.pkey == NULL) if (s->s3.tmp.pkey == NULL)
EVP_PKEY_free(key_share_key); EVP_PKEY_free(key_share_key);
OPENSSL_free(encoded_point); OPENSSL_free(encoded_point);
return 0; return 0;
@ -669,8 +669,8 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
* TODO(TLS1.3): Make the number of key_shares sent configurable. For * TODO(TLS1.3): Make the number of key_shares sent configurable. For
* now, just send one * now, just send one
*/ */
if (s->s3->group_id != 0) { if (s->s3.group_id != 0) {
curve_id = s->s3->group_id; curve_id = s->s3.group_id;
} else { } else {
for (i = 0; i < num_groups; i++) { for (i = 0; i < num_groups; i++) {
@ -1224,16 +1224,16 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt,
int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
size_t expected_len = s->s3->previous_client_finished_len size_t expected_len = s->s3.previous_client_finished_len
+ s->s3->previous_server_finished_len; + s->s3.previous_server_finished_len;
size_t ilen; size_t ilen;
const unsigned char *data; const unsigned char *data;
/* Check for logic errors */ /* Check for logic errors */
if (!ossl_assert(expected_len == 0 if (!ossl_assert(expected_len == 0
|| s->s3->previous_client_finished_len != 0) || s->s3.previous_client_finished_len != 0)
|| !ossl_assert(expected_len == 0 || !ossl_assert(expected_len == 0
|| s->s3->previous_server_finished_len != 0)) { || s->s3.previous_server_finished_len != 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
@ -1260,22 +1260,22 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
return 0; return 0;
} }
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len) if (!PACKET_get_bytes(pkt, &data, s->s3.previous_client_finished_len)
|| memcmp(data, s->s3->previous_client_finished, || memcmp(data, s->s3.previous_client_finished,
s->s3->previous_client_finished_len) != 0) { s->s3.previous_client_finished_len) != 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH); SSL_R_RENEGOTIATION_MISMATCH);
return 0; return 0;
} }
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len) if (!PACKET_get_bytes(pkt, &data, s->s3.previous_server_finished_len)
|| memcmp(data, s->s3->previous_server_finished, || memcmp(data, s->s3.previous_server_finished,
s->s3->previous_server_finished_len) != 0) { s->s3.previous_server_finished_len) != 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH); SSL_R_RENEGOTIATION_MISMATCH);
return 0; return 0;
} }
s->s3->send_connection_binding = 1; s->s3.send_connection_binding = 1;
return 1; return 1;
} }
@ -1602,7 +1602,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
memcpy(s->ext.npn, selected, selected_len); memcpy(s->ext.npn, selected, selected_len);
s->ext.npn_len = selected_len; s->ext.npn_len = selected_len;
s->s3->npn_seen = 1; s->s3.npn_seen = 1;
return 1; return 1;
} }
@ -1614,7 +1614,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t len; size_t len;
/* We must have requested it. */ /* We must have requested it. */
if (!s->s3->alpn_sent) { if (!s->s3.alpn_sent) {
SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_ALPN, SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_ALPN,
SSL_R_BAD_EXTENSION); SSL_R_BAD_EXTENSION);
return 0; return 0;
@ -1632,23 +1632,23 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
SSL_R_BAD_EXTENSION); SSL_R_BAD_EXTENSION);
return 0; return 0;
} }
OPENSSL_free(s->s3->alpn_selected); OPENSSL_free(s->s3.alpn_selected);
s->s3->alpn_selected = OPENSSL_malloc(len); s->s3.alpn_selected = OPENSSL_malloc(len);
if (s->s3->alpn_selected == NULL) { if (s->s3.alpn_selected == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
if (!PACKET_copy_bytes(pkt, s->s3->alpn_selected, len)) { if (!PACKET_copy_bytes(pkt, s->s3.alpn_selected, len)) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
SSL_R_BAD_EXTENSION); SSL_R_BAD_EXTENSION);
return 0; return 0;
} }
s->s3->alpn_selected_len = len; s->s3.alpn_selected_len = len;
if (s->session->ext.alpn_selected == NULL if (s->session->ext.alpn_selected == NULL
|| s->session->ext.alpn_selected_len != len || s->session->ext.alpn_selected_len != len
|| memcmp(s->session->ext.alpn_selected, s->s3->alpn_selected, len) || memcmp(s->session->ext.alpn_selected, s->s3.alpn_selected, len)
!= 0) { != 0) {
/* ALPN not consistent with the old session so cannot use early_data */ /* ALPN not consistent with the old session so cannot use early_data */
s->ext.early_data_ok = 0; s->ext.early_data_ok = 0;
@ -1664,13 +1664,13 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 0; return 0;
} }
s->session->ext.alpn_selected = s->session->ext.alpn_selected =
OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len);
if (s->session->ext.alpn_selected == NULL) { if (s->session->ext.alpn_selected == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
s->session->ext.alpn_selected_len = s->s3->alpn_selected_len; s->session->ext.alpn_selected_len = s->s3.alpn_selected_len;
} }
return 1; return 1;
@ -1733,8 +1733,8 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
{ {
/* Ignore if inappropriate ciphersuite */ /* Ignore if inappropriate ciphersuite */
if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
&& s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD
&& s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4) && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4)
s->ext.use_etm = 1; s->ext.use_etm = 1;
return 1; return 1;
@ -1745,7 +1745,7 @@ int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
{ {
if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET)
return 1; return 1;
s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; s->s3.flags |= TLS1_FLAGS_RECEIVED_EXTMS;
if (!s->hit) if (!s->hit)
s->session->flags |= SSL_SESS_FLAG_EXTMS; s->session->flags |= SSL_SESS_FLAG_EXTMS;
@ -1792,10 +1792,10 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
#ifndef OPENSSL_NO_TLS1_3 #ifndef OPENSSL_NO_TLS1_3
unsigned int group_id; unsigned int group_id;
PACKET encoded_pt; PACKET encoded_pt;
EVP_PKEY *ckey = s->s3->tmp.pkey, *skey = NULL; EVP_PKEY *ckey = s->s3.tmp.pkey, *skey = NULL;
/* Sanity check */ /* Sanity check */
if (ckey == NULL || s->s3->peer_tmp != NULL) { if (ckey == NULL || s->s3.peer_tmp != NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
@ -1821,7 +1821,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
* It is an error if the HelloRetryRequest wants a key_share that we * It is an error if the HelloRetryRequest wants a key_share that we
* already sent in the first ClientHello * already sent in the first ClientHello
*/ */
if (group_id == s->s3->group_id) { if (group_id == s->s3.group_id) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE); SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
return 0; return 0;
@ -1840,13 +1840,13 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 0; return 0;
} }
s->s3->group_id = group_id; s->s3.group_id = group_id;
EVP_PKEY_free(s->s3->tmp.pkey); EVP_PKEY_free(s->s3.tmp.pkey);
s->s3->tmp.pkey = NULL; s->s3.tmp.pkey = NULL;
return 1; return 1;
} }
if (group_id != s->s3->group_id) { if (group_id != s->s3.group_id) {
/* /*
* This isn't for the group that we sent in the original * This isn't for the group that we sent in the original
* key_share! * key_share!
@ -1882,7 +1882,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
EVP_PKEY_free(skey); EVP_PKEY_free(skey);
return 0; return 0;
} }
s->s3->peer_tmp = skey; s->s3.peer_tmp = skey;
#endif #endif
return 1; return 1;

View File

@ -53,20 +53,20 @@ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
} }
/* Check that the extension matches */ /* Check that the extension matches */
if (ilen != s->s3->previous_client_finished_len) { if (ilen != s->s3.previous_client_finished_len) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH); SSL_R_RENEGOTIATION_MISMATCH);
return 0; return 0;
} }
if (memcmp(data, s->s3->previous_client_finished, if (memcmp(data, s->s3.previous_client_finished,
s->s3->previous_client_finished_len)) { s->s3.previous_client_finished_len)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH); SSL_R_RENEGOTIATION_MISMATCH);
return 0; return 0;
} }
s->s3->send_connection_binding = 1; s->s3.send_connection_binding = 1;
return 1; return 1;
} }
@ -446,7 +446,7 @@ int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
* renegotiation. * renegotiation.
*/ */
if (SSL_IS_FIRST_HANDSHAKE(s)) if (SSL_IS_FIRST_HANDSHAKE(s))
s->s3->npn_seen = 1; s->s3.npn_seen = 1;
return 1; return 1;
} }
@ -482,11 +482,11 @@ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
} while (PACKET_remaining(&protocol_list) != 0); } while (PACKET_remaining(&protocol_list) != 0);
OPENSSL_free(s->s3->alpn_proposed); OPENSSL_free(s->s3.alpn_proposed);
s->s3->alpn_proposed = NULL; s->s3.alpn_proposed = NULL;
s->s3->alpn_proposed_len = 0; s->s3.alpn_proposed_len = 0;
if (!PACKET_memdup(&save_protocol_list, if (!PACKET_memdup(&save_protocol_list,
&s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) { &s->s3.alpn_proposed, &s->s3.alpn_proposed_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
@ -621,7 +621,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1; return 1;
/* Sanity check */ /* Sanity check */
if (s->s3->peer_tmp != NULL) { if (s->s3.peer_tmp != NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
@ -648,7 +648,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 0; return 0;
} }
if (s->s3->group_id != 0 && PACKET_remaining(&key_share_list) == 0) { if (s->s3.group_id != 0 && PACKET_remaining(&key_share_list) == 0) {
/* /*
* If we set a group_id already, then we must have sent an HRR * If we set a group_id already, then we must have sent an HRR
* requesting a new key_share. If we haven't got one then that is an * requesting a new key_share. If we haven't got one then that is an
@ -679,8 +679,8 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
* If we sent an HRR then the key_share sent back MUST be for the group * If we sent an HRR then the key_share sent back MUST be for the group
* we requested, and must be the only key_share sent. * we requested, and must be the only key_share sent.
*/ */
if (s->s3->group_id != 0 if (s->s3.group_id != 0
&& (group_id != s->s3->group_id && (group_id != s->s3.group_id
|| PACKET_remaining(&key_share_list) != 0)) { || PACKET_remaining(&key_share_list) != 0)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE); SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
@ -700,15 +700,15 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
continue; continue;
} }
if ((s->s3->peer_tmp = ssl_generate_param_group(group_id)) == NULL) { if ((s->s3.peer_tmp = ssl_generate_param_group(group_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0; return 0;
} }
s->s3->group_id = group_id; s->s3.group_id = group_id;
if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp,
PACKET_data(&encoded_pt), PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) { PACKET_remaining(&encoded_pt))) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
@ -740,7 +740,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
/* Ignore any cookie if we're not set up to verify it */ /* Ignore any cookie if we're not set up to verify it */
if (s->ctx->verify_stateless_cookie_cb == NULL if (s->ctx->verify_stateless_cookie_cb == NULL
|| (s->s3->flags & TLS1_FLAGS_STATELESS) == 0) || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0)
return 1; return 1;
if (!PACKET_as_length_prefixed_2(pkt, &cookie)) { if (!PACKET_as_length_prefixed_2(pkt, &cookie)) {
@ -833,8 +833,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
SSL_R_LENGTH_MISMATCH); SSL_R_LENGTH_MISMATCH);
return 0; return 0;
} }
if (group_id != s->s3->group_id if (group_id != s->s3.group_id
|| s->s3->tmp.new_cipher || s->s3.tmp.new_cipher
!= ssl_get_cipher_by_char(s, ciphdata, 0)) { != ssl_get_cipher_by_char(s, ciphdata, 0)) {
/* /*
* We chose a different cipher or group id this time around to what is * We chose a different cipher or group id this time around to what is
@ -886,7 +886,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|| !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE) || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE)
|| !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id,
s->tmp_session_id_len) s->tmp_session_id_len)
|| !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, &hrrpkt, || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt,
&ciphlen) &ciphlen)
|| !WPACKET_put_bytes_u8(&hrrpkt, 0) || !WPACKET_put_bytes_u8(&hrrpkt, 0)
|| !WPACKET_start_sub_packet_u16(&hrrpkt)) { || !WPACKET_start_sub_packet_u16(&hrrpkt)) {
@ -907,7 +907,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
if (key_share) { if (key_share) {
if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_key_share) if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_key_share)
|| !WPACKET_start_sub_packet_u16(&hrrpkt) || !WPACKET_start_sub_packet_u16(&hrrpkt)
|| !WPACKET_put_bytes_u16(&hrrpkt, s->s3->group_id) || !WPACKET_put_bytes_u16(&hrrpkt, s->s3.group_id)
|| !WPACKET_close(&hrrpkt)) { || !WPACKET_close(&hrrpkt)) {
WPACKET_cleanup(&hrrpkt); WPACKET_cleanup(&hrrpkt);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
@ -992,7 +992,7 @@ int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET)
return 1; return 1;
s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; s->s3.flags |= TLS1_FLAGS_RECEIVED_EXTMS;
return 1; return 1;
} }
@ -1234,7 +1234,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
md = ssl_md(sess->cipher->algorithm2); md = ssl_md(sess->cipher->algorithm2);
if (md != ssl_md(s->s3->tmp.new_cipher->algorithm2)) { if (md != ssl_md(s->s3.tmp.new_cipher->algorithm2)) {
/* The ciphersuite is not compatible with this session. */ /* The ciphersuite is not compatible with this session. */
SSL_SESSION_free(sess); SSL_SESSION_free(sess);
sess = NULL; sess = NULL;
@ -1308,17 +1308,17 @@ EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
if (!s->s3->send_connection_binding) if (!s->s3.send_connection_binding)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
/* Still add this even if SSL_OP_NO_RENEGOTIATION is set */ /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
|| !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_start_sub_packet_u8(pkt) || !WPACKET_start_sub_packet_u8(pkt)
|| !WPACKET_memcpy(pkt, s->s3->previous_client_finished, || !WPACKET_memcpy(pkt, s->s3.previous_client_finished,
s->s3->previous_client_finished_len) s->s3.previous_client_finished_len)
|| !WPACKET_memcpy(pkt, s->s3->previous_server_finished, || !WPACKET_memcpy(pkt, s->s3.previous_server_finished,
s->s3->previous_server_finished_len) s->s3.previous_server_finished_len)
|| !WPACKET_close(pkt) || !WPACKET_close(pkt)
|| !WPACKET_close(pkt)) { || !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE,
@ -1376,8 +1376,8 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; unsigned long alg_a = s->s3.tmp.new_cipher->algorithm_auth;
int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
&& (s->session->ext.ecpointformats != NULL); && (s->session->ext.ecpointformats != NULL);
const unsigned char *plist; const unsigned char *plist;
@ -1408,8 +1408,8 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
const uint16_t *groups; const uint16_t *groups;
size_t numgroups, i, first = 1; size_t numgroups, i, first = 1;
/* s->s3->group_id is non zero if we accepted a key_share */ /* s->s3.group_id is non zero if we accepted a key_share */
if (s->s3->group_id == 0) if (s->s3.group_id == 0)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
/* Get our list of supported groups */ /* Get our list of supported groups */
@ -1430,7 +1430,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
* Check if the client is already using our preferred group. If * Check if the client is already using our preferred group. If
* so we don't need to add this extension * so we don't need to add this extension
*/ */
if (s->s3->group_id == group) if (s->s3.group_id == group)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
/* Add extension header */ /* Add extension header */
@ -1530,9 +1530,9 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
const unsigned char *npa; const unsigned char *npa;
unsigned int npalen; unsigned int npalen;
int ret; int ret;
int npn_seen = s->s3->npn_seen; int npn_seen = s->s3.npn_seen;
s->s3->npn_seen = 0; s->s3.npn_seen = 0;
if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL) if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
@ -1546,7 +1546,7 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
} }
s->s3->npn_seen = 1; s->s3.npn_seen = 1;
} }
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
@ -1556,15 +1556,15 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (s->s3->alpn_selected == NULL) if (s->s3.alpn_selected == NULL)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
if (!WPACKET_put_bytes_u16(pkt, if (!WPACKET_put_bytes_u16(pkt,
TLSEXT_TYPE_application_layer_protocol_negotiation) TLSEXT_TYPE_application_layer_protocol_negotiation)
|| !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_sub_memcpy_u8(pkt, s->s3->alpn_selected, || !WPACKET_sub_memcpy_u8(pkt, s->s3.alpn_selected,
s->s3->alpn_selected_len) s->s3.alpn_selected_len)
|| !WPACKET_close(pkt) || !WPACKET_close(pkt)
|| !WPACKET_close(pkt)) { || !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
@ -1608,10 +1608,10 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
* Don't use encrypt_then_mac if AEAD or RC4 might want to disable * Don't use encrypt_then_mac if AEAD or RC4 might want to disable
* for other cases too. * for other cases too.
*/ */
if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD if (s->s3.tmp.new_cipher->algorithm_mac == SSL_AEAD
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4 || s->s3.tmp.new_cipher->algorithm_enc == SSL_RC4
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT || s->s3.tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) { || s->s3.tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) {
s->ext.use_etm = 0; s->ext.use_etm = 0;
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
} }
@ -1629,7 +1629,7 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if ((s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
@ -1673,7 +1673,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
#ifndef OPENSSL_NO_TLS1_3 #ifndef OPENSSL_NO_TLS1_3
unsigned char *encodedPoint; unsigned char *encodedPoint;
size_t encoded_pt_len = 0; size_t encoded_pt_len = 0;
EVP_PKEY *ckey = s->s3->peer_tmp, *skey = NULL; EVP_PKEY *ckey = s->s3.peer_tmp, *skey = NULL;
if (s->hello_retry_request == SSL_HRR_PENDING) { if (s->hello_retry_request == SSL_HRR_PENDING) {
if (ckey != NULL) { if (ckey != NULL) {
@ -1682,7 +1682,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
} }
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
|| !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_put_bytes_u16(pkt, s->s3->group_id) || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)
|| !WPACKET_close(pkt)) { || !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
@ -1705,7 +1705,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
|| !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_put_bytes_u16(pkt, s->s3->group_id)) { || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR); SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
@ -1738,7 +1738,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
OPENSSL_free(encodedPoint); OPENSSL_free(encodedPoint);
/* This causes the crypto state to be updated based on the derived keys */ /* This causes the crypto state to be updated based on the derived keys */
s->s3->tmp.pkey = skey; s->s3.tmp.pkey = skey;
if (ssl_derive(s, skey, ckey, 1) == 0) { if (ssl_derive(s, skey, ckey, 1) == 0) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
@ -1760,7 +1760,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
EVP_PKEY *pkey; EVP_PKEY *pkey;
int ret = EXT_RETURN_FAIL; int ret = EXT_RETURN_FAIL;
if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0) if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
if (s->ctx->gen_stateless_cookie_cb == NULL) { if (s->ctx->gen_stateless_cookie_cb == NULL) {
@ -1776,11 +1776,11 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
|| !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie) || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie)
|| !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION)
|| !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
|| !WPACKET_put_bytes_u16(pkt, s->s3->group_id) || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)
|| !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt,
&ciphlen) &ciphlen)
/* Is there a key_share extension present in this HRR? */ /* Is there a key_share extension present in this HRR? */
|| !WPACKET_put_bytes_u8(pkt, s->s3->peer_tmp == NULL) || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL)
|| !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL)) || !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL))
|| !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) {
@ -1895,8 +1895,8 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
}; };
if (((s->s3->tmp.new_cipher->id & 0xFFFF) != 0x80 if (((s->s3.tmp.new_cipher->id & 0xFFFF) != 0x80
&& (s->s3->tmp.new_cipher->id & 0xFFFF) != 0x81) && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81)
|| (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;

View File

@ -319,7 +319,7 @@ static int state_machine(SSL *s, int server)
* If we are stateless then we already called SSL_clear() - don't do * If we are stateless then we already called SSL_clear() - don't do
* it again and clear the STATELESS flag itself. * it again and clear the STATELESS flag itself.
*/ */
if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s)) if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s))
return -1; return -1;
} }
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
@ -399,7 +399,7 @@ static int state_machine(SSL *s, int server)
/* /*
* Should have been reset by tls_process_finished, too. * Should have been reset by tls_process_finished, too.
*/ */
s->s3->change_cipher_spec = 0; s->s3.change_cipher_spec = 0;
/* /*
* Ok, we now need to push on a buffering BIO ...but not with * Ok, we now need to push on a buffering BIO ...but not with
@ -598,7 +598,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
if (!transition(s, mt)) if (!transition(s, mt))
return SUB_STATE_ERROR; return SUB_STATE_ERROR;
if (s->s3->tmp.message_size > max_message_size(s)) { if (s->s3.tmp.message_size > max_message_size(s)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE, SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE,
SSL_R_EXCESSIVE_MESSAGE_SIZE); SSL_R_EXCESSIVE_MESSAGE_SIZE);
return SUB_STATE_ERROR; return SUB_STATE_ERROR;
@ -606,8 +606,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
/* dtls_get_message already did this */ /* dtls_get_message already did this */
if (!SSL_IS_DTLS(s) if (!SSL_IS_DTLS(s)
&& s->s3->tmp.message_size > 0 && s->s3.tmp.message_size > 0
&& !grow_init_buf(s, s->s3->tmp.message_size && !grow_init_buf(s, s->s3.tmp.message_size
+ SSL3_HM_HEADER_LENGTH)) { + SSL3_HM_HEADER_LENGTH)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
ERR_R_BUF_LIB); ERR_R_BUF_LIB);
@ -923,7 +923,7 @@ int ossl_statem_app_data_allowed(SSL *s)
if (st->state == MSG_FLOW_UNINITED) if (st->state == MSG_FLOW_UNINITED)
return 0; return 0;
if (!s->s3->in_read_app_data || (s->s3->total_renegotiations == 0)) if (!s->s3.in_read_app_data || (s->s3.total_renegotiations == 0))
return 0; return 0;
if (s->server) { if (s->server) {
@ -952,7 +952,7 @@ int ossl_statem_app_data_allowed(SSL *s)
*/ */
int ossl_statem_export_allowed(SSL *s) int ossl_statem_export_allowed(SSL *s)
{ {
return s->s3->previous_server_finished_len != 0 return s->s3.previous_server_finished_len != 0
&& s->statem.hand_state != TLS_ST_SW_FINISHED; && s->statem.hand_state != TLS_ST_SW_FINISHED;
} }

View File

@ -44,8 +44,8 @@ static ossl_inline int cert_req_allowed(SSL *s)
{ {
/* TLS does not like anon-DH with client cert */ /* TLS does not like anon-DH with client cert */
if ((s->version > SSL3_VERSION if ((s->version > SSL3_VERSION
&& (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) && (s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL))
|| (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK))) || (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
return 0; return 0;
return 1; return 1;
@ -60,7 +60,7 @@ static ossl_inline int cert_req_allowed(SSL *s)
*/ */
static int key_exchange_expected(SSL *s) static int key_exchange_expected(SSL *s)
{ {
long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
/* /*
* Can't skip server key exchange if this is an ephemeral * Can't skip server key exchange if this is an ephemeral
@ -272,7 +272,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
s->hit = 1; s->hit = 1;
st->hand_state = TLS_ST_CR_CHANGE; st->hand_state = TLS_ST_CR_CHANGE;
return 1; return 1;
} else if (!(s->s3->tmp.new_cipher->algorithm_auth } else if (!(s->s3.tmp.new_cipher->algorithm_auth
& (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
if (mt == SSL3_MT_CERTIFICATE) { if (mt == SSL3_MT_CERTIFICATE) {
st->hand_state = TLS_ST_CR_CERT; st->hand_state = TLS_ST_CR_CERT;
@ -282,7 +282,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
ske_expected = key_exchange_expected(s); ske_expected = key_exchange_expected(s);
/* SKE is optional for some PSK ciphersuites */ /* SKE is optional for some PSK ciphersuites */
if (ske_expected if (ske_expected
|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK)
&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) { && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) { if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
st->hand_state = TLS_ST_CR_KEY_EXCH; st->hand_state = TLS_ST_CR_KEY_EXCH;
@ -314,7 +314,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
case TLS_ST_CR_CERT_STATUS: case TLS_ST_CR_CERT_STATUS:
ske_expected = key_exchange_expected(s); ske_expected = key_exchange_expected(s);
/* SKE is optional for some PSK ciphersuites */ /* SKE is optional for some PSK ciphersuites */
if (ske_expected || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) if (ske_expected || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK)
&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) { && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) { if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
st->hand_state = TLS_ST_CR_KEY_EXCH; st->hand_state = TLS_ST_CR_KEY_EXCH;
@ -446,7 +446,7 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
&& s->hello_retry_request == SSL_HRR_NONE) && s->hello_retry_request == SSL_HRR_NONE)
st->hand_state = TLS_ST_CW_CHANGE; st->hand_state = TLS_ST_CW_CHANGE;
else else
st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT st->hand_state = (s->s3.tmp.cert_req != 0) ? TLS_ST_CW_CERT
: TLS_ST_CW_FINISHED; : TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
@ -459,13 +459,13 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
case TLS_ST_CW_END_OF_EARLY_DATA: case TLS_ST_CW_END_OF_EARLY_DATA:
case TLS_ST_CW_CHANGE: case TLS_ST_CW_CHANGE:
st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT st->hand_state = (s->s3.tmp.cert_req != 0) ? TLS_ST_CW_CERT
: TLS_ST_CW_FINISHED; : TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CERT: case TLS_ST_CW_CERT:
/* If a non-empty Certificate we also send CertificateVerify */ /* If a non-empty Certificate we also send CertificateVerify */
st->hand_state = (s->s3->tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY st->hand_state = (s->s3.tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY
: TLS_ST_CW_FINISHED; : TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
@ -574,7 +574,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
case TLS_ST_CR_SRVR_DONE: case TLS_ST_CR_SRVR_DONE:
if (s->s3->tmp.cert_req) if (s->s3.tmp.cert_req)
st->hand_state = TLS_ST_CW_CERT; st->hand_state = TLS_ST_CW_CERT;
else else
st->hand_state = TLS_ST_CW_KEY_EXCH; st->hand_state = TLS_ST_CW_KEY_EXCH;
@ -595,12 +595,12 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
* need to skip the certificate verify message when client's * need to skip the certificate verify message when client's
* ECDH public key is sent inside the client certificate. * ECDH public key is sent inside the client certificate.
*/ */
if (s->s3->tmp.cert_req == 1) { if (s->s3.tmp.cert_req == 1) {
st->hand_state = TLS_ST_CW_CERT_VRFY; st->hand_state = TLS_ST_CW_CERT_VRFY;
} else { } else {
st->hand_state = TLS_ST_CW_CHANGE; st->hand_state = TLS_ST_CW_CHANGE;
} }
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { if (s->s3.flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
st->hand_state = TLS_ST_CW_CHANGE; st->hand_state = TLS_ST_CW_CHANGE;
} }
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
@ -618,7 +618,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
#if defined(OPENSSL_NO_NEXTPROTONEG) #if defined(OPENSSL_NO_NEXTPROTONEG)
st->hand_state = TLS_ST_CW_FINISHED; st->hand_state = TLS_ST_CW_FINISHED;
#else #else
if (!SSL_IS_DTLS(s) && s->s3->npn_seen) if (!SSL_IS_DTLS(s) && s->s3.npn_seen)
st->hand_state = TLS_ST_CW_NEXT_PROTO; st->hand_state = TLS_ST_CW_NEXT_PROTO;
else else
st->hand_state = TLS_ST_CW_FINISHED; st->hand_state = TLS_ST_CW_FINISHED;
@ -803,14 +803,14 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
return WORK_ERROR; return WORK_ERROR;
break; break;
} }
s->session->cipher = s->s3->tmp.new_cipher; s->session->cipher = s->s3.tmp.new_cipher;
#ifdef OPENSSL_NO_COMP #ifdef OPENSSL_NO_COMP
s->session->compress_meth = 0; s->session->compress_meth = 0;
#else #else
if (s->s3->tmp.new_compression == NULL) if (s->s3.tmp.new_compression == NULL)
s->session->compress_meth = 0; s->session->compress_meth = 0;
else else
s->session->compress_meth = s->s3->tmp.new_compression->id; s->session->compress_meth = s->s3.tmp.new_compression->id;
#endif #endif
if (!s->method->ssl3_enc->setup_key_block(s)) { if (!s->method->ssl3_enc->setup_key_block(s)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
@ -1132,7 +1132,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
} }
/* else use the pre-loaded session */ /* else use the pre-loaded session */
p = s->s3->client_random; p = s->s3.client_random;
/* /*
* for DTLS if client_random is initialized, reuse it, we are * for DTLS if client_random is initialized, reuse it, we are
@ -1141,7 +1141,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
if (SSL_IS_DTLS(s)) { if (SSL_IS_DTLS(s)) {
size_t idx; size_t idx;
i = 1; i = 1;
for (idx = 0; idx < sizeof(s->s3->client_random); idx++) { for (idx = 0; idx < sizeof(s->s3.client_random); idx++) {
if (p[idx]) { if (p[idx]) {
i = 0; i = 0;
break; break;
@ -1151,7 +1151,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
i = (s->hello_retry_request == SSL_HRR_NONE); i = (s->hello_retry_request == SSL_HRR_NONE);
} }
if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random), if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random),
DOWNGRADE_NONE) <= 0) { DOWNGRADE_NONE) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -1192,7 +1192,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
* supported_versions extension for the real supported versions. * supported_versions extension for the real supported versions.
*/ */
if (!WPACKET_put_bytes_u16(pkt, s->client_version) if (!WPACKET_put_bytes_u16(pkt, s->client_version)
|| !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) { || !WPACKET_memcpy(pkt, s->s3.client_random, SSL3_RANDOM_SIZE)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
@ -1270,7 +1270,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
if (ssl_allow_compression(s) if (ssl_allow_compression(s)
&& s->ctx->comp_methods && s->ctx->comp_methods
&& (SSL_IS_DTLS(s) || s->s3->tmp.max_ver < TLS1_3_VERSION)) { && (SSL_IS_DTLS(s) || s->s3.tmp.max_ver < TLS1_3_VERSION)) {
int compnum = sk_SSL_COMP_num(s->ctx->comp_methods); int compnum = sk_SSL_COMP_num(s->ctx->comp_methods);
for (i = 0; i < compnum; i++) { for (i = 0; i < compnum; i++) {
comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
@ -1360,8 +1360,8 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars)
return 0; return 0;
} }
if (SSL_IS_TLS13(s) && s->s3->tmp.new_cipher != NULL if (SSL_IS_TLS13(s) && s->s3.tmp.new_cipher != NULL
&& s->s3->tmp.new_cipher->id != c->id) { && s->s3.tmp.new_cipher->id != c->id) {
/* ServerHello selected a different ciphersuite to that in the HRR */ /* ServerHello selected a different ciphersuite to that in the HRR */
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
SSL_R_WRONG_CIPHER_RETURNED); SSL_R_WRONG_CIPHER_RETURNED);
@ -1398,7 +1398,7 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars)
return 0; return 0;
} }
} }
s->s3->tmp.new_cipher = c; s->s3.tmp.new_cipher = c;
return 1; return 1;
} }
@ -1436,7 +1436,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
goto err; goto err;
} }
} else { } else {
if (!PACKET_copy_bytes(pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) { if (!PACKET_copy_bytes(pkt, s->s3.server_random, SSL3_RANDOM_SIZE)) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
SSL_R_LENGTH_MISMATCH); SSL_R_LENGTH_MISMATCH);
goto err; goto err;
@ -1648,8 +1648,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
* Now that we know the version, update the check to see if it's an allowed * Now that we know the version, update the check to see if it's an allowed
* version. * version.
*/ */
s->s3->tmp.min_ver = s->version; s->s3.tmp.min_ver = s->version;
s->s3->tmp.max_ver = s->version; s->s3.tmp.max_ver = s->version;
if (!set_client_ciphersuite(s, cipherchars)) { if (!set_client_ciphersuite(s, cipherchars)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
@ -1692,7 +1692,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
goto err; goto err;
} else { } else {
s->s3->tmp.new_compression = comp; s->s3.tmp.new_compression = comp;
} }
#endif #endif
@ -1778,7 +1778,7 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s,
if (s->ext.tls13_cookie_len == 0 if (s->ext.tls13_cookie_len == 0
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
&& s->s3->tmp.pkey != NULL && s->s3.tmp.pkey != NULL
#endif #endif
) { ) {
/* /*
@ -1959,7 +1959,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
* type. * type.
*/ */
if (!SSL_IS_TLS13(s)) { if (!SSL_IS_TLS13(s)) {
if ((clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0) { if ((clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0) {
x = NULL; x = NULL;
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
@ -2074,7 +2074,7 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
} }
/* We must check if there is a certificate */ /* We must check if there is a certificate */
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS)) if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
*pkey = X509_get0_pubkey(s->session->peer); *pkey = X509_get0_pubkey(s->session->peer);
return 1; return 1;
@ -2164,13 +2164,13 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
goto err; goto err;
} }
s->s3->peer_tmp = peer_tmp; s->s3.peer_tmp = peer_tmp;
/* /*
* FIXME: This makes assumptions about which ciphersuites come with * FIXME: This makes assumptions about which ciphersuites come with
* public keys. We should have a less ad-hoc way of doing this * public keys. We should have a less ad-hoc way of doing this
*/ */
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS)) if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
*pkey = X509_get0_pubkey(s->session->peer); *pkey = X509_get0_pubkey(s->session->peer);
/* else anonymous DH, so no certificate or pkey. */ /* else anonymous DH, so no certificate or pkey. */
@ -2218,7 +2218,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
return 0; return 0;
} }
if ((s->s3->peer_tmp = ssl_generate_param_group(curve_id)) == NULL) { if ((s->s3.peer_tmp = ssl_generate_param_group(curve_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0; return 0;
@ -2230,7 +2230,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
return 0; return 0;
} }
if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp,
PACKET_data(&encoded_pt), PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) { PACKET_remaining(&encoded_pt))) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE, SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE,
@ -2243,9 +2243,9 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
* ECParameters in the server key exchange message. We do support RSA * ECParameters in the server key exchange message. We do support RSA
* and ECDSA. * and ECDSA.
*/ */
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA)
*pkey = X509_get0_pubkey(s->session->peer); *pkey = X509_get0_pubkey(s->session->peer);
else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA) else if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aRSA)
*pkey = X509_get0_pubkey(s->session->peer); *pkey = X509_get0_pubkey(s->session->peer);
/* else anonymous ECDH, so no certificate or pkey. */ /* else anonymous ECDH, so no certificate or pkey. */
@ -2265,13 +2265,13 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
EVP_PKEY_CTX *pctx = NULL; EVP_PKEY_CTX *pctx = NULL;
PACKET save_param_start, signature; PACKET save_param_start, signature;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
save_param_start = *pkt; save_param_start = *pkt;
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->peer_tmp); EVP_PKEY_free(s->s3.peer_tmp);
s->s3->peer_tmp = NULL; s->s3.peer_tmp = NULL;
#endif #endif
if (alg_k & SSL_PSK) { if (alg_k & SSL_PSK) {
@ -2343,7 +2343,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
goto err; goto err;
} }
if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) { if (!tls1_lookup_md(s->s3.tmp.peer_sigalg, &md)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
goto err; goto err;
@ -2415,7 +2415,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
md_ctx = NULL; md_ctx = NULL;
} else { } else {
/* aNULL, aSRP or PSK do not need public keys */ /* aNULL, aSRP or PSK do not need public keys */
if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) if (!(s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
&& !(alg_k & SSL_PSK)) { && !(alg_k & SSL_PSK)) {
/* Might be wrong key type, check it */ /* Might be wrong key type, check it */
if (ssl3_check_cert_and_algorithm(s)) { if (ssl3_check_cert_and_algorithm(s)) {
@ -2445,7 +2445,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
/* Clear certificate validity flags */ /* Clear certificate validity flags */
for (i = 0; i < SSL_PKEY_NUM; i++) for (i = 0; i < SSL_PKEY_NUM; i++)
s->s3->tmp.valid_flags[i] = 0; s->s3.tmp.valid_flags[i] = 0;
if (SSL_IS_TLS13(s)) { if (SSL_IS_TLS13(s)) {
PACKET reqctx, extensions; PACKET reqctx, extensions;
@ -2461,9 +2461,9 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
} }
/* Free and zero certificate types: it is not present in TLS 1.3 */ /* Free and zero certificate types: it is not present in TLS 1.3 */
OPENSSL_free(s->s3->tmp.ctype); OPENSSL_free(s->s3.tmp.ctype);
s->s3->tmp.ctype = NULL; s->s3.tmp.ctype = NULL;
s->s3->tmp.ctype_len = 0; s->s3.tmp.ctype_len = 0;
OPENSSL_free(s->pha_context); OPENSSL_free(s->pha_context);
s->pha_context = NULL; s->pha_context = NULL;
@ -2508,7 +2508,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
if (!PACKET_memdup(&ctypes, &s->s3->tmp.ctype, &s->s3->tmp.ctype_len)) { if (!PACKET_memdup(&ctypes, &s->s3.tmp.ctype, &s->s3.tmp.ctype_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -2558,7 +2558,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
} }
/* we should setup a certificate to return.... */ /* we should setup a certificate to return.... */
s->s3->tmp.cert_req = 1; s->s3.tmp.cert_req = 1;
/* /*
* In TLSv1.3 we don't prepare the client certificate yet. We wait until * In TLSv1.3 we don't prepare the client certificate yet. We wait until
@ -2861,7 +2861,7 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
if (SRP_Calc_A_param(s) <= 0) { if (SRP_Calc_A_param(s) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE,
SSL_R_SRP_A_CALC); SSL_R_SRP_A_CALC);
@ -2932,9 +2932,9 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt)
goto err; goto err;
} }
OPENSSL_free(s->s3->tmp.psk); OPENSSL_free(s->s3.tmp.psk);
s->s3->tmp.psk = tmppsk; s->s3.tmp.psk = tmppsk;
s->s3->tmp.psklen = psklen; s->s3.tmp.psklen = psklen;
tmppsk = NULL; tmppsk = NULL;
OPENSSL_free(s->session->psk_identity); OPENSSL_free(s->session->psk_identity);
s->session->psk_identity = tmpidentity; s->session->psk_identity = tmpidentity;
@ -3040,8 +3040,8 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
goto err; goto err;
} }
s->s3->tmp.pms = pms; s->s3.tmp.pms = pms;
s->s3->tmp.pmslen = pmslen; s->s3.tmp.pmslen = pmslen;
return 1; return 1;
err: err:
@ -3064,7 +3064,7 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
EVP_PKEY *ckey = NULL, *skey = NULL; EVP_PKEY *ckey = NULL, *skey = NULL;
unsigned char *keybytes = NULL; unsigned char *keybytes = NULL;
skey = s->s3->peer_tmp; skey = s->s3.peer_tmp;
if (skey == NULL) { if (skey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -3122,7 +3122,7 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt)
EVP_PKEY *ckey = NULL, *skey = NULL; EVP_PKEY *ckey = NULL, *skey = NULL;
int ret = 0; int ret = 0;
skey = s->s3->peer_tmp; skey = s->s3.peer_tmp;
if (skey == NULL) { if (skey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -3182,7 +3182,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
unsigned char *pms = NULL; unsigned char *pms = NULL;
size_t pmslen = 0; size_t pmslen = 0;
if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0) if ((s->s3.tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)
dgst_nid = NID_id_GostR3411_2012_256; dgst_nid = NID_id_GostR3411_2012_256;
/* /*
@ -3232,9 +3232,9 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
ukm_hash = EVP_MD_CTX_new(); ukm_hash = EVP_MD_CTX_new();
if (ukm_hash == NULL if (ukm_hash == NULL
|| EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0 || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0
|| EVP_DigestUpdate(ukm_hash, s->s3->client_random, || EVP_DigestUpdate(ukm_hash, s->s3.client_random,
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestUpdate(ukm_hash, s->s3->server_random, || EVP_DigestUpdate(ukm_hash, s->s3.server_random,
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
@ -3269,8 +3269,8 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
} }
EVP_PKEY_CTX_free(pkey_ctx); EVP_PKEY_CTX_free(pkey_ctx);
s->s3->tmp.pms = pms; s->s3.tmp.pms = pms;
s->s3->tmp.pmslen = pmslen; s->s3.tmp.pmslen = pmslen;
return 1; return 1;
err: err:
@ -3319,7 +3319,7 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)
{ {
unsigned long alg_k; unsigned long alg_k;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
/* /*
* All of the construct functions below call SSLfatal() if necessary so * All of the construct functions below call SSLfatal() if necessary so
@ -3352,11 +3352,11 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)
return 1; return 1;
err: err:
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
s->s3->tmp.pms = NULL; s->s3.tmp.pms = NULL;
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); OPENSSL_clear_free(s->s3.tmp.psk, s->s3.tmp.psklen);
s->s3->tmp.psk = NULL; s->s3.tmp.psk = NULL;
#endif #endif
return 0; return 0;
} }
@ -3366,12 +3366,12 @@ int tls_client_key_exchange_post_work(SSL *s)
unsigned char *pms = NULL; unsigned char *pms = NULL;
size_t pmslen = 0; size_t pmslen = 0;
pms = s->s3->tmp.pms; pms = s->s3.tmp.pms;
pmslen = s->s3->tmp.pmslen; pmslen = s->s3.tmp.pmslen;
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
/* Check for SRP */ /* Check for SRP */
if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
if (!srp_generate_client_master_secret(s)) { if (!srp_generate_client_master_secret(s)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
goto err; goto err;
@ -3380,7 +3380,7 @@ int tls_client_key_exchange_post_work(SSL *s)
} }
#endif #endif
if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { if (pms == NULL && !(s->s3.tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_MALLOC_FAILURE); SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_MALLOC_FAILURE);
goto err; goto err;
@ -3430,7 +3430,7 @@ int tls_client_key_exchange_post_work(SSL *s)
return 1; return 1;
err: err:
OPENSSL_clear_free(pms, pmslen); OPENSSL_clear_free(pms, pmslen);
s->s3->tmp.pms = NULL; s->s3.tmp.pms = NULL;
return 0; return 0;
} }
@ -3442,7 +3442,7 @@ int tls_client_key_exchange_post_work(SSL *s)
static int ssl3_check_client_certificate(SSL *s) static int ssl3_check_client_certificate(SSL *s)
{ {
/* If no suitable signature algorithm can't use certificate */ /* If no suitable signature algorithm can't use certificate */
if (!tls_choose_sigalg(s, 0) || s->s3->tmp.sigalg == NULL) if (!tls_choose_sigalg(s, 0) || s->s3.tmp.sigalg == NULL)
return 0; return 0;
/* /*
* If strict mode check suitability of chain before using it. This also * If strict mode check suitability of chain before using it. This also
@ -3514,11 +3514,11 @@ WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst)
i = 0; i = 0;
if (i == 0) { if (i == 0) {
if (s->version == SSL3_VERSION) { if (s->version == SSL3_VERSION) {
s->s3->tmp.cert_req = 0; s->s3.tmp.cert_req = 0;
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
return WORK_FINISHED_CONTINUE; return WORK_FINISHED_CONTINUE;
} else { } else {
s->s3->tmp.cert_req = 2; s->s3.tmp.cert_req = 2;
if (!ssl3_digest_cached_records(s, 0)) { if (!ssl3_digest_cached_records(s, 0)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return WORK_ERROR; return WORK_ERROR;
@ -3554,7 +3554,7 @@ int tls_construct_client_certificate(SSL *s, WPACKET *pkt)
} }
} }
if (!ssl3_output_cert_chain(s, pkt, if (!ssl3_output_cert_chain(s, pkt,
(s->s3->tmp.cert_req == 2) ? NULL (s->s3.tmp.cert_req == 2) ? NULL
: s->cert->key)) { : s->cert->key)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
@ -3582,8 +3582,8 @@ int ssl3_check_cert_and_algorithm(SSL *s)
size_t idx; size_t idx;
long alg_k, alg_a; long alg_k, alg_a;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
alg_a = s->s3->tmp.new_cipher->algorithm_auth; alg_a = s->s3.tmp.new_cipher->algorithm_auth;
/* we don't have a certificate */ /* we don't have a certificate */
if (!(alg_a & SSL_aCERT)) if (!(alg_a & SSL_aCERT))
@ -3618,7 +3618,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
} }
#endif #endif
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
if ((alg_k & SSL_kDHE) && (s->s3->peer_tmp == NULL)) { if ((alg_k & SSL_kDHE) && (s->s3.peer_tmp == NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
@ -3782,12 +3782,12 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
/* Sanity check that the maximum version we offer has ciphers enabled */ /* Sanity check that the maximum version we offer has ciphers enabled */
if (!maxverok) { if (!maxverok) {
if (SSL_IS_DTLS(s)) { if (SSL_IS_DTLS(s)) {
if (DTLS_VERSION_GE(c->max_dtls, s->s3->tmp.max_ver) if (DTLS_VERSION_GE(c->max_dtls, s->s3.tmp.max_ver)
&& DTLS_VERSION_LE(c->min_dtls, s->s3->tmp.max_ver)) && DTLS_VERSION_LE(c->min_dtls, s->s3.tmp.max_ver))
maxverok = 1; maxverok = 1;
} else { } else {
if (c->max_tls >= s->s3->tmp.max_ver if (c->max_tls >= s->s3.tmp.max_ver
&& c->min_tls <= s->s3->tmp.max_ver) && c->min_tls <= s->s3.tmp.max_ver)
maxverok = 1; maxverok = 1;
} }
} }

View File

@ -349,7 +349,7 @@ int dtls_get_message(SSL *s, int *mt, size_t *len)
return 0; return 0;
} }
*mt = s->s3->tmp.message_type; *mt = s->s3.tmp.message_type;
p = (unsigned char *)s->init_buf->data; p = (unsigned char *)s->init_buf->data;
*len = s->init_num; *len = s->init_num;
@ -442,9 +442,9 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
return 0; return 0;
} }
s->s3->tmp.message_size = msg_len; s->s3.tmp.message_size = msg_len;
s->d1->r_msg_hdr.msg_len = msg_len; s->d1->r_msg_hdr.msg_len = msg_len;
s->s3->tmp.message_type = msg_hdr->type; s->s3.tmp.message_type = msg_hdr->type;
s->d1->r_msg_hdr.type = msg_hdr->type; s->d1->r_msg_hdr.type = msg_hdr->type;
s->d1->r_msg_hdr.seq = msg_hdr->seq; s->d1->r_msg_hdr.seq = msg_hdr->seq;
} else if (msg_len != s->d1->r_msg_hdr.msg_len) { } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
@ -776,8 +776,8 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
memcpy(s->init_buf->data, wire, readbytes); memcpy(s->init_buf->data, wire, readbytes);
s->init_num = readbytes - 1; s->init_num = readbytes - 1;
s->init_msg = s->init_buf->data + 1; s->init_msg = s->init_buf->data + 1;
s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC; s->s3.tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
s->s3->tmp.message_size = readbytes - 1; s->s3.tmp.message_size = readbytes - 1;
*len = readbytes - 1; *len = readbytes - 1;
return 1; return 1;
} }
@ -902,7 +902,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
* for these 2 messages, we need to * for these 2 messages, we need to
* ssl->enc_read_ctx re-init * ssl->enc_read_ctx re-init
* ssl->rlayer.read_sequence zero * ssl->rlayer.read_sequence zero
* ssl->s3->read_mac_secret re-init * ssl->s3.read_mac_secret re-init
* ssl->session->read_sym_enc assign * ssl->session->read_sym_enc assign
* ssl->session->read_compression assign * ssl->session->read_compression assign
* ssl->session->read_hash assign * ssl->session->read_hash assign
@ -955,7 +955,7 @@ WORK_STATE dtls_wait_for_dry(SSL *s)
return WORK_ERROR; return WORK_ERROR;
} }
s->s3->in_read_app_data = 2; s->s3.in_read_app_data = 2;
s->rwstate = SSL_READING; s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s));

View File

@ -138,7 +138,7 @@ int tls_setup_handshake(SSL *s)
/* N.B. s->ctx may not equal s->session_ctx */ /* N.B. s->ctx may not equal s->session_ctx */
tsan_counter(&s->ctx->stats.sess_accept_renegotiate); tsan_counter(&s->ctx->stats.sess_accept_renegotiate);
s->s3->tmp.cert_request = 0; s->s3.tmp.cert_request = 0;
} }
} else { } else {
if (SSL_IS_FIRST_HANDSHAKE(s)) if (SSL_IS_FIRST_HANDSHAKE(s))
@ -147,10 +147,10 @@ int tls_setup_handshake(SSL *s)
tsan_counter(&s->session_ctx->stats.sess_connect_renegotiate); tsan_counter(&s->session_ctx->stats.sess_connect_renegotiate);
/* mark client_random uninitialized */ /* mark client_random uninitialized */
memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); memset(s->s3.client_random, 0, sizeof(s->s3.client_random));
s->hit = 0; s->hit = 0;
s->s3->tmp.cert_req = 0; s->s3.tmp.cert_req = 0;
if (SSL_IS_DTLS(s)) if (SSL_IS_DTLS(s))
s->statem.use_timer = 1; s->statem.use_timer = 1;
@ -206,7 +206,7 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
size_t retlen; size_t retlen;
long retlen_l; long retlen_l;
retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata); retlen = retlen_l = BIO_get_mem_data(s->s3.handshake_buffer, hdata);
if (retlen_l <= 0) { if (retlen_l <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -228,14 +228,14 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
void *hdata; void *hdata;
unsigned char *sig = NULL; unsigned char *sig = NULL;
unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg; const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg;
if (lu == NULL || s->s3->tmp.cert == NULL) { if (lu == NULL || s->s3.tmp.cert == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
pkey = s->s3->tmp.cert->privatekey; pkey = s->s3.tmp.cert->privatekey;
if (pkey == NULL || !tls1_lookup_md(lu, &md)) { if (pkey == NULL || !tls1_lookup_md(lu, &md)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
@ -389,7 +389,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
goto err; goto err;
} }
if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) { if (!tls1_lookup_md(s->s3.tmp.peer_sigalg, &md)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
goto err; goto err;
@ -503,13 +503,13 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
* want to make sure that SSL_get_peer_certificate() will return the actual * want to make sure that SSL_get_peer_certificate() will return the actual
* server certificate from the client_cert_cb callback. * server certificate from the client_cert_cb callback.
*/ */
if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1) if (!s->server && SSL_IS_TLS13(s) && s->s3.tmp.cert_req == 1)
ret = MSG_PROCESS_CONTINUE_PROCESSING; ret = MSG_PROCESS_CONTINUE_PROCESSING;
else else
ret = MSG_PROCESS_CONTINUE_READING; ret = MSG_PROCESS_CONTINUE_READING;
err: err:
BIO_free(s->s3->handshake_buffer); BIO_free(s->s3.handshake_buffer);
s->s3->handshake_buffer = NULL; s->s3.handshake_buffer = NULL;
EVP_MD_CTX_free(mctx); EVP_MD_CTX_free(mctx);
#ifndef OPENSSL_NO_GOST #ifndef OPENSSL_NO_GOST
OPENSSL_free(gost_data); OPENSSL_free(gost_data);
@ -533,7 +533,7 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
*/ */
if (SSL_IS_TLS13(s) if (SSL_IS_TLS13(s)
&& !s->server && !s->server
&& s->s3->tmp.cert_req == 0 && s->s3.tmp.cert_req == 0
&& (!s->method->ssl3_enc->change_cipher_state(s, && (!s->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {; SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {;
/* SSLfatal() already called */ /* SSLfatal() already called */
@ -550,15 +550,15 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
finish_md_len = s->method->ssl3_enc->final_finish_mac(s, finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
sender, slen, sender, slen,
s->s3->tmp.finish_md); s->s3.tmp.finish_md);
if (finish_md_len == 0) { if (finish_md_len == 0) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
} }
s->s3->tmp.finish_md_len = finish_md_len; s->s3.tmp.finish_md_len = finish_md_len;
if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, finish_md_len)) { if (!WPACKET_memcpy(pkt, s->s3.tmp.finish_md, finish_md_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
@ -584,13 +584,13 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
return 0; return 0;
} }
if (!s->server) { if (!s->server) {
memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, memcpy(s->s3.previous_client_finished, s->s3.tmp.finish_md,
finish_md_len); finish_md_len);
s->s3->previous_client_finished_len = finish_md_len; s->s3.previous_client_finished_len = finish_md_len;
} else { } else {
memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, memcpy(s->s3.previous_server_finished, s->s3.tmp.finish_md,
finish_md_len); finish_md_len);
s->s3->previous_server_finished_len = finish_md_len; s->s3.previous_server_finished_len = finish_md_len;
} }
return 1; return 1;
@ -676,11 +676,11 @@ int ssl3_take_mac(SSL *s)
slen = s->method->ssl3_enc->client_finished_label_len; slen = s->method->ssl3_enc->client_finished_label_len;
} }
s->s3->tmp.peer_finish_md_len = s->s3.tmp.peer_finish_md_len =
s->method->ssl3_enc->final_finish_mac(s, sender, slen, s->method->ssl3_enc->final_finish_mac(s, sender, slen,
s->s3->tmp.peer_finish_md); s->s3.tmp.peer_finish_md);
if (s->s3->tmp.peer_finish_md_len == 0) { if (s->s3.tmp.peer_finish_md_len == 0) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
} }
@ -718,13 +718,13 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
} }
/* Check we have a cipher to change to */ /* Check we have a cipher to change to */
if (s->s3->tmp.new_cipher == NULL) { if (s->s3.tmp.new_cipher == NULL) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
s->s3->change_cipher_spec = 1; s->s3.change_cipher_spec = 1;
if (!ssl3_do_change_cipher_spec(s)) { if (!ssl3_do_change_cipher_spec(s)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -782,14 +782,14 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
} }
/* If this occurs, we have missed a message */ /* If this occurs, we have missed a message */
if (!SSL_IS_TLS13(s) && !s->s3->change_cipher_spec) { if (!SSL_IS_TLS13(s) && !s->s3.change_cipher_spec) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED, SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED,
SSL_R_GOT_A_FIN_BEFORE_A_CCS); SSL_R_GOT_A_FIN_BEFORE_A_CCS);
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
s->s3->change_cipher_spec = 0; s->s3.change_cipher_spec = 0;
md_len = s->s3->tmp.peer_finish_md_len; md_len = s->s3.tmp.peer_finish_md_len;
if (md_len != PACKET_remaining(pkt)) { if (md_len != PACKET_remaining(pkt)) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_FINISHED, SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_FINISHED,
@ -797,7 +797,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md, if (CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md,
md_len) != 0) { md_len) != 0) {
SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_FINISHED, SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_FINISHED,
SSL_R_DIGEST_CHECK_FAILED); SSL_R_DIGEST_CHECK_FAILED);
@ -813,13 +813,13 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
if (s->server) { if (s->server) {
memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, memcpy(s->s3.previous_client_finished, s->s3.tmp.peer_finish_md,
md_len); md_len);
s->s3->previous_client_finished_len = md_len; s->s3.previous_client_finished_len = md_len;
} else { } else {
memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, memcpy(s->s3.previous_server_finished, s->s3.tmp.peer_finish_md,
md_len); md_len);
s->s3->previous_server_finished_len = md_len; s->s3.previous_server_finished_len = md_len;
} }
/* /*
@ -1155,7 +1155,7 @@ int tls_get_message_header(SSL *s, int *mt)
return 0; return 0;
} }
if (s->statem.hand_state == TLS_ST_BEFORE if (s->statem.hand_state == TLS_ST_BEFORE
&& (s->s3->flags & TLS1_FLAGS_STATELESS) != 0) { && (s->s3.flags & TLS1_FLAGS_STATELESS) != 0) {
/* /*
* We are stateless and we received a CCS. Probably this is * We are stateless and we received a CCS. Probably this is
* from a client between the first and second ClientHellos. * from a client between the first and second ClientHellos.
@ -1165,10 +1165,10 @@ int tls_get_message_header(SSL *s, int *mt)
*/ */
return 0; return 0;
} }
s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC; s->s3.tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
s->init_num = readbytes - 1; s->init_num = readbytes - 1;
s->init_msg = s->init_buf->data; s->init_msg = s->init_buf->data;
s->s3->tmp.message_size = readbytes; s->s3.tmp.message_size = readbytes;
return 1; return 1;
} else if (recvd_type != SSL3_RT_HANDSHAKE) { } else if (recvd_type != SSL3_RT_HANDSHAKE) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
@ -1202,7 +1202,7 @@ int tls_get_message_header(SSL *s, int *mt)
/* s->init_num == SSL3_HM_HEADER_LENGTH */ /* s->init_num == SSL3_HM_HEADER_LENGTH */
*mt = *p; *mt = *p;
s->s3->tmp.message_type = *(p++); s->s3.tmp.message_type = *(p++);
if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
/* /*
@ -1214,7 +1214,7 @@ int tls_get_message_header(SSL *s, int *mt)
*/ */
l = RECORD_LAYER_get_rrec_length(&s->rlayer) l = RECORD_LAYER_get_rrec_length(&s->rlayer)
+ SSL3_HM_HEADER_LENGTH; + SSL3_HM_HEADER_LENGTH;
s->s3->tmp.message_size = l; s->s3.tmp.message_size = l;
s->init_msg = s->init_buf->data; s->init_msg = s->init_buf->data;
s->init_num = SSL3_HM_HEADER_LENGTH; s->init_num = SSL3_HM_HEADER_LENGTH;
@ -1226,7 +1226,7 @@ int tls_get_message_header(SSL *s, int *mt)
SSL_R_EXCESSIVE_MESSAGE_SIZE); SSL_R_EXCESSIVE_MESSAGE_SIZE);
return 0; return 0;
} }
s->s3->tmp.message_size = l; s->s3.tmp.message_size = l;
s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH; s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
s->init_num = 0; s->init_num = 0;
@ -1241,14 +1241,14 @@ int tls_get_message_body(SSL *s, size_t *len)
unsigned char *p; unsigned char *p;
int i; int i;
if (s->s3->tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) {
/* We've already read everything in */ /* We've already read everything in */
*len = (unsigned long)s->init_num; *len = (unsigned long)s->init_num;
return 1; return 1;
} }
p = s->init_msg; p = s->init_msg;
n = s->s3->tmp.message_size - s->init_num; n = s->s3.tmp.message_size - s->init_num;
while (n > 0) { while (n > 0) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
&p[s->init_num], n, 0, &readbytes); &p[s->init_num], n, 0, &readbytes);
@ -1291,9 +1291,9 @@ int tls_get_message_body(SSL *s, size_t *len)
*/ */
#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) #define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2)
/* KeyUpdate and NewSessionTicket do not need to be added */ /* KeyUpdate and NewSessionTicket do not need to be added */
if (!SSL_IS_TLS13(s) || (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET if (!SSL_IS_TLS13(s) || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET
&& s->s3->tmp.message_type != SSL3_MT_KEY_UPDATE)) { && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) {
if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO
|| s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE
|| memcmp(hrrrandom, || memcmp(hrrrandom,
s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET,
@ -1933,7 +1933,7 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
/* Check for downgrades */ /* Check for downgrades */
if (s->version == TLS1_2_VERSION && real_max > s->version) { if (s->version == TLS1_2_VERSION && real_max > s->version) {
if (memcmp(tls12downgrade, if (memcmp(tls12downgrade,
s->s3->server_random + SSL3_RANDOM_SIZE s->s3.server_random + SSL3_RANDOM_SIZE
- sizeof(tls12downgrade), - sizeof(tls12downgrade),
sizeof(tls12downgrade)) == 0) { sizeof(tls12downgrade)) == 0) {
s->version = origv; s->version = origv;
@ -1946,7 +1946,7 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
&& s->version < TLS1_2_VERSION && s->version < TLS1_2_VERSION
&& real_max > s->version) { && real_max > s->version) {
if (memcmp(tls11downgrade, if (memcmp(tls11downgrade,
s->s3->server_random + SSL3_RANDOM_SIZE s->s3.server_random + SSL3_RANDOM_SIZE
- sizeof(tls11downgrade), - sizeof(tls11downgrade),
sizeof(tls11downgrade)) == 0) { sizeof(tls11downgrade)) == 0) {
s->version = origv; s->version = origv;
@ -2200,7 +2200,7 @@ int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
if (hrr != NULL if (hrr != NULL
&& (!ssl3_finish_mac(s, hrr, hrrlen) && (!ssl3_finish_mac(s, hrr, hrrlen)
|| !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
s->s3->tmp.message_size s->s3.tmp.message_size
+ SSL3_HM_HEADER_LENGTH))) { + SSL3_HM_HEADER_LENGTH))) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
@ -2263,8 +2263,8 @@ int parse_ca_names(SSL *s, PACKET *pkt)
xn = NULL; xn = NULL;
} }
sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
s->s3->tmp.peer_ca_names = ca_sk; s->s3.tmp.peer_ca_names = ca_sk;
return 1; return 1;
@ -2340,8 +2340,8 @@ size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
ERR_R_MALLOC_FAILURE); ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
memcpy(tbs, s->s3->client_random, SSL3_RANDOM_SIZE); memcpy(tbs, s->s3.client_random, SSL3_RANDOM_SIZE);
memcpy(tbs + SSL3_RANDOM_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE); memcpy(tbs + SSL3_RANDOM_SIZE, s->s3.server_random, SSL3_RANDOM_SIZE);
memcpy(tbs + SSL3_RANDOM_SIZE * 2, param, paramlen); memcpy(tbs + SSL3_RANDOM_SIZE * 2, param, paramlen);
@ -2368,7 +2368,7 @@ int tls13_save_handshake_digest_for_pha(SSL *s)
return 0; return 0;
} }
if (!EVP_MD_CTX_copy_ex(s->pha_dgst, if (!EVP_MD_CTX_copy_ex(s->pha_dgst,
s->s3->handshake_dgst)) { s->s3.handshake_dgst)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -2390,7 +2390,7 @@ int tls13_restore_handshake_digest_for_pha(SSL *s)
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
if (!EVP_MD_CTX_copy_ex(s->s3->handshake_dgst, if (!EVP_MD_CTX_copy_ex(s->s3.handshake_dgst,
s->pha_dgst)) { s->pha_dgst)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA, SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA,

View File

@ -69,7 +69,7 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt)
case TLS_ST_SR_END_OF_EARLY_DATA: case TLS_ST_SR_END_OF_EARLY_DATA:
case TLS_ST_SW_FINISHED: case TLS_ST_SW_FINISHED:
if (s->s3->tmp.cert_request) { if (s->s3.tmp.cert_request) {
if (mt == SSL3_MT_CERTIFICATE) { if (mt == SSL3_MT_CERTIFICATE) {
st->hand_state = TLS_ST_SR_CERT; st->hand_state = TLS_ST_SR_CERT;
return 1; return 1;
@ -172,7 +172,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt)
* list if we requested a certificate) * list if we requested a certificate)
*/ */
if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) { if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
if (s->s3->tmp.cert_request) { if (s->s3.tmp.cert_request) {
if (s->version == SSL3_VERSION) { if (s->version == SSL3_VERSION) {
if ((s->verify_mode & SSL_VERIFY_PEER) if ((s->verify_mode & SSL_VERIFY_PEER)
&& (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
@ -193,7 +193,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt)
st->hand_state = TLS_ST_SR_KEY_EXCH; st->hand_state = TLS_ST_SR_KEY_EXCH;
return 1; return 1;
} }
} else if (s->s3->tmp.cert_request) { } else if (s->s3.tmp.cert_request) {
if (mt == SSL3_MT_CERTIFICATE) { if (mt == SSL3_MT_CERTIFICATE) {
st->hand_state = TLS_ST_SR_CERT; st->hand_state = TLS_ST_SR_CERT;
return 1; return 1;
@ -245,7 +245,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt)
case TLS_ST_SR_CHANGE: case TLS_ST_SR_CHANGE:
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
if (s->s3->npn_seen) { if (s->s3.npn_seen) {
if (mt == SSL3_MT_NEXT_PROTO) { if (mt == SSL3_MT_NEXT_PROTO) {
st->hand_state = TLS_ST_SR_NEXT_PROTO; st->hand_state = TLS_ST_SR_NEXT_PROTO;
return 1; return 1;
@ -309,7 +309,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt)
*/ */
static int send_server_key_exchange(SSL *s) static int send_server_key_exchange(SSL *s)
{ {
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
/* /*
* only send a ServerKeyExchange if DH or fortezza but we have a * only send a ServerKeyExchange if DH or fortezza but we have a
@ -371,7 +371,7 @@ int send_certificate_request(SSL *s)
* section "Certificate request" in SSL 3 drafts and in * section "Certificate request" in SSL 3 drafts and in
* RFC 2246): * RFC 2246):
*/ */
&& (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)
/* /*
* ... except when the application insists on * ... except when the application insists on
* verification (against the specs, but statem_clnt.c accepts * verification (against the specs, but statem_clnt.c accepts
@ -379,12 +379,12 @@ int send_certificate_request(SSL *s)
*/ */
|| (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
/* don't request certificate for SRP auth */ /* don't request certificate for SRP auth */
&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aSRP)
/* /*
* With normal PSK Certificates and Certificate Requests * With normal PSK Certificates and Certificate Requests
* are omitted * are omitted
*/ */
&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)) { && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aPSK)) {
return 1; return 1;
} }
@ -597,7 +597,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
} else { } else {
/* Check if it is anon DH or anon ECDH, */ /* Check if it is anon DH or anon ECDH, */
/* normal PSK or SRP */ /* normal PSK or SRP */
if (!(s->s3->tmp.new_cipher->algorithm_auth & if (!(s->s3.tmp.new_cipher->algorithm_auth &
(SSL_aNULL | SSL_aSRP | SSL_aPSK))) { (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
st->hand_state = TLS_ST_SW_CERT; st->hand_state = TLS_ST_SW_CERT;
} else if (send_server_key_exchange(s)) { } else if (send_server_key_exchange(s)) {
@ -735,7 +735,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
case TLS_ST_SW_CHANGE: case TLS_ST_SW_CHANGE:
if (SSL_IS_TLS13(s)) if (SSL_IS_TLS13(s))
break; break;
s->session->cipher = s->s3->tmp.new_cipher; s->session->cipher = s->s3.tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s)) { if (!s->method->ssl3_enc->setup_key_block(s)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return WORK_ERROR; return WORK_ERROR;
@ -753,7 +753,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
case TLS_ST_EARLY_DATA: case TLS_ST_EARLY_DATA:
if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING
&& (s->s3->flags & TLS1_FLAGS_STATELESS) == 0) && (s->s3.flags & TLS1_FLAGS_STATELESS) == 0)
return WORK_FINISHED_CONTINUE; return WORK_FINISHED_CONTINUE;
/* Fall through */ /* Fall through */
@ -1236,7 +1236,7 @@ static int ssl_check_srp_ext_ClientHello(SSL *s)
int ret; int ret;
int al = SSL_AD_UNRECOGNIZED_NAME; int al = SSL_AD_UNRECOGNIZED_NAME;
if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && if ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
(s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
if (s->srp_ctx.login == NULL) { if (s->srp_ctx.login == NULL) {
/* /*
@ -1357,7 +1357,7 @@ static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello)
ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ? ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ?
sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength;
s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, s->s3.is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock,
ext_len); ext_len);
} }
#endif /* !OPENSSL_NO_EC */ #endif /* !OPENSSL_NO_EC */
@ -1377,7 +1377,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
goto err; goto err;
} }
if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0 if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0
|| (!s->s3->send_connection_binding || (!s->s3.send_connection_binding
&& (s->options && (s->options
& SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) { & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) {
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
@ -1626,7 +1626,7 @@ static int tls_early_post_process_client_hello(SSL *s)
} }
/* Set up the client_random */ /* Set up the client_random */
memcpy(s->s3->client_random, clienthello->random, SSL3_RANDOM_SIZE); memcpy(s->s3.client_random, clienthello->random, SSL3_RANDOM_SIZE);
/* Choose the version */ /* Choose the version */
@ -1721,7 +1721,7 @@ static int tls_early_post_process_client_hello(SSL *s)
goto err; goto err;
} }
s->s3->send_connection_binding = 0; s->s3.send_connection_binding = 0;
/* Check what signalling cipher-suite values were received. */ /* Check what signalling cipher-suite values were received. */
if (scsvs != NULL) { if (scsvs != NULL) {
for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) { for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) {
@ -1734,7 +1734,7 @@ static int tls_early_post_process_client_hello(SSL *s)
SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
goto err; goto err;
} }
s->s3->send_connection_binding = 1; s->s3.send_connection_binding = 1;
} else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV && } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV &&
!ssl_check_version_downgrade(s)) { !ssl_check_version_downgrade(s)) {
/* /*
@ -1764,8 +1764,8 @@ static int tls_early_post_process_client_hello(SSL *s)
goto err; goto err;
} }
if (s->hello_retry_request == SSL_HRR_PENDING if (s->hello_retry_request == SSL_HRR_PENDING
&& (s->s3->tmp.new_cipher == NULL && (s->s3.tmp.new_cipher == NULL
|| s->s3->tmp.new_cipher->id != cipher->id)) { || s->s3.tmp.new_cipher->id != cipher->id)) {
/* /*
* A previous HRR picked a different ciphersuite to the one we * A previous HRR picked a different ciphersuite to the one we
* just selected. Something must have changed. * just selected. Something must have changed.
@ -1775,7 +1775,7 @@ static int tls_early_post_process_client_hello(SSL *s)
SSL_R_BAD_CIPHER); SSL_R_BAD_CIPHER);
goto err; goto err;
} }
s->s3->tmp.new_cipher = cipher; s->s3.tmp.new_cipher = cipher;
} }
/* We need to do this before getting the session */ /* We need to do this before getting the session */
@ -1901,7 +1901,7 @@ static int tls_early_post_process_client_hello(SSL *s)
*/ */
{ {
unsigned char *pos; unsigned char *pos;
pos = s->s3->server_random; pos = s->s3.server_random;
if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE, dgrd) <= 0) { if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE, dgrd) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
@ -1959,7 +1959,7 @@ static int tls_early_post_process_client_hello(SSL *s)
* options, we will now look for them. We have complen-1 compression * options, we will now look for them. We have complen-1 compression
* algorithms from the client, starting at q. * algorithms from the client, starting at q.
*/ */
s->s3->tmp.new_compression = NULL; s->s3.tmp.new_compression = NULL;
if (SSL_IS_TLS13(s)) { if (SSL_IS_TLS13(s)) {
/* /*
* We already checked above that the NULL compression method appears in * We already checked above that the NULL compression method appears in
@ -1990,11 +1990,11 @@ static int tls_early_post_process_client_hello(SSL *s)
for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) { for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
comp = sk_SSL_COMP_value(s->ctx->comp_methods, m); comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
if (comp_id == comp->id) { if (comp_id == comp->id) {
s->s3->tmp.new_compression = comp; s->s3.tmp.new_compression = comp;
break; break;
} }
} }
if (s->s3->tmp.new_compression == NULL) { if (s->s3.tmp.new_compression == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
SSL_R_INVALID_COMPRESSION_ALGORITHM); SSL_R_INVALID_COMPRESSION_ALGORITHM);
@ -2032,7 +2032,7 @@ static int tls_early_post_process_client_hello(SSL *s)
break; break;
} }
if (done) if (done)
s->s3->tmp.new_compression = comp; s->s3.tmp.new_compression = comp;
else else
comp = NULL; comp = NULL;
} }
@ -2108,12 +2108,12 @@ static int tls_handle_status_request(SSL *s)
int ret; int ret;
/* If no certificate can't return certificate status */ /* If no certificate can't return certificate status */
if (s->s3->tmp.cert != NULL) { if (s->s3.tmp.cert != NULL) {
/* /*
* Set current certificate to one we will use so SSL_get_certificate * Set current certificate to one we will use so SSL_get_certificate
* et al can pick it up. * et al can pick it up.
*/ */
s->cert->key = s->s3->tmp.cert; s->cert->key = s->s3.tmp.cert;
ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);
switch (ret) { switch (ret) {
/* We don't want to send a status request response */ /* We don't want to send a status request response */
@ -2148,24 +2148,24 @@ int tls_handle_alpn(SSL *s)
const unsigned char *selected = NULL; const unsigned char *selected = NULL;
unsigned char selected_len = 0; unsigned char selected_len = 0;
if (s->ctx->ext.alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) { if (s->ctx->ext.alpn_select_cb != NULL && s->s3.alpn_proposed != NULL) {
int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len, int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len,
s->s3->alpn_proposed, s->s3.alpn_proposed,
(unsigned int)s->s3->alpn_proposed_len, (unsigned int)s->s3.alpn_proposed_len,
s->ctx->ext.alpn_select_cb_arg); s->ctx->ext.alpn_select_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) { if (r == SSL_TLSEXT_ERR_OK) {
OPENSSL_free(s->s3->alpn_selected); OPENSSL_free(s->s3.alpn_selected);
s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len); s->s3.alpn_selected = OPENSSL_memdup(selected, selected_len);
if (s->s3->alpn_selected == NULL) { if (s->s3.alpn_selected == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
s->s3->alpn_selected_len = selected_len; s->s3.alpn_selected_len = selected_len;
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
/* ALPN takes precedence over NPN. */ /* ALPN takes precedence over NPN. */
s->s3->npn_seen = 0; s->s3.npn_seen = 0;
#endif #endif
/* Check ALPN is consistent with session */ /* Check ALPN is consistent with session */
@ -2270,7 +2270,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
SSL_R_NO_SHARED_CIPHER); SSL_R_NO_SHARED_CIPHER);
goto err; goto err;
} }
s->s3->tmp.new_cipher = cipher; s->s3.tmp.new_cipher = cipher;
} }
if (!s->hit) { if (!s->hit) {
if (!tls_choose_sigalg(s, 1)) { if (!tls_choose_sigalg(s, 1)) {
@ -2281,7 +2281,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
if (s->not_resumable_session_cb != NULL) if (s->not_resumable_session_cb != NULL)
s->session->not_resumable = s->session->not_resumable =
s->not_resumable_session_cb(s, s->not_resumable_session_cb(s,
((s->s3->tmp.new_cipher->algorithm_mkey ((s->s3.tmp.new_cipher->algorithm_mkey
& (SSL_kDHE | SSL_kECDHE)) != 0)); & (SSL_kDHE | SSL_kECDHE)) != 0));
if (s->session->not_resumable) if (s->session->not_resumable)
/* do not send a session ticket */ /* do not send a session ticket */
@ -2289,7 +2289,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
} }
} else { } else {
/* Session-id reuse */ /* Session-id reuse */
s->s3->tmp.new_cipher = s->session->cipher; s->s3.tmp.new_cipher = s->session->cipher;
} }
/*- /*-
@ -2301,7 +2301,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
* ssl version is set - sslv3 * ssl version is set - sslv3
* s->session - The ssl session has been setup. * s->session - The ssl session has been setup.
* s->hit - session reuse flag * s->hit - session reuse flag
* s->s3->tmp.new_cipher- the new cipher to use. * s->s3.tmp.new_cipher - the new cipher to use.
*/ */
/* /*
@ -2363,7 +2363,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
*/ */
|| !WPACKET_memcpy(pkt, || !WPACKET_memcpy(pkt,
s->hello_retry_request == SSL_HRR_PENDING s->hello_retry_request == SSL_HRR_PENDING
? hrrrandom : s->s3->server_random, ? hrrrandom : s->s3.server_random,
SSL3_RANDOM_SIZE)) { SSL3_RANDOM_SIZE)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -2411,14 +2411,14 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
#ifdef OPENSSL_NO_COMP #ifdef OPENSSL_NO_COMP
compm = 0; compm = 0;
#else #else
if (usetls13 || s->s3->tmp.new_compression == NULL) if (usetls13 || s->s3.tmp.new_compression == NULL)
compm = 0; compm = 0;
else else
compm = s->s3->tmp.new_compression->id; compm = s->s3.tmp.new_compression->id;
#endif #endif
if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl)
|| !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len) || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, &len)
|| !WPACKET_put_bytes_u8(pkt, compm)) { || !WPACKET_put_bytes_u8(pkt, compm)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -2461,7 +2461,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
int tls_construct_server_done(SSL *s, WPACKET *pkt) int tls_construct_server_done(SSL *s, WPACKET *pkt)
{ {
if (!s->s3->tmp.cert_request) { if (!s->s3.tmp.cert_request) {
if (!ssl3_digest_cached_records(s, 0)) { if (!ssl3_digest_cached_records(s, 0)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
@ -2480,7 +2480,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
size_t encodedlen = 0; size_t encodedlen = 0;
int curve_id = 0; int curve_id = 0;
#endif #endif
const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg; const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg;
int i; int i;
unsigned long type; unsigned long type;
const BIGNUM *r[4]; const BIGNUM *r[4];
@ -2500,7 +2500,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
goto err; goto err;
} }
type = s->s3->tmp.new_cipher->algorithm_mkey; type = s->s3.tmp.new_cipher->algorithm_mkey;
r[0] = r[1] = r[2] = r[3] = NULL; r[0] = r[1] = r[2] = r[3] = NULL;
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
@ -2554,20 +2554,20 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
SSL_R_DH_KEY_TOO_SMALL); SSL_R_DH_KEY_TOO_SMALL);
goto err; goto err;
} }
if (s->s3->tmp.pkey != NULL) { if (s->s3.tmp.pkey != NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
s->s3->tmp.pkey = ssl_generate_pkey(pkdhp); s->s3.tmp.pkey = ssl_generate_pkey(pkdhp);
if (s->s3->tmp.pkey == NULL) { if (s->s3.tmp.pkey == NULL) {
/* SSLfatal() already called */ /* SSLfatal() already called */
goto err; goto err;
} }
dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey); dh = EVP_PKEY_get0_DH(s->s3.tmp.pkey);
if (dh == NULL) { if (dh == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
@ -2585,7 +2585,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
if (s->s3->tmp.pkey != NULL) { if (s->s3.tmp.pkey != NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -2600,15 +2600,15 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
goto err; goto err;
} }
s->s3->tmp.pkey = ssl_generate_pkey_group(s, curve_id); s->s3.tmp.pkey = ssl_generate_pkey_group(s, curve_id);
/* Generate a new key for this curve */ /* Generate a new key for this curve */
if (s->s3->tmp.pkey == NULL) { if (s->s3.tmp.pkey == NULL) {
/* SSLfatal() already called */ /* SSLfatal() already called */
goto err; goto err;
} }
/* Encode the public key. */ /* Encode the public key. */
encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey, encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3.tmp.pkey,
&encodedPoint); &encodedPoint);
if (encodedlen == 0) { if (encodedlen == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
@ -2649,8 +2649,8 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
goto err; goto err;
} }
if (((s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0) if (((s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0)
|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) { || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) {
lu = NULL; lu = NULL;
} else if (lu == NULL) { } else if (lu == NULL) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSLfatal(s, SSL_AD_DECODE_ERROR,
@ -2751,7 +2751,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
/* not anonymous */ /* not anonymous */
if (lu != NULL) { if (lu != NULL) {
EVP_PKEY *pkey = s->s3->tmp.cert->privatekey; EVP_PKEY *pkey = s->s3.tmp.cert->privatekey;
const EVP_MD *md; const EVP_MD *md;
unsigned char *sigbytes1, *sigbytes2, *tbs; unsigned char *sigbytes1, *sigbytes2, *tbs;
size_t siglen, tbslen; size_t siglen, tbslen;
@ -2900,7 +2900,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
done: done:
s->certreqs_sent++; s->certreqs_sent++;
s->s3->tmp.cert_request = 1; s->s3.tmp.cert_request = 1;
return 1; return 1;
} }
@ -2950,17 +2950,17 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt)
return 0; return 0;
} }
OPENSSL_free(s->s3->tmp.psk); OPENSSL_free(s->s3.tmp.psk);
s->s3->tmp.psk = OPENSSL_memdup(psk, psklen); s->s3.tmp.psk = OPENSSL_memdup(psk, psklen);
OPENSSL_cleanse(psk, psklen); OPENSSL_cleanse(psk, psklen);
if (s->s3->tmp.psk == NULL) { if (s->s3.tmp.psk == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
s->s3->tmp.psklen = psklen; s->s3.tmp.psklen = psklen;
return 1; return 1;
#else #else
@ -3158,7 +3158,7 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
goto err; goto err;
} }
skey = s->s3->tmp.pkey; skey = s->s3.tmp.pkey;
if (skey == NULL) { if (skey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
SSL_R_MISSING_TMP_DH_KEY); SSL_R_MISSING_TMP_DH_KEY);
@ -3198,8 +3198,8 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
} }
ret = 1; ret = 1;
EVP_PKEY_free(s->s3->tmp.pkey); EVP_PKEY_free(s->s3.tmp.pkey);
s->s3->tmp.pkey = NULL; s->s3.tmp.pkey = NULL;
err: err:
EVP_PKEY_free(ckey); EVP_PKEY_free(ckey);
return ret; return ret;
@ -3214,7 +3214,7 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)
{ {
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
EVP_PKEY *skey = s->s3->tmp.pkey; EVP_PKEY *skey = s->s3.tmp.pkey;
EVP_PKEY *ckey = NULL; EVP_PKEY *ckey = NULL;
int ret = 0; int ret = 0;
@ -3264,8 +3264,8 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)
} }
ret = 1; ret = 1;
EVP_PKEY_free(s->s3->tmp.pkey); EVP_PKEY_free(s->s3.tmp.pkey);
s->s3->tmp.pkey = NULL; s->s3.tmp.pkey = NULL;
err: err:
EVP_PKEY_free(ckey); EVP_PKEY_free(ckey);
@ -3336,7 +3336,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt)
PACKET encdata; PACKET encdata;
/* Get our certificate private key */ /* Get our certificate private key */
alg_a = s->s3->tmp.new_cipher->algorithm_auth; alg_a = s->s3.tmp.new_cipher->algorithm_auth;
if (alg_a & SSL_aGOST12) { if (alg_a & SSL_aGOST12) {
/* /*
* New GOST ciphersuites have SSL_aGOST01 bit too * New GOST ciphersuites have SSL_aGOST01 bit too
@ -3444,7 +3444,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
{ {
unsigned long alg_k; unsigned long alg_k;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
/* For PSK parse and retrieve identity, obtain PSK key */ /* For PSK parse and retrieve identity, obtain PSK key */
if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt)) { if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt)) {
@ -3500,8 +3500,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
return MSG_PROCESS_CONTINUE_PROCESSING; return MSG_PROCESS_CONTINUE_PROCESSING;
err: err:
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); OPENSSL_clear_free(s->s3.tmp.psk, s->s3.tmp.psklen);
s->s3->tmp.psk = NULL; s->s3.tmp.psk = NULL;
#endif #endif
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
@ -3553,7 +3553,7 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
} }
return WORK_FINISHED_CONTINUE; return WORK_FINISHED_CONTINUE;
} else { } else {
if (!s->s3->handshake_buffer) { if (!s->s3.handshake_buffer) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
@ -3684,7 +3684,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
goto err; goto err;
} }
/* No client certificate so digest cached records */ /* No client certificate so digest cached records */
if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, 0)) { if (s->s3.handshake_buffer && !ssl3_digest_cached_records(s, 0)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
goto err; goto err;
} }
@ -3776,7 +3776,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
int tls_construct_server_certificate(SSL *s, WPACKET *pkt) int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
{ {
CERT_PKEY *cpk = s->s3->tmp.cert; CERT_PKEY *cpk = s->s3.tmp.cert;
if (cpk == NULL) { if (cpk == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
@ -4106,17 +4106,17 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
s->session->master_key_length = hashlen; s->session->master_key_length = hashlen;
s->session->time = (long)time(NULL); s->session->time = (long)time(NULL);
if (s->s3->alpn_selected != NULL) { if (s->s3.alpn_selected != NULL) {
OPENSSL_free(s->session->ext.alpn_selected); OPENSSL_free(s->session->ext.alpn_selected);
s->session->ext.alpn_selected = s->session->ext.alpn_selected =
OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len);
if (s->session->ext.alpn_selected == NULL) { if (s->session->ext.alpn_selected == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
ERR_R_MALLOC_FAILURE); ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
s->session->ext.alpn_selected_len = s->s3->alpn_selected_len; s->session->ext.alpn_selected_len = s->s3.alpn_selected_len;
} }
s->session->ext.max_early_data = s->max_early_data; s->session->ext.max_early_data = s->max_early_data;
} }

View File

@ -75,8 +75,8 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num)
/* Calls SSLfatal() as required */ /* Calls SSLfatal() as required */
ret = tls1_PRF(s, ret = tls1_PRF(s,
TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST,
TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random, TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3.server_random,
SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE, SSL3_RANDOM_SIZE, s->s3.client_random, SSL3_RANDOM_SIZE,
NULL, 0, NULL, 0, s->session->master_key, NULL, 0, NULL, 0, s->session->master_key,
s->session->master_key_length, km, num, 1); s->session->master_key_length, km, num, 1);
@ -140,20 +140,20 @@ int tls1_change_cipher_state(SSL *s, int which)
int bit; int bit;
#endif #endif
c = s->s3->tmp.new_sym_enc; c = s->s3.tmp.new_sym_enc;
m = s->s3->tmp.new_hash; m = s->s3.tmp.new_hash;
mac_type = s->s3->tmp.new_mac_pkey_type; mac_type = s->s3.tmp.new_mac_pkey_type;
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
comp = s->s3->tmp.new_compression; comp = s->s3.tmp.new_compression;
#endif #endif
if (which & SSL3_CC_READ) { if (which & SSL3_CC_READ) {
if (s->ext.use_etm) if (s->ext.use_etm)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
else else
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
else else
s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
@ -195,16 +195,16 @@ int tls1_change_cipher_state(SSL *s, int which)
*/ */
if (!SSL_IS_DTLS(s)) if (!SSL_IS_DTLS(s))
RECORD_LAYER_reset_read_sequence(&s->rlayer); RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]); mac_secret = &(s->s3.read_mac_secret[0]);
mac_secret_size = &(s->s3->read_mac_secret_size); mac_secret_size = &(s->s3.read_mac_secret_size);
} else { } else {
s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
if (s->ext.use_etm) if (s->ext.use_etm)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
else else
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
else else
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
@ -252,15 +252,15 @@ int tls1_change_cipher_state(SSL *s, int which)
*/ */
if (!SSL_IS_DTLS(s)) if (!SSL_IS_DTLS(s))
RECORD_LAYER_reset_write_sequence(&s->rlayer); RECORD_LAYER_reset_write_sequence(&s->rlayer);
mac_secret = &(s->s3->write_mac_secret[0]); mac_secret = &(s->s3.write_mac_secret[0]);
mac_secret_size = &(s->s3->write_mac_secret_size); mac_secret_size = &(s->s3.write_mac_secret_size);
} }
if (reuse_dd) if (reuse_dd)
EVP_CIPHER_CTX_reset(dd); EVP_CIPHER_CTX_reset(dd);
p = s->s3->tmp.key_block; p = s->s3.tmp.key_block;
i = *mac_secret_size = s->s3->tmp.new_mac_secret_size; i = *mac_secret_size = s->s3.tmp.new_mac_secret_size;
/* TODO(size_t): convert me */ /* TODO(size_t): convert me */
cl = EVP_CIPHER_key_length(c); cl = EVP_CIPHER_key_length(c);
@ -291,7 +291,7 @@ int tls1_change_cipher_state(SSL *s, int which)
n += k; n += k;
} }
if (n > s->s3->tmp.key_block_length) { if (n > s->s3.tmp.key_block_length) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
goto err; goto err;
@ -328,7 +328,7 @@ int tls1_change_cipher_state(SSL *s, int which)
} }
} else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) { } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
int taglen; int taglen;
if (s->s3->tmp. if (s->s3.tmp.
new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
taglen = EVP_CCM8_TLS_TAG_LEN; taglen = EVP_CCM8_TLS_TAG_LEN;
else else
@ -471,7 +471,7 @@ int tls1_setup_key_block(SSL *s)
size_t num, mac_secret_size = 0; size_t num, mac_secret_size = 0;
int ret = 0; int ret = 0;
if (s->s3->tmp.key_block_length != 0) if (s->s3.tmp.key_block_length != 0)
return 1; return 1;
if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, &mac_secret_size, if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, &mac_secret_size,
@ -481,10 +481,10 @@ int tls1_setup_key_block(SSL *s)
return 0; return 0;
} }
s->s3->tmp.new_sym_enc = c; s->s3.tmp.new_sym_enc = c;
s->s3->tmp.new_hash = hash; s->s3.tmp.new_hash = hash;
s->s3->tmp.new_mac_pkey_type = mac_type; s->s3.tmp.new_mac_pkey_type = mac_type;
s->s3->tmp.new_mac_secret_size = mac_secret_size; s->s3.tmp.new_mac_secret_size = mac_secret_size;
num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c); num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
num *= 2; num *= 2;
@ -496,14 +496,14 @@ int tls1_setup_key_block(SSL *s)
goto err; goto err;
} }
s->s3->tmp.key_block_length = num; s->s3.tmp.key_block_length = num;
s->s3->tmp.key_block = p; s->s3.tmp.key_block = p;
OSSL_TRACE_BEGIN(TLS) { OSSL_TRACE_BEGIN(TLS) {
BIO_printf(trc_out, "client random\n"); BIO_printf(trc_out, "client random\n");
BIO_dump_indent(trc_out, s->s3->client_random, SSL3_RANDOM_SIZE, 4); BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4);
BIO_printf(trc_out, "server random\n"); BIO_printf(trc_out, "server random\n");
BIO_dump_indent(trc_out, s->s3->server_random, SSL3_RANDOM_SIZE, 4); BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4);
BIO_printf(trc_out, "master key\n"); BIO_printf(trc_out, "master key\n");
BIO_dump_indent(trc_out, BIO_dump_indent(trc_out,
s->session->master_key, s->session->master_key,
@ -526,15 +526,15 @@ int tls1_setup_key_block(SSL *s)
* enable vulnerability countermeasure for CBC ciphers with known-IV * enable vulnerability countermeasure for CBC ciphers with known-IV
* problem (http://www.openssl.org/~bodo/tls-cbc.txt) * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
*/ */
s->s3->need_empty_fragments = 1; s->s3.need_empty_fragments = 1;
if (s->session->cipher != NULL) { if (s->session->cipher != NULL) {
if (s->session->cipher->algorithm_enc == SSL_eNULL) if (s->session->cipher->algorithm_enc == SSL_eNULL)
s->s3->need_empty_fragments = 0; s->s3.need_empty_fragments = 0;
#ifndef OPENSSL_NO_RC4 #ifndef OPENSSL_NO_RC4
if (s->session->cipher->algorithm_enc == SSL_RC4) if (s->session->cipher->algorithm_enc == SSL_RC4)
s->s3->need_empty_fragments = 0; s->s3.need_empty_fragments = 0;
#endif #endif
} }
} }
@ -606,9 +606,9 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
if (!tls1_PRF(s, if (!tls1_PRF(s,
TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST,
TLS_MD_MASTER_SECRET_CONST_SIZE, TLS_MD_MASTER_SECRET_CONST_SIZE,
s->s3->client_random, SSL3_RANDOM_SIZE, s->s3.client_random, SSL3_RANDOM_SIZE,
NULL, 0, NULL, 0,
s->s3->server_random, SSL3_RANDOM_SIZE, s->s3.server_random, SSL3_RANDOM_SIZE,
NULL, 0, p, len, out, NULL, 0, p, len, out,
SSL3_MASTER_SECRET_SIZE, 1)) { SSL3_MASTER_SECRET_SIZE, 1)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
@ -620,9 +620,9 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
BIO_printf(trc_out, "Premaster Secret:\n"); BIO_printf(trc_out, "Premaster Secret:\n");
BIO_dump_indent(trc_out, p, len, 4); BIO_dump_indent(trc_out, p, len, 4);
BIO_printf(trc_out, "Client Random:\n"); BIO_printf(trc_out, "Client Random:\n");
BIO_dump_indent(trc_out, s->s3->client_random, SSL3_RANDOM_SIZE, 4); BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4);
BIO_printf(trc_out, "Server Random:\n"); BIO_printf(trc_out, "Server Random:\n");
BIO_dump_indent(trc_out, s->s3->server_random, SSL3_RANDOM_SIZE, 4); BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4);
BIO_printf(trc_out, "Master Secret:\n"); BIO_printf(trc_out, "Master Secret:\n");
BIO_dump_indent(trc_out, BIO_dump_indent(trc_out,
s->session->master_key, s->session->master_key,
@ -658,9 +658,9 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
currentvalpos = 0; currentvalpos = 0;
memcpy(val + currentvalpos, (unsigned char *)label, llen); memcpy(val + currentvalpos, (unsigned char *)label, llen);
currentvalpos += llen; currentvalpos += llen;
memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE); memcpy(val + currentvalpos, s->s3.client_random, SSL3_RANDOM_SIZE);
currentvalpos += SSL3_RANDOM_SIZE; currentvalpos += SSL3_RANDOM_SIZE;
memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE); memcpy(val + currentvalpos, s->s3.server_random, SSL3_RANDOM_SIZE);
currentvalpos += SSL3_RANDOM_SIZE; currentvalpos += SSL3_RANDOM_SIZE;
if (use_context) { if (use_context) {

View File

@ -292,7 +292,7 @@ uint16_t tls1_shared_group(SSL *s, int nmatch)
* For Suite B ciphersuite determines curve: we already know * For Suite B ciphersuite determines curve: we already know
* these are acceptable due to previous checks. * these are acceptable due to previous checks.
*/ */
unsigned long cid = s->s3->tmp.new_cipher->id; unsigned long cid = s->s3.tmp.new_cipher->id;
if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
return TLSEXT_curve_P_256; return TLSEXT_curve_P_256;
@ -485,8 +485,8 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
return 0; return 0;
/* Check for Suite B compliance */ /* Check for Suite B compliance */
if (tls1_suiteb(s) && s->s3->tmp.new_cipher != NULL) { if (tls1_suiteb(s) && s->s3.tmp.new_cipher != NULL) {
unsigned long cid = s->s3->tmp.new_cipher->id; unsigned long cid = s->s3.tmp.new_cipher->id;
if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
if (group_id != TLSEXT_curve_P_256) if (group_id != TLSEXT_curve_P_256)
@ -861,7 +861,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
for (i = 0; i < SSL_PKEY_NUM; i++) { for (i = 0; i < SSL_PKEY_NUM; i++) {
const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(i); const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(i);
if (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) { if (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) {
idx = i; idx = i;
break; break;
} }
@ -870,7 +870,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
/* /*
* Some GOST ciphersuites allow more than one signature algorithms * Some GOST ciphersuites allow more than one signature algorithms
* */ * */
if (idx == SSL_PKEY_GOST01 && s->s3->tmp.new_cipher->algorithm_auth != SSL_aGOST01) { if (idx == SSL_PKEY_GOST01 && s->s3.tmp.new_cipher->algorithm_auth != SSL_aGOST01) {
int real_idx; int real_idx;
for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST01; for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST01;
@ -907,7 +907,7 @@ int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey)
lu = tls1_get_legacy_sigalg(s, idx); lu = tls1_get_legacy_sigalg(s, idx);
if (lu == NULL) if (lu == NULL)
return 0; return 0;
s->s3->tmp.peer_sigalg = lu; s->s3.tmp.peer_sigalg = lu;
return 1; return 1;
} }
@ -1112,23 +1112,23 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
} }
} }
/* Store the sigalg the peer uses */ /* Store the sigalg the peer uses */
s->s3->tmp.peer_sigalg = lu; s->s3.tmp.peer_sigalg = lu;
return 1; return 1;
} }
int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid) int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid)
{ {
if (s->s3->tmp.peer_sigalg == NULL) if (s->s3.tmp.peer_sigalg == NULL)
return 0; return 0;
*pnid = s->s3->tmp.peer_sigalg->sig; *pnid = s->s3.tmp.peer_sigalg->sig;
return 1; return 1;
} }
int SSL_get_signature_type_nid(const SSL *s, int *pnid) int SSL_get_signature_type_nid(const SSL *s, int *pnid)
{ {
if (s->s3->tmp.sigalg == NULL) if (s->s3.tmp.sigalg == NULL)
return 0; return 0;
*pnid = s->s3->tmp.sigalg->sig; *pnid = s->s3.tmp.sigalg->sig;
return 1; return 1;
} }
@ -1144,23 +1144,23 @@ int SSL_get_signature_type_nid(const SSL *s, int *pnid)
*/ */
int ssl_set_client_disabled(SSL *s) int ssl_set_client_disabled(SSL *s)
{ {
s->s3->tmp.mask_a = 0; s->s3.tmp.mask_a = 0;
s->s3->tmp.mask_k = 0; s->s3.tmp.mask_k = 0;
ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); ssl_set_sig_mask(&s->s3.tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
if (ssl_get_min_max_version(s, &s->s3->tmp.min_ver, if (ssl_get_min_max_version(s, &s->s3.tmp.min_ver,
&s->s3->tmp.max_ver, NULL) != 0) &s->s3.tmp.max_ver, NULL) != 0)
return 0; return 0;
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
/* with PSK there must be client callback set */ /* with PSK there must be client callback set */
if (!s->psk_client_callback) { if (!s->psk_client_callback) {
s->s3->tmp.mask_a |= SSL_aPSK; s->s3.tmp.mask_a |= SSL_aPSK;
s->s3->tmp.mask_k |= SSL_PSK; s->s3.tmp.mask_k |= SSL_PSK;
} }
#endif /* OPENSSL_NO_PSK */ #endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) { if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) {
s->s3->tmp.mask_a |= SSL_aSRP; s->s3.tmp.mask_a |= SSL_aSRP;
s->s3->tmp.mask_k |= SSL_kSRP; s->s3.tmp.mask_k |= SSL_kSRP;
} }
#endif #endif
return 1; return 1;
@ -1177,10 +1177,10 @@ int ssl_set_client_disabled(SSL *s)
*/ */
int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe) int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
{ {
if (c->algorithm_mkey & s->s3->tmp.mask_k if (c->algorithm_mkey & s->s3.tmp.mask_k
|| c->algorithm_auth & s->s3->tmp.mask_a) || c->algorithm_auth & s->s3.tmp.mask_a)
return 1; return 1;
if (s->s3->tmp.max_ver == 0) if (s->s3.tmp.max_ver == 0)
return 1; return 1;
if (!SSL_IS_DTLS(s)) { if (!SSL_IS_DTLS(s)) {
int min_tls = c->min_tls; int min_tls = c->min_tls;
@ -1193,11 +1193,11 @@ int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
&& (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0) && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0)
min_tls = SSL3_VERSION; min_tls = SSL3_VERSION;
if ((min_tls > s->s3->tmp.max_ver) || (c->max_tls < s->s3->tmp.min_ver)) if ((min_tls > s->s3.tmp.max_ver) || (c->max_tls < s->s3.tmp.min_ver))
return 1; return 1;
} }
if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3->tmp.max_ver) if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver)
|| DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver))) || DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver)))
return 1; return 1;
return !ssl_security(s, op, c->strength_bits, 0, (void *)c); return !ssl_security(s, op, c->strength_bits, 0, (void *)c);
@ -1220,13 +1220,13 @@ int tls1_set_server_sigalgs(SSL *s)
s->cert->shared_sigalgslen = 0; s->cert->shared_sigalgslen = 0;
/* Clear certificate validity flags */ /* Clear certificate validity flags */
for (i = 0; i < SSL_PKEY_NUM; i++) for (i = 0; i < SSL_PKEY_NUM; i++)
s->s3->tmp.valid_flags[i] = 0; s->s3.tmp.valid_flags[i] = 0;
/* /*
* If peer sent no signature algorithms check to see if we support * If peer sent no signature algorithms check to see if we support
* the default algorithm for each certificate type * the default algorithm for each certificate type
*/ */
if (s->s3->tmp.peer_cert_sigalgs == NULL if (s->s3.tmp.peer_cert_sigalgs == NULL
&& s->s3->tmp.peer_sigalgs == NULL) { && s->s3.tmp.peer_sigalgs == NULL) {
const uint16_t *sent_sigs; const uint16_t *sent_sigs;
size_t sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); size_t sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
@ -1239,7 +1239,7 @@ int tls1_set_server_sigalgs(SSL *s)
/* Check default matches a type we sent */ /* Check default matches a type we sent */
for (j = 0; j < sent_sigslen; j++) { for (j = 0; j < sent_sigslen; j++) {
if (lu->sigalg == sent_sigs[j]) { if (lu->sigalg == sent_sigs[j]) {
s->s3->tmp.valid_flags[i] = CERT_PKEY_SIGN; s->s3.tmp.valid_flags[i] = CERT_PKEY_SIGN;
break; break;
} }
} }
@ -1567,7 +1567,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA) if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
return 0; return 0;
/* TODO(OpenSSL1.2) fully axe DSA/etc. in ClientHello per TLS 1.3 spec */ /* TODO(OpenSSL1.2) fully axe DSA/etc. in ClientHello per TLS 1.3 spec */
if (!s->server && !SSL_IS_DTLS(s) && s->s3->tmp.min_ver >= TLS1_3_VERSION if (!s->server && !SSL_IS_DTLS(s) && s->s3.tmp.min_ver >= TLS1_3_VERSION
&& (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX
|| lu->hash_idx == SSL_MD_MD5_IDX || lu->hash_idx == SSL_MD_MD5_IDX
|| lu->hash_idx == SSL_MD_SHA224_IDX)) || lu->hash_idx == SSL_MD_SHA224_IDX))
@ -1585,7 +1585,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
return 0; return 0;
if (!s->server if (!s->server
&& s->method->version == TLS_ANY_VERSION && s->method->version == TLS_ANY_VERSION
&& s->s3->tmp.max_ver >= TLS1_3_VERSION) { && s->s3.tmp.max_ver >= TLS1_3_VERSION) {
int i, num; int i, num;
STACK_OF(SSL_CIPHER) *sk; STACK_OF(SSL_CIPHER) *sk;
@ -1595,7 +1595,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
* ciphersuites enabled. * ciphersuites enabled.
*/ */
if (s->s3->tmp.min_ver >= TLS1_3_VERSION) if (s->s3.tmp.min_ver >= TLS1_3_VERSION)
return 0; return 0;
sk = SSL_get_ciphers(s); sk = SSL_get_ciphers(s);
@ -1739,13 +1739,13 @@ static int tls1_set_shared_sigalgs(SSL *s)
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) { if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
pref = conf; pref = conf;
preflen = conflen; preflen = conflen;
allow = s->s3->tmp.peer_sigalgs; allow = s->s3.tmp.peer_sigalgs;
allowlen = s->s3->tmp.peer_sigalgslen; allowlen = s->s3.tmp.peer_sigalgslen;
} else { } else {
allow = conf; allow = conf;
allowlen = conflen; allowlen = conflen;
pref = s->s3->tmp.peer_sigalgs; pref = s->s3.tmp.peer_sigalgs;
preflen = s->s3->tmp.peer_sigalgslen; preflen = s->s3.tmp.peer_sigalgslen;
} }
nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen); nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen);
if (nmatch) { if (nmatch) {
@ -1805,11 +1805,11 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert)
return 0; return 0;
if (cert) if (cert)
return tls1_save_u16(pkt, &s->s3->tmp.peer_cert_sigalgs, return tls1_save_u16(pkt, &s->s3.tmp.peer_cert_sigalgs,
&s->s3->tmp.peer_cert_sigalgslen); &s->s3.tmp.peer_cert_sigalgslen);
else else
return tls1_save_u16(pkt, &s->s3->tmp.peer_sigalgs, return tls1_save_u16(pkt, &s->s3.tmp.peer_sigalgs,
&s->s3->tmp.peer_sigalgslen); &s->s3.tmp.peer_sigalgslen);
} }
@ -1818,7 +1818,7 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert)
int tls1_process_sigalgs(SSL *s) int tls1_process_sigalgs(SSL *s)
{ {
size_t i; size_t i;
uint32_t *pvalid = s->s3->tmp.valid_flags; uint32_t *pvalid = s->s3.tmp.valid_flags;
CERT *c = s->cert; CERT *c = s->cert;
if (!tls1_set_shared_sigalgs(s)) if (!tls1_set_shared_sigalgs(s))
@ -1845,8 +1845,8 @@ int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignhash, int *psign, int *phash, int *psignhash,
unsigned char *rsig, unsigned char *rhash) unsigned char *rsig, unsigned char *rhash)
{ {
uint16_t *psig = s->s3->tmp.peer_sigalgs; uint16_t *psig = s->s3.tmp.peer_sigalgs;
size_t numsigalgs = s->s3->tmp.peer_sigalgslen; size_t numsigalgs = s->s3.tmp.peer_sigalgslen;
if (psig == NULL || numsigalgs > INT_MAX) if (psig == NULL || numsigalgs > INT_MAX)
return 0; return 0;
if (idx >= 0) { if (idx >= 0) {
@ -2134,7 +2134,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
idx = (int)(cpk - c->pkeys); idx = (int)(cpk - c->pkeys);
} else } else
cpk = c->pkeys + idx; cpk = c->pkeys + idx;
pvalid = s->s3->tmp.valid_flags + idx; pvalid = s->s3.tmp.valid_flags + idx;
x = cpk->x509; x = cpk->x509;
pk = cpk->privatekey; pk = cpk->privatekey;
chain = cpk->chain; chain = cpk->chain;
@ -2151,7 +2151,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
if (ssl_cert_lookup_by_pkey(pk, &certidx) == NULL) if (ssl_cert_lookup_by_pkey(pk, &certidx) == NULL)
return 0; return 0;
idx = certidx; idx = certidx;
pvalid = s->s3->tmp.valid_flags + idx; pvalid = s->s3.tmp.valid_flags + idx;
if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
check_flags = CERT_PKEY_STRICT_FLAGS; check_flags = CERT_PKEY_STRICT_FLAGS;
@ -2178,8 +2178,8 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) { if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) {
int default_nid; int default_nid;
int rsign = 0; int rsign = 0;
if (s->s3->tmp.peer_cert_sigalgs != NULL if (s->s3.tmp.peer_cert_sigalgs != NULL
|| s->s3->tmp.peer_sigalgs != NULL) { || s->s3.tmp.peer_sigalgs != NULL) {
default_nid = 0; default_nid = 0;
/* If no sigalgs extension use defaults from RFC5246 */ /* If no sigalgs extension use defaults from RFC5246 */
} else { } else {
@ -2296,10 +2296,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
break; break;
} }
if (check_type) { if (check_type) {
const uint8_t *ctypes = s->s3->tmp.ctype; const uint8_t *ctypes = s->s3.tmp.ctype;
size_t j; size_t j;
for (j = 0; j < s->s3->tmp.ctype_len; j++, ctypes++) { for (j = 0; j < s->s3.tmp.ctype_len; j++, ctypes++) {
if (*ctypes == check_type) { if (*ctypes == check_type) {
rv |= CERT_PKEY_CERT_TYPE; rv |= CERT_PKEY_CERT_TYPE;
break; break;
@ -2311,7 +2311,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
rv |= CERT_PKEY_CERT_TYPE; rv |= CERT_PKEY_CERT_TYPE;
} }
ca_dn = s->s3->tmp.peer_ca_names; ca_dn = s->s3.tmp.peer_ca_names;
if (!sk_X509_NAME_num(ca_dn)) if (!sk_X509_NAME_num(ca_dn))
rv |= CERT_PKEY_ISSUER_NAME; rv |= CERT_PKEY_ISSUER_NAME;
@ -2386,15 +2386,15 @@ DH *ssl_get_auto_dh(SSL *s)
int dh_secbits = 80; int dh_secbits = 80;
if (s->cert->dh_tmp_auto == 2) if (s->cert->dh_tmp_auto == 2)
return DH_get_1024_160(); return DH_get_1024_160();
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
if (s->s3->tmp.new_cipher->strength_bits == 256) if (s->s3.tmp.new_cipher->strength_bits == 256)
dh_secbits = 128; dh_secbits = 128;
else else
dh_secbits = 80; dh_secbits = 80;
} else { } else {
if (s->s3->tmp.cert == NULL) if (s->s3.tmp.cert == NULL)
return NULL; return NULL;
dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); dh_secbits = EVP_PKEY_security_bits(s->s3.tmp.cert->privatekey);
} }
if (dh_secbits >= 128) { if (dh_secbits >= 128) {
@ -2519,12 +2519,12 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
/* If not recognised or not supported by cipher mask it is not suitable */ /* If not recognised or not supported by cipher mask it is not suitable */
if (clu == NULL if (clu == NULL
|| (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0 || (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0
|| (clu->nid == EVP_PKEY_RSA_PSS || (clu->nid == EVP_PKEY_RSA_PSS
&& (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0)) && (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0))
return -1; return -1;
return s->s3->tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1; return s->s3.tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1;
} }
/* /*
@ -2545,9 +2545,9 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
idx = sig->sig_idx; idx = sig->sig_idx;
if (!ssl_has_cert(s, idx)) if (!ssl_has_cert(s, idx))
return 0; return 0;
if (s->s3->tmp.peer_cert_sigalgs != NULL) { if (s->s3.tmp.peer_cert_sigalgs != NULL) {
for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) { for (i = 0; i < s->s3.tmp.peer_cert_sigalgslen; i++) {
lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]); lu = tls1_lookup_sigalg(s->s3.tmp.peer_cert_sigalgs[i]);
if (lu == NULL if (lu == NULL
|| !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid, || !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid,
&pknid, NULL, NULL) &pknid, NULL, NULL)
@ -2602,8 +2602,8 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
const SIGALG_LOOKUP *lu = NULL; const SIGALG_LOOKUP *lu = NULL;
int sig_idx = -1; int sig_idx = -1;
s->s3->tmp.cert = NULL; s->s3.tmp.cert = NULL;
s->s3->tmp.sigalg = NULL; s->s3.tmp.sigalg = NULL;
if (SSL_IS_TLS13(s)) { if (SSL_IS_TLS13(s)) {
size_t i; size_t i;
@ -2656,14 +2656,14 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
} }
} else { } else {
/* If ciphersuite doesn't require a cert nothing to do */ /* If ciphersuite doesn't require a cert nothing to do */
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aCERT)) if (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aCERT))
return 1; return 1;
if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys)) if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys))
return 1; return 1;
if (SSL_USE_SIGALGS(s)) { if (SSL_USE_SIGALGS(s)) {
size_t i; size_t i;
if (s->s3->tmp.peer_sigalgs != NULL) { if (s->s3.tmp.peer_sigalgs != NULL) {
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
int curve; int curve;
@ -2759,9 +2759,9 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
} }
if (sig_idx == -1) if (sig_idx == -1)
sig_idx = lu->sig_idx; sig_idx = lu->sig_idx;
s->s3->tmp.cert = &s->cert->pkeys[sig_idx]; s->s3.tmp.cert = &s->cert->pkeys[sig_idx];
s->cert->key = s->s3->tmp.cert; s->cert->key = s->s3.tmp.cert;
s->s3->tmp.sigalg = lu; s->s3.tmp.sigalg = lu;
return 1; return 1;
} }

View File

@ -1030,7 +1030,7 @@ static int ssl_print_server_hello(BIO *bio, int indent,
static int ssl_get_keyex(const char **pname, const SSL *ssl) static int ssl_get_keyex(const char **pname, const SSL *ssl)
{ {
unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_k = ssl->s3.tmp.new_cipher->algorithm_mkey;
if (alg_k & SSL_kRSA) { if (alg_k & SSL_kRSA) {
*pname = "rsa"; *pname = "rsa";

View File

@ -324,15 +324,15 @@ int tls13_setup_key_block(SSL *s)
const EVP_CIPHER *c; const EVP_CIPHER *c;
const EVP_MD *hash; const EVP_MD *hash;
s->session->cipher = s->s3->tmp.new_cipher; s->session->cipher = s->s3.tmp.new_cipher;
if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, NULL, 0)) { if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, NULL, 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK,
SSL_R_CIPHER_OR_HASH_UNAVAILABLE); SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return 0; return 0;
} }
s->s3->tmp.new_sym_enc = c; s->s3.tmp.new_sym_enc = c;
s->s3->tmp.new_hash = hash; s->s3.tmp.new_hash = hash;
return 1; return 1;
} }
@ -370,11 +370,11 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
uint32_t algenc; uint32_t algenc;
ivlen = EVP_CCM_TLS_IV_LEN; ivlen = EVP_CCM_TLS_IV_LEN;
if (s->s3->tmp.new_cipher == NULL) { if (s->s3.tmp.new_cipher == NULL) {
/* We've not selected a cipher yet - we must be doing early data */ /* We've not selected a cipher yet - we must be doing early data */
algenc = s->session->cipher->algorithm_enc; algenc = s->session->cipher->algorithm_enc;
} else { } else {
algenc = s->s3->tmp.new_cipher->algorithm_enc; algenc = s->s3.tmp.new_cipher->algorithm_enc;
} }
if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8))
taglen = EVP_CCM8_TLS_TAG_LEN; taglen = EVP_CCM8_TLS_TAG_LEN;
@ -479,7 +479,7 @@ int tls13_change_cipher_state(SSL *s, int which)
labellen = sizeof(client_early_traffic) - 1; labellen = sizeof(client_early_traffic) - 1;
log_label = CLIENT_EARLY_LABEL; log_label = CLIENT_EARLY_LABEL;
handlen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); handlen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata);
if (handlen <= 0) { if (handlen <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS13_CHANGE_CIPHER_STATE, SSL_F_TLS13_CHANGE_CIPHER_STATE,
@ -600,7 +600,7 @@ int tls13_change_cipher_state(SSL *s, int which)
if (!(which & SSL3_CC_EARLY)) { if (!(which & SSL3_CC_EARLY)) {
md = ssl_handshake_md(s); md = ssl_handshake_md(s);
cipher = s->s3->tmp.new_sym_enc; cipher = s->s3.tmp.new_sym_enc;
if (!ssl3_digest_cached_records(s, 1) if (!ssl3_digest_cached_records(s, 1)
|| !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) { || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) {
/* SSLfatal() already called */; /* SSLfatal() already called */;
@ -709,7 +709,7 @@ int tls13_update_key(SSL *s, int sending)
} }
if (!derive_secret_key_and_iv(s, sending, ssl_handshake_md(s), if (!derive_secret_key_and_iv(s, sending, ssl_handshake_md(s),
s->s3->tmp.new_sym_enc, insecret, NULL, s->s3.tmp.new_sym_enc, insecret, NULL,
application_traffic, application_traffic,
sizeof(application_traffic) - 1, secret, iv, sizeof(application_traffic) - 1, secret, iv,
ciph_ctx)) { ciph_ctx)) {

View File

@ -339,8 +339,8 @@ static int test_tls13_encryption(void)
if (!TEST_ptr(s->enc_write_ctx)) if (!TEST_ptr(s->enc_write_ctx))
goto err; goto err;
s->s3->tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES); s->s3.tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES);
if (!TEST_ptr(s->s3->tmp.new_cipher)) { if (!TEST_ptr(s->s3.tmp.new_cipher)) {
TEST_info("Failed to find cipher"); TEST_info("Failed to find cipher");
goto err; goto err;
} }