From 642f508b5ca519fa270f5ef3e989cbb407219397 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 20 Jun 2022 17:11:28 +0200 Subject: [PATCH] SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. --- ssl/bio_ssl.c | 28 +- ssl/d1_lib.c | 169 ++- ssl/d1_msg.c | 24 +- ssl/d1_srtp.c | 22 +- ssl/ktls.c | 14 +- ssl/priority_queue.c | 2 +- ssl/quic/quic_impl.c | 92 +- ssl/quic/quic_local.h | 44 +- ssl/record/dtls1_bitmap.c | 4 +- ssl/record/rec_layer_d1.c | 253 ++-- ssl/record/rec_layer_s3.c | 147 ++- ssl/record/record.h | 43 +- ssl/record/record_local.h | 39 +- ssl/record/ssl3_buffer.c | 15 +- ssl/record/ssl3_record.c | 138 ++- ssl/record/ssl3_record_tls13.c | 6 +- ssl/s3_enc.c | 34 +- ssl/s3_lib.c | 442 ++++--- ssl/s3_msg.c | 41 +- ssl/ssl_cert.c | 106 +- ssl/ssl_ciph.c | 33 +- ssl/ssl_conf.c | 53 +- ssl/ssl_lib.c | 2038 ++++++++++++++++++++++---------- ssl/ssl_local.h | 485 ++++---- ssl/ssl_rsa.c | 62 +- ssl/ssl_sess.c | 108 +- ssl/ssl_stat.c | 8 +- ssl/statem/extensions.c | 226 ++-- ssl/statem/extensions_clnt.c | 173 +-- ssl/statem/extensions_cust.c | 19 +- ssl/statem/extensions_srvr.c | 203 ++-- ssl/statem/statem.c | 179 +-- ssl/statem/statem.h | 31 +- ssl/statem/statem_clnt.c | 361 +++--- ssl/statem/statem_dtls.c | 129 +- ssl/statem/statem_lib.c | 309 ++--- ssl/statem/statem_local.h | 451 ++++--- ssl/statem/statem_srvr.c | 391 +++--- ssl/t1_enc.c | 53 +- ssl/t1_lib.c | 314 +++-- ssl/t1_trce.c | 72 +- ssl/tls13_enc.c | 65 +- ssl/tls_depr.c | 10 +- ssl/tls_srp.c | 188 +-- test/dtls_mtu_test.c | 5 +- test/helpers/handshake.c | 8 +- test/sslapitest.c | 5 +- test/tls13encryptiontest.c | 11 +- test/tls13secretstest.c | 28 +- 49 files changed, 4769 insertions(+), 2912 deletions(-) diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index 401178f0c2e48c..4086101282b3ea 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -227,19 +227,23 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) BIO *dbio, *bio; long ret = 1; BIO *next; + SSL_CONNECTION *sc = NULL; bs = BIO_get_data(b); next = BIO_next(b); ssl = bs->ssl; - if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) + if ((ssl == NULL + || (sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL) + && cmd != BIO_C_SET_SSL) return 0; + /* TODO(QUIC): The rbio/wbio might be from QUIC_CONNECTION instead */ switch (cmd) { case BIO_CTRL_RESET: SSL_shutdown(ssl); - if (ssl->handshake_func == ssl->method->ssl_connect) + if (sc->handshake_func == ssl->method->ssl_connect) SSL_set_connect_state(ssl); - else if (ssl->handshake_func == ssl->method->ssl_accept) + else if (sc->handshake_func == ssl->method->ssl_accept) SSL_set_accept_state(ssl); if (!SSL_clear(ssl)) { @@ -249,8 +253,8 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) if (next != NULL) ret = BIO_ctrl(next, cmd, num, ptr); - else if (ssl->rbio != NULL) - ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); + else if (sc->rbio != NULL) + ret = BIO_ctrl(sc->rbio, cmd, num, ptr); else ret = 1; break; @@ -311,20 +315,20 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_set_shutdown(b, (int)num); break; case BIO_CTRL_WPENDING: - ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); + ret = BIO_ctrl(sc->wbio, cmd, num, ptr); break; case BIO_CTRL_PENDING: ret = SSL_pending(ssl); if (ret == 0) - ret = BIO_pending(ssl->rbio); + ret = BIO_pending(sc->rbio); break; case BIO_CTRL_FLUSH: BIO_clear_retry_flags(b); - ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); + ret = BIO_ctrl(sc->wbio, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_CTRL_PUSH: - if ((next != NULL) && (next != ssl->rbio)) { + if ((next != NULL) && (next != sc->rbio)) { /* * We are going to pass ownership of next to the SSL object...but * we don't own a reference to pass yet - so up ref @@ -378,13 +382,13 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) ret = (dbs->ssl != NULL); break; case BIO_C_GET_FD: - ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); + ret = BIO_ctrl(sc->rbio, cmd, num, ptr); break; case BIO_CTRL_SET_CALLBACK: ret = 0; /* use callback ctrl */ break; default: - ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); + ret = BIO_ctrl(sc->rbio, cmd, num, ptr); break; } return ret; @@ -400,7 +404,7 @@ static long ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) ssl = bs->ssl; switch (cmd) { case BIO_CTRL_SET_CALLBACK: - ret = BIO_callback_ctrl(ssl->rbio, cmd, fp); + ret = BIO_callback_ctrl(SSL_get_rbio(ssl), cmd, fp); break; default: ret = 0; diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 17bcf39888239b..3b76065be9e83b 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -15,7 +15,7 @@ #include "internal/time.h" static void get_current_time(struct timeval *t); -static int dtls1_handshake_write(SSL *s); +static int dtls1_handshake_write(SSL_CONNECTION *s); static size_t dtls1_link_min_mtu(void); /* XDTLS: figure out the right values */ @@ -65,18 +65,22 @@ long dtls1_default_timeout(void) return (60 * 60 * 2); } -int dtls1_new(SSL *s) +int dtls1_new(SSL *ssl) { DTLS1_STATE *d1; + SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl); + + if (s == NULL) + return 0; if (!DTLS_RECORD_LAYER_new(&s->rlayer)) { return 0; } - if (!ssl3_new(s)) + if (!ssl3_new(ssl)) return 0; if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) { - ssl3_free(s); + ssl3_free(ssl); return 0; } @@ -94,25 +98,25 @@ int dtls1_new(SSL *s) pqueue_free(d1->buffered_messages); pqueue_free(d1->sent_messages); OPENSSL_free(d1); - ssl3_free(s); + ssl3_free(ssl); return 0; } s->d1 = d1; - if (!s->method->ssl_clear(s)) + if (!ssl->method->ssl_clear(ssl)) return 0; return 1; } -static void dtls1_clear_queues(SSL *s) +static void dtls1_clear_queues(SSL_CONNECTION *s) { dtls1_clear_received_buffer(s); dtls1_clear_sent_buffer(s); } -void dtls1_clear_received_buffer(SSL *s) +void dtls1_clear_received_buffer(SSL_CONNECTION *s) { pitem *item = NULL; hm_fragment *frag = NULL; @@ -124,7 +128,7 @@ void dtls1_clear_received_buffer(SSL *s) } } -void dtls1_clear_sent_buffer(SSL *s) +void dtls1_clear_sent_buffer(SSL_CONNECTION *s) { pitem *item = NULL; hm_fragment *frag = NULL; @@ -137,11 +141,16 @@ void dtls1_clear_sent_buffer(SSL *s) } -void dtls1_free(SSL *s) +void dtls1_free(SSL *ssl) { + SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl); + + if (s == NULL) + return; + DTLS_RECORD_LAYER_free(&s->rlayer); - ssl3_free(s); + ssl3_free(ssl); if (s->d1 != NULL) { dtls1_clear_queues(s); @@ -153,13 +162,18 @@ void dtls1_free(SSL *s) s->d1 = NULL; } -int dtls1_clear(SSL *s) +int dtls1_clear(SSL *ssl) { pqueue *buffered_messages; pqueue *sent_messages; size_t mtu; size_t link_mtu; + SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl); + + if (s == NULL) + return 0; + DTLS_RECORD_LAYER_clear(&s->rlayer); if (s->d1) { @@ -181,7 +195,7 @@ int dtls1_clear(SSL *s) s->d1->cookie_len = sizeof(s->d1->cookie); } - if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { + if (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU) { s->d1->mtu = mtu; s->d1->link_mtu = link_mtu; } @@ -190,24 +204,28 @@ int dtls1_clear(SSL *s) s->d1->sent_messages = sent_messages; } - if (!ssl3_clear(s)) + if (!ssl3_clear(ssl)) return 0; - if (s->method->version == DTLS_ANY_VERSION) + if (ssl->method->version == DTLS_ANY_VERSION) s->version = DTLS_MAX_VERSION_INTERNAL; #ifndef OPENSSL_NO_DTLS1_METHOD else if (s->options & SSL_OP_CISCO_ANYCONNECT) s->client_version = s->version = DTLS1_BAD_VER; #endif else - s->version = s->method->version; + s->version = ssl->method->version; return 1; } -long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) +long dtls1_ctrl(SSL *ssl, int cmd, long larg, void *parg) { int ret = 0; + SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl); + + if (s == NULL) + return 0; switch (cmd) { case DTLS_CTRL_GET_TIMEOUT: @@ -235,19 +253,20 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) s->d1->mtu = larg; return larg; default: - ret = ssl3_ctrl(s, cmd, larg, parg); + ret = ssl3_ctrl(ssl, cmd, larg, parg); break; } return ret; } -void dtls1_start_timer(SSL *s) +void dtls1_start_timer(SSL_CONNECTION *s) { unsigned int sec, usec; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); #ifndef OPENSSL_NO_SCTP /* Disable timer for SCTP */ - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { + if (BIO_dgram_is_sctp(SSL_get_wbio(ssl))) { memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout)); return; } @@ -260,7 +279,7 @@ void dtls1_start_timer(SSL *s) if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { if (s->d1->timer_cb != NULL) - s->d1->timeout_duration_us = s->d1->timer_cb(s, 0); + s->d1->timeout_duration_us = s->d1->timer_cb(ssl, 0); else s->d1->timeout_duration_us = 1000000; } @@ -281,11 +300,11 @@ void dtls1_start_timer(SSL *s) s->d1->next_timeout.tv_usec -= 1000000; } - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, + BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); } -struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft) +struct timeval *dtls1_get_timeout(SSL_CONNECTION *s, struct timeval *timeleft) { struct timeval timenow; @@ -325,7 +344,7 @@ struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft) return timeleft; } -int dtls1_is_timer_expired(SSL *s) +int dtls1_is_timer_expired(SSL_CONNECTION *s) { struct timeval timeleft; @@ -343,36 +362,37 @@ int dtls1_is_timer_expired(SSL *s) return 1; } -static void dtls1_double_timeout(SSL *s) +static void dtls1_double_timeout(SSL_CONNECTION *s) { s->d1->timeout_duration_us *= 2; if (s->d1->timeout_duration_us > 60000000) s->d1->timeout_duration_us = 60000000; } -void dtls1_stop_timer(SSL *s) +void dtls1_stop_timer(SSL_CONNECTION *s) { /* Reset everything */ s->d1->timeout_num_alerts = 0; memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout)); s->d1->timeout_duration_us = 1000000; - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, + BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); /* Clear retransmission buffer */ dtls1_clear_sent_buffer(s); } -int dtls1_check_timeout_num(SSL *s) +int dtls1_check_timeout_num(SSL_CONNECTION *s) { size_t mtu; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); s->d1->timeout_num_alerts++; /* Reduce MTU after 2 unsuccessful retransmissions */ if (s->d1->timeout_num_alerts > 2 - && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { + && !(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) { mtu = - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); if (mtu < s->d1->mtu) s->d1->mtu = mtu; } @@ -386,7 +406,7 @@ int dtls1_check_timeout_num(SSL *s) return 0; } -int dtls1_handle_timeout(SSL *s) +int dtls1_handle_timeout(SSL_CONNECTION *s) { /* if no timer is expired, don't do anything */ if (!dtls1_is_timer_expired(s)) { @@ -394,7 +414,8 @@ int dtls1_handle_timeout(SSL *s) } if (s->d1->timer_cb != NULL) - s->d1->timeout_duration_us = s->d1->timer_cb(s, s->d1->timeout_duration_us); + s->d1->timeout_duration_us = s->d1->timer_cb(SSL_CONNECTION_GET_SSL(s), + s->d1->timeout_duration_us); else dtls1_double_timeout(s); @@ -417,7 +438,7 @@ static void get_current_time(struct timeval *t) #define LISTEN_SEND_VERIFY_REQUEST 1 #ifndef OPENSSL_NO_SOCK -int DTLSv1_listen(SSL *s, BIO_ADDR *client) +int DTLSv1_listen(SSL *ssl, BIO_ADDR *client) { int next, n, ret = 0; unsigned char cookie[DTLS1_COOKIE_LENGTH]; @@ -429,20 +450,24 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) BIO *rbio, *wbio; BIO_ADDR *tmpclient = NULL; PACKET pkt, msgpkt, msgpayload, session, cookiepkt; + SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl); + + if (s == NULL) + return -1; if (s->handshake_func == NULL) { /* Not properly initialized yet */ - SSL_set_accept_state(s); + SSL_set_accept_state(ssl); } /* Ensure there is no state left over from a previous invocation */ - if (!SSL_clear(s)) + if (!SSL_clear(ssl)) return -1; ERR_clear_error(); - rbio = SSL_get_rbio(s); - wbio = SSL_get_wbio(s); + rbio = SSL_get_rbio(ssl); + wbio = SSL_get_wbio(ssl); if (!rbio || !wbio) { ERR_raise(ERR_LIB_SSL, SSL_R_BIO_NOT_SET); @@ -517,7 +542,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, buf, - DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + DTLS1_RT_HEADER_LENGTH, ssl, s->msg_callback_arg); /* Get the record header */ if (!PACKET_get_1(&pkt, &rectype) @@ -600,7 +625,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, data, - fraglen + DTLS1_HM_HEADER_LENGTH, s, + fraglen + DTLS1_HM_HEADER_LENGTH, ssl, s->msg_callback_arg); if (!PACKET_get_net_2(&msgpayload, &clientvers)) { @@ -611,8 +636,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) /* * Verify client version is supported */ - if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) && - s->method->version != DTLS_ANY_VERSION) { + if (DTLS_VERSION_LT(clientvers, (unsigned int)ssl->method->version) && + ssl->method->version != DTLS_ANY_VERSION) { ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_VERSION_NUMBER); goto end; } @@ -638,12 +663,12 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) /* * We have a cookie, so lets check it. */ - if (s->ctx->app_verify_cookie_cb == NULL) { + if (ssl->ctx->app_verify_cookie_cb == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_VERIFY_COOKIE_CALLBACK); /* This is fatal */ return -1; } - if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt), + if (ssl->ctx->app_verify_cookie_cb(ssl, PACKET_data(&cookiepkt), (unsigned int)PACKET_remaining(&cookiepkt)) == 0) { /* * We treat invalid cookies in the same was as no cookie as @@ -668,8 +693,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) */ /* Generate the cookie */ - if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 || + if (ssl->ctx->app_gen_cookie_cb == NULL || + ssl->ctx->app_gen_cookie_cb(ssl, cookie, &cookielen) == 0 || cookielen > 255) { ERR_raise(ERR_LIB_SSL, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); /* This is fatal */ @@ -681,8 +706,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) * haven't decided which version to use yet send back using version * 1.0 header: otherwise some clients will ignore it. */ - version = (s->method->version == DTLS_ANY_VERSION) ? DTLS1_VERSION - : s->version; + version = (ssl->method->version == DTLS_ANY_VERSION) ? DTLS1_VERSION + : s->version; /* Construct the record and message headers */ if (!WPACKET_init_static_len(&wpkt, @@ -753,7 +778,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) if (s->msg_callback) s->msg_callback(1, 0, SSL3_RT_HEADER, buf, - DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + DTLS1_RT_HEADER_LENGTH, ssl, + s->msg_callback_arg); if ((tmpclient = BIO_ADDR_new()) == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); @@ -807,7 +833,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) * We are doing cookie exchange, so make sure we set that option in the * SSL object */ - SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); + SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE); /* * Tell the state machine that we've done the initial hello verify @@ -832,7 +858,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) } #endif -static int dtls1_handshake_write(SSL *s) +static int dtls1_handshake_write(SSL_CONNECTION *s) { return dtls1_do_write(s, SSL3_RT_HANDSHAKE); } @@ -842,10 +868,14 @@ int dtls1_shutdown(SSL *s) int ret; #ifndef OPENSSL_NO_SCTP BIO *wbio; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (s == NULL) + return -1; wbio = SSL_get_wbio(s); if (wbio != NULL && BIO_dgram_is_sctp(wbio) && - !(s->shutdown & SSL_SENT_SHUTDOWN)) { + !(sc->shutdown & SSL_SENT_SHUTDOWN)) { ret = BIO_dgram_sctp_wait_for_dry(wbio); if (ret < 0) return -1; @@ -862,19 +892,21 @@ int dtls1_shutdown(SSL *s) return ret; } -int dtls1_query_mtu(SSL *s) +int dtls1_query_mtu(SSL_CONNECTION *s) { + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + if (s->d1->link_mtu) { s->d1->mtu = - s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); + s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(ssl)); s->d1->link_mtu = 0; } /* AHA! Figure out the MTU, and stick to the right size */ if (s->d1->mtu < dtls1_min_mtu(s)) { - if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { + if (!(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) { s->d1->mtu = - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); /* * I've seen the kernel return bogus numbers when it doesn't know @@ -883,7 +915,7 @@ int dtls1_query_mtu(SSL *s) if (s->d1->mtu < dtls1_min_mtu(s)) { /* Set to min mtu */ s->d1->mtu = dtls1_min_mtu(s); - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SET_MTU, (long)s->d1->mtu, NULL); } } else @@ -898,16 +930,24 @@ static size_t dtls1_link_min_mtu(void) sizeof(g_probable_mtu[0])) - 1]); } -size_t dtls1_min_mtu(SSL *s) +size_t dtls1_min_mtu(SSL_CONNECTION *s) { - return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + + return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(ssl)); } -size_t DTLS_get_data_mtu(const SSL *s) +size_t DTLS_get_data_mtu(const SSL *ssl) { size_t mac_overhead, int_overhead, blocksize, ext_overhead; - const SSL_CIPHER *ciph = SSL_get_current_cipher(s); - size_t mtu = s->d1->mtu; + const SSL_CIPHER *ciph = SSL_get_current_cipher(ssl); + size_t mtu; + const SSL_CONNECTION *s = SSL_CONNECTION_FROM_CONST_SSL_ONLY(ssl); + + if (s == NULL) + return 0; + + mtu = s->d1->mtu; if (ciph == NULL) return 0; @@ -939,7 +979,12 @@ size_t DTLS_get_data_mtu(const SSL *s) return mtu; } -void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb) +void DTLS_set_timer_cb(SSL *ssl, DTLS_timer_cb cb) { + SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl); + + if (s == NULL) + return; + s->d1->timer_cb = cb; } diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c index b4ad41c9e31ffd..1bb797431161ca 100644 --- a/ssl/d1_msg.c +++ b/ssl/d1_msg.c @@ -13,9 +13,13 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, size_t *written) { int i; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); - if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { - i = s->handshake_func(s); + if (sc == NULL) + return -1; + + if (SSL_in_init(s) && !ossl_statem_get_in_handshake(sc)) { + i = sc->handshake_func(s); if (i < 0) return i; if (i == 0) { @@ -29,16 +33,20 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, return -1; } - return dtls1_write_bytes(s, type, buf_, len, written); + return dtls1_write_bytes(sc, type, buf_, len, written); } -int dtls1_dispatch_alert(SSL *s) +int dtls1_dispatch_alert(SSL *ssl) { int i, j; void (*cb) (const SSL *ssl, int type, int val) = NULL; unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; size_t written; + SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl); + + if (s == NULL) + return 0; s->s3.alert_dispatch = 0; @@ -55,16 +63,16 @@ int dtls1_dispatch_alert(SSL *s) if (s->msg_callback) s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert, - 2, s, s->msg_callback_arg); + 2, ssl, s->msg_callback_arg); if (s->info_callback != NULL) cb = s->info_callback; - else if (s->ctx->info_callback != NULL) - cb = s->ctx->info_callback; + else if (ssl->ctx->info_callback != NULL) + cb = ssl->ctx->info_callback; if (cb != NULL) { j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1]; - cb(s, SSL_CB_WRITE_ALERT, j); + cb(ssl, SSL_CB_WRITE_ALERT, j); } } return i; diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 1fd5947986ab40..557336a0640d63 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -144,14 +144,21 @@ int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) { - return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) + return 0; + + return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles); } STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) { - if (s != NULL) { - if (s->srtp_profiles != NULL) { - return s->srtp_profiles; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc != NULL) { + if (sc->srtp_profiles != NULL) { + return sc->srtp_profiles; } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) { return s->ctx->srtp_profiles; } @@ -162,6 +169,11 @@ STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) { - return s->srtp_profile; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) + return 0; + + return sc->srtp_profile; } #endif diff --git a/ssl/ktls.c b/ssl/ktls.c index 1622e7d95351b7..2cd2a5bdd5213a 100644 --- a/ssl/ktls.c +++ b/ssl/ktls.c @@ -18,7 +18,7 @@ * record layer. If read_ahead is enabled, then this might be false and this * function will fail. */ -static int count_unprocessed_records(SSL *s) +static int count_unprocessed_records(SSL_CONNECTION *s) { SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); PACKET pkt, subpkt; @@ -48,7 +48,7 @@ static int count_unprocessed_records(SSL *s) * partial record, fail and return 0. Otherwise, update the sequence * number at *rec_seq for the count of unprocessed records and return 1. */ -static int check_rx_read_ahead(SSL *s, unsigned char *rec_seq) +static int check_rx_read_ahead(SSL_CONNECTION *s, unsigned char *rec_seq) { int bit, count_unprocessed; @@ -80,7 +80,7 @@ static int check_rx_read_ahead(SSL *s, unsigned char *rec_seq) * provider is found, but this checks if the socket option * supports the cipher suite used at all. */ -int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, +int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c, const EVP_CIPHER_CTX *dd) { @@ -120,7 +120,8 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, } /* Function to configure kernel TLS structure */ -int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, +int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c, + EVP_CIPHER_CTX *dd, void *rl_sequence, ktls_crypto_info_t *crypto_info, int is_tx, unsigned char *iv, unsigned char *key, unsigned char *mac_key, @@ -186,7 +187,7 @@ int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, #if defined(OPENSSL_SYS_LINUX) /* Function to check supported ciphers in Linux */ -int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, +int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c, const EVP_CIPHER_CTX *dd) { switch (s->version) { @@ -225,7 +226,8 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, } /* Function to configure kernel TLS structure */ -int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, +int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c, + EVP_CIPHER_CTX *dd, void *rl_sequence, ktls_crypto_info_t *crypto_info, int is_tx, unsigned char *iv, unsigned char *key, unsigned char *mac_key, diff --git a/ssl/priority_queue.c b/ssl/priority_queue.c index 05e9d41383d8b2..0f864a0ffac6bf 100644 --- a/ssl/priority_queue.c +++ b/ssl/priority_queue.c @@ -356,7 +356,7 @@ void ossl_pqueue_free(OSSL_PQUEUE *pq) OPENSSL_free(pq->heap); OPENSSL_free(pq->elements); OPENSSL_free(pq); - } + } } void ossl_pqueue_pop_free(OSSL_PQUEUE *pq, void (*freefunc)(void *)) diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 5d0c861c76ebc3..bc2d12db940bf8 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -11,16 +11,69 @@ #include #include "quic_local.h" -int ossl_quic_new(SSL *s) +SSL *ossl_quic_new(SSL_CTX *ctx) +{ + QUIC_CONNECTION *qc; + SSL *ssl = NULL; + SSL_CONNECTION *sc; + + qc = OPENSSL_zalloc(sizeof(*qc)); + if (qc == NULL) + goto err; + + ssl = &qc->ssl; + if (!ossl_ssl_init(ssl, ctx, SSL_TYPE_QUIC_CONNECTION)) { + OPENSSL_free(qc); + ssl = NULL; + goto err; + } + qc->tls = ossl_ssl_connection_new(ctx); + if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) + goto err; + /* override the user_ssl of the inner connection */ + sc->user_ssl = ssl; + + /* We'll need to set proper TLS method on qc->tls here */ + return ssl; +err: + ossl_quic_free(ssl); + return NULL; +} + +int ossl_quic_init(SSL *s) { return s->method->ssl_clear(s); } +void ossl_quic_deinit(SSL *s) +{ + return; +} + void ossl_quic_free(SSL *s) { + QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s); + + if (qc == NULL) + return; + + SSL_free(qc->tls); return; } +int ossl_quic_reset(SSL *s) +{ + QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s); + + if (qc == NULL) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + return sc != NULL ? ossl_ssl_connection_reset(s) : 0; + } + + return ossl_ssl_connection_reset(qc->tls); +} + int ossl_quic_clear(SSL *s) { return 1; @@ -28,13 +81,23 @@ int ossl_quic_clear(SSL *s) int ossl_quic_accept(SSL *s) { - s->statem.in_init = 0; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s); + + if (sc == NULL) + return 0; + + sc->statem.in_init = 0; return 1; } int ossl_quic_connect(SSL *s) { - s->statem.in_init = 0; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s); + + if (sc == NULL) + return 0; + + sc->statem.in_init = 0; return 1; } @@ -42,14 +105,15 @@ int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes) { int ret; BIO *rbio = SSL_get_rbio(s); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s); - if (rbio == NULL) + if (sc == NULL || rbio == NULL) return 0; - s->rwstate = SSL_READING; + sc->rwstate = SSL_READING; ret = BIO_read_ex(rbio, buf, len, readbytes); if (ret > 0 || !BIO_should_retry(rbio)) - s->rwstate = SSL_NOTHING; + sc->rwstate = SSL_NOTHING; return ret <= 0 ? -1 : ret; } @@ -62,14 +126,15 @@ int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written) { BIO *wbio = SSL_get_wbio(s); int ret; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s); - if (wbio == NULL) + if (sc == NULL || wbio == NULL) return 0; - s->rwstate = SSL_WRITING; + sc->rwstate = SSL_WRITING; ret = BIO_write_ex(wbio, buf, len, written); if (ret > 0 || !BIO_should_retry(wbio)) - s->rwstate = SSL_NOTHING; + sc->rwstate = SSL_NOTHING; return ret; } @@ -80,12 +145,17 @@ int ossl_quic_shutdown(SSL *s) long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s); + + if (sc == NULL) + return 0; + switch(cmd) { case SSL_CTRL_CHAIN: if (larg) - return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg); + return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg); else - return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg); + return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg); } return 0; } diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h index 8bd40cf9163fe8..e0d172979ff0cf 100644 --- a/ssl/quic/quic_local.h +++ b/ssl/quic/quic_local.h @@ -13,6 +13,36 @@ # include # include "../ssl_local.h" +typedef struct quic_conn_st { + /* type identifier and common data */ + struct ssl_st ssl; + /* the associated tls-1.3 connection data */ + SSL *tls; + /* just an example member */ + uint64_t conn_id; +} QUIC_CONNECTION; + +# define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \ + ((ssl) == NULL ? NULL \ + : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ + ? (c QUIC_CONNECTION *)(ssl) \ + : NULL)) + +# define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) \ + ((ssl) == NULL ? NULL \ + : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ + ? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \ + : NULL)) + +# define QUIC_CONNECTION_FROM_SSL(ssl) \ + QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST) +# define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \ + QUIC_CONNECTION_FROM_SSL_int(ssl, const) +# define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \ + SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST) +# define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \ + SSL_CONNECTION_FROM_CONST_QUIC_SSL_int(ssl, const) + # define OSSL_QUIC_ANY_VERSION 0xFFFFF # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \ @@ -24,8 +54,11 @@ const SSL_METHOD *func_name(void) \ 0, \ 0, \ ossl_quic_new, \ - ossl_quic_clear, \ ossl_quic_free, \ + ossl_quic_reset, \ + ossl_quic_init, \ + ossl_quic_clear, \ + ossl_quic_deinit, \ q_accept, \ q_connect, \ ossl_quic_read, \ @@ -53,8 +86,11 @@ const SSL_METHOD *func_name(void) \ return &func_name##_data; \ } -__owur int ossl_quic_new(SSL *s); +__owur SSL *ossl_quic_new(SSL_CTX *ctx); +__owur int ossl_quic_init(SSL *s); +void ossl_quic_deinit(SSL *s); void ossl_quic_free(SSL *s); +int ossl_quic_reset(SSL *s); int ossl_quic_clear(SSL *s); __owur int ossl_quic_accept(SSL *s); __owur int ossl_quic_connect(SSL *s); @@ -63,9 +99,9 @@ __owur int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes); __owur int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written); __owur int ossl_quic_shutdown(SSL *s); __owur long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg); -__owur long ossl_quic_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); +__owur long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); __owur long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); -__owur long ossl_quic_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void)); +__owur long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)); __owur size_t ossl_quic_pending(const SSL *s); __owur long ossl_quic_default_timeout(void); __owur int ossl_quic_num_ciphers(void); diff --git a/ssl/record/dtls1_bitmap.c b/ssl/record/dtls1_bitmap.c index 4733a62a96633f..e94ce913843566 100644 --- a/ssl/record/dtls1_bitmap.c +++ b/ssl/record/dtls1_bitmap.c @@ -35,7 +35,7 @@ static int satsub64be(const unsigned char *v1, const unsigned char *v2) return (int)ret; } -int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) +int dtls1_record_replay_check(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap) { int cmp; unsigned int shift; @@ -56,7 +56,7 @@ int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) return 1; } -void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) +void dtls1_record_bitmap_update(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap) { int cmp; unsigned int shift; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 532413e4d32423..01703198660bc9 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -124,7 +124,7 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq) } /* copy buffered record into SSL structure */ -static int dtls1_copy_record(SSL *s, pitem *item) +static int dtls1_copy_record(SSL_CONNECTION *s, pitem *item) { DTLS1_RECORD_DATA *rdata; @@ -143,10 +143,14 @@ static int dtls1_copy_record(SSL *s, pitem *item) return 1; } -int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) +int dtls1_buffer_record(SSL_CONNECTION *s, record_pqueue *queue, + unsigned char *priority) { DTLS1_RECORD_DATA *rdata; pitem *item; +#ifndef OPENSSL_NO_SCTP + SSL *ssl = SSL_CONNECTION_GET_SSL(s); +#endif /* Limit the size of the queue to prevent DOS attacks */ if (pqueue_size(queue->q) >= 100) @@ -170,10 +174,10 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) #ifndef OPENSSL_NO_SCTP /* Store bio_dgram_sctp_rcvinfo struct */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - (SSL_get_state(s) == TLS_ST_SR_FINISHED - || SSL_get_state(s) == TLS_ST_CR_FINISHED)) { - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, + if (BIO_dgram_is_sctp(SSL_get_rbio(ssl)) && + (SSL_get_state(ssl) == TLS_ST_SR_FINISHED + || SSL_get_state(ssl) == TLS_ST_CR_FINISHED)) { + BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); } #endif @@ -201,7 +205,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) return 1; } -int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) +int dtls1_retrieve_buffered_record(SSL_CONNECTION *s, record_pqueue *queue) { pitem *item; @@ -226,7 +230,7 @@ int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) dtls1_retrieve_buffered_record((s), \ &((s)->rlayer.d->unprocessed_rcds)) -int dtls1_process_buffered_records(SSL *s) +int dtls1_process_buffered_records(SSL_CONNECTION *s) { pitem *item; SSL3_BUFFER *rb; @@ -270,7 +274,7 @@ int dtls1_process_buffered_records(SSL *s) } #ifndef OPENSSL_NO_SCTP /* Only do replay check if no SCTP bio */ - if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) + if (!BIO_dgram_is_sctp(SSL_get_rbio(SSL_CONNECTION_GET_SSL(s)))) #endif { /* @@ -347,10 +351,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, size_t n; SSL3_RECORD *rr; void (*cb) (const SSL *ssl, int type2, int val) = NULL; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return -1; - if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) { + if (!SSL3_BUFFER_is_initialised(&sc->rlayer.rbuf)) { /* Not initialized yet */ - if (!ssl3_setup_buffers(s)) { + if (!ssl3_setup_buffers(sc)) { /* SSLfatal() already called */ return -1; } @@ -359,13 +367,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } - if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) { + if (!ossl_statem_get_in_handshake(sc) && SSL_in_init(s)) { /* type == SSL3_RT_APPLICATION_DATA */ - i = s->handshake_func(s); + i = sc->handshake_func(s); /* SSLfatal() already called if appropriate */ if (i < 0) return i; @@ -374,7 +382,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } start: - s->rwstate = SSL_NOTHING; + sc->rwstate = SSL_NOTHING; /*- * s->s3.rrec.type - is the type of record @@ -382,7 +390,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * s->s3.rrec.off, - offset into 'data' for next read * s->s3.rrec.length, - number of bytes. */ - rr = s->rlayer.rrec; + rr = sc->rlayer.rrec; /* * We are not handshaking and have no data yet, so process data buffered @@ -390,7 +398,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) { pitem *item; - item = pqueue_pop(s->rlayer.d->buffered_app_data.q); + item = pqueue_pop(sc->rlayer.d->buffered_app_data.q); if (item) { #ifndef OPENSSL_NO_SCTP /* Restore bio_dgram_sctp_rcvinfo struct */ @@ -401,7 +409,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } #endif - dtls1_copy_record(s, item); + dtls1_copy_record(sc, item); OPENSSL_free(item->data); pitem_free(item); @@ -409,20 +417,20 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } /* Check for timeout */ - if (dtls1_handle_timeout(s) > 0) { + if (dtls1_handle_timeout(sc) > 0) { goto start; - } else if (ossl_statem_in_error(s)) { + } else if (ossl_statem_in_error(sc)) { /* dtls1_handle_timeout() has failed with a fatal error */ return -1; } /* get new packet if necessary */ if ((SSL3_RECORD_get_length(rr) == 0) - || (s->rlayer.rstate == SSL_ST_READ_BODY)) { - RECORD_LAYER_set_numrpipes(&s->rlayer, 0); - iret = dtls1_get_record(s); + || (sc->rlayer.rstate == SSL_ST_READ_BODY)) { + RECORD_LAYER_set_numrpipes(&sc->rlayer, 0); + iret = dtls1_get_record(sc); if (iret <= 0) { - iret = dtls1_read_failed(s, iret); + iret = dtls1_read_failed(sc, iret); /* * Anything other than a timeout is an error. SSLfatal() already * called if appropriate. @@ -432,7 +440,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, else goto start; } - RECORD_LAYER_set_numrpipes(&s->rlayer, 1); + RECORD_LAYER_set_numrpipes(&sc->rlayer, 1); } /* @@ -441,11 +449,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT && SSL3_RECORD_get_length(rr) != 0) - s->rlayer.alert_count = 0; + sc->rlayer.alert_count = 0; /* we now have a packet which can be read and processed */ - if (s->s3.change_cipher_spec /* set when we receive ChangeCipherSpec, + if (sc->s3.change_cipher_spec /* set when we receive ChangeCipherSpec, * reset by ssl3_get_finished */ && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) { /* @@ -453,7 +461,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * the packets were reordered on their way, so buffer the application * data for later processing rather than dropping the connection. */ - if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data), + if (dtls1_buffer_record(sc, &(sc->rlayer.d->buffered_app_data), SSL3_RECORD_get_seq_num(rr)) < 0) { /* SSLfatal() already called */ return -1; @@ -467,10 +475,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * If the other end has shut down, throw anything we read away (even in * 'peek' mode) */ - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { + if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) { SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); - s->rwstate = SSL_NOTHING; + sc->rwstate = SSL_NOTHING; return 0; } @@ -487,8 +495,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * doing a handshake for the first time */ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + (sc->enc_read_ctx == NULL)) { + SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_APP_DATA_IN_HANDSHAKE); return -1; } @@ -517,12 +525,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (SSL3_RECORD_get_length(rr) == 0) SSL3_RECORD_set_read(rr); } else { - if (s->options & SSL_OP_CLEANSE_PLAINTEXT) + if (sc->options & SSL_OP_CLEANSE_PLAINTEXT) OPENSSL_cleanse(&(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n); SSL3_RECORD_sub_length(rr, n); SSL3_RECORD_add_off(rr, n); if (SSL3_RECORD_get_length(rr) == 0) { - s->rlayer.rstate = SSL_ST_READ_HEADER; + sc->rlayer.rstate = SSL_ST_READ_HEADER; SSL3_RECORD_set_off(rr, 0); SSL3_RECORD_set_read(rr); } @@ -534,9 +542,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * anymore, finally set shutdown. */ if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - s->d1->shutdown_received + sc->d1->shutdown_received && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) { - s->shutdown |= SSL_RECEIVED_SHUTDOWN; + sc->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; } #endif @@ -559,16 +567,16 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, || !PACKET_get_1(&alert, &alert_level) || !PACKET_get_1(&alert, &alert_descr) || PACKET_remaining(&alert) != 0) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT); + SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT); return -1; } - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s, - s->msg_callback_arg); + if (sc->msg_callback) + sc->msg_callback(0, sc->version, SSL3_RT_ALERT, alert_bytes, 2, s, + sc->msg_callback_arg); - if (s->info_callback != NULL) - cb = s->info_callback; + if (sc->info_callback != NULL) + cb = sc->info_callback; else if (s->ctx->info_callback != NULL) cb = s->ctx->info_callback; @@ -578,12 +586,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (alert_level == SSL3_AL_WARNING) { - s->s3.warn_alert = alert_descr; + sc->s3.warn_alert = alert_descr; SSL3_RECORD_set_read(rr); - s->rlayer.alert_count++; - if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + sc->rlayer.alert_count++; + if (sc->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { + SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_TOO_MANY_WARN_ALERTS); return -1; } @@ -597,37 +605,37 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) { - s->d1->shutdown_received = 1; - s->rwstate = SSL_READING; + sc->d1->shutdown_received = 1; + sc->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); return -1; } #endif - s->shutdown |= SSL_RECEIVED_SHUTDOWN; + sc->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; } } else if (alert_level == SSL3_AL_FATAL) { - s->rwstate = SSL_NOTHING; - s->s3.fatal_alert = alert_descr; - SSLfatal_data(s, SSL_AD_NO_ALERT, + sc->rwstate = SSL_NOTHING; + sc->s3.fatal_alert = alert_descr; + SSLfatal_data(sc, SSL_AD_NO_ALERT, SSL_AD_REASON_OFFSET + alert_descr, "SSL alert number %d", alert_descr); - s->shutdown |= SSL_RECEIVED_SHUTDOWN; + sc->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL3_RECORD_set_read(rr); - SSL_CTX_remove_session(s->session_ctx, s->session); + SSL_CTX_remove_session(sc->session_ctx, sc->session); return 0; } else { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE); + SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE); return -1; } goto start; } - if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a + if (sc->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a * shutdown */ - s->rwstate = SSL_NOTHING; + sc->rwstate = SSL_NOTHING; SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); return 0; @@ -647,14 +655,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * Unexpected handshake message (Client Hello, or protocol violation) */ if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) && - !ossl_statem_get_in_handshake(s)) { + !ossl_statem_get_in_handshake(sc)) { struct hm_header_st msg_hdr; /* * This may just be a stale retransmit. Also sanity check that we have * at least enough record bytes for a message header */ - if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch + if (SSL3_RECORD_get_epoch(rr) != sc->rlayer.d->r_epoch || SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) { SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); @@ -668,24 +676,24 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * here, then retransmit our CCS and FINISHED. */ if (msg_hdr.type == SSL3_MT_FINISHED) { - if (dtls1_check_timeout_num(s) < 0) { + if (dtls1_check_timeout_num(sc) < 0) { /* SSLfatal) already called */ return -1; } - if (dtls1_retransmit_buffered_messages(s) <= 0) { + if (dtls1_retransmit_buffered_messages(sc) <= 0) { /* Fail if we encountered a fatal error */ - if (ossl_statem_in_error(s)) + if (ossl_statem_in_error(sc)) return -1; } SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); - if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) { + if (!(sc->mode & SSL_MODE_AUTO_RETRY)) { + if (SSL3_BUFFER_get_left(&sc->rlayer.rbuf) == 0) { /* no read-ahead left? */ BIO *bio; - s->rwstate = SSL_READING; + sc->rwstate = SSL_READING; bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); @@ -702,22 +710,22 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * finished */ if (!ossl_assert(SSL_is_init_finished(s))) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } /* We found handshake data, so we're going back into init */ - ossl_statem_set_in_init(s, 1); + ossl_statem_set_in_init(sc, 1); - i = s->handshake_func(s); + i = sc->handshake_func(s); /* SSLfatal() called if appropriate */ if (i < 0) return i; if (i == 0) return -1; - if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) { + if (!(sc->mode & SSL_MODE_AUTO_RETRY)) { + if (SSL3_BUFFER_get_left(&sc->rlayer.rbuf) == 0) { /* no read-ahead left? */ BIO *bio; /* @@ -726,7 +734,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * option set. Otherwise renegotiation may cause nasty * problems in the blocking world */ - s->rwstate = SSL_READING; + sc->rwstate = SSL_READING; bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); @@ -738,7 +746,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, switch (SSL3_RECORD_get_type(rr)) { default: - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); + SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); return -1; case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_ALERT: @@ -748,7 +756,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but * that should not happen when type != rr->type */ - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR); + SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR); return -1; case SSL3_RT_APPLICATION_DATA: /* @@ -758,13 +766,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * application data at this point (session renegotiation not yet * started), we will indulge it. */ - if (s->s3.in_read_app_data && - (s->s3.total_renegotiations != 0) && - ossl_statem_app_data_allowed(s)) { - s->s3.in_read_app_data = 2; + if (sc->s3.in_read_app_data && + (sc->s3.total_renegotiations != 0) && + ossl_statem_app_data_allowed(sc)) { + sc->s3.in_read_app_data = 2; return -1; } else { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); + SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); return -1; } } @@ -775,8 +783,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. */ -int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, - size_t *written) +int dtls1_write_bytes(SSL_CONNECTION *s, int type, const void *buf, + size_t len, size_t *written) { int i; @@ -789,7 +797,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, return i; } -int do_dtls1_write(SSL *s, int type, const unsigned char *buf, +int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf, size_t len, int create_empty_fragment, size_t *written) { unsigned char *p, *pseq; @@ -799,20 +807,21 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, SSL3_RECORD wr; SSL3_BUFFER *wb; SSL_SESSION *sess; + SSL *s = SSL_CONNECTION_GET_SSL(sc); - wb = &s->rlayer.wbuf[0]; + wb = &sc->rlayer.wbuf[0]; /* * DTLS writes whole datagrams, so there can't be anything left in * the buffer. */ if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } /* If we have an alert to send, lets send it */ - if (s->s3.alert_dispatch) { + if (sc->s3.alert_dispatch) { i = s->method->ssl_dispatch_alert(s); if (i <= 0) return i; @@ -822,24 +831,24 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (len == 0 && !create_empty_fragment) return 0; - if (len > ssl_get_max_send_fragment(s)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); + if (len > ssl_get_max_send_fragment(sc)) { + SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); return 0; } - sess = s->session; + sess = sc->session; if ((sess == NULL) - || (s->enc_write_ctx == NULL) - || (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) + || (sc->enc_write_ctx == NULL) + || (EVP_MD_CTX_get0_md(sc->write_hash) == NULL)) clear = 1; if (clear) mac_size = 0; else { - mac_size = EVP_MD_CTX_get_size(s->write_hash); + mac_size = EVP_MD_CTX_get_size(sc->write_hash); if (mac_size < 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); return -1; } @@ -857,12 +866,12 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * header: otherwise some clients will ignore it. */ if (s->method->version == DTLS_ANY_VERSION && - s->max_proto_version != DTLS1_BAD_VER) { + sc->max_proto_version != DTLS1_BAD_VER) { *(p++) = DTLS1_VERSION >> 8; *(p++) = DTLS1_VERSION & 0xff; } else { - *(p++) = s->version >> 8; - *(p++) = s->version & 0xff; + *(p++) = sc->version >> 8; + *(p++) = sc->version & 0xff; } /* field where we are to write out packet epoch, seq num and len */ @@ -870,10 +879,10 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, p += 10; /* Explicit IV length, block ciphers appropriate version flag */ - if (s->enc_write_ctx) { - int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); + if (sc->enc_write_ctx) { + int mode = EVP_CIPHER_CTX_get_mode(sc->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { - eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); + eivlen = EVP_CIPHER_CTX_get_iv_length(sc->enc_write_ctx); if (eivlen <= 1) eivlen = 0; } @@ -897,9 +906,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, */ /* first we compress */ - if (s->compress != NULL) { - if (!ssl3_do_compress(s, &wr)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE); + if (sc->compress != NULL) { + if (!ssl3_do_compress(sc, &wr)) { + SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE); return -1; } } else { @@ -914,11 +923,11 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * wb->buf */ - if (!SSL_WRITE_ETM(s) && mac_size != 0) { - if (!s->method->ssl3_enc->mac(s, &wr, + if (!SSL_WRITE_ETM(sc) && mac_size != 0) { + if (!s->method->ssl3_enc->mac(sc, &wr, &(p[SSL3_RECORD_get_length(&wr) + eivlen]), 1)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } SSL3_RECORD_add_length(&wr, mac_size); @@ -931,17 +940,17 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (eivlen) SSL3_RECORD_add_length(&wr, eivlen); - if (s->method->ssl3_enc->enc(s, &wr, 1, 1, NULL, mac_size) < 1) { - if (!ossl_statem_in_error(s)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + if (s->method->ssl3_enc->enc(sc, &wr, 1, 1, NULL, mac_size) < 1) { + if (!ossl_statem_in_error(sc)) { + SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); } return -1; } - if (SSL_WRITE_ETM(s) && mac_size != 0) { - if (!s->method->ssl3_enc->mac(s, &wr, + if (SSL_WRITE_ETM(sc) && mac_size != 0) { + if (!s->method->ssl3_enc->mac(sc, &wr, &(p[SSL3_RECORD_get_length(&wr)]), 1)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } SSL3_RECORD_add_length(&wr, mac_size); @@ -951,15 +960,15 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* there's only one epoch between handshake and app data */ - s2n(s->rlayer.d->w_epoch, pseq); + s2n(sc->rlayer.d->w_epoch, pseq); - memcpy(pseq, &(s->rlayer.write_sequence[2]), 6); + memcpy(pseq, &(sc->rlayer.write_sequence[2]), 6); pseq += 6; s2n(SSL3_RECORD_get_length(&wr), pseq); - if (s->msg_callback) - s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, - DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + if (sc->msg_callback) + sc->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, + DTLS1_RT_HEADER_LENGTH, s, sc->msg_callback_arg); /* * we should now have wr.data pointing to the encrypted data, which is @@ -968,7 +977,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, SSL3_RECORD_set_type(&wr, type); /* not needed but helps for debugging */ SSL3_RECORD_add_length(&wr, DTLS1_RT_HEADER_LENGTH); - ssl3_record_sequence_update(&(s->rlayer.write_sequence[0])); + ssl3_record_sequence_update(&(sc->rlayer.write_sequence[0])); if (create_empty_fragment) { /* @@ -987,16 +996,16 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * memorize arguments so that ssl3_write_pending can detect bad write * retries later */ - s->rlayer.wpend_tot = len; - s->rlayer.wpend_buf = buf; - s->rlayer.wpend_type = type; - s->rlayer.wpend_ret = len; + sc->rlayer.wpend_tot = len; + sc->rlayer.wpend_buf = buf; + sc->rlayer.wpend_type = type; + sc->rlayer.wpend_ret = len; /* we now just need to write the buffer. Calls SSLfatal() as required. */ - return ssl3_write_pending(s, type, buf, len, written); + return ssl3_write_pending(sc, type, buf, len, written); } -DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, +DTLS1_BITMAP *dtls1_get_bitmap(SSL_CONNECTION *s, SSL3_RECORD *rr, unsigned int *is_next_epoch) { @@ -1021,7 +1030,7 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, return NULL; } -void dtls1_reset_seq_numbers(SSL *s, int rw) +void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw) { unsigned char *seq; unsigned int seq_bytes = sizeof(s->rlayer.read_sequence); diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 79a1cd11e21686..70bc3b763c7309 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -26,7 +26,7 @@ # define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 #endif -void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s) +void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s) { rl->s = s; RECORD_LAYER_set_first_record(&s->rlayer); @@ -111,15 +111,19 @@ void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl) size_t ssl3_pending(const SSL *s) { size_t i, num = 0; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); - if (s->rlayer.rstate == SSL_ST_READ_BODY) + if (sc == NULL) return 0; - for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) { - if (SSL3_RECORD_get_type(&s->rlayer.rrec[i]) + if (sc->rlayer.rstate == SSL_ST_READ_BODY) + return 0; + + for (i = 0; i < RECORD_LAYER_get_numrpipes(&sc->rlayer); i++) { + if (SSL3_RECORD_get_type(&sc->rlayer.rrec[i]) != SSL3_RT_APPLICATION_DATA) return 0; - num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]); + num += SSL3_RECORD_get_length(&sc->rlayer.rrec[i]); } return num; @@ -132,12 +136,22 @@ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len) void SSL_set_default_read_buffer_len(SSL *s, size_t len) { - SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&s->rlayer), len); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&sc->rlayer), len); } const char *SSL_rstate_string_long(const SSL *s) { - switch (s->rlayer.rstate) { + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + switch (sc->rlayer.rstate) { case SSL_ST_READ_HEADER: return "read header"; case SSL_ST_READ_BODY: @@ -151,7 +165,12 @@ const char *SSL_rstate_string_long(const SSL *s) const char *SSL_rstate_string(const SSL *s) { - switch (s->rlayer.rstate) { + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + switch (sc->rlayer.rstate) { case SSL_ST_READ_HEADER: return "RH"; case SSL_ST_READ_BODY: @@ -166,8 +185,8 @@ const char *SSL_rstate_string(const SSL *s) /* * Return values are as per SSL_read() */ -int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, - size_t *readbytes) +int ssl3_read_n(SSL_CONNECTION *s, size_t n, size_t max, int extend, + int clearold, size_t *readbytes) { /* * If extend == 0, obtain new n-byte packet; if extend == 1, increase @@ -243,7 +262,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, * operation returns the whole packet at once (as long as it fits into * the buffer). */ - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if (left == 0 && extend) return 0; if (left > 0 && n > left) @@ -272,7 +291,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, * Also, we always act like read_ahead is set for DTLS. */ if (!BIO_get_ktls_recv(s->rbio) && !s->rlayer.read_ahead - && !SSL_IS_DTLS(s)) { + && !SSL_CONNECTION_IS_DTLS(s)) { /* ignore max parameter */ max = n; } else { @@ -302,7 +321,8 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, && !BIO_should_retry(s->rbio) && BIO_eof(s->rbio)) { if (s->options & SSL_OP_IGNORE_UNEXPECTED_EOF) { - SSL_set_shutdown(s, SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(SSL_CONNECTION_GET_SSL(s), + SSL_RECEIVED_SHUTDOWN); s->s3.warn_alert = SSL_AD_CLOSE_NOTIFY; } else { SSLfatal(s, SSL_AD_DECODE_ERROR, @@ -316,7 +336,8 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, if (ret <= 0) { rb->left = left; - if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) + if ((s->mode & SSL_MODE_RELEASE_BUFFERS) != 0 + && !SSL_CONNECTION_IS_DTLS(s)) if (len + left == 0) ssl3_release_read_buffer(s); return ret; @@ -327,7 +348,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, * underlying transport protocol is message oriented as opposed to * byte oriented as in the TLS case. */ - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if (n > left) n = left; /* makes the while condition false */ } @@ -346,7 +367,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. */ -int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, +int ssl3_write_bytes(SSL *ssl, int type, const void *buf_, size_t len, size_t *written) { const unsigned char *buf = buf_; @@ -355,10 +376,15 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK size_t nw; #endif - SSL3_BUFFER *wb = &s->rlayer.wbuf[0]; + SSL3_BUFFER *wb; int i; size_t tmpwrit; + SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl); + if (s == NULL) + return -1; + + wb = &s->rlayer.wbuf[0]; s->rwstate = SSL_NOTHING; tot = s->rlayer.wnum; /* @@ -377,7 +403,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, } if (s->early_data_state == SSL_EARLY_DATA_WRITING - && !early_data_count_ok(s, len, 0, 1)) { + && !ossl_early_data_count_ok(s, len, 0, 1)) { /* SSLfatal() already called */ return -1; } @@ -398,9 +424,9 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, * between receiving the EoED and the CF - but we don't want to handle those * messages yet. */ - if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s) + if (SSL_in_init(ssl) && !ossl_statem_get_in_handshake(s) && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) { - i = s->handshake_func(s); + i = s->handshake_func(ssl); /* SSLfatal() already called */ if (i < 0) return i; @@ -481,7 +507,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, } if (s->s3.alert_dispatch) { - i = s->method->ssl_dispatch_alert(s); + i = ssl->method->ssl_dispatch_alert(ssl); if (i <= 0) { /* SSLfatal() already called if appropriate */ s->rlayer.wnum = tot; @@ -559,7 +585,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, } else #endif /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */ if (tot == len) { /* done? */ - if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_CONNECTION_IS_DTLS(s)) ssl3_release_write_buffer(s); *written = tot; @@ -652,7 +678,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, if (tmpwrit == n && (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0 - && !SSL_IS_DTLS(s)) + && !SSL_CONNECTION_IS_DTLS(s)) ssl3_release_write_buffer(s); *written = tot + tmpwrit; @@ -664,7 +690,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, } } -int do_ssl3_write(SSL *s, int type, const unsigned char *buf, +int do_ssl3_write(SSL_CONNECTION *s, int type, const unsigned char *buf, size_t *pipelens, size_t numpipes, int create_empty_fragment, size_t *written) { @@ -682,6 +708,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, size_t totlen = 0, len, wpinited = 0; size_t j; int using_ktls; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); for (j = 0; j < numpipes; j++) totlen += pipelens[j]; @@ -696,7 +723,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* If we have an alert to send, lets send it */ if (s->s3.alert_dispatch) { - i = s->method->ssl_dispatch_alert(s); + i = ssl->method->ssl_dispatch_alert(ssl); if (i <= 0) { /* SSLfatal() already called if appropriate */ return i; @@ -830,7 +857,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } /* Explicit IV length, block ciphers appropriate version flag */ - if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) { + if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) + && !SSL_CONNECTION_TREAT_AS_TLS13(s)) { int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); @@ -863,7 +891,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * In TLSv1.3, once encrypting, we always use application data for the * record type */ - if (SSL_TREAT_AS_TLS13(s) + if (SSL_CONNECTION_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS || type != SSL3_RT_ALERT)) @@ -876,9 +904,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * Some servers hang if initial client hello is larger than 256 bytes * and record version number > TLS 1.0 */ - if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO + if (SSL_get_state(ssl) == TLS_ST_CW_CLNT_HELLO && !s->renegotiate - && TLS1_get_version(s) > TLS1_VERSION + && TLS1_get_version(ssl) > TLS1_VERSION && s->hello_retry_request == SSL_HRR_NONE) version = TLS1_VERSION; SSL3_RECORD_set_rec_version(thiswr, version); @@ -934,7 +962,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } } - if (SSL_TREAT_AS_TLS13(s) + if (SSL_CONNECTION_TREAT_AS_TLS13(s) && !using_ktls && s->enc_write_ctx != NULL && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS @@ -954,7 +982,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, size_t padding = 0; size_t max_padding = max_send_fragment - rlen; if (s->record_padding_cb != NULL) { - padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg); + padding = s->record_padding_cb(ssl, type, rlen, s->record_padding_arg); } else if (s->block_padding > 0) { size_t mask = s->block_padding - 1; size_t remainder; @@ -994,7 +1022,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned char *mac; if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) - || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { + || !ssl->method->ssl3_enc->mac(s, thiswr, mac, 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1039,7 +1067,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } } else { if (!using_ktls) { - if (s->method->ssl3_enc->enc(s, wr, numpipes, 1, NULL, + if (ssl->method->ssl3_enc->enc(s, wr, numpipes, 1, NULL, mac_size) < 1) { if (!ossl_statem_in_error(s)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1073,7 +1101,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned char *mac; if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) - || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { + || !ssl->method->ssl3_enc->mac(s, thiswr, mac, 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1090,14 +1118,14 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, recordstart = WPACKET_get_curr(thispkt) - len - SSL3_RT_HEADER_LENGTH; s->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart, - SSL3_RT_HEADER_LENGTH, s, + SSL3_RT_HEADER_LENGTH, ssl, s->msg_callback_arg); - if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) { + if (SSL_CONNECTION_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) { unsigned char ctype = type; s->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE, - &ctype, 1, s, s->msg_callback_arg); + &ctype, 1, ssl, s->msg_callback_arg); } } @@ -1157,8 +1185,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * * Return values are as per SSL_write() */ -int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, - size_t *written) +int ssl3_write_pending(SSL_CONNECTION *s, int type, const unsigned char *buf, + size_t len, size_t *written) { int i; SSL3_BUFFER *wb = s->rlayer.wbuf; @@ -1221,7 +1249,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, *written = s->rlayer.wpend_ret; return 1; } else if (i <= 0) { - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { /* * For DTLS, just drop it. That's kind of the whole point in * using a datagram service @@ -1264,7 +1292,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, * Application data protocol * none of our business */ -int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, +int ssl3_read_bytes(SSL *ssl, int type, int *recvd_type, unsigned char *buf, size_t len, int peek, size_t *readbytes) { int i, j, ret; @@ -1272,7 +1300,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, SSL3_RECORD *rr; SSL3_BUFFER *rbuf; void (*cb) (const SSL *ssl, int type2, int val) = NULL; - int is_tls13 = SSL_IS_TLS13(s); + int is_tls13; + SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl); + + is_tls13 = SSL_CONNECTION_IS_TLS13(s); rbuf = &s->rlayer.rbuf; @@ -1322,9 +1353,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * Now s->rlayer.handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ - if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) { + if (!ossl_statem_get_in_handshake(s) && SSL_in_init(ssl)) { /* type == SSL3_RT_APPLICATION_DATA */ - i = s->handshake_func(s); + i = s->handshake_func(ssl); /* SSLfatal() already called */ if (i < 0) return i; @@ -1373,7 +1404,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (s->rlayer.handshake_fragment_len > 0 && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE - && SSL_IS_TLS13(s)) { + && SSL_CONNECTION_IS_TLS13(s)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA); return -1; @@ -1420,8 +1451,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * make sure that we are not getting application data when we are * doing a handshake for the first time */ - if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) { + if (SSL_in_init(ssl) && type == SSL3_RT_APPLICATION_DATA + && s->enc_read_ctx == NULL) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_APP_DATA_IN_HANDSHAKE); return -1; } @@ -1511,7 +1542,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; } - if (s->method->version == TLS_ANY_VERSION + if (ssl->method->version == TLS_ANY_VERSION && (s->server || rr->type != SSL3_RT_ALERT)) { /* * If we've got this far and still haven't decided on what version @@ -1544,17 +1575,17 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s, + s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, ssl, s->msg_callback_arg); if (s->info_callback != NULL) cb = s->info_callback; - else if (s->ctx->info_callback != NULL) - cb = s->ctx->info_callback; + else if (ssl->ctx->info_callback != NULL) + cb = ssl->ctx->info_callback; if (cb != NULL) { j = (alert_level << 8) | alert_descr; - cb(s, SSL_CB_READ_ALERT, j); + cb(ssl, SSL_CB_READ_ALERT, j); } if (alert_level == SSL3_AL_WARNING @@ -1621,7 +1652,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * because we are unable to write any response due to having already * sent close_notify. */ - if (!SSL_IS_TLS13(s)) { + if (!SSL_CONNECTION_IS_TLS13(s)) { SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); @@ -1629,7 +1660,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, goto start; s->rwstate = SSL_READING; - rbio = SSL_get_rbio(s); + rbio = SSL_get_rbio(ssl); BIO_clear_retry_flags(rbio); BIO_set_retry_read(rbio); return -1; @@ -1694,7 +1725,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* We found handshake data, so we're going back into init */ ossl_statem_set_in_init(s, 1); - i = s->handshake_func(s); + i = s->handshake_func(ssl); /* SSLfatal() already called if appropriate */ if (i < 0) return i; @@ -1721,7 +1752,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * problems in the blocking world */ s->rwstate = SSL_READING; - bio = SSL_get_rbio(s); + bio = SSL_get_rbio(ssl); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); return -1; @@ -1772,8 +1803,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * decryption was applied. We just skip it and move on to the next * record. */ - if (!early_data_count_ok(s, rr->length, - EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { + if (!ossl_early_data_count_ok(s, rr->length, + EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { /* SSLfatal() already called */ return -1; } diff --git a/ssl/record/record.h b/ssl/record/record.h index 234656bf939421..0027a7dba295eb 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +typedef struct ssl_connection_st SSL_CONNECTION; + /***************************************************************************** * * * These structures should be considered PRIVATE to the record layer. No * @@ -127,8 +129,8 @@ typedef struct dtls_record_layer_st { *****************************************************************************/ typedef struct record_layer_st { - /* The parent SSL structure */ - SSL *s; + /* The parent SSL_CONNECTION structure */ + SSL_CONNECTION *s; /* * Read as many input bytes as possible (for * non-blocking reads) @@ -199,7 +201,7 @@ typedef struct ssl_mac_buf_st SSL_MAC_BUF; #define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) #define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf) -void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s); +void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s); void RECORD_LAYER_clear(RECORD_LAYER *rl); void RECORD_LAYER_release(RECORD_LAYER *rl); int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); @@ -212,23 +214,26 @@ size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); __owur size_t ssl3_pending(const SSL *s); __owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len, size_t *written); -int do_ssl3_write(SSL *s, int type, const unsigned char *buf, +int do_ssl3_write(SSL_CONNECTION *s, int type, const unsigned char *buf, size_t *pipelens, size_t numpipes, int create_empty_fragment, size_t *written); __owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, size_t len, int peek, size_t *readbytes); -__owur int ssl3_setup_buffers(SSL *s); -__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send, - SSL_MAC_BUF *mac, size_t macsize); -__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); -__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, +__owur int ssl3_setup_buffers(SSL_CONNECTION *s); +__owur int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, + int send, SSL_MAC_BUF *mac, size_t macsize); +__owur int n_ssl3_mac(SSL_CONNECTION *s, SSL3_RECORD *rec, unsigned char *md, + int send); +__owur int ssl3_write_pending(SSL_CONNECTION *s, int type, + const unsigned char *buf, size_t len, size_t *written); -__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, - SSL_MAC_BUF *mac, size_t macsize); -__owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); -__owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send, - SSL_MAC_BUF *mac, size_t macsize); +__owur int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, + int sending, SSL_MAC_BUF *mac, size_t macsize); +__owur int tls1_mac(SSL_CONNECTION *s, SSL3_RECORD *rec, unsigned char *md, + int send); +__owur int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, + int send, SSL_MAC_BUF *mac, size_t macsize); int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); @@ -238,10 +243,10 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq); __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, size_t len, int peek, size_t *readbytes); -__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, - size_t *written); -int do_dtls1_write(SSL *s, int type, const unsigned char *buf, +__owur int dtls1_write_bytes(SSL_CONNECTION *s, int type, const void *buf, + size_t len, size_t *written); +int do_dtls1_write(SSL_CONNECTION *s, int type, const unsigned char *buf, size_t len, int create_empty_fragment, size_t *written); -void dtls1_reset_seq_numbers(SSL *s, int rw); -int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, +void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw); +int dtls_buffer_listen_record(SSL_CONNECTION *s, size_t len, unsigned char *seq, size_t off); diff --git a/ssl/record/record_local.h b/ssl/record/record_local.h index 0a929c696a55c4..31691787b17c65 100644 --- a/ssl/record/record_local.h +++ b/ssl/record/record_local.h @@ -36,20 +36,21 @@ #define RECORD_LAYER_clear_first_record(rl) ((rl)->is_first_record = 0) #define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch) -__owur int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, - size_t *readbytes); +__owur int ssl3_read_n(SSL_CONNECTION *s, size_t n, size_t max, int extend, + int clearold, size_t *readbytes); -DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, +DTLS1_BITMAP *dtls1_get_bitmap(SSL_CONNECTION *s, SSL3_RECORD *rr, unsigned int *is_next_epoch); -int dtls1_process_buffered_records(SSL *s); -int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue); -int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority); +int dtls1_process_buffered_records(SSL_CONNECTION *s); +int dtls1_retrieve_buffered_record(SSL_CONNECTION *s, record_pqueue *queue); +int dtls1_buffer_record(SSL_CONNECTION *s, record_pqueue *q, + unsigned char *priority); void ssl3_record_sequence_update(unsigned char *seq); /* Functions provided by the DTLS1_BITMAP component */ -int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); -void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); +int dtls1_record_replay_check(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap); +void dtls1_record_bitmap_update(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap); /* Macros/functions provided by the SSL3_BUFFER component */ @@ -71,10 +72,11 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); void SSL3_BUFFER_clear(SSL3_BUFFER *b); void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n); void SSL3_BUFFER_release(SSL3_BUFFER *b); -__owur int ssl3_setup_read_buffer(SSL *s); -__owur int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len); -int ssl3_release_read_buffer(SSL *s); -int ssl3_release_write_buffer(SSL *s); +__owur int ssl3_setup_read_buffer(SSL_CONNECTION *s); +__owur int ssl3_setup_write_buffer(SSL_CONNECTION *s, size_t numwpipes, + size_t len); +int ssl3_release_read_buffer(SSL_CONNECTION *s); +int ssl3_release_write_buffer(SSL_CONNECTION *s); /* Macros/functions provided by the SSL3_RECORD component */ @@ -104,9 +106,9 @@ int ssl3_release_write_buffer(SSL *s); void SSL3_RECORD_clear(SSL3_RECORD *r, size_t); void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs); void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num); -int ssl3_get_record(SSL *s); -__owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr); -__owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr); +int ssl3_get_record(SSL_CONNECTION *s); +__owur int ssl3_do_compress(SSL_CONNECTION *ssl, SSL3_RECORD *wr); +__owur int ssl3_do_uncompress(SSL_CONNECTION *ssl, SSL3_RECORD *rr); __owur int ssl3_cbc_remove_padding_and_mac(size_t *reclen, size_t origreclen, unsigned char *recdata, @@ -122,6 +124,7 @@ __owur int tls1_cbc_remove_padding_and_mac(size_t *reclen, size_t block_size, size_t mac_size, int aead, OSSL_LIB_CTX *libctx); -int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap); -__owur int dtls1_get_record(SSL *s); -int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send); +int dtls1_process_record(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap); +__owur int dtls1_get_record(SSL_CONNECTION *s); +int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length, + size_t overhead, int send); diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 01c553ebff5918..95149bfc052470 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -34,7 +34,7 @@ void SSL3_BUFFER_release(SSL3_BUFFER *b) b->buf = NULL; } -int ssl3_setup_read_buffer(SSL *s) +int ssl3_setup_read_buffer(SSL_CONNECTION *s) { unsigned char *p; size_t len, align = 0, headerlen; @@ -42,7 +42,7 @@ int ssl3_setup_read_buffer(SSL *s) b = RECORD_LAYER_get_rbuf(&s->rlayer); - if (SSL_IS_DTLS(s)) + if (SSL_CONNECTION_IS_DTLS(s)) headerlen = DTLS1_RT_HEADER_LENGTH; else headerlen = SSL3_RT_HEADER_LENGTH; @@ -76,7 +76,8 @@ int ssl3_setup_read_buffer(SSL *s) return 1; } -int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) +int ssl3_setup_write_buffer(SSL_CONNECTION *s, size_t numwpipes, + size_t len) { unsigned char *p; size_t align = 0, headerlen; @@ -86,7 +87,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) s->rlayer.numwpipes = numwpipes; if (len == 0) { - if (SSL_IS_DTLS(s)) + if (SSL_CONNECTION_IS_DTLS(s)) headerlen = DTLS1_RT_HEADER_LENGTH + 1; else headerlen = SSL3_RT_HEADER_LENGTH; @@ -139,7 +140,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) return 1; } -int ssl3_setup_buffers(SSL *s) +int ssl3_setup_buffers(SSL_CONNECTION *s) { if (!ssl3_setup_read_buffer(s)) { /* SSLfatal() already called */ @@ -152,7 +153,7 @@ int ssl3_setup_buffers(SSL *s) return 1; } -int ssl3_release_write_buffer(SSL *s) +int ssl3_release_write_buffer(SSL_CONNECTION *s) { SSL3_BUFFER *wb; size_t pipes; @@ -172,7 +173,7 @@ int ssl3_release_write_buffer(SSL *s) return 1; } -int ssl3_release_read_buffer(SSL *s) +int ssl3_release_read_buffer(SSL_CONNECTION *s) { SSL3_BUFFER *b; diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index bbb0c67024966d..02bf81b9fa80b2 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -67,7 +67,7 @@ void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num) * Peeks ahead into "read_ahead" data to see if we have a whole record waiting * for us in the buffer. */ -static int ssl3_record_app_data_waiting(SSL *s) +static int ssl3_record_app_data_waiting(SSL_CONNECTION *s) { SSL3_BUFFER *rbuf; size_t left, len; @@ -102,7 +102,8 @@ static int ssl3_record_app_data_waiting(SSL *s) return 1; } -int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send) +int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length, + size_t overhead, int send) { uint32_t max_early_data; SSL_SESSION *sess = s->session; @@ -170,7 +171,7 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send) * |max_pipelines| */ /* used only by ssl3_read_bytes */ -int ssl3_get_record(SSL *s) +int ssl3_get_record(SSL_CONNECTION *s) { int enc_err, rret; int i; @@ -188,6 +189,7 @@ int ssl3_get_record(SSL *s) int using_ktls; SSL_MAC_BUF *macbufs = NULL; int ret = -1; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); rr = RECORD_LAYER_get_rrec(&s->rlayer); rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); @@ -291,7 +293,7 @@ int ssl3_get_record(SSL *s) || !PACKET_get_net_2(&pkt, &version) || !PACKET_get_net_2_len(&pkt, &thisrr->length)) { if (s->msg_callback) - s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s, + s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, ssl, s->msg_callback_arg); SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR); return -1; @@ -300,7 +302,7 @@ int ssl3_get_record(SSL *s) thisrr->rec_version = version; if (s->msg_callback) - s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, s, + s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, ssl, s->msg_callback_arg); /* @@ -310,7 +312,7 @@ int ssl3_get_record(SSL *s) * yet, but we still treat it as TLSv1.3, so we must check for * that explicitly */ - if (!s->first_packet && !SSL_IS_TLS13(s) + if (!s->first_packet && !SSL_CONNECTION_IS_TLS13(s) && s->hello_retry_request != SSL_HRR_PENDING && version != (unsigned int)s->version) { if ((s->version & 0xFF00) == (version & 0xFF00) @@ -366,7 +368,7 @@ int ssl3_get_record(SSL *s) } } - if (SSL_IS_TLS13(s) + if (SSL_CONNECTION_IS_TLS13(s) && s->enc_read_ctx != NULL && !using_ktls) { if (thisrr->type != SSL3_RT_APPLICATION_DATA @@ -397,7 +399,7 @@ int ssl3_get_record(SSL *s) /* now s->rlayer.rstate == SSL_ST_READ_BODY */ } - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH; /* KTLS strips the inner record type. */ @@ -503,7 +505,8 @@ int ssl3_get_record(SSL *s) if (num_recs == 1 && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC - && (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE) + && (SSL_CONNECTION_IS_TLS13(s) + || s->hello_retry_request != SSL_HRR_NONE) && SSL_IS_FIRST_HANDSHAKE(s)) { /* * CCS messages must be exactly 1 byte long, containing the value 0x01 @@ -563,7 +566,7 @@ int ssl3_get_record(SSL *s) } thisrr->length -= mac_size; mac = thisrr->data + thisrr->length; - i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); + i = ssl->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) { SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); @@ -585,7 +588,7 @@ int ssl3_get_record(SSL *s) } } - enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0, macbufs, mac_size); + enc_err = ssl->method->ssl3_enc->enc(s, rr, num_recs, 0, macbufs, mac_size); /*- * enc_err is: @@ -606,8 +609,8 @@ int ssl3_get_record(SSL *s) thisrr = &rr[0]; - if (!early_data_count_ok(s, thisrr->length, - EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { + if (!ossl_early_data_count_ok(s, thisrr->length, + EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { /* SSLfatal() already called */ goto end; } @@ -638,7 +641,7 @@ int ssl3_get_record(SSL *s) SSL_MAC_BUF *thismb = &macbufs[j]; thisrr = &rr[j]; - i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); + i = ssl->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); if (i == 0 || thismb == NULL || thismb->mac == NULL || CRYPTO_memcmp(md, thismb->mac, (size_t)mac_size) != 0) enc_err = 0; @@ -683,7 +686,7 @@ int ssl3_get_record(SSL *s) } } - if (SSL_IS_TLS13(s) + if (SSL_CONNECTION_IS_TLS13(s) && s->enc_read_ctx != NULL && thisrr->type != SSL3_RT_ALERT) { /* @@ -717,14 +720,14 @@ int ssl3_get_record(SSL *s) } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, - &thisrr->type, 1, s, s->msg_callback_arg); + &thisrr->type, 1, ssl, s->msg_callback_arg); } /* * TLSv1.3 alert and handshake records are required to be non-zero in * length. */ - if (SSL_IS_TLS13(s) + if (SSL_CONNECTION_IS_TLS13(s) && (thisrr->type == SSL3_RT_HANDSHAKE || thisrr->type == SSL3_RT_ALERT) && thisrr->length == 0) { @@ -781,7 +784,7 @@ int ssl3_get_record(SSL *s) if (s->early_data_state == SSL_EARLY_DATA_READING) { thisrr = &rr[0]; if (thisrr->type == SSL3_RT_APPLICATION_DATA - && !early_data_count_ok(s, thisrr->length, 0, 0)) { + && !ossl_early_data_count_ok(s, thisrr->length, 0, 0)) { /* SSLfatal already called */ goto end; } @@ -800,7 +803,7 @@ int ssl3_get_record(SSL *s) return ret; } -int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) +int ssl3_do_uncompress(SSL_CONNECTION *sc, SSL3_RECORD *rr) { #ifndef OPENSSL_NO_COMP int i; @@ -812,7 +815,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) if (rr->comp == NULL) return 0; - i = COMP_expand_block(ssl->expand, rr->comp, + i = COMP_expand_block(sc->expand, rr->comp, SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); if (i < 0) return 0; @@ -823,12 +826,12 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) return 1; } -int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) +int ssl3_do_compress(SSL_CONNECTION *sc, SSL3_RECORD *wr) { #ifndef OPENSSL_NO_COMP int i; - i = COMP_compress_block(ssl->compress, wr->data, + i = COMP_compress_block(sc->compress, wr->data, (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD), wr->input, (int)wr->length); if (i < 0) @@ -850,7 +853,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) * 0: if the record is publicly invalid, or an internal error * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised) */ -int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, +int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, SSL_MAC_BUF *mac, size_t macsize) { SSL3_RECORD *rec; @@ -957,7 +960,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, (mac != NULL) ? &mac->alloced : NULL, bs, macsize, - s->ctx->libctx); + SSL_CONNECTION_GET_CTX(s)->libctx); } } return 1; @@ -974,7 +977,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, * decryption failed, or Encrypt-then-mac decryption failed. * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised) */ -int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, +int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, SSL_MAC_BUF *macs, size_t macsize) { EVP_CIPHER_CTX *ds; @@ -1022,7 +1025,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; - } else if (RAND_bytes_ex(s->ctx->libctx, recs[ctr].input, + } else if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, + recs[ctr].input, ivlen, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -1076,7 +1080,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer) : RECORD_LAYER_get_read_sequence(&s->rlayer); - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { /* DTLS does not support pipelining */ unsigned char dtlsseq[8], *p = dtlsseq; @@ -1163,7 +1167,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, } } - if (!SSL_IS_DTLS(s) && tlstree_enc) { + if (!SSL_CONNECTION_IS_DTLS(s) && tlstree_enc) { unsigned char *seq; int decrement_seq = 0; @@ -1282,7 +1286,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, pad ? (size_t)pad : macsize, (EVP_CIPHER_get_flags(enc) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0, - s->ctx->libctx)) + SSL_CONNECTION_GET_CTX(s)->libctx)) return 0; } } @@ -1310,7 +1314,8 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) } } -int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) +int n_ssl3_mac(SSL_CONNECTION *sc, SSL3_RECORD *rec, unsigned char *md, + int sending) { unsigned char *mac_sec, *seq; const EVP_MD_CTX *hash; @@ -1320,13 +1325,13 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) int t; if (sending) { - mac_sec = &(ssl->s3.write_mac_secret[0]); - seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer); - hash = ssl->write_hash; + mac_sec = &(sc->s3.write_mac_secret[0]); + seq = RECORD_LAYER_get_write_sequence(&sc->rlayer); + hash = sc->write_hash; } else { - mac_sec = &(ssl->s3.read_mac_secret[0]); - seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer); - hash = ssl->read_hash; + mac_sec = &(sc->s3.read_mac_secret[0]); + seq = RECORD_LAYER_get_read_sequence(&sc->rlayer); + hash = sc->read_hash; } t = EVP_MD_CTX_get_size(hash); @@ -1336,7 +1341,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) npad = (48 / md_size) * md_size; if (!sending - && EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE + && EVP_CIPHER_CTX_get_mode(sc->enc_read_ctx) == EVP_CIPH_CBC_MODE && ssl3_cbc_record_digest_supported(hash)) { #ifdef OPENSSL_NO_DEPRECATED_3_0 return 0; @@ -1410,7 +1415,8 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) return 1; } -int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) +int tls1_mac(SSL_CONNECTION *sc, SSL3_RECORD *rec, unsigned char *md, + int sending) { unsigned char *seq; EVP_MD_CTX *hash; @@ -1418,19 +1424,19 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) int i; EVP_MD_CTX *hmac = NULL, *mac_ctx; unsigned char header[13]; - int stream_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) - : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM); - int tlstree_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE) - : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE); + int stream_mac = sending ? (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) + : (sc->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM); + int tlstree_mac = sending ? (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE) + : (sc->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE); int t; int ret = 0; if (sending) { - seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer); - hash = ssl->write_hash; + seq = RECORD_LAYER_get_write_sequence(&sc->rlayer); + hash = sc->write_hash; } else { - seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer); - hash = ssl->read_hash; + seq = RECORD_LAYER_get_read_sequence(&sc->rlayer); + hash = sc->read_hash; } t = EVP_MD_CTX_get_size(hash); @@ -1449,15 +1455,16 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) mac_ctx = hmac; } - if (!SSL_IS_DTLS(ssl) && tlstree_mac && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) { + if (!SSL_CONNECTION_IS_DTLS(sc) && tlstree_mac + && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) { goto end; } - if (SSL_IS_DTLS(ssl)) { + if (SSL_CONNECTION_IS_DTLS(sc)) { unsigned char dtlsseq[8], *p = dtlsseq; - s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) : - DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p); + s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&sc->rlayer) : + DTLS_RECORD_LAYER_get_r_epoch(&sc->rlayer), p); memcpy(p, &seq[2], 6); memcpy(header, dtlsseq, 8); @@ -1465,13 +1472,13 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) memcpy(header, seq, 8); header[8] = rec->type; - header[9] = (unsigned char)(ssl->version >> 8); - header[10] = (unsigned char)(ssl->version); + header[9] = (unsigned char)(sc->version >> 8); + header[10] = (unsigned char)(sc->version); header[11] = (unsigned char)(rec->length >> 8); header[12] = (unsigned char)(rec->length & 0xff); - if (!sending && !SSL_READ_ETM(ssl) - && EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE + if (!sending && !SSL_READ_ETM(sc) + && EVP_CIPHER_CTX_get_mode(sc->enc_read_ctx) == EVP_CIPH_CBC_MODE && ssl3_cbc_record_digest_supported(mac_ctx)) { OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params; @@ -1498,7 +1505,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) BIO_dump_indent(trc_out, rec->data, rec->length, 4); } OSSL_TRACE_END(TLS); - if (!SSL_IS_DTLS(ssl)) { + if (!SSL_CONNECTION_IS_DTLS(sc)) { for (i = 7; i >= 0; i--) { ++seq[i]; if (seq[i] != 0) @@ -1515,7 +1522,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) return ret; } -int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) +int dtls1_process_record(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap) { int i; int enc_err; @@ -1527,6 +1534,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH; SSL_MAC_BUF macbuf = { NULL, 0 }; int ret = 0; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); rr = RECORD_LAYER_get_rrec(&s->rlayer); sess = s->session; @@ -1581,7 +1589,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) } rr->length -= mac_size; mac = rr->data + rr->length; - i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); + i = ssl->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) { SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); @@ -1600,7 +1608,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) * errors in the queue from processing bogus junk that we ignored. */ ERR_set_mark(); - enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0, &macbuf, mac_size); + enc_err = ssl->method->ssl3_enc->enc(s, rr, 1, 0, &macbuf, mac_size); /*- * enc_err is: @@ -1632,7 +1640,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) && (EVP_MD_CTX_get0_md(s->read_hash) != NULL)) { /* s->read_hash != NULL => mac_size != -1 */ - i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); + i = ssl->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); if (i == 0 || macbuf.mac == NULL || CRYPTO_memcmp(md, macbuf.mac, mac_size) != 0) enc_err = 0; @@ -1710,7 +1718,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) * ssl->s3.rrec.length - number of bytes */ /* used only by dtls1_read_bytes */ -int dtls1_get_record(SSL *s) +int dtls1_get_record(SSL_CONNECTION *s) { int ssl_major, ssl_minor; int rret; @@ -1720,6 +1728,7 @@ int dtls1_get_record(SSL *s) unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); rr = RECORD_LAYER_get_rrec(&s->rlayer); @@ -1763,7 +1772,7 @@ int dtls1_get_record(SSL *s) if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, - s, s->msg_callback_arg); + ssl, s->msg_callback_arg); /* Pull apart the header into the DTLS1_RECORD */ rr->type = *(p++); @@ -1859,7 +1868,7 @@ int dtls1_get_record(SSL *s) } #ifndef OPENSSL_NO_SCTP /* Only do replay check if no SCTP bio */ - if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) { + if (!BIO_dgram_is_sctp(SSL_get_rbio(ssl))) { #endif /* Check whether this is a repeat, or aged record. */ if (!dtls1_record_replay_check(s, bitmap)) { @@ -1884,7 +1893,7 @@ int dtls1_get_record(SSL *s) * processed at this time. */ if (is_next_epoch) { - if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) { + if ((SSL_in_init(ssl) || ossl_statem_get_in_handshake(s))) { if (dtls1_buffer_record (s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)), rr->seq_num) < 0) { @@ -1913,7 +1922,8 @@ int dtls1_get_record(SSL *s) } -int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off) +int dtls_buffer_listen_record(SSL_CONNECTION *s, size_t len, unsigned char *seq, + size_t off) { SSL3_RECORD *rr; diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index 8671b610e7f229..10551c5afc44fc 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -20,7 +20,7 @@ * 0: On failure * 1: if the record encryption/decryption was successful. */ -int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, +int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, ossl_unused SSL_MAC_BUF *mac, ossl_unused size_t macsize) { EVP_CIPHER_CTX *ctx; @@ -140,8 +140,8 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0 || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - taglen, - rec->data + rec->length) <= 0)) { + taglen, + rec->data + rec->length) <= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 2ca3f74ae77102..348b8747801bf7 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -15,7 +15,7 @@ #include #include "internal/cryptlib.h" -static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) +static int ssl3_generate_key_block(SSL_CONNECTION *s, unsigned char *km, int num) { const EVP_MD *md5 = NULL, *sha1 = NULL; EVP_MD_CTX *m5; @@ -24,13 +24,14 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) unsigned char c = 'A'; unsigned int i, k; int ret = 0; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); #ifdef CHARSET_EBCDIC c = os_toascii[c]; /* 'A' in ASCII */ #endif k = 0; - md5 = ssl_evp_md_fetch(s->ctx->libctx, NID_md5, s->ctx->propq); - sha1 = ssl_evp_md_fetch(s->ctx->libctx, NID_sha1, s->ctx->propq); + md5 = ssl_evp_md_fetch(sctx->libctx, NID_md5, sctx->propq); + sha1 = ssl_evp_md_fetch(sctx->libctx, NID_sha1, sctx->propq); m5 = EVP_MD_CTX_new(); s1 = EVP_MD_CTX_new(); if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) { @@ -86,7 +87,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) return ret; } -int ssl3_change_cipher_state(SSL *s, int which) +int ssl3_change_cipher_state(SSL_CONNECTION *s, int which) { unsigned char *p, *mac_secret; unsigned char *ms, *key, *iv; @@ -237,7 +238,7 @@ int ssl3_change_cipher_state(SSL *s, int which) return 0; } -int ssl3_setup_key_block(SSL *s) +int ssl3_setup_key_block(SSL_CONNECTION *s) { unsigned char *p; const EVP_CIPHER *c; @@ -249,8 +250,8 @@ int ssl3_setup_key_block(SSL *s) if (s->s3.tmp.key_block_length != 0) return 1; - if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp, - 0)) { + if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash, + NULL, NULL, &comp, 0)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; @@ -305,14 +306,14 @@ int ssl3_setup_key_block(SSL *s) return ret; } -void ssl3_cleanup_key_block(SSL *s) +void ssl3_cleanup_key_block(SSL_CONNECTION *s) { OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length); s->s3.tmp.key_block = NULL; s->s3.tmp.key_block_length = 0; } -int ssl3_init_finished_mac(SSL *s) +int ssl3_init_finished_mac(SSL_CONNECTION *s) { BIO *buf = BIO_new(BIO_s_mem()); @@ -331,7 +332,7 @@ int ssl3_init_finished_mac(SSL *s) * together. */ -void ssl3_free_digest_list(SSL *s) +void ssl3_free_digest_list(SSL_CONNECTION *s) { BIO_free(s->s3.handshake_buffer); s->s3.handshake_buffer = NULL; @@ -339,7 +340,7 @@ void ssl3_free_digest_list(SSL *s) s->s3.handshake_dgst = NULL; } -int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) +int ssl3_finish_mac(SSL_CONNECTION *s, const unsigned char *buf, size_t len) { int ret; @@ -364,7 +365,7 @@ int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) return 1; } -int ssl3_digest_cached_records(SSL *s, int keep) +int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep) { const EVP_MD *md; long hdatalen; @@ -413,7 +414,7 @@ void ssl3_digest_master_key_set_params(const SSL_SESSION *session, params[n++] = OSSL_PARAM_construct_end(); } -size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, +size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender, size_t len, unsigned char *p) { int ret; @@ -466,7 +467,8 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, return ret; } -int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, +int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, + unsigned char *p, size_t len, size_t *secret_size) { static const unsigned char *salt[3] = { @@ -491,7 +493,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, return 0; } for (i = 0; i < 3; i++) { - if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 + if (EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->sha1, NULL) <= 0 || EVP_DigestUpdate(ctx, salt[i], strlen((const char *)salt[i])) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0 @@ -500,7 +502,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]), SSL3_RANDOM_SIZE) <= 0 || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 - || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 + || EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->md5, NULL) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, buf, n) <= 0 || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7b86c3a940a3ac..ceae7faf9fb3db 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3255,9 +3255,9 @@ void ssl_sort_cipher_list(void) qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare); } -static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s, - const char * t, size_t u, - const unsigned char * v, size_t w, int x) +static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r, + size_t s, const char *t, size_t u, + const unsigned char *v, size_t w, int x) { (void)r; (void)s; @@ -3266,7 +3266,7 @@ static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s, (void)v; (void)w; (void)x; - return ssl_undefined_function(ssl); + return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc)); } const SSL3_ENC_METHOD SSLv3_enc_data = { @@ -3279,7 +3279,7 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { SSL3_MD_CLIENT_FINISHED_CONST, 4, SSL3_MD_SERVER_FINISHED_CONST, 4, ssl3_alert_code, - ssl_undefined_function_1, + sslcon_undefined_function_1, 0, ssl3_set_handshake_header, tls_close_construct_packet, @@ -3308,7 +3308,7 @@ const SSL_CIPHER *ssl3_get_cipher(unsigned int u) return NULL; } -int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype) +int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype) { /* No header in the event of a CCS */ if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) @@ -3322,7 +3322,7 @@ int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype) return 1; } -int ssl3_handshake_write(SSL *s) +int ssl3_handshake_write(SSL_CONNECTION *s) { return ssl3_do_write(s, SSL3_RT_HANDSHAKE); } @@ -3330,7 +3330,12 @@ int ssl3_handshake_write(SSL *s) int ssl3_new(SSL *s) { #ifndef OPENSSL_NO_SRP - if (!ssl_srp_ctx_init_intern(s)) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (!ssl_srp_ctx_init_intern(sc)) return 0; #endif @@ -3342,65 +3347,72 @@ int ssl3_new(SSL *s) void ssl3_free(SSL *s) { - if (s == NULL) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) return; - ssl3_cleanup_key_block(s); + ssl3_cleanup_key_block(sc); - EVP_PKEY_free(s->s3.peer_tmp); - s->s3.peer_tmp = NULL; - EVP_PKEY_free(s->s3.tmp.pkey); - s->s3.tmp.pkey = NULL; + EVP_PKEY_free(sc->s3.peer_tmp); + sc->s3.peer_tmp = NULL; + EVP_PKEY_free(sc->s3.tmp.pkey); + sc->s3.tmp.pkey = NULL; - ssl_evp_cipher_free(s->s3.tmp.new_sym_enc); - ssl_evp_md_free(s->s3.tmp.new_hash); + ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc); + ssl_evp_md_free(sc->s3.tmp.new_hash); - OPENSSL_free(s->s3.tmp.ctype); - sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); - OPENSSL_free(s->s3.tmp.ciphers_raw); - OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); - OPENSSL_free(s->s3.tmp.peer_sigalgs); - OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); - ssl3_free_digest_list(s); - OPENSSL_free(s->s3.alpn_selected); - OPENSSL_free(s->s3.alpn_proposed); + OPENSSL_free(sc->s3.tmp.ctype); + sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free); + OPENSSL_free(sc->s3.tmp.ciphers_raw); + OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen); + OPENSSL_free(sc->s3.tmp.peer_sigalgs); + OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs); + ssl3_free_digest_list(sc); + OPENSSL_free(sc->s3.alpn_selected); + OPENSSL_free(sc->s3.alpn_proposed); #ifndef OPENSSL_NO_SRP - ssl_srp_ctx_free_intern(s); + ssl_srp_ctx_free_intern(sc); #endif - memset(&s->s3, 0, sizeof(s->s3)); + memset(&sc->s3, 0, sizeof(sc->s3)); } int ssl3_clear(SSL *s) { - ssl3_cleanup_key_block(s); - OPENSSL_free(s->s3.tmp.ctype); - sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); - OPENSSL_free(s->s3.tmp.ciphers_raw); - OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); - OPENSSL_free(s->s3.tmp.peer_sigalgs); - OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + ssl3_cleanup_key_block(sc); + OPENSSL_free(sc->s3.tmp.ctype); + sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free); + OPENSSL_free(sc->s3.tmp.ciphers_raw); + OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen); + OPENSSL_free(sc->s3.tmp.peer_sigalgs); + OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs); - EVP_PKEY_free(s->s3.tmp.pkey); - EVP_PKEY_free(s->s3.peer_tmp); + EVP_PKEY_free(sc->s3.tmp.pkey); + EVP_PKEY_free(sc->s3.peer_tmp); - ssl3_free_digest_list(s); + ssl3_free_digest_list(sc); - OPENSSL_free(s->s3.alpn_selected); - OPENSSL_free(s->s3.alpn_proposed); + OPENSSL_free(sc->s3.alpn_selected); + OPENSSL_free(sc->s3.alpn_proposed); /* NULL/zero-out everything in the s3 struct */ - memset(&s->s3, 0, sizeof(s->s3)); + memset(&sc->s3, 0, sizeof(sc->s3)); - if (!ssl_free_wbio_buffer(s)) + if (!ssl_free_wbio_buffer(sc)) return 0; - s->version = SSL3_VERSION; + sc->version = SSL3_VERSION; #if !defined(OPENSSL_NO_NEXTPROTONEG) - OPENSSL_free(s->ext.npn); - s->ext.npn = NULL; - s->ext.npn_len = 0; + OPENSSL_free(sc->ext.npn); + sc->ext.npn = NULL; + sc->ext.npn_len = 0; #endif return 1; @@ -3409,7 +3421,12 @@ int ssl3_clear(SSL *s) #ifndef OPENSSL_NO_SRP static char *srp_password_from_info_cb(SSL *s, void *arg) { - return OPENSSL_strdup(s->srp_ctx.info); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; + + return OPENSSL_strdup(sc->srp_ctx.info); } #endif @@ -3418,22 +3435,26 @@ static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len); long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret = 0; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return ret; switch (cmd) { case SSL_CTRL_GET_CLIENT_CERT_REQUEST: break; case SSL_CTRL_GET_NUM_RENEGOTIATIONS: - ret = s->s3.num_renegotiations; + ret = sc->s3.num_renegotiations; break; case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: - ret = s->s3.num_renegotiations; - s->s3.num_renegotiations = 0; + ret = sc->s3.num_renegotiations; + sc->s3.num_renegotiations = 0; break; case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: - ret = s->s3.total_renegotiations; + ret = sc->s3.total_renegotiations; break; case SSL_CTRL_GET_FLAGS: - ret = (int)(s->s3.flags); + ret = (int)(sc->s3.flags); break; #if !defined(OPENSSL_NO_DEPRECATED_3_0) case SSL_CTRL_SET_TMP_DH: @@ -3462,7 +3483,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } #endif case SSL_CTRL_SET_DH_AUTO: - s->cert->dh_tmp_auto = larg; + sc->cert->dh_tmp_auto = larg; return 1; #if !defined(OPENSSL_NO_DEPRECATED_3_0) case SSL_CTRL_SET_TMP_ECDH: @@ -3471,8 +3492,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); return 0; } - return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups, - &s->ext.supportedgroups_len, + return ssl_set_tmp_ecdh_groups(&sc->ext.supportedgroups, + &sc->ext.supportedgroups_len, parg); } #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ @@ -3488,8 +3509,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (larg == TLSEXT_NAMETYPE_host_name) { size_t len; - OPENSSL_free(s->ext.hostname); - s->ext.hostname = NULL; + OPENSSL_free(sc->ext.hostname); + sc->ext.hostname = NULL; ret = 1; if (parg == NULL) @@ -3499,7 +3520,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; } - if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) { + if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return 0; } @@ -3509,79 +3530,79 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } break; case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: - s->ext.debug_arg = parg; + sc->ext.debug_arg = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: - ret = s->ext.status_type; + ret = sc->ext.status_type; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: - s->ext.status_type = larg; + sc->ext.status_type = larg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: - *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts; + *(STACK_OF(X509_EXTENSION) **)parg = sc->ext.ocsp.exts; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: - s->ext.ocsp.exts = parg; + sc->ext.ocsp.exts = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: - *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids; + *(STACK_OF(OCSP_RESPID) **)parg = sc->ext.ocsp.ids; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: - s->ext.ocsp.ids = parg; + sc->ext.ocsp.ids = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: - *(unsigned char **)parg = s->ext.ocsp.resp; - if (s->ext.ocsp.resp_len == 0 - || s->ext.ocsp.resp_len > LONG_MAX) + *(unsigned char **)parg = sc->ext.ocsp.resp; + if (sc->ext.ocsp.resp_len == 0 + || sc->ext.ocsp.resp_len > LONG_MAX) return -1; - return (long)s->ext.ocsp.resp_len; + return (long)sc->ext.ocsp.resp_len; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: - OPENSSL_free(s->ext.ocsp.resp); - s->ext.ocsp.resp = parg; - s->ext.ocsp.resp_len = larg; + OPENSSL_free(sc->ext.ocsp.resp); + sc->ext.ocsp.resp = parg; + sc->ext.ocsp.resp_len = larg; ret = 1; break; case SSL_CTRL_CHAIN: if (larg) - return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg); + return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg); else - return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg); + return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg); case SSL_CTRL_CHAIN_CERT: if (larg) - return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg); + return ssl_cert_add1_chain_cert(sc, NULL, (X509 *)parg); else - return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg); + return ssl_cert_add0_chain_cert(sc, NULL, (X509 *)parg); case SSL_CTRL_GET_CHAIN_CERTS: - *(STACK_OF(X509) **)parg = s->cert->key->chain; + *(STACK_OF(X509) **)parg = sc->cert->key->chain; ret = 1; break; case SSL_CTRL_SELECT_CURRENT_CERT: - return ssl_cert_select_current(s->cert, (X509 *)parg); + return ssl_cert_select_current(sc->cert, (X509 *)parg); case SSL_CTRL_SET_CURRENT_CERT: if (larg == SSL_CERT_SET_SERVER) { const SSL_CIPHER *cipher; - if (!s->server) + if (!sc->server) return 0; - cipher = s->s3.tmp.new_cipher; + cipher = sc->s3.tmp.new_cipher; if (cipher == NULL) return 0; /* @@ -3590,28 +3611,28 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) */ if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) return 2; - if (s->s3.tmp.cert == NULL) + if (sc->s3.tmp.cert == NULL) return 0; - s->cert->key = s->s3.tmp.cert; + sc->cert->key = sc->s3.tmp.cert; return 1; } - return ssl_cert_set_current(s->cert, larg); + return ssl_cert_set_current(sc->cert, larg); case SSL_CTRL_GET_GROUPS: { uint16_t *clist; size_t clistlen; - if (!s->session) + if (!sc->session) return 0; - clist = s->ext.peer_supportedgroups; - clistlen = s->ext.peer_supportedgroups_len; + clist = sc->ext.peer_supportedgroups; + clistlen = sc->ext.peer_supportedgroups_len; if (parg) { size_t i; int *cptr = parg; for (i = 0; i < clistlen; i++) { - uint16_t cid = SSL_IS_TLS13(s) + uint16_t cid = SSL_CONNECTION_IS_TLS13(sc) ? ssl_group_id_tls13_to_internal(clist[i]) : clist[i]; const TLS_GROUP_INFO *cinf @@ -3627,16 +3648,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } case SSL_CTRL_SET_GROUPS: - return tls1_set_groups(&s->ext.supportedgroups, - &s->ext.supportedgroups_len, parg, larg); + return tls1_set_groups(&sc->ext.supportedgroups, + &sc->ext.supportedgroups_len, parg, larg); case SSL_CTRL_SET_GROUPS_LIST: - return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups, - &s->ext.supportedgroups_len, parg); + return tls1_set_groups_list(s->ctx, &sc->ext.supportedgroups, + &sc->ext.supportedgroups_len, parg); case SSL_CTRL_GET_SHARED_GROUP: { - uint16_t id = tls1_shared_group(s, larg); + uint16_t id = tls1_shared_group(sc, larg); if (larg != -1) return tls1_group_id2nid(id, 1); @@ -3646,82 +3667,82 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { unsigned int id; - if (SSL_IS_TLS13(s) && s->s3.did_kex) - id = s->s3.group_id; + if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex) + id = sc->s3.group_id; else - id = s->session->kex_group; + id = sc->session->kex_group; ret = tls1_group_id2nid(id, 1); break; } case SSL_CTRL_SET_SIGALGS: - return tls1_set_sigalgs(s->cert, parg, larg, 0); + return tls1_set_sigalgs(sc->cert, parg, larg, 0); case SSL_CTRL_SET_SIGALGS_LIST: - return tls1_set_sigalgs_list(s->cert, parg, 0); + return tls1_set_sigalgs_list(sc->cert, parg, 0); case SSL_CTRL_SET_CLIENT_SIGALGS: - return tls1_set_sigalgs(s->cert, parg, larg, 1); + return tls1_set_sigalgs(sc->cert, parg, larg, 1); case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: - return tls1_set_sigalgs_list(s->cert, parg, 1); + return tls1_set_sigalgs_list(sc->cert, parg, 1); case SSL_CTRL_GET_CLIENT_CERT_TYPES: { const unsigned char **pctype = parg; - if (s->server || !s->s3.tmp.cert_req) + if (sc->server || !sc->s3.tmp.cert_req) return 0; if (pctype) - *pctype = s->s3.tmp.ctype; - return s->s3.tmp.ctype_len; + *pctype = sc->s3.tmp.ctype; + return sc->s3.tmp.ctype_len; } case SSL_CTRL_SET_CLIENT_CERT_TYPES: - if (!s->server) + if (!sc->server) return 0; - return ssl3_set_req_cert_type(s->cert, parg, larg); + return ssl3_set_req_cert_type(sc->cert, parg, larg); case SSL_CTRL_BUILD_CERT_CHAIN: - return ssl_build_cert_chain(s, NULL, larg); + return ssl_build_cert_chain(sc, NULL, larg); case SSL_CTRL_SET_VERIFY_CERT_STORE: - return ssl_cert_set_cert_store(s->cert, parg, 0, larg); + return ssl_cert_set_cert_store(sc->cert, parg, 0, larg); case SSL_CTRL_SET_CHAIN_CERT_STORE: - return ssl_cert_set_cert_store(s->cert, parg, 1, larg); + return ssl_cert_set_cert_store(sc->cert, parg, 1, larg); case SSL_CTRL_GET_VERIFY_CERT_STORE: - return ssl_cert_get_cert_store(s->cert, parg, 0); + return ssl_cert_get_cert_store(sc->cert, parg, 0); case SSL_CTRL_GET_CHAIN_CERT_STORE: - return ssl_cert_get_cert_store(s->cert, parg, 1); + return ssl_cert_get_cert_store(sc->cert, parg, 1); case SSL_CTRL_GET_PEER_SIGNATURE_NID: - if (s->s3.tmp.peer_sigalg == NULL) + if (sc->s3.tmp.peer_sigalg == NULL) return 0; - *(int *)parg = s->s3.tmp.peer_sigalg->hash; + *(int *)parg = sc->s3.tmp.peer_sigalg->hash; return 1; case SSL_CTRL_GET_SIGNATURE_NID: - if (s->s3.tmp.sigalg == NULL) + if (sc->s3.tmp.sigalg == NULL) return 0; - *(int *)parg = s->s3.tmp.sigalg->hash; + *(int *)parg = sc->s3.tmp.sigalg->hash; return 1; case SSL_CTRL_GET_PEER_TMP_KEY: - if (s->session == NULL || s->s3.peer_tmp == NULL) { + if (sc->session == NULL || sc->s3.peer_tmp == NULL) { return 0; } else { - EVP_PKEY_up_ref(s->s3.peer_tmp); - *(EVP_PKEY **)parg = s->s3.peer_tmp; + EVP_PKEY_up_ref(sc->s3.peer_tmp); + *(EVP_PKEY **)parg = sc->s3.peer_tmp; return 1; } case SSL_CTRL_GET_TMP_KEY: - if (s->session == NULL || s->s3.tmp.pkey == NULL) { + if (sc->session == NULL || sc->s3.tmp.pkey == NULL) { return 0; } else { - EVP_PKEY_up_ref(s->s3.tmp.pkey); - *(EVP_PKEY **)parg = s->s3.tmp.pkey; + EVP_PKEY_up_ref(sc->s3.tmp.pkey); + *(EVP_PKEY **)parg = sc->s3.tmp.pkey; return 1; } @@ -3729,18 +3750,18 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { const unsigned char **pformat = parg; - if (s->ext.peer_ecpointformats == NULL) + if (sc->ext.peer_ecpointformats == NULL) return 0; - *pformat = s->ext.peer_ecpointformats; - return (int)s->ext.peer_ecpointformats_len; + *pformat = sc->ext.peer_ecpointformats; + return (int)sc->ext.peer_ecpointformats_len; } case SSL_CTRL_GET_IANA_GROUPS: { if (parg != NULL) { - *(uint16_t **)parg = (uint16_t *)s->ext.peer_supportedgroups; + *(uint16_t **)parg = (uint16_t *)sc->ext.peer_supportedgroups; } - return (int)s->ext.peer_supportedgroups_len; + return (int)sc->ext.peer_supportedgroups_len; } default: @@ -3752,22 +3773,26 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) { int ret = 0; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return ret; switch (cmd) { #if !defined(OPENSSL_NO_DEPRECATED_3_0) case SSL_CTRL_SET_TMP_DH_CB: - s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; + sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; ret = 1; break; #endif case SSL_CTRL_SET_TLSEXT_DEBUG_CB: - s->ext.debug_cb = (void (*)(SSL *, int, int, - const unsigned char *, int, void *))fp; + sc->ext.debug_cb = (void (*)(SSL *, int, int, + const unsigned char *, int, void *))fp; ret = 1; break; case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: - s->not_resumable_session_cb = (int (*)(SSL *, int))fp; + sc->not_resumable_session_cb = (int (*)(SSL *, int))fp; ret = 1; break; default: @@ -4029,9 +4054,9 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) # ifndef OPENSSL_NO_DEPRECATED_3_0 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *, - unsigned char *, - EVP_CIPHER_CTX *, - HMAC_CTX *, int))fp; + unsigned char *, + EVP_CIPHER_CTX *, + HMAC_CTX *, int))fp; break; #endif @@ -4138,7 +4163,7 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) * * Returns the selected cipher or NULL when no common ciphers. */ -const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr) { const SSL_CIPHER *c, *ret = NULL; @@ -4222,7 +4247,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, allow = srvr; } - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { #ifndef OPENSSL_NO_PSK int j; @@ -4250,10 +4275,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, c = sk_SSL_CIPHER_value(prio, i); /* Skip ciphers not supported by the protocol version */ - if (!SSL_IS_DTLS(s) && + if (!SSL_CONNECTION_IS_DTLS(s) && ((s->version < c->min_tls) || (s->version > c->max_tls))) continue; - if (SSL_IS_DTLS(s) && + if (SSL_CONNECTION_IS_DTLS(s) && (DTLS_VERSION_LT(s->version, c->min_dtls) || DTLS_VERSION_GT(s->version, c->max_dtls))) continue; @@ -4262,7 +4287,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, * Since TLS 1.3 ciphersuites can be used with any auth or * key exchange scheme skip tests. */ - if (!SSL_IS_TLS13(s)) { + if (!SSL_CONNECTION_IS_TLS13(s)) { mask_k = s->s3.tmp.mask_k; mask_a = s->s3.tmp.mask_a; #ifndef OPENSSL_NO_SRP @@ -4312,7 +4337,8 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (prefer_sha256) { const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); - const EVP_MD *md = ssl_md(s->ctx, tmp->algorithm2); + const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s), + tmp->algorithm2); if (md != NULL && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) { @@ -4333,7 +4359,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, return ret; } -int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) +int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt) { uint32_t alg_k, alg_a = 0; @@ -4403,26 +4429,30 @@ static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) int ssl3_shutdown(SSL *s) { int ret; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) + return 0; /* * Don't do anything much if we have not done the handshake or we don't * want to send messages :-) */ - if (s->quiet_shutdown || SSL_in_before(s)) { - s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); + if (sc->quiet_shutdown || SSL_in_before(s)) { + sc->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); return 1; } - if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { - s->shutdown |= SSL_SENT_SHUTDOWN; - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); + if (!(sc->shutdown & SSL_SENT_SHUTDOWN)) { + sc->shutdown |= SSL_SENT_SHUTDOWN; + ssl3_send_alert(sc, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); /* * our shutdown alert has been sent now, and if it still needs to be * written, s->s3.alert_dispatch will be true */ - if (s->s3.alert_dispatch) + if (sc->s3.alert_dispatch) return -1; /* return WANT_WRITE */ - } else if (s->s3.alert_dispatch) { + } else if (sc->s3.alert_dispatch) { /* resend it if not sent */ ret = s->method->ssl_dispatch_alert(s); if (ret == -1) { @@ -4433,19 +4463,19 @@ int ssl3_shutdown(SSL *s) */ return ret; } - } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + } else if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) { size_t readbytes; /* * If we are waiting for a close from our peer, we are closed */ s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes); - if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) { return -1; /* return WANT_READ */ } } - if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && - !s->s3.alert_dispatch) + if ((sc->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && + !sc->s3.alert_dispatch) return 1; else return 0; @@ -4453,8 +4483,13 @@ int ssl3_shutdown(SSL *s) int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) + return 0; + clear_sys_error(); - if (s->s3.renegotiate) + if (sc->s3.renegotiate) ssl3_renegotiate_check(s, 0); return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, @@ -4465,15 +4500,19 @@ static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, size_t *readbytes) { int ret; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) + return 0; clear_sys_error(); - if (s->s3.renegotiate) + if (sc->s3.renegotiate) ssl3_renegotiate_check(s, 0); - s->s3.in_read_app_data = 1; + sc->s3.in_read_app_data = 1; ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, peek, readbytes); - if ((ret == -1) && (s->s3.in_read_app_data == 2)) { + if ((ret == -1) && (sc->s3.in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->handshake_func, which called * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes @@ -4481,13 +4520,13 @@ static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, * makes sense here; so disable handshake processing and try to read * application data again. */ - ossl_statem_set_in_handshake(s, 1); + ossl_statem_set_in_handshake(sc, 1); ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, peek, readbytes); - ossl_statem_set_in_handshake(s, 0); + ossl_statem_set_in_handshake(sc, 0); } else - s->s3.in_read_app_data = 0; + sc->s3.in_read_app_data = 0; return ret; } @@ -4504,10 +4543,15 @@ int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes) int ssl3_renegotiate(SSL *s) { - if (s->handshake_func == NULL) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) + return 0; + + if (sc->handshake_func == NULL) return 1; - s->s3.renegotiate = 1; + sc->s3.renegotiate = 1; return 1; } @@ -4522,20 +4566,24 @@ int ssl3_renegotiate(SSL *s) int ssl3_renegotiate_check(SSL *s, int initok) { int ret = 0; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); - if (s->s3.renegotiate) { - if (!RECORD_LAYER_read_pending(&s->rlayer) - && !RECORD_LAYER_write_pending(&s->rlayer) + if (sc == NULL) + return 0; + + if (sc->s3.renegotiate) { + if (!RECORD_LAYER_read_pending(&sc->rlayer) + && !RECORD_LAYER_write_pending(&sc->rlayer) && (initok || !SSL_in_init(s))) { /* * if we are the server, and we have sent a 'RENEGOTIATE' * message, we need to set the state machine into the renegotiate * state. */ - ossl_statem_set_renegotiate(s); - s->s3.renegotiate = 0; - s->s3.num_renegotiations++; - s->s3.total_renegotiations++; + ossl_statem_set_renegotiate(sc); + sc->s3.renegotiate = 0; + sc->s3.num_renegotiations++; + sc->s3.total_renegotiations++; ret = 1; } } @@ -4548,13 +4596,15 @@ int ssl3_renegotiate_check(SSL *s, int initok) * * If PSK and using SHA384 for TLS < 1.2 switch to default. */ -long ssl_get_algorithm2(SSL *s) +long ssl_get_algorithm2(SSL_CONNECTION *s) { long alg2; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + if (s->s3.tmp.new_cipher == NULL) return -1; alg2 = s->s3.tmp.new_cipher->algorithm2; - if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) { + if (ssl->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) { if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) { @@ -4568,7 +4618,8 @@ long ssl_get_algorithm2(SSL *s) * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on * failure, 1 on success. */ -int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, +int ssl_fill_hello_random(SSL_CONNECTION *s, int server, + unsigned char *result, size_t len, DOWNGRADE dgrd) { int send_time = 0, ret; @@ -4584,9 +4635,9 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, unsigned char *p = result; l2n(Time, p); - ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4, 0); + ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, p, len - 4, 0); } else { - ret = RAND_bytes_ex(s->ctx->libctx, result, len, 0); + ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, result, len, 0); } if (ret > 0) { @@ -4604,11 +4655,12 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, return ret; } -int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, - int free_pms) +int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms, + size_t pmslen, int free_pms) { unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; int ret = 0; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if (alg_k & SSL_PSK) { #ifndef OPENSSL_NO_PSK @@ -4639,7 +4691,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, OPENSSL_clear_free(s->s3.tmp.psk, psklen); s->s3.tmp.psk = NULL; s->s3.tmp.psklen = 0; - if (!s->method->ssl3_enc->generate_master_secret(s, + if (!ssl->method->ssl3_enc->generate_master_secret(s, s->session->master_key, pskpms, pskpmslen, &s->session->master_key_length)) { OPENSSL_clear_free(pskpms, pskpmslen); @@ -4652,7 +4704,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, goto err; #endif } else { - if (!s->method->ssl3_enc->generate_master_secret(s, + if (!ssl->method->ssl3_enc->generate_master_secret(s, s->session->master_key, pms, pmslen, &s->session->master_key_length)) { /* SSLfatal() already called */ @@ -4676,14 +4728,15 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, } /* Generate a private key from parameters */ -EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm) +EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (pm == NULL) return NULL; - pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq); + pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pm, sctx->propq); if (pctx == NULL) goto err; if (EVP_PKEY_keygen_init(pctx) <= 0) @@ -4699,9 +4752,10 @@ EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm) } /* Generate a private key from a group ID */ -EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) +EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id) { - const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id); + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id); EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; @@ -4710,8 +4764,8 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) goto err; } - pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm, - s->ctx->propq); + pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm, + sctx->propq); if (pctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); @@ -4739,17 +4793,18 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) /* * Generate parameters from a group ID */ -EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id) +EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id) { + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; - const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id); + const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id); if (ginf == NULL) goto err; - pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm, - s->ctx->propq); + pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm, + sctx->propq); if (pctx == NULL) goto err; @@ -4770,12 +4825,12 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id) } /* Generate secrets from pms */ -int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen) +int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen) { int rv = 0; /* SSLfatal() called as appropriate in the below functions */ - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { /* * If we are resuming then we already generated the early secret * when we created the ClientHello, so don't recreate it. @@ -4796,19 +4851,20 @@ int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen) } /* Derive secrets for ECDH/DH */ -int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) +int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) { int rv = 0; unsigned char *pms = NULL; size_t pmslen = 0; EVP_PKEY_CTX *pctx; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (privkey == NULL || pubkey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq); + pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq); if (EVP_PKEY_derive_init(pctx) <= 0 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0 @@ -4817,7 +4873,7 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) goto err; } - if (SSL_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH")) + if (SSL_CONNECTION_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH")) EVP_PKEY_CTX_set_dh_pad(pctx, 1); pms = OPENSSL_malloc(pmslen); @@ -4849,7 +4905,7 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) } /* Decapsulate secrets for KEM */ -int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, +int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey, const unsigned char *ct, size_t ctlen, int gensecret) { @@ -4857,13 +4913,14 @@ int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, unsigned char *pms = NULL; size_t pmslen = 0; EVP_PKEY_CTX *pctx; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (privkey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq); + pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq); if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0 || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) { @@ -4899,7 +4956,7 @@ int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, return rv; } -int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, +int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey, unsigned char **ctp, size_t *ctlenp, int gensecret) { @@ -4907,13 +4964,14 @@ int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, unsigned char *pms = NULL, *ct = NULL; size_t pmslen = 0, ctlen = 0; EVP_PKEY_CTX *pctx; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (pubkey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq); + pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pubkey, sctx->propq); if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0 || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0 diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index c0f0dbc17dcc21..01524fd6fd07f5 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -9,9 +9,10 @@ #include "ssl_local.h" -int ssl3_do_change_cipher_spec(SSL *s) +int ssl3_do_change_cipher_spec(SSL_CONNECTION *s) { int i; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if (s->server) i = SSL3_CHANGE_CIPHER_SERVER_READ; @@ -26,13 +27,13 @@ int ssl3_do_change_cipher_spec(SSL *s) } s->session->cipher = s->s3.tmp.new_cipher; - if (!s->method->ssl3_enc->setup_key_block(s)) { + if (!ssl->method->ssl3_enc->setup_key_block(s)) { /* SSLfatal() already called */ return 0; } } - if (!s->method->ssl3_enc->change_cipher_state(s, i)) { + if (!ssl->method->ssl3_enc->change_cipher_state(s, i)) { /* SSLfatal() already called */ return 0; } @@ -40,13 +41,15 @@ int ssl3_do_change_cipher_spec(SSL *s) return 1; } -int ssl3_send_alert(SSL *s, int level, int desc) +int ssl3_send_alert(SSL_CONNECTION *s, int level, int desc) { + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + /* Map tls/ssl alert value to correct one */ - if (SSL_TREAT_AS_TLS13(s)) + if (SSL_CONNECTION_TREAT_AS_TLS13(s)) desc = tls13_alert_code(desc); else - desc = s->method->ssl3_enc->alert_value(desc); + desc = ssl->method->ssl3_enc->alert_value(desc); if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have * protocol_version alerts */ @@ -63,7 +66,7 @@ int ssl3_send_alert(SSL *s, int level, int desc) s->s3.send_alert[1] = desc; if (!RECORD_LAYER_write_pending(&s->rlayer)) { /* data still being written out? */ - return s->method->ssl_dispatch_alert(s); + return ssl->method->ssl_dispatch_alert(ssl); } /* * else data is still being written out, we will get written some time in @@ -78,31 +81,35 @@ int ssl3_dispatch_alert(SSL *s) size_t alertlen; void (*cb) (const SSL *ssl, int type, int val) = NULL; size_t written; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return -1; - s->s3.alert_dispatch = 0; + sc->s3.alert_dispatch = 0; alertlen = 2; - i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3.send_alert[0], &alertlen, 1, 0, + i = do_ssl3_write(sc, SSL3_RT_ALERT, &sc->s3.send_alert[0], &alertlen, 1, 0, &written); if (i <= 0) { - s->s3.alert_dispatch = 1; + sc->s3.alert_dispatch = 1; } else { /* * Alert sent to BIO - now flush. If the message does not get sent due * to non-blocking IO, we will not worry too much. */ - (void)BIO_flush(s->wbio); + (void)BIO_flush(sc->wbio); - if (s->msg_callback) - s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert, - 2, s, s->msg_callback_arg); + if (sc->msg_callback) + sc->msg_callback(1, sc->version, SSL3_RT_ALERT, sc->s3.send_alert, + 2, s, sc->msg_callback_arg); - if (s->info_callback != NULL) - cb = s->info_callback; + if (sc->info_callback != NULL) + cb = sc->info_callback; else if (s->ctx->info_callback != NULL) cb = s->ctx->info_callback; if (cb != NULL) { - j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1]; + j = (sc->s3.send_alert[0] << 8) | sc->s3.send_alert[1]; cb(s, SSL_CB_WRITE_ALERT, j); } } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 267e8695f9e605..73338e5c6ebfdc 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -248,7 +248,7 @@ void ssl_cert_free(CERT *c) OPENSSL_free(c); } -int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) +int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain) { int i, r; CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key; @@ -269,7 +269,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) return 1; } -int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) +int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain) { STACK_OF(X509) *dchain; if (!chain) @@ -284,7 +284,7 @@ int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) return 1; } -int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x) +int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x) { int r; CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key; @@ -302,7 +302,7 @@ int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x) return 1; } -int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x) +int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x) { if (!ssl_cert_add0_chain_cert(s, ctx, x)) return 0; @@ -369,23 +369,25 @@ void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg) * 0: Verify failure or error * -1: Retry required */ -int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) +int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk) { X509 *x; int i = 0; X509_STORE *verify_store; X509_STORE_CTX *ctx = NULL; X509_VERIFY_PARAM *param; + SSL_CTX *sctx; if ((sk == NULL) || (sk_X509_num(sk) == 0)) return 0; + sctx = SSL_CONNECTION_GET_CTX(s); if (s->cert->verify_store) verify_store = s->cert->verify_store; else - verify_store = s->ctx->cert_store; + verify_store = sctx->cert_store; - ctx = X509_STORE_CTX_new_ex(s->ctx->libctx, s->ctx->propq); + ctx = X509_STORE_CTX_new_ex(sctx->libctx, sctx->propq); if (ctx == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; @@ -402,12 +404,13 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) * point, for now a single @SECLEVEL sets the same policy for TLS crypto * and PKI authentication. */ - X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s)); + X509_VERIFY_PARAM_set_auth_level(param, + SSL_get_security_level(SSL_CONNECTION_GET_SSL(s))); /* Set suite B flags if needed */ X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s)); - if (!X509_STORE_CTX_set_ex_data - (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { + if (!X509_STORE_CTX_set_ex_data(ctx, + SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { goto end; } @@ -430,8 +433,8 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) if (s->verify_callback) X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback); - if (s->ctx->app_verify_callback != NULL) { - i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg); + if (sctx->app_verify_callback != NULL) { + i = sctx->app_verify_callback(ctx, sctx->app_verify_arg); } else { i = X509_verify_cert(ctx); /* We treat an error in the same way as a failure to verify */ @@ -491,7 +494,12 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk) void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) { - set0_CA_list(&s->ca_names, name_list); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + set0_CA_list(&sc->ca_names, name_list); } void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) @@ -506,7 +514,12 @@ const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx) const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s) { - return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + return sc->ca_names != NULL ? sc->ca_names : s->ctx->ca_names; } void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) @@ -521,20 +534,35 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) { - set0_CA_list(&s->client_ca_names, name_list); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + set0_CA_list(&sc->client_ca_names, name_list); } const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s) { - return s->s3.tmp.peer_ca_names; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + return sc->s3.tmp.peer_ca_names; } STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) { - if (!s->server) - return s->s3.tmp.peer_ca_names; - return s->client_ca_names != NULL ? s->client_ca_names - : s->ctx->client_ca_names; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + if (!sc->server) + return sc->s3.tmp.peer_ca_names; + return sc->client_ca_names != NULL ? sc->client_ca_names + : s->ctx->client_ca_names; } static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x) @@ -558,7 +586,12 @@ static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x) int SSL_add1_to_CA_list(SSL *ssl, const X509 *x) { - return add_ca_name(&ssl->ca_names, x); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + + return add_ca_name(&sc->ca_names, x); } int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x) @@ -572,7 +605,12 @@ int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x) */ int SSL_add_client_CA(SSL *ssl, X509 *x) { - return add_ca_name(&ssl->client_ca_names, x); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + + return add_ca_name(&sc->client_ca_names, x); } int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) @@ -849,18 +887,18 @@ int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, } /* Build a certificate chain for current certificate */ -int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) +int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags) { - CERT *c = s ? s->cert : ctx->cert; + CERT *c = s != NULL ? s->cert : ctx->cert; CERT_PKEY *cpk = c->key; X509_STORE *chain_store = NULL; X509_STORE_CTX *xs_ctx = NULL; STACK_OF(X509) *chain = NULL, *untrusted = NULL; X509 *x; - SSL_CTX *real_ctx = (s == NULL) ? ctx : s->ctx; + SSL_CTX *real_ctx = (s == NULL) ? ctx : SSL_CONNECTION_GET_CTX(s); int i, rv = 0; - if (!cpk->x509) { + if (cpk->x509 == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET); goto err; } @@ -878,12 +916,10 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) if (!X509_STORE_add_cert(chain_store, cpk->x509)) goto err; } else { - if (c->chain_store) + if (c->chain_store != NULL) chain_store = c->chain_store; - else if (s) - chain_store = s->ctx->cert_store; else - chain_store = ctx->cert_store; + chain_store = real_ctx->cert_store; if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED) untrusted = cpk->chain; @@ -1008,6 +1044,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, void *ex) { int level, minbits, pfs_mask; + const SSL_CONNECTION *sc; minbits = ssl_get_security_level_bits(s, ctx, &level); @@ -1046,7 +1083,9 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, break; } case SSL_SECOP_VERSION: - if (!SSL_IS_DTLS(s)) { + if ((sc = SSL_CONNECTION_FROM_CONST_SSL(s)) == NULL) + return 0; + if (!SSL_CONNECTION_IS_DTLS(sc)) { /* SSLv3, TLS v1.0 and TLS v1.1 only allowed at level 0 */ if (nid <= TLS1_1_VERSION && level > 0) return 0; @@ -1072,9 +1111,10 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, return 1; } -int ssl_security(const SSL *s, int op, int bits, int nid, void *other) +int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other) { - return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex); + return s->cert->sec_cb(SSL_CONNECTION_GET_SSL(s), NULL, op, bits, nid, + other, s->cert->sec_ex); } int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 1608cb13247e53..e519d20362421f 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -625,14 +625,15 @@ const EVP_MD *ssl_md(SSL_CTX *ctx, int idx) return ctx->ssl_digest_methods[idx]; } -const EVP_MD *ssl_handshake_md(SSL *s) +const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s) { - return ssl_md(s->ctx, ssl_get_algorithm2(s)); + return ssl_md(SSL_CONNECTION_GET_CTX(s), ssl_get_algorithm2(s)); } -const EVP_MD *ssl_prf_md(SSL *s) +const EVP_MD *ssl_prf_md(SSL_CONNECTION *s) { - return ssl_md(s->ctx, ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT); + return ssl_md(SSL_CONNECTION_GET_CTX(s), + ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT); } #define ITEM_SEP(a) \ @@ -1431,15 +1432,22 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) int SSL_set_ciphersuites(SSL *s, const char *str) { STACK_OF(SSL_CIPHER) *cipher_list; - int ret = set_ciphersuites(&(s->tls13_ciphersuites), str); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + int ret; - if (s->cipher_list == NULL) { + if (sc == NULL) + return 0; + + ret = set_ciphersuites(&(sc->tls13_ciphersuites), str); + + if (sc->cipher_list == NULL) { if ((cipher_list = SSL_get_ciphers(s)) != NULL) - s->cipher_list = sk_SSL_CIPHER_dup(cipher_list); + sc->cipher_list = sk_SSL_CIPHER_dup(cipher_list); } - if (ret && s->cipher_list != NULL) - return update_cipher_list(s->ctx, &s->cipher_list, &s->cipher_list_by_id, - s->tls13_ciphersuites); + if (ret && sc->cipher_list != NULL) + return update_cipher_list(s->ctx, &sc->cipher_list, + &sc->cipher_list_by_id, + sc->tls13_ciphersuites); return ret; } @@ -2096,10 +2104,11 @@ int SSL_COMP_get_id(const SSL_COMP *comp) #endif } -const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr, +const SSL_CIPHER *ssl_get_cipher_by_char(SSL_CONNECTION *s, + const unsigned char *ptr, int all) { - const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr); + const SSL_CIPHER *c = SSL_CONNECTION_GET_SSL(s)->method->get_cipher_by_char(ptr); if (c == NULL || (!all && c->valid == 0)) return NULL; diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 7bfafe8cf74b02..e1a4bda9ed71b9 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -431,16 +431,23 @@ static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value) { int rv = 1; CERT *c = NULL; - if (cctx->ctx) { + if (cctx->ctx != NULL) { rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value); c = cctx->ctx->cert; } - if (cctx->ssl) { - rv = SSL_use_certificate_chain_file(cctx->ssl, value); - c = cctx->ssl->cert; + if (cctx->ssl != NULL) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl); + + if (sc != NULL) { + rv = SSL_use_certificate_chain_file(cctx->ssl, value); + c = sc->cert; + } else { + rv = 0; + } } - if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { + if (rv > 0 && c != NULL && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { char **pfilename = &cctx->cert_filename[c->key - c->pkeys]; + OPENSSL_free(*pfilename); *pfilename = OPENSSL_strdup(value); if (*pfilename == NULL) @@ -484,7 +491,12 @@ static int do_store(SSL_CONF_CTX *cctx, cert = cctx->ctx->cert; ctx = cctx->ctx; } else if (cctx->ssl != NULL) { - cert = cctx->ssl->cert; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl); + + if (sc == NULL) + return 0; + + cert = sc->cert; ctx = cctx->ssl->ctx; } else { return 1; @@ -977,11 +989,16 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx) /* See if any certificates are missing private keys */ size_t i; CERT *c = NULL; - if (cctx->ctx) + + if (cctx->ctx != NULL) { c = cctx->ctx->cert; - else if (cctx->ssl) - c = cctx->ssl->cert; - if (c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { + } else if (cctx->ssl != NULL) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl); + + if (sc != NULL) + c = sc->cert; + } + if (c != NULL && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { for (i = 0; i < SSL_PKEY_NUM; i++) { const char *p = cctx->cert_filename[i]; /* @@ -1050,12 +1067,16 @@ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl) { cctx->ssl = ssl; cctx->ctx = NULL; - if (ssl) { - cctx->poptions = &ssl->options; - cctx->min_version = &ssl->min_proto_version; - cctx->max_version = &ssl->max_proto_version; - cctx->pcert_flags = &ssl->cert->cert_flags; - cctx->pvfy_flags = &ssl->verify_mode; + if (ssl != NULL) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return; + cctx->poptions = &sc->options; + cctx->min_version = &sc->min_proto_version; + cctx->max_version = &sc->max_proto_version; + cctx->pcert_flags = &sc->cert->cert_flags; + cctx->pvfy_flags = &sc->verify_mode; } else { cctx->poptions = NULL; cctx->min_version = NULL; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ff035ea6c861d4..24bcd7feecf703 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -25,33 +25,33 @@ #include "internal/refcount.h" #include "internal/ktls.h" -static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t, - SSL_MAC_BUF *mac, size_t macsize) +static int ssl_undefined_function_1(SSL_CONNECTION *sc, SSL3_RECORD *r, size_t s, + int t, SSL_MAC_BUF *mac, size_t macsize) { - return ssl_undefined_function(ssl); + return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc)); } -static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s, - int t) +static int ssl_undefined_function_2(SSL_CONNECTION *sc, SSL3_RECORD *r, + unsigned char *s, int t) { - return ssl_undefined_function(ssl); + return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc)); } -static int ssl_undefined_function_3(SSL *ssl, unsigned char *r, +static int ssl_undefined_function_3(SSL_CONNECTION *sc, unsigned char *r, unsigned char *s, size_t t, size_t *u) { - return ssl_undefined_function(ssl); + return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc)); } -static int ssl_undefined_function_4(SSL *ssl, int r) +static int ssl_undefined_function_4(SSL_CONNECTION *sc, int r) { - return ssl_undefined_function(ssl); + return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc)); } -static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s, - unsigned char *t) +static size_t ssl_undefined_function_5(SSL_CONNECTION *sc, const char *r, + size_t s, unsigned char *t) { - return ssl_undefined_function(ssl); + return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc)); } static int ssl_undefined_function_6(int r) @@ -59,17 +59,22 @@ static int ssl_undefined_function_6(int r) return ssl_undefined_function(NULL); } -static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s, - const char *t, size_t u, +static int ssl_undefined_function_7(SSL_CONNECTION *sc, unsigned char *r, + size_t s, const char *t, size_t u, const unsigned char *v, size_t w, int x) { - return ssl_undefined_function(ssl); + return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc)); +} + +static int ssl_undefined_function_8(SSL_CONNECTION *sc) +{ + return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc)); } SSL3_ENC_METHOD ssl3_undef_enc_method = { ssl_undefined_function_1, ssl_undefined_function_2, - ssl_undefined_function, + ssl_undefined_function_8, ssl_undefined_function_3, ssl_undefined_function_4, ssl_undefined_function_5, @@ -185,7 +190,7 @@ static void dane_final(SSL_DANE *dane) /* * dane_copy - Copy dane configuration, sans verification state. */ -static int ssl_dane_dup(SSL *to, SSL *from) +static int ssl_dane_dup(SSL_CONNECTION *to, SSL_CONNECTION *from) { int num; int i; @@ -196,7 +201,7 @@ static int ssl_dane_dup(SSL *to, SSL *from) num = sk_danetls_record_num(from->dane.trecs); dane_final(&to->dane); to->dane.flags = from->dane.flags; - to->dane.dctx = &to->ctx->dane; + to->dane.dctx = &SSL_CONNECTION_GET_CTX(to)->dane; to->dane.trecs = sk_danetls_record_new_reserve(NULL, num); if (to->dane.trecs == NULL) { @@ -207,8 +212,8 @@ static int ssl_dane_dup(SSL *to, SSL *from) for (i = 0; i < num; ++i) { danetls_record *t = sk_danetls_record_value(from->dane.trecs, i); - if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype, - t->data, t->dlen) <= 0) + if (SSL_dane_tlsa_add(SSL_CONNECTION_GET_SSL(to), t->usage, + t->selector, t->mtype, t->data, t->dlen) <= 0) return 0; } return 1; @@ -558,7 +563,7 @@ void OPENSSL_VPROC_FUNC(void) {} #endif -static void clear_ciphers(SSL *s) +static void clear_ciphers(SSL_CONNECTION *s) { /* clear the current cipher */ ssl_clear_cipher_ctx(s); @@ -573,73 +578,84 @@ int SSL_clear(SSL *s) return 0; } - if (ssl_clear_bad_session(s)) { - SSL_SESSION_free(s->session); - s->session = NULL; + return s->method->ssl_reset(s); +} + +int ossl_ssl_connection_reset(SSL *s) +{ + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (ssl_clear_bad_session(sc)) { + SSL_SESSION_free(sc->session); + sc->session = NULL; } - SSL_SESSION_free(s->psksession); - s->psksession = NULL; - OPENSSL_free(s->psksession_id); - s->psksession_id = NULL; - s->psksession_id_len = 0; - s->hello_retry_request = 0; - s->sent_tickets = 0; + SSL_SESSION_free(sc->psksession); + sc->psksession = NULL; + OPENSSL_free(sc->psksession_id); + sc->psksession_id = NULL; + sc->psksession_id_len = 0; + sc->hello_retry_request = 0; + sc->sent_tickets = 0; - s->error = 0; - s->hit = 0; - s->shutdown = 0; + sc->error = 0; + sc->hit = 0; + sc->shutdown = 0; - if (s->renegotiate) { + if (sc->renegotiate) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return 0; } - ossl_statem_clear(s); + ossl_statem_clear(sc); - s->version = s->method->version; - s->client_version = s->version; - s->rwstate = SSL_NOTHING; + /* TODO(QUIC): Version handling not yet clear */ + sc->version = s->method->version; + sc->client_version = sc->version; + sc->rwstate = SSL_NOTHING; - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - clear_ciphers(s); - s->first_packet = 0; + BUF_MEM_free(sc->init_buf); + sc->init_buf = NULL; + clear_ciphers(sc); + sc->first_packet = 0; - s->key_update = SSL_KEY_UPDATE_NONE; + sc->key_update = SSL_KEY_UPDATE_NONE; - EVP_MD_CTX_free(s->pha_dgst); - s->pha_dgst = NULL; + EVP_MD_CTX_free(sc->pha_dgst); + sc->pha_dgst = NULL; /* Reset DANE verification result state */ - s->dane.mdpth = -1; - s->dane.pdpth = -1; - X509_free(s->dane.mcert); - s->dane.mcert = NULL; - s->dane.mtlsa = NULL; + sc->dane.mdpth = -1; + sc->dane.pdpth = -1; + X509_free(sc->dane.mcert); + sc->dane.mcert = NULL; + sc->dane.mtlsa = NULL; /* Clear the verification result peername */ - X509_VERIFY_PARAM_move_peername(s->param, NULL); + X509_VERIFY_PARAM_move_peername(sc->param, NULL); /* Clear any shared connection state */ - OPENSSL_free(s->shared_sigalgs); - s->shared_sigalgs = NULL; - s->shared_sigalgslen = 0; + OPENSSL_free(sc->shared_sigalgs); + sc->shared_sigalgs = NULL; + sc->shared_sigalgslen = 0; /* * Check to see if we were changed into a different method, if so, revert * back. */ - if (s->method != s->ctx->method) { - s->method->ssl_free(s); - s->method = s->ctx->method; - if (!s->method->ssl_new(s)) + if (s->method != SSL_CONNECTION_GET_CTX(sc)->method) { + s->method->ssl_deinit(s); + s->method = SSL_CONNECTION_GET_CTX(sc)->method; + if (!s->method->ssl_init(s)) return 0; } else { if (!s->method->ssl_clear(s)) return 0; } - RECORD_LAYER_clear(&s->rlayer); + RECORD_LAYER_clear(&sc->rlayer); return 1; } @@ -671,8 +687,6 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) SSL *SSL_new(SSL_CTX *ctx) { - SSL *s; - if (ctx == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_CTX); return NULL; @@ -681,19 +695,50 @@ SSL *SSL_new(SSL_CTX *ctx) ERR_raise(ERR_LIB_SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); return NULL; } + return ctx->method->ssl_new(ctx); +} + +int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, int type) +{ + ssl->type = type; + + ssl->references = 1; + ssl->lock = CRYPTO_THREAD_lock_new(); + if (ssl->lock == NULL) + return 0; + + SSL_CTX_up_ref(ctx); + ssl->ctx = ctx; + + ssl->method = ctx->method; + + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data)) + return 0; + + return 1; +} + +SSL *ossl_ssl_connection_new(SSL_CTX *ctx) +{ + SSL_CONNECTION *s; + SSL *ssl; s = OPENSSL_zalloc(sizeof(*s)); if (s == NULL) - goto err; + return NULL; - s->references = 1; - s->lock = CRYPTO_THREAD_lock_new(); - if (s->lock == NULL) { + ssl = &s->ssl; + if (!ossl_ssl_init(ssl, ctx, SSL_TYPE_SSL_CONNECTION)) { OPENSSL_free(s); s = NULL; goto err; } +#ifndef OPENSSL_NO_QUIC + /* set the parent (user visible) ssl to self */ + s->user_ssl = ssl; +#endif + RECORD_LAYER_init(&s->rlayer, s); s->options = ctx->options; @@ -753,10 +798,8 @@ SSL *SSL_new(SSL_CTX *ctx) if (s->max_pipelines > 1) RECORD_LAYER_set_read_ahead(&s->rlayer, 1); if (ctx->default_read_buf_len > 0) - SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len); + SSL_set_default_read_buffer_len(ssl, ctx->default_read_buf_len); - SSL_CTX_up_ref(ctx); - s->ctx = ctx; s->ext.debug_cb = 0; s->ext.debug_arg = NULL; s->ext.ticket_expected = 0; @@ -795,14 +838,14 @@ SSL *SSL_new(SSL_CTX *ctx) s->ext.npn = NULL; #endif - if (s->ctx->ext.alpn) { - s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); + if (ctx->ext.alpn != NULL) { + s->ext.alpn = OPENSSL_malloc(ctx->ext.alpn_len); if (s->ext.alpn == NULL) { s->ext.alpn_len = 0; goto err; } - memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); - s->ext.alpn_len = s->ctx->ext.alpn_len; + memcpy(s->ext.alpn, ctx->ext.alpn, ctx->ext.alpn_len); + s->ext.alpn_len = ctx->ext.alpn_len; } s->verified_chain = NULL; @@ -811,22 +854,17 @@ SSL *SSL_new(SSL_CTX *ctx) s->default_passwd_callback = ctx->default_passwd_callback; s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata; - s->method = ctx->method; - s->key_update = SSL_KEY_UPDATE_NONE; s->allow_early_data_cb = ctx->allow_early_data_cb; s->allow_early_data_cb_data = ctx->allow_early_data_cb_data; - if (!s->method->ssl_new(s)) + if (!ssl->method->ssl_init(ssl)) goto err; s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; - if (!SSL_clear(s)) - goto err; - - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data)) + if (!SSL_clear(ssl)) goto err; #ifndef OPENSSL_NO_PSK @@ -842,21 +880,26 @@ SSL *SSL_new(SSL_CTX *ctx) s->job = NULL; #ifndef OPENSSL_NO_CT - if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback, + if (!SSL_set_ct_validation_callback(ssl, ctx->ct_validation_callback, ctx->ct_validation_callback_arg)) goto err; #endif - return s; + return ssl; err: - SSL_free(s); + SSL_free(ssl); ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return NULL; } int SSL_is_dtls(const SSL *s) { - return SSL_IS_DTLS(s) ? 1 : 0; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + return SSL_CONNECTION_IS_DTLS(sc) ? 1 : 0; } int SSL_up_ref(SSL *s) @@ -887,12 +930,17 @@ int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; } - ssl->sid_ctx_length = sid_ctx_len; - memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); + sc->sid_ctx_length = sid_ctx_len; + memcpy(sc->sid_ctx, sid_ctx, sid_ctx_len); return 1; } @@ -908,9 +956,11 @@ int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) { - if (!CRYPTO_THREAD_write_lock(ssl->lock)) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL || !CRYPTO_THREAD_write_lock(ssl->lock)) return 0; - ssl->generate_session_id = cb; + sc->generate_session_id = cb; CRYPTO_THREAD_unlock(ssl->lock); return 1; } @@ -926,18 +976,19 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, * by this SSL. */ SSL_SESSION r, *p; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl); - if (id_len > sizeof(r.session_id)) + if (sc == NULL || id_len > sizeof(r.session_id)) return 0; - r.ssl_version = ssl->version; + r.ssl_version = sc->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); - if (!CRYPTO_THREAD_read_lock(ssl->session_ctx->lock)) + if (!CRYPTO_THREAD_read_lock(sc->session_ctx->lock)) return 0; - p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r); - CRYPTO_THREAD_unlock(ssl->session_ctx->lock); + p = lh_SSL_SESSION_retrieve(sc->session_ctx->sessions, &r); + CRYPTO_THREAD_unlock(sc->session_ctx->lock); return (p != NULL); } @@ -948,7 +999,12 @@ int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) int SSL_set_purpose(SSL *s, int purpose) { - return X509_VERIFY_PARAM_set_purpose(s->param, purpose); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + return X509_VERIFY_PARAM_set_purpose(sc->param, purpose); } int SSL_CTX_set_trust(SSL_CTX *s, int trust) @@ -958,21 +1014,37 @@ int SSL_CTX_set_trust(SSL_CTX *s, int trust) int SSL_set_trust(SSL *s, int trust) { - return X509_VERIFY_PARAM_set_trust(s->param, trust); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + return X509_VERIFY_PARAM_set_trust(sc->param, trust); } int SSL_set1_host(SSL *s, const char *hostname) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + /* If a hostname is provided and parses as an IP address, * treat it as such. */ - if (hostname && X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname) == 1) + if (hostname != NULL + && X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname) == 1) return 1; - return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); + return X509_VERIFY_PARAM_set1_host(sc->param, hostname, 0); } int SSL_add1_host(SSL *s, const char *hostname) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + /* If a hostname is provided and parses as an IP address, * treat it as such. */ if (hostname) @@ -985,7 +1057,7 @@ int SSL_add1_host(SSL *s, const char *hostname) /* We didn't want it; only to check if it *is* an IP address */ ASN1_OCTET_STRING_free(ip); - old_ip = X509_VERIFY_PARAM_get1_ip_asc(s->param); + old_ip = X509_VERIFY_PARAM_get1_ip_asc(sc->param); if (old_ip) { OPENSSL_free(old_ip); @@ -993,21 +1065,31 @@ int SSL_add1_host(SSL *s, const char *hostname) return 0; } - return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname); + return X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname); } } - return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0); + return X509_VERIFY_PARAM_add1_host(sc->param, hostname, 0); } void SSL_set_hostflags(SSL *s, unsigned int flags) { - X509_VERIFY_PARAM_set_hostflags(s->param, flags); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + X509_VERIFY_PARAM_set_hostflags(sc->param, flags); } const char *SSL_get0_peername(SSL *s) { - return X509_VERIFY_PARAM_get0_peername(s->param); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; + + return X509_VERIFY_PARAM_get0_peername(sc->param); } int SSL_CTX_dane_enable(SSL_CTX *ctx) @@ -1033,8 +1115,13 @@ unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags) int SSL_dane_enable(SSL *s, const char *basedomain) { - SSL_DANE *dane = &s->dane; + SSL_DANE *dane; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + if (sc == NULL) + return 0; + + dane = &sc->dane; if (s->ctx->dane.mdmax == 0) { ERR_raise(ERR_LIB_SSL, SSL_R_CONTEXT_NOT_DANE_ENABLED); return 0; @@ -1049,7 +1136,7 @@ int SSL_dane_enable(SSL *s, const char *basedomain) * accepts them and disables host name checks. To avoid side-effects with * invalid input, set the SNI name first. */ - if (s->ext.hostname == NULL) { + if (sc->ext.hostname == NULL) { if (!SSL_set_tlsext_host_name(s, basedomain)) { ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); return -1; @@ -1057,7 +1144,7 @@ int SSL_dane_enable(SSL *s, const char *basedomain) } /* Primary RFC6125 reference identifier */ - if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) { + if (!X509_VERIFY_PARAM_set1_host(sc->param, basedomain, 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); return -1; } @@ -1076,25 +1163,43 @@ int SSL_dane_enable(SSL *s, const char *basedomain) unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags) { - unsigned long orig = ssl->dane.flags; + unsigned long orig; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + + orig = sc->dane.flags; - ssl->dane.flags |= flags; + sc->dane.flags |= flags; return orig; } unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags) { - unsigned long orig = ssl->dane.flags; + unsigned long orig; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); - ssl->dane.flags &= ~flags; + if (sc == NULL) + return 0; + + orig = sc->dane.flags; + + sc->dane.flags &= ~flags; return orig; } int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki) { - SSL_DANE *dane = &s->dane; + SSL_DANE *dane; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) + if (sc == NULL) + return -1; + + dane = &sc->dane; + + if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK) return -1; if (dane->mtlsa) { if (mcert) @@ -1108,9 +1213,15 @@ int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki) int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, uint8_t *mtype, const unsigned char **data, size_t *dlen) { - SSL_DANE *dane = &s->dane; + SSL_DANE *dane; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) + if (sc == NULL) + return -1; + + dane = &sc->dane; + + if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK) return -1; if (dane->mtlsa) { if (usage) @@ -1129,13 +1240,23 @@ int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, SSL_DANE *SSL_get0_dane(SSL *s) { - return &s->dane; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; + + return &sc->dane; } int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, uint8_t mtype, const unsigned char *data, size_t dlen) { - return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + return dane_tlsa_add(&sc->dane, usage, selector, mtype, data, dlen); } int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, @@ -1151,7 +1272,12 @@ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) { - return X509_VERIFY_PARAM_set1(ssl->param, vpm); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + + return X509_VERIFY_PARAM_set1(sc->param, vpm); } X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) @@ -1161,12 +1287,22 @@ X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) { - return ssl->param; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return NULL; + + return sc->param; } void SSL_certs_clear(SSL *s) { - ssl_cert_clear_certs(s->cert); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + ssl_cert_clear_certs(sc->cert); } void SSL_free(SSL *s) @@ -1181,9 +1317,27 @@ void SSL_free(SSL *s) return; REF_ASSERT_ISNT(i < 0); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); + + if (s->method != NULL) + s->method->ssl_free(s); + + SSL_CTX_free(s->ctx); + CRYPTO_THREAD_lock_free(s->lock); + + OPENSSL_free(s); +} + +void ossl_ssl_connection_free(SSL *ssl) +{ + SSL_CONNECTION *s; + + s = SSL_CONNECTION_FROM_SSL_ONLY(ssl); + if (s == NULL) + return; + X509_VERIFY_PARAM_free(s->param); dane_final(&s->dane); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); RECORD_LAYER_release(&s->rlayer); @@ -1245,10 +1399,8 @@ void SSL_free(SSL *s) OSSL_STACK_OF_X509_free(s->verified_chain); - if (s->method != NULL) - s->method->ssl_free(s); - - SSL_CTX_free(s->ctx); + if (ssl->method != NULL) + ssl->method->ssl_deinit(ssl); ASYNC_WAIT_CTX_free(s->waitctx); @@ -1259,32 +1411,38 @@ void SSL_free(SSL *s) #ifndef OPENSSL_NO_SRTP sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); #endif - - CRYPTO_THREAD_lock_free(s->lock); - - OPENSSL_free(s); } void SSL_set0_rbio(SSL *s, BIO *rbio) { - BIO_free_all(s->rbio); - s->rbio = rbio; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + BIO_free_all(sc->rbio); + sc->rbio = rbio; } void SSL_set0_wbio(SSL *s, BIO *wbio) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + /* * If the output buffering BIO is still in place, remove it */ - if (s->bbio != NULL) - s->wbio = BIO_pop(s->wbio); + if (sc->bbio != NULL) + sc->wbio = BIO_pop(sc->wbio); - BIO_free_all(s->wbio); - s->wbio = wbio; + BIO_free_all(sc->wbio); + sc->wbio = wbio; /* Re-attach |bbio| to the new |wbio|. */ - if (s->bbio != NULL) - s->wbio = BIO_push(s->bbio, s->wbio); + if (sc->bbio != NULL) + sc->wbio = BIO_push(sc->bbio, sc->wbio); } void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) @@ -1329,19 +1487,29 @@ void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) BIO *SSL_get_rbio(const SSL *s) { - return s->rbio; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + return sc->rbio; } BIO *SSL_get_wbio(const SSL *s) { - if (s->bbio != NULL) { + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + if (sc->bbio != NULL) { /* * If |bbio| is active, the true caller-configured BIO is its * |next_bio|. */ - return BIO_next(s->bbio); + return BIO_next(sc->bbio); } - return s->wbio; + return sc->wbio; } int SSL_get_fd(const SSL *s) @@ -1458,11 +1626,15 @@ int SSL_set_rfd(SSL *s, int fd) size_t SSL_get_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; - ret = s->s3.tmp.finish_md_len; + ret = sc->s3.tmp.finish_md_len; if (count > ret) count = ret; - memcpy(buf, s->s3.tmp.finish_md, count); + memcpy(buf, sc->s3.tmp.finish_md, count); return ret; } @@ -1470,26 +1642,45 @@ size_t SSL_get_finished(const SSL *s, void *buf, size_t count) size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); - ret = s->s3.tmp.peer_finish_md_len; + if (sc == NULL) + return 0; + + ret = sc->s3.tmp.peer_finish_md_len; if (count > ret) count = ret; - memcpy(buf, s->s3.tmp.peer_finish_md, count); + memcpy(buf, sc->s3.tmp.peer_finish_md, count); return ret; } int SSL_get_verify_mode(const SSL *s) { - return s->verify_mode; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return sc->verify_mode; } int SSL_get_verify_depth(const SSL *s) { - return X509_VERIFY_PARAM_get_depth(s->param); + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return X509_VERIFY_PARAM_get_depth(sc->param); } int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) { - return s->verify_callback; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + return sc->verify_callback; } int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) @@ -1509,24 +1700,44 @@ int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) { void SSL_set_verify(SSL *s, int mode, int (*callback) (int ok, X509_STORE_CTX *ctx)) { - s->verify_mode = mode; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + sc->verify_mode = mode; if (callback != NULL) - s->verify_callback = callback; + sc->verify_callback = callback; } void SSL_set_verify_depth(SSL *s, int depth) { - X509_VERIFY_PARAM_set_depth(s->param, depth); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + X509_VERIFY_PARAM_set_depth(sc->param, depth); } void SSL_set_read_ahead(SSL *s, int yes) { - RECORD_LAYER_set_read_ahead(&s->rlayer, yes); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + RECORD_LAYER_set_read_ahead(&sc->rlayer, yes); } int SSL_get_read_ahead(const SSL *s) { - return RECORD_LAYER_get_read_ahead(&s->rlayer); + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return RECORD_LAYER_get_read_ahead(&sc->rlayer); } int SSL_pending(const SSL *s) @@ -1556,10 +1767,15 @@ int SSL_has_pending(const SSL *s) * data. That data may not result in any application data, or we may fail * to parse the records for some reason. */ - if (RECORD_LAYER_processed_read_pending(&s->rlayer)) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + if (RECORD_LAYER_processed_read_pending(&sc->rlayer)) return 1; - return RECORD_LAYER_read_pending(&s->rlayer); + return RECORD_LAYER_read_pending(&sc->rlayer); } X509 *SSL_get1_peer_certificate(const SSL *s) @@ -1574,20 +1790,29 @@ X509 *SSL_get1_peer_certificate(const SSL *s) X509 *SSL_get0_peer_certificate(const SSL *s) { - if ((s == NULL) || (s->session == NULL)) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + if (sc->session == NULL) return NULL; else - return s->session->peer; + return sc->session->peer; } STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) { STACK_OF(X509) *r; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); - if ((s == NULL) || (s->session == NULL)) + if (sc == NULL) + return NULL; + + if (sc->session == NULL) r = NULL; else - r = s->session->peer_chain; + r = sc->session->peer_chain; /* * If we are a client, cert_chain includes the peer's own certificate; if @@ -1604,6 +1829,13 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) int SSL_copy_session_id(SSL *t, const SSL *f) { int i; + /* TODO(QUIC): Do we want to support this for QUIC connections? */ + SSL_CONNECTION *tsc = SSL_CONNECTION_FROM_SSL_ONLY(t); + const SSL_CONNECTION *fsc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(f); + + if (tsc == NULL || fsc == NULL) + return 0; + /* Do we need to do SSL locking? */ if (!SSL_set_session(t, SSL_get_session(f))) { return 0; @@ -1613,16 +1845,16 @@ int SSL_copy_session_id(SSL *t, const SSL *f) * what if we are setup for one protocol version but want to talk another */ if (t->method != f->method) { - t->method->ssl_free(t); + t->method->ssl_deinit(t); t->method = f->method; - if (t->method->ssl_new(t) == 0) + if (t->method->ssl_init(t) == 0) return 0; } - CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock); - ssl_cert_free(t->cert); - t->cert = f->cert; - if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) { + CRYPTO_UP_REF(&fsc->cert->references, &i, fsc->cert->lock); + ssl_cert_free(tsc->cert); + tsc->cert = fsc->cert; + if (!SSL_set_session_id_context(t, fsc->sid_ctx, (int)fsc->sid_ctx_length)) { return 0; } @@ -1647,25 +1879,32 @@ int SSL_CTX_check_private_key(const SSL_CTX *ctx) /* Fix this function so that it takes an optional type parameter */ int SSL_check_private_key(const SSL *ssl) { - if (ssl == NULL) { + const SSL_CONNECTION *sc; + + if ((sc = SSL_CONNECTION_FROM_CONST_SSL(ssl)) == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (ssl->cert->key->x509 == NULL) { + if (sc->cert->key->x509 == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED); return 0; } - if (ssl->cert->key->privatekey == NULL) { + if (sc->cert->key->privatekey == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); return 0; } - return X509_check_private_key(ssl->cert->key->x509, - ssl->cert->key->privatekey); + return X509_check_private_key(sc->cert->key->x509, + sc->cert->key->privatekey); } int SSL_waiting_for_async(SSL *s) { - if (s->job) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->job) return 1; return 0; @@ -1673,9 +1912,13 @@ int SSL_waiting_for_async(SSL *s) int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds) { - ASYNC_WAIT_CTX *ctx = s->waitctx; + ASYNC_WAIT_CTX *ctx; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - if (ctx == NULL) + if (sc == NULL) + return 0; + + if ((ctx = sc->waitctx) == NULL) return 0; return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds); } @@ -1683,9 +1926,13 @@ int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds) int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, OSSL_ASYNC_FD *delfd, size_t *numdelfds) { - ASYNC_WAIT_CTX *ctx = s->waitctx; + ASYNC_WAIT_CTX *ctx; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - if (ctx == NULL) + if (sc == NULL) + return 0; + + if ((ctx = sc->waitctx) == NULL) return 0; return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd, numdelfds); @@ -1705,21 +1952,35 @@ int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg) int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback) { - s->async_cb = callback; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + sc->async_cb = callback; return 1; } int SSL_set_async_callback_arg(SSL *s, void *arg) { - s->async_cb_arg = arg; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + sc->async_cb_arg = arg; return 1; } int SSL_get_async_status(SSL *s, int *status) { - ASYNC_WAIT_CTX *ctx = s->waitctx; + ASYNC_WAIT_CTX *ctx; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - if (ctx == NULL) + if (sc == NULL) + return 0; + + if ((ctx = sc->waitctx) == NULL) return 0; *status = ASYNC_WAIT_CTX_get_status(ctx); return 1; @@ -1727,7 +1988,12 @@ int SSL_get_async_status(SSL *s, int *status) int SSL_accept(SSL *s) { - if (s->handshake_func == NULL) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->handshake_func == NULL) { /* Not properly initialized yet */ SSL_set_accept_state(s); } @@ -1737,7 +2003,12 @@ int SSL_accept(SSL *s) int SSL_connect(SSL *s) { - if (s->handshake_func == NULL) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->handshake_func == NULL) { /* Not properly initialized yet */ SSL_set_connect_state(s); } @@ -1753,42 +2024,51 @@ long SSL_get_default_timeout(const SSL *s) static int ssl_async_wait_ctx_cb(void *arg) { SSL *s = (SSL *)arg; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - return s->async_cb(s, s->async_cb_arg); + if (sc == NULL) + return 0; + + return sc->async_cb(s, sc->async_cb_arg); } static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, int (*func) (void *)) { int ret; - if (s->waitctx == NULL) { - s->waitctx = ASYNC_WAIT_CTX_new(); - if (s->waitctx == NULL) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->waitctx == NULL) { + sc->waitctx = ASYNC_WAIT_CTX_new(); + if (sc->waitctx == NULL) return -1; - if (s->async_cb != NULL + if (sc->async_cb != NULL && !ASYNC_WAIT_CTX_set_callback - (s->waitctx, ssl_async_wait_ctx_cb, s)) + (sc->waitctx, ssl_async_wait_ctx_cb, s)) return -1; } - s->rwstate = SSL_NOTHING; - switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, + sc->rwstate = SSL_NOTHING; + switch (ASYNC_start_job(&sc->job, sc->waitctx, &ret, func, args, sizeof(struct ssl_async_args))) { case ASYNC_ERR: - s->rwstate = SSL_NOTHING; + sc->rwstate = SSL_NOTHING; ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC); return -1; case ASYNC_PAUSE: - s->rwstate = SSL_ASYNC_PAUSED; + sc->rwstate = SSL_ASYNC_PAUSED; return -1; case ASYNC_NO_JOBS: - s->rwstate = SSL_ASYNC_NO_JOBS; + sc->rwstate = SSL_ASYNC_NO_JOBS; return -1; case ASYNC_FINISH: - s->job = NULL; + sc->job = NULL; return ret; default: - s->rwstate = SSL_NOTHING; + sc->rwstate = SSL_NOTHING; ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); /* Shouldn't happen */ return -1; @@ -1801,16 +2081,20 @@ static int ssl_io_intern(void *vargs) SSL *s; void *buf; size_t num; + SSL_CONNECTION *sc; args = (struct ssl_async_args *)vargs; s = args->s; buf = args->buf; num = args->num; + if ((sc = SSL_CONNECTION_FROM_SSL(s)) == NULL) + return -1; + switch (args->type) { case READFUNC: - return args->f.func_read(s, buf, num, &s->asyncrw); + return args->f.func_read(s, buf, num, &sc->asyncrw); case WRITEFUNC: - return args->f.func_write(s, buf, num, &s->asyncrw); + return args->f.func_write(s, buf, num, &sc->asyncrw); case OTHERFUNC: return args->f.func_other(s); } @@ -1819,18 +2103,23 @@ static int ssl_io_intern(void *vargs) int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) { - if (s->handshake_func == NULL) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return -1; + + if (sc->handshake_func == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); return -1; } - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { - s->rwstate = SSL_NOTHING; + if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) { + sc->rwstate = SSL_NOTHING; return 0; } - if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY - || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) { + if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY + || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) { ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -1838,9 +2127,9 @@ int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) * If we are a client and haven't received the ServerHello etc then we * better do that */ - ossl_statem_check_finish_init(s, 0); + ossl_statem_check_finish_init(sc, 0); - if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; int ret; @@ -1851,7 +2140,7 @@ int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) args.f.func_read = s->method->ssl_read; ret = ssl_start_async_job(s, &args, ssl_io_intern); - *readbytes = s->asyncrw; + *readbytes = sc->asyncrw; return ret; } else { return s->method->ssl_read(s, buf, num, readbytes); @@ -1892,13 +2181,18 @@ int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes) int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) { int ret; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + /* TODO(QUIC): This will need special handling for QUIC */ + if (sc == NULL) + return 0; - if (!s->server) { + if (!sc->server) { ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return SSL_READ_EARLY_DATA_ERROR; } - switch (s->early_data_state) { + switch (sc->early_data_state) { case SSL_EARLY_DATA_NONE: if (!SSL_in_before(s)) { ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -1907,32 +2201,32 @@ int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) /* fall through */ case SSL_EARLY_DATA_ACCEPT_RETRY: - s->early_data_state = SSL_EARLY_DATA_ACCEPTING; + sc->early_data_state = SSL_EARLY_DATA_ACCEPTING; ret = SSL_accept(s); if (ret <= 0) { /* NBIO or error */ - s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY; + sc->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY; return SSL_READ_EARLY_DATA_ERROR; } /* fall through */ case SSL_EARLY_DATA_READ_RETRY: - if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { - s->early_data_state = SSL_EARLY_DATA_READING; + if (sc->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { + sc->early_data_state = SSL_EARLY_DATA_READING; ret = SSL_read_ex(s, buf, num, readbytes); /* * State machine will update early_data_state to * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData * message */ - if (ret > 0 || (ret <= 0 && s->early_data_state + if (ret > 0 || (ret <= 0 && sc->early_data_state != SSL_EARLY_DATA_FINISHED_READING)) { - s->early_data_state = SSL_EARLY_DATA_READ_RETRY; + sc->early_data_state = SSL_EARLY_DATA_READ_RETRY; return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS : SSL_READ_EARLY_DATA_ERROR; } } else { - s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; + sc->early_data_state = SSL_EARLY_DATA_FINISHED_READING; } *readbytes = 0; return SSL_READ_EARLY_DATA_FINISH; @@ -1945,20 +2239,31 @@ int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) int SSL_get_early_data_status(const SSL *s) { - return s->ext.early_data; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s); + + /* TODO(QUIC): This will need special handling for QUIC */ + if (sc == NULL) + return 0; + + return sc->ext.early_data; } static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes) { - if (s->handshake_func == NULL) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->handshake_func == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); return -1; } - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { + if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) { return 0; } - if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; int ret; @@ -1969,7 +2274,7 @@ static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes) args.f.func_read = s->method->ssl_peek; ret = ssl_start_async_job(s, &args, ssl_io_intern); - *readbytes = s->asyncrw; + *readbytes = sc->asyncrw; return ret; } else { return s->method->ssl_peek(s, buf, num, readbytes); @@ -2010,27 +2315,32 @@ int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes) int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) { - if (s->handshake_func == NULL) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->handshake_func == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); return -1; } - if (s->shutdown & SSL_SENT_SHUTDOWN) { - s->rwstate = SSL_NOTHING; + if (sc->shutdown & SSL_SENT_SHUTDOWN) { + sc->rwstate = SSL_NOTHING; ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN); return -1; } - if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY - || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY - || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) { + if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY + || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY + || sc->early_data_state == SSL_EARLY_DATA_READ_RETRY) { ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } /* If we are a client and haven't sent the Finished we better do that */ - ossl_statem_check_finish_init(s, 1); + ossl_statem_check_finish_init(sc, 1); - if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { int ret; struct ssl_async_args args; @@ -2041,7 +2351,7 @@ int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) args.f.func_write = s->method->ssl_write; ret = ssl_start_async_job(s, &args, ssl_io_intern); - *written = s->asyncrw; + *written = sc->asyncrw; return ret; } else { return s->method->ssl_write(s, buf, num, written); @@ -2051,25 +2361,29 @@ int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags) { ossl_ssize_t ret; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); - if (s->handshake_func == NULL) { + if (sc == NULL) + return 0; + + if (sc->handshake_func == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); return -1; } - if (s->shutdown & SSL_SENT_SHUTDOWN) { - s->rwstate = SSL_NOTHING; + if (sc->shutdown & SSL_SENT_SHUTDOWN) { + sc->rwstate = SSL_NOTHING; ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN); return -1; } - if (!BIO_get_ktls_send(s->wbio)) { + if (!BIO_get_ktls_send(sc->wbio)) { ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); return -1; } /* If we have an alert to send, lets send it */ - if (s->s3.alert_dispatch) { + if (sc->s3.alert_dispatch) { ret = (ossl_ssize_t)s->method->ssl_dispatch_alert(s); if (ret <= 0) { /* SSLfatal() already called if appropriate */ @@ -2078,10 +2392,10 @@ ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags) /* if it went, fall through and send more stuff */ } - s->rwstate = SSL_WRITING; - if (BIO_flush(s->wbio) <= 0) { - if (!BIO_should_retry(s->wbio)) { - s->rwstate = SSL_NOTHING; + sc->rwstate = SSL_WRITING; + if (BIO_flush(sc->wbio) <= 0) { + if (!BIO_should_retry(sc->wbio)) { + sc->rwstate = SSL_NOTHING; } else { #ifdef EAGAIN set_sys_error(EAGAIN); @@ -2101,13 +2415,13 @@ ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags) if ((get_last_sys_error() == EAGAIN) || (get_last_sys_error() == EINTR) || (get_last_sys_error() == EBUSY)) - BIO_set_retry_write(s->wbio); + BIO_set_retry_write(sc->wbio); else #endif ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); return ret; } - s->rwstate = SSL_NOTHING; + sc->rwstate = SSL_NOTHING; return ret; #endif } @@ -2148,64 +2462,69 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) int ret, early_data_state; size_t writtmp; uint32_t partialwrite; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + /* TODO(QUIC): This will need special handling for QUIC */ + if (sc == NULL) + return 0; - switch (s->early_data_state) { + switch (sc->early_data_state) { case SSL_EARLY_DATA_NONE: - if (s->server + if (sc->server || !SSL_in_before(s) - || ((s->session == NULL || s->session->ext.max_early_data == 0) - && (s->psk_use_session_cb == NULL))) { + || ((sc->session == NULL || sc->session->ext.max_early_data == 0) + && (sc->psk_use_session_cb == NULL))) { ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } /* fall through */ case SSL_EARLY_DATA_CONNECT_RETRY: - s->early_data_state = SSL_EARLY_DATA_CONNECTING; + sc->early_data_state = SSL_EARLY_DATA_CONNECTING; ret = SSL_connect(s); if (ret <= 0) { /* NBIO or error */ - s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY; + sc->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY; return 0; } /* fall through */ case SSL_EARLY_DATA_WRITE_RETRY: - s->early_data_state = SSL_EARLY_DATA_WRITING; + sc->early_data_state = SSL_EARLY_DATA_WRITING; /* * We disable partial write for early data because we don't keep track * of how many bytes we've written between the SSL_write_ex() call and * the flush if the flush needs to be retried) */ - partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE; - s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; + partialwrite = sc->mode & SSL_MODE_ENABLE_PARTIAL_WRITE; + sc->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; ret = SSL_write_ex(s, buf, num, &writtmp); - s->mode |= partialwrite; + sc->mode |= partialwrite; if (!ret) { - s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; + sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; return ret; } - s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH; + sc->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH; /* fall through */ case SSL_EARLY_DATA_WRITE_FLUSH: /* The buffering BIO is still in place so we need to flush it */ - if (statem_flush(s) != 1) + if (statem_flush(sc) != 1) return 0; *written = num; - s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; + sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; return 1; case SSL_EARLY_DATA_FINISHED_READING: case SSL_EARLY_DATA_READ_RETRY: - early_data_state = s->early_data_state; + early_data_state = sc->early_data_state; /* We are a server writing to an unauthenticated client */ - s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING; + sc->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING; ret = SSL_write_ex(s, buf, num, written); /* The buffering BIO is still in place */ if (ret) - (void)BIO_flush(s->wbio); - s->early_data_state = early_data_state; + (void)BIO_flush(sc->wbio); + sc->early_data_state = early_data_state; return ret; default: @@ -2222,14 +2541,18 @@ int SSL_shutdown(SSL *s) * calling it once is usually not enough, even if blocking I/O is used * (see ssl3_shutdown). */ + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - if (s->handshake_func == NULL) { + if (sc == NULL) + return -1; + + if (sc->handshake_func == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); return -1; } if (!SSL_in_init(s)) { - if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; memset(&args, 0, sizeof(args)); @@ -2249,7 +2572,12 @@ int SSL_shutdown(SSL *s) int SSL_key_update(SSL *s, int updatetype) { - if (!SSL_IS_TLS13(s)) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (!SSL_CONNECTION_IS_TLS13(sc)) { ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION); return 0; } @@ -2265,33 +2593,38 @@ int SSL_key_update(SSL *s, int updatetype) return 0; } - if (RECORD_LAYER_write_pending(&s->rlayer)) { + if (RECORD_LAYER_write_pending(&sc->rlayer)) { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY); return 0; } - ossl_statem_set_in_init(s, 1); - s->key_update = updatetype; + ossl_statem_set_in_init(sc, 1); + sc->key_update = updatetype; return 1; } int SSL_get_key_update_type(const SSL *s) { - return s->key_update; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return sc->key_update; } /* * Can we accept a renegotiation request? If yes, set the flag and * return 1 if yes. If not, raise error and return 0. */ -static int can_renegotiate(const SSL *s) +static int can_renegotiate(const SSL_CONNECTION *sc) { - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(sc)) { ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION); return 0; } - if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) { + if ((sc->options & SSL_OP_NO_RENEGOTIATION) != 0) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION); return 0; } @@ -2301,135 +2634,160 @@ static int can_renegotiate(const SSL *s) int SSL_renegotiate(SSL *s) { - if (!can_renegotiate(s)) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) return 0; - s->renegotiate = 1; - s->new_session = 1; + if (!can_renegotiate(sc)) + return 0; + + sc->renegotiate = 1; + sc->new_session = 1; return s->method->ssl_renegotiate(s); } int SSL_renegotiate_abbreviated(SSL *s) { - if (!can_renegotiate(s)) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) + return 0; + + if (!can_renegotiate(sc)) return 0; - s->renegotiate = 1; - s->new_session = 0; + sc->renegotiate = 1; + sc->new_session = 0; return s->method->ssl_renegotiate(s); } int SSL_renegotiate_pending(const SSL *s) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) + return 0; + /* * becomes true when negotiation is requested; false again once a * handshake has finished */ - return (s->renegotiate != 0); + return (sc->renegotiate != 0); } int SSL_new_session_ticket(SSL *s) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + /* If we are in init because we're sending tickets, okay to send more. */ - if ((SSL_in_init(s) && s->ext.extra_tickets_expected == 0) - || SSL_IS_FIRST_HANDSHAKE(s) || !s->server - || !SSL_IS_TLS13(s)) + if ((SSL_in_init(s) && sc->ext.extra_tickets_expected == 0) + || SSL_IS_FIRST_HANDSHAKE(sc) || !sc->server + || !SSL_CONNECTION_IS_TLS13(sc)) return 0; - s->ext.extra_tickets_expected++; - if (!RECORD_LAYER_write_pending(&s->rlayer) && !SSL_in_init(s)) - ossl_statem_set_in_init(s, 1); + sc->ext.extra_tickets_expected++; + if (!RECORD_LAYER_write_pending(&sc->rlayer) && !SSL_in_init(s)) + ossl_statem_set_in_init(sc, 1); return 1; } long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) { long l; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + /* TODO(QUIC): Special handling for some ctrls will be needed */ + if (sc == NULL) + return 0; switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: - return RECORD_LAYER_get_read_ahead(&s->rlayer); + return RECORD_LAYER_get_read_ahead(&sc->rlayer); case SSL_CTRL_SET_READ_AHEAD: - l = RECORD_LAYER_get_read_ahead(&s->rlayer); - RECORD_LAYER_set_read_ahead(&s->rlayer, larg); + l = RECORD_LAYER_get_read_ahead(&sc->rlayer); + RECORD_LAYER_set_read_ahead(&sc->rlayer, larg); return l; case SSL_CTRL_SET_MSG_CALLBACK_ARG: - s->msg_callback_arg = parg; + sc->msg_callback_arg = parg; return 1; case SSL_CTRL_MODE: - return (s->mode |= larg); + return (sc->mode |= larg); case SSL_CTRL_CLEAR_MODE: - return (s->mode &= ~larg); + return (sc->mode &= ~larg); case SSL_CTRL_GET_MAX_CERT_LIST: - return (long)s->max_cert_list; + return (long)sc->max_cert_list; case SSL_CTRL_SET_MAX_CERT_LIST: if (larg < 0) return 0; - l = (long)s->max_cert_list; - s->max_cert_list = (size_t)larg; + l = (long)sc->max_cert_list; + sc->max_cert_list = (size_t)larg; return l; case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) return 0; #ifndef OPENSSL_NO_KTLS - if (s->wbio != NULL && BIO_get_ktls_send(s->wbio)) + if (sc->wbio != NULL && BIO_get_ktls_send(sc->wbio)) return 0; #endif /* OPENSSL_NO_KTLS */ - s->max_send_fragment = larg; - if (s->max_send_fragment < s->split_send_fragment) - s->split_send_fragment = s->max_send_fragment; + sc->max_send_fragment = larg; + if (sc->max_send_fragment < sc->split_send_fragment) + sc->split_send_fragment = sc->max_send_fragment; return 1; case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: - if ((size_t)larg > s->max_send_fragment || larg == 0) + if ((size_t)larg > sc->max_send_fragment || larg == 0) return 0; - s->split_send_fragment = larg; + sc->split_send_fragment = larg; return 1; case SSL_CTRL_SET_MAX_PIPELINES: if (larg < 1 || larg > SSL_MAX_PIPELINES) return 0; - s->max_pipelines = larg; + sc->max_pipelines = larg; if (larg > 1) - RECORD_LAYER_set_read_ahead(&s->rlayer, 1); + RECORD_LAYER_set_read_ahead(&sc->rlayer, 1); return 1; case SSL_CTRL_GET_RI_SUPPORT: - return s->s3.send_connection_binding; + return sc->s3.send_connection_binding; case SSL_CTRL_SET_RETRY_VERIFY: - s->rwstate = SSL_RETRY_VERIFY; + sc->rwstate = SSL_RETRY_VERIFY; return 1; case SSL_CTRL_CERT_FLAGS: - return (s->cert->cert_flags |= larg); + return (sc->cert->cert_flags |= larg); case SSL_CTRL_CLEAR_CERT_FLAGS: - return (s->cert->cert_flags &= ~larg); + return (sc->cert->cert_flags &= ~larg); case SSL_CTRL_GET_RAW_CIPHERLIST: if (parg) { - if (s->s3.tmp.ciphers_raw == NULL) + if (sc->s3.tmp.ciphers_raw == NULL) return 0; - *(unsigned char **)parg = s->s3.tmp.ciphers_raw; - return (int)s->s3.tmp.ciphers_rawlen; + *(unsigned char **)parg = sc->s3.tmp.ciphers_raw; + return (int)sc->s3.tmp.ciphers_rawlen; } else { return TLS_CIPHER_LEN; } case SSL_CTRL_GET_EXTMS_SUPPORT: - if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s)) + if (!sc->session || SSL_in_init(s) || ossl_statem_get_in_handshake(sc)) return -1; - if (s->session->flags & SSL_SESS_FLAG_EXTMS) + if (sc->session->flags & SSL_SESS_FLAG_EXTMS) return 1; else return 0; case SSL_CTRL_SET_MIN_PROTO_VERSION: - return ssl_check_allowed_versions(larg, s->max_proto_version) + return ssl_check_allowed_versions(larg, sc->max_proto_version) && ssl_set_version_bound(s->ctx->method->version, (int)larg, - &s->min_proto_version); + &sc->min_proto_version); case SSL_CTRL_GET_MIN_PROTO_VERSION: - return s->min_proto_version; + return sc->min_proto_version; case SSL_CTRL_SET_MAX_PROTO_VERSION: - return ssl_check_allowed_versions(s->min_proto_version, larg) + return ssl_check_allowed_versions(sc->min_proto_version, larg) && ssl_set_version_bound(s->ctx->method->version, (int)larg, - &s->max_proto_version); + &sc->max_proto_version); case SSL_CTRL_GET_MAX_PROTO_VERSION: - return s->max_proto_version; + return sc->max_proto_version; default: return s->method->ssl_ctrl(s, cmd, larg, parg); } @@ -2437,12 +2795,17 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - s->msg_callback = (void (*) - (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, - void *arg))(fp); + sc->msg_callback = (void (*) + (int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, + void *arg))(fp); return 1; default: @@ -2618,13 +2981,17 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, return 0; } -/** return a STACK of the ciphers available for the SSL and in order of - * preference */ +/* + * return a STACK of the ciphers available for the SSL and in order of + * preference + */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) { - if (s != NULL) { - if (s->cipher_list != NULL) { - return s->cipher_list; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc != NULL) { + if (sc->cipher_list != NULL) { + return sc->cipher_list; } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { return s->ctx->cipher_list; } @@ -2634,24 +3001,30 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) { - if ((s == NULL) || !s->server) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL || !sc->server) return NULL; - return s->peer_ciphers; + return sc->peer_ciphers; } STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) { STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers; int i; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; ciphers = SSL_get_ciphers(s); if (!ciphers) return NULL; - if (!ssl_set_client_disabled(s)) + if (!ssl_set_client_disabled(sc)) return NULL; for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); - if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) { + if (!ssl_cipher_disabled(sc, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) { if (!sk) sk = sk_SSL_CIPHER_new_null(); if (!sk) @@ -2667,14 +3040,14 @@ STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) /** return a STACK of the ciphers available for the SSL and in order of * algorithm id */ -STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) +STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL_CONNECTION *s) { if (s != NULL) { - if (s->cipher_list_by_id != NULL) { + if (s->cipher_list_by_id != NULL) return s->cipher_list_by_id; - } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) { - return s->ctx->cipher_list_by_id; - } + else if (s->ssl.ctx != NULL + && s->ssl.ctx->cipher_list_by_id != NULL) + return s->ssl.ctx->cipher_list_by_id; } return NULL; } @@ -2753,10 +3126,14 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) int SSL_set_cipher_list(SSL *s, const char *str) { STACK_OF(SSL_CIPHER) *sk; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - sk = ssl_create_cipher_list(s->ctx, s->tls13_ciphersuites, - &s->cipher_list, &s->cipher_list_by_id, str, - s->cert); + if (sc == NULL) + return 0; + + sk = ssl_create_cipher_list(s->ctx, sc->tls13_ciphersuites, + &sc->cipher_list, &sc->cipher_list_by_id, str, + sc->cert); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; @@ -2773,14 +3150,18 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) STACK_OF(SSL_CIPHER) *clntsk, *srvrsk; const SSL_CIPHER *c; int i; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; - if (!s->server - || s->peer_ciphers == NULL + if (!sc->server + || sc->peer_ciphers == NULL || size < 2) return NULL; p = buf; - clntsk = s->peer_ciphers; + clntsk = sc->peer_ciphers; srvrsk = SSL_get_ciphers(s); if (clntsk == NULL || srvrsk == NULL) return NULL; @@ -2818,16 +3199,23 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) * - if we are before or during/after the handshake, * - if a resumption or normal handshake is being attempted/has occurred * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3 - * + * * Note that only the host_name type is defined (RFC 3546). */ const char *SSL_get_servername(const SSL *s, const int type) { + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + int server; + + if (sc == NULL) + return NULL; + /* * If we don't know if we are the client or the server yet then we assume * client. */ - int server = s->handshake_func == NULL ? 0 : s->server; + server = sc->handshake_func == NULL ? 0 : sc->server; + if (type != TLSEXT_NAMETYPE_host_name) return NULL; @@ -2848,8 +3236,8 @@ const char *SSL_get_servername(const SSL *s, const int type) * - The function will return the servername requested by the client in * this handshake or NULL if none was requested. */ - if (s->hit && !SSL_IS_TLS13(s)) - return s->session->ext.hostname; + if (sc->hit && !SSL_CONNECTION_IS_TLS13(sc)) + return sc->session->ext.hostname; } else { /** * Client side @@ -2874,17 +3262,18 @@ const char *SSL_get_servername(const SSL *s, const int type) * (or NULL if it was not called). */ if (SSL_in_before(s)) { - if (s->ext.hostname == NULL - && s->session != NULL - && s->session->ssl_version != TLS1_3_VERSION) - return s->session->ext.hostname; + if (sc->ext.hostname == NULL + && sc->session != NULL + && sc->session->ssl_version != TLS1_3_VERSION) + return sc->session->ext.hostname; } else { - if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL) - return s->session->ext.hostname; + if (!SSL_CONNECTION_IS_TLS13(sc) && sc->hit + && sc->session->ext.hostname != NULL) + return sc->session->ext.hostname; } } - return s->ext.hostname; + return sc->ext.hostname; } int SSL_get_servername_type(const SSL *s) @@ -2964,11 +3353,20 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) { - *data = s->ext.npn; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) { + /* We have no other way to indicate error */ + *data = NULL; + *len = 0; + return; + } + + *data = sc->ext.npn; if (*data == NULL) { *len = 0; } else { - *len = (unsigned int)s->ext.npn_len; + *len = (unsigned int)sc->ext.npn_len; } } @@ -3063,11 +3461,15 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, unsigned int protos_len) { unsigned char *alpn; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 1; if (protos_len == 0 || protos == NULL) { - OPENSSL_free(ssl->ext.alpn); - ssl->ext.alpn = NULL; - ssl->ext.alpn_len = 0; + OPENSSL_free(sc->ext.alpn); + sc->ext.alpn = NULL; + sc->ext.alpn_len = 0; return 0; } /* Not valid per RFC */ @@ -3079,9 +3481,9 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 1; } - OPENSSL_free(ssl->ext.alpn); - ssl->ext.alpn = alpn; - ssl->ext.alpn_len = protos_len; + OPENSSL_free(sc->ext.alpn); + sc->ext.alpn = alpn; + sc->ext.alpn_len = protos_len; return 0; } @@ -3108,11 +3510,20 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, unsigned int *len) { - *data = ssl->s3.alpn_selected; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl); + + if (sc == NULL) { + /* We have no other way to indicate error */ + *data = NULL; + *len = 0; + return; + } + + *data = sc->s3.alpn_selected; if (*data == NULL) *len = 0; else - *len = (unsigned int)ssl->s3.alpn_selected_len; + *len = (unsigned int)sc->s3.alpn_selected_len; } int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, @@ -3120,11 +3531,16 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *context, size_t contextlen, int use_context) { - if (s->session == NULL - || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return -1; + + if (sc->session == NULL + || (sc->version < TLS1_VERSION && sc->version != DTLS1_BAD_VER)) return -1; - return s->method->ssl3_enc->export_keying_material(s, out, olen, label, + return s->method->ssl3_enc->export_keying_material(sc, out, olen, label, llen, context, contextlen, use_context); } @@ -3134,10 +3550,15 @@ int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, const unsigned char *context, size_t contextlen) { - if (s->version != TLS1_3_VERSION) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return -1; + + if (sc->version != TLS1_3_VERSION) return 0; - return tls13_export_keying_material_early(s, out, olen, label, llen, + return tls13_export_keying_material_early(sc, out, olen, label, llen, context, contextlen); } @@ -3519,22 +3940,42 @@ void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb) { - s->default_passwd_callback = cb; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + sc->default_passwd_callback = cb; } void SSL_set_default_passwd_cb_userdata(SSL *s, void *u) { - s->default_passwd_callback_userdata = u; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + sc->default_passwd_callback_userdata = u; } pem_password_cb *SSL_get_default_passwd_cb(SSL *s) { - return s->default_passwd_callback; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; + + return sc->default_passwd_callback; } void *SSL_get_default_passwd_cb_userdata(SSL *s) { - return s->default_passwd_callback_userdata; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; + + return sc->default_passwd_callback_userdata; } void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, @@ -3564,10 +4005,15 @@ void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg) void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) { - ssl_cert_set_cert_cb(s->cert, cb, arg); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + ssl_cert_set_cert_cb(sc->cert, cb, arg); } -void ssl_set_masks(SSL *s) +void ssl_set_masks(SSL_CONNECTION *s) { CERT *c = s->cert; uint32_t *pvalid = s->s3.tmp.valid_flags; @@ -3620,7 +4066,7 @@ void ssl_set_masks(SSL *s) if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN) && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN - && TLS1_get_version(s) == TLS1_2_VERSION)) + && TLS1_get_version(&s->ssl) == TLS1_2_VERSION)) mask_a |= SSL_aRSA; if (dsa_sign) { @@ -3645,13 +4091,13 @@ void ssl_set_masks(SSL *s) /* Allow Ed25519 for TLS 1.2 if peer supports it */ if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519) && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN - && TLS1_get_version(s) == TLS1_2_VERSION) + && TLS1_get_version(&s->ssl) == TLS1_2_VERSION) mask_a |= SSL_aECDSA; /* Allow Ed448 for TLS 1.2 if peer supports it */ if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448) && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN - && TLS1_get_version(s) == TLS1_2_VERSION) + && TLS1_get_version(&s->ssl) == TLS1_2_VERSION) mask_a |= SSL_aECDSA; mask_k |= SSL_kECDHE; @@ -3671,7 +4117,7 @@ void ssl_set_masks(SSL *s) s->s3.tmp.mask_a = mask_a; } -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) +int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CONNECTION *s) { if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) { /* key usage, if present, must allow signing */ @@ -3683,7 +4129,8 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) return 1; /* all checks are ok */ } -int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, +int ssl_get_server_cert_serverinfo(SSL_CONNECTION *s, + const unsigned char **serverinfo, size_t *serverinfo_length) { CERT_PKEY *cpk = s->s3.tmp.cert; @@ -3697,7 +4144,7 @@ int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, return 1; } -void ssl_update_cache(SSL *s, int mode) +void ssl_update_cache(SSL_CONNECTION *s, int mode) { int i; @@ -3723,7 +4170,7 @@ void ssl_update_cache(SSL *s, int mode) i = s->session_ctx->session_cache_mode; if ((i & mode) != 0 - && (!s->hit || SSL_IS_TLS13(s))) { + && (!s->hit || SSL_CONNECTION_IS_TLS13(s))) { /* * Add the session to the internal cache. In server side TLSv1.3 we * normally don't do this because by default it's a full stateless ticket @@ -3736,7 +4183,7 @@ void ssl_update_cache(SSL *s, int mode) * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket */ if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0 - && (!SSL_IS_TLS13(s) + && (!SSL_CONNECTION_IS_TLS13(s) || !s->server || (s->max_early_data > 0 && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0) @@ -3751,7 +4198,8 @@ void ssl_update_cache(SSL *s, int mode) */ if (s->session_ctx->new_session_cb != NULL) { SSL_SESSION_up_ref(s->session); - if (!s->session_ctx->new_session_cb(s, s->session)) + if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_SSL(s), + s->session)) SSL_SESSION_free(s->session); } } @@ -3782,23 +4230,29 @@ const SSL_METHOD *SSL_get_ssl_method(const SSL *s) int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) { int ret = 1; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + /* TODO(QUIC): Do we want this for QUIC? */ + if (sc == NULL + || (s->type != SSL_TYPE_SSL_CONNECTION && s->method != meth)) + return 0; if (s->method != meth) { const SSL_METHOD *sm = s->method; - int (*hf) (SSL *) = s->handshake_func; + int (*hf) (SSL *) = sc->handshake_func; if (sm->version == meth->version) s->method = meth; else { - sm->ssl_free(s); + sm->ssl_deinit(s); s->method = meth; - ret = s->method->ssl_new(s); + ret = s->method->ssl_init(s); } if (hf == sm->ssl_connect) - s->handshake_func = meth->ssl_connect; + sc->handshake_func = meth->ssl_connect; else if (hf == sm->ssl_accept) - s->handshake_func = meth->ssl_accept; + sc->handshake_func = meth->ssl_accept; } return ret; } @@ -3808,10 +4262,15 @@ int SSL_get_error(const SSL *s, int i) int reason; unsigned long l; BIO *bio; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); if (i > 0) return SSL_ERROR_NONE; + /* TODO(QUIC): This will need more handling for QUIC_CONNECTIONs */ + if (sc == NULL) + return SSL_ERROR_SSL; + /* * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, * where we do encode the error @@ -3851,7 +4310,7 @@ int SSL_get_error(const SSL *s, int i) if (SSL_want_write(s)) { /* Access wbio directly - in order to use the buffered bio if present */ - bio = s->wbio; + bio = sc->wbio; if (BIO_should_write(bio)) return SSL_ERROR_WANT_WRITE; else if (BIO_should_read(bio)) @@ -3880,8 +4339,8 @@ int SSL_get_error(const SSL *s, int i) if (SSL_want_client_hello_cb(s)) return SSL_ERROR_WANT_CLIENT_HELLO_CB; - if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3.warn_alert == SSL_AD_CLOSE_NOTIFY)) + if ((sc->shutdown & SSL_RECEIVED_SHUTDOWN) && + (sc->s3.warn_alert == SSL_AD_CLOSE_NOTIFY)) return SSL_ERROR_ZERO_RETURN; return SSL_ERROR_SYSCALL; @@ -3889,30 +4348,36 @@ int SSL_get_error(const SSL *s, int i) static int ssl_do_handshake_intern(void *vargs) { - struct ssl_async_args *args; - SSL *s; + struct ssl_async_args *args = (struct ssl_async_args *)vargs; + SSL *s = args->s; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - args = (struct ssl_async_args *)vargs; - s = args->s; + if (sc == NULL) + return -1; - return s->handshake_func(s); + return sc->handshake_func(s); } int SSL_do_handshake(SSL *s) { int ret = 1; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + /* TODO(QUIC): Special handling for QUIC will be needed */ + if (sc == NULL) + return -1; - if (s->handshake_func == NULL) { + if (sc->handshake_func == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET); return -1; } - ossl_statem_check_finish_init(s, -1); + ossl_statem_check_finish_init(sc, -1); s->method->ssl_renegotiate_check(s, 0); if (SSL_in_init(s) || SSL_in_before(s)) { - if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; memset(&args, 0, sizeof(args)); @@ -3920,7 +4385,7 @@ int SSL_do_handshake(SSL *s) ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern); } else { - ret = s->handshake_func(s); + ret = sc->handshake_func(s); } } return ret; @@ -3928,20 +4393,32 @@ int SSL_do_handshake(SSL *s) void SSL_set_accept_state(SSL *s) { - s->server = 1; - s->shutdown = 0; - ossl_statem_clear(s); - s->handshake_func = s->method->ssl_accept; - clear_ciphers(s); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + /* TODO(QUIC): Special handling for QUIC will be needed */ + if (sc == NULL) + return; + + sc->server = 1; + sc->shutdown = 0; + ossl_statem_clear(sc); + sc->handshake_func = s->method->ssl_accept; + clear_ciphers(sc); } void SSL_set_connect_state(SSL *s) { - s->server = 0; - s->shutdown = 0; - ossl_statem_clear(s); - s->handshake_func = s->method->ssl_connect; - clear_ciphers(s); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + /* TODO(QUIC): Special handling for QUIC will be needed */ + if (sc == NULL) + return; + + sc->server = 0; + sc->shutdown = 0; + ossl_statem_clear(sc); + sc->handshake_func = s->method->ssl_connect; + clear_ciphers(sc); } int ssl_undefined_function(SSL *s) @@ -4002,7 +4479,13 @@ const char *ssl_protocol_to_string(int version) const char *SSL_get_version(const SSL *s) { - return ssl_protocol_to_string(s->version); + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + /* TODO(QUIC): Should QUIC return QUIC or TLSv1.3? */ + if (sc == NULL) + return NULL; + + return ssl_protocol_to_string(sc->version); } static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src) @@ -4039,6 +4522,12 @@ SSL *SSL_dup(SSL *s) { SSL *ret; int i; + /* TODO(QUIC): Add a SSL_METHOD function for duplication */ + SSL_CONNECTION *retsc; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) + return NULL; /* If we're not quiescent, just up_ref! */ if (!SSL_in_init(s) || !SSL_in_before(s)) { @@ -4051,8 +4540,10 @@ SSL *SSL_dup(SSL *s) */ if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) return NULL; + if ((retsc = SSL_CONNECTION_FROM_SSL_ONLY(ret)) == NULL) + goto err; - if (s->session != NULL) { + if (sc->session != NULL) { /* * Arranges to share the same session via up_ref. This "copies" * session-id, SSL_METHOD, sid_ctx, and 'cert' @@ -4069,32 +4560,32 @@ SSL *SSL_dup(SSL *s) if (!SSL_set_ssl_method(ret, s->method)) goto err; - if (s->cert != NULL) { - ssl_cert_free(ret->cert); - ret->cert = ssl_cert_dup(s->cert); - if (ret->cert == NULL) + if (sc->cert != NULL) { + ssl_cert_free(retsc->cert); + retsc->cert = ssl_cert_dup(sc->cert); + if (retsc->cert == NULL) goto err; } - if (!SSL_set_session_id_context(ret, s->sid_ctx, - (int)s->sid_ctx_length)) + if (!SSL_set_session_id_context(ret, sc->sid_ctx, + (int)sc->sid_ctx_length)) goto err; } - if (!ssl_dane_dup(ret, s)) + if (!ssl_dane_dup(retsc, sc)) goto err; - ret->version = s->version; - ret->options = s->options; - ret->min_proto_version = s->min_proto_version; - ret->max_proto_version = s->max_proto_version; - ret->mode = s->mode; + retsc->version = sc->version; + retsc->options = sc->options; + retsc->min_proto_version = sc->min_proto_version; + retsc->max_proto_version = sc->max_proto_version; + retsc->mode = sc->mode; SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); - ret->msg_callback = s->msg_callback; - ret->msg_callback_arg = s->msg_callback_arg; + retsc->msg_callback = sc->msg_callback; + retsc->msg_callback_arg = sc->msg_callback_arg; SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s)); SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); - ret->generate_session_id = s->generate_session_id; + retsc->generate_session_id = sc->generate_session_id; SSL_set_info_callback(ret, SSL_get_info_callback(s)); @@ -4102,34 +4593,34 @@ SSL *SSL_dup(SSL *s) if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; - ret->server = s->server; - if (s->handshake_func) { - if (s->server) + retsc->server = sc->server; + if (sc->handshake_func) { + if (sc->server) SSL_set_accept_state(ret); else SSL_set_connect_state(ret); } - ret->shutdown = s->shutdown; - ret->hit = s->hit; + retsc->shutdown = sc->shutdown; + retsc->hit = sc->hit; - ret->default_passwd_callback = s->default_passwd_callback; - ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata; + retsc->default_passwd_callback = sc->default_passwd_callback; + retsc->default_passwd_callback_userdata = sc->default_passwd_callback_userdata; - X509_VERIFY_PARAM_inherit(ret->param, s->param); + X509_VERIFY_PARAM_inherit(retsc->param, sc->param); /* dup the cipher_list and cipher_list_by_id stacks */ - if (s->cipher_list != NULL) { - if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) + if (sc->cipher_list != NULL) { + if ((retsc->cipher_list = sk_SSL_CIPHER_dup(sc->cipher_list)) == NULL) goto err; } - if (s->cipher_list_by_id != NULL) - if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) + if (sc->cipher_list_by_id != NULL) + if ((retsc->cipher_list_by_id = sk_SSL_CIPHER_dup(sc->cipher_list_by_id)) == NULL) goto err; /* Dup the client_CA list */ - if (!dup_ca_names(&ret->ca_names, s->ca_names) - || !dup_ca_names(&ret->client_ca_names, s->client_ca_names)) + if (!dup_ca_names(&retsc->ca_names, sc->ca_names) + || !dup_ca_names(&retsc->client_ca_names, sc->client_ca_names)) goto err; return ret; @@ -4139,7 +4630,7 @@ SSL *SSL_dup(SSL *s) return NULL; } -void ssl_clear_cipher_ctx(SSL *s) +void ssl_clear_cipher_ctx(SSL_CONNECTION *s) { if (s->enc_read_ctx != NULL) { EVP_CIPHER_CTX_free(s->enc_read_ctx); @@ -4159,16 +4650,26 @@ void ssl_clear_cipher_ctx(SSL *s) X509 *SSL_get_certificate(const SSL *s) { - if (s->cert != NULL) - return s->cert->key->x509; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; + + if (sc->cert != NULL) + return sc->cert->key->x509; else return NULL; } EVP_PKEY *SSL_get_privatekey(const SSL *s) { - if (s->cert != NULL) - return s->cert->key->privatekey; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + if (sc->cert != NULL) + return sc->cert->key->privatekey; else return NULL; } @@ -4191,20 +4692,35 @@ EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) { - if ((s->session != NULL) && (s->session->cipher != NULL)) - return s->session->cipher; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + if ((sc->session != NULL) && (sc->session->cipher != NULL)) + return sc->session->cipher; return NULL; } const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s) { - return s->s3.tmp.new_cipher; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + return sc->s3.tmp.new_cipher; } const COMP_METHOD *SSL_get_current_compression(const SSL *s) { #ifndef OPENSSL_NO_COMP - return s->compress ? COMP_CTX_get_method(s->compress) : NULL; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s); + + if (sc == NULL) + return NULL; + + return sc->compress ? COMP_CTX_get_method(sc->compress) : NULL; #else return NULL; #endif @@ -4213,13 +4729,18 @@ const COMP_METHOD *SSL_get_current_compression(const SSL *s) const COMP_METHOD *SSL_get_current_expansion(const SSL *s) { #ifndef OPENSSL_NO_COMP - return s->expand ? COMP_CTX_get_method(s->expand) : NULL; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s); + + if (sc == NULL) + return NULL; + + return sc->expand ? COMP_CTX_get_method(sc->expand) : NULL; #else return NULL; #endif } -int ssl_init_wbio_buffer(SSL *s) +int ssl_init_wbio_buffer(SSL_CONNECTION *s) { BIO *bbio; @@ -4240,7 +4761,7 @@ int ssl_init_wbio_buffer(SSL *s) return 1; } -int ssl_free_wbio_buffer(SSL *s) +int ssl_free_wbio_buffer(SSL_CONNECTION *s) { /* callers ensure s is never null */ if (s->bbio == NULL) @@ -4265,32 +4786,68 @@ int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) void SSL_set_quiet_shutdown(SSL *s, int mode) { - s->quiet_shutdown = mode; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + /* TODO(QUIC): Do we want this for QUIC? */ + if (sc == NULL) + return; + + sc->quiet_shutdown = mode; } int SSL_get_quiet_shutdown(const SSL *s) { - return s->quiet_shutdown; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s); + + /* TODO(QUIC): Do we want this for QUIC? */ + if (sc == NULL) + return 0; + + return sc->quiet_shutdown; } void SSL_set_shutdown(SSL *s, int mode) { - s->shutdown = mode; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + /* TODO(QUIC): Do we want this for QUIC? */ + if (sc == NULL) + return; + + sc->shutdown = mode; } int SSL_get_shutdown(const SSL *s) { - return s->shutdown; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s); + + /* TODO(QUIC): Do we want this for QUIC? */ + if (sc == NULL) + return 0; + + return sc->shutdown; } int SSL_version(const SSL *s) { - return s->version; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + /* TODO(QUIC): Do we want to report QUIC version this way instead? */ + if (sc == NULL) + return 0; + + return sc->version; } int SSL_client_version(const SSL *s) { - return s->client_version; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + /* TODO(QUIC): Do we want to report QUIC version this way instead? */ + if (sc == NULL) + return 0; + + return sc->client_version; } SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) @@ -4301,28 +4858,34 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) { CERT *new_cert; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl); + + /* TODO(QUIC): Do we need this for QUIC support? */ + if (sc == NULL) + return NULL; + if (ssl->ctx == ctx) return ssl->ctx; if (ctx == NULL) - ctx = ssl->session_ctx; + ctx = sc->session_ctx; new_cert = ssl_cert_dup(ctx->cert); if (new_cert == NULL) { return NULL; } - if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) { + if (!custom_exts_copy_flags(&new_cert->custext, &sc->cert->custext)) { ssl_cert_free(new_cert); return NULL; } - ssl_cert_free(ssl->cert); - ssl->cert = new_cert; + ssl_cert_free(sc->cert); + sc->cert = new_cert; /* * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), * so setter APIs must prevent invalid lengths from entering the system. */ - if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx))) + if (!ossl_assert(sc->sid_ctx_length <= sizeof(sc->sid_ctx))) return NULL; /* @@ -4332,10 +4895,10 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) * leave it unchanged. */ if ((ssl->ctx != NULL) && - (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && - (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) { - ssl->sid_ctx_length = ctx->sid_ctx_length; - memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); + (sc->sid_ctx_length == ssl->ctx->sid_ctx_length) && + (memcmp(sc->sid_ctx, ssl->ctx->sid_ctx, sc->sid_ctx_length) == 0)) { + sc->sid_ctx_length = ctx->sid_ctx_length; + memcpy(&sc->sid_ctx, &ctx->sid_ctx, sizeof(sc->sid_ctx)); } SSL_CTX_up_ref(ctx); @@ -4438,7 +5001,12 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)) { - ssl->info_callback = cb; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return; + + sc->info_callback = cb; } /* @@ -4448,36 +5016,61 @@ void SSL_set_info_callback(SSL *ssl, void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ , int /* type */ , int /* val */ ) { - return ssl->info_callback; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl); + + if (sc == NULL) + return NULL; + + return sc->info_callback; } void SSL_set_verify_result(SSL *ssl, long arg) { - ssl->verify_result = arg; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return; + + sc->verify_result = arg; } long SSL_get_verify_result(const SSL *ssl) { - return ssl->verify_result; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl); + + if (sc == NULL) + return 0; + + return sc->verify_result; } size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) { + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl); + + if (sc == NULL) + return 0; + if (outlen == 0) - return sizeof(ssl->s3.client_random); - if (outlen > sizeof(ssl->s3.client_random)) - outlen = sizeof(ssl->s3.client_random); - memcpy(out, ssl->s3.client_random, outlen); + return sizeof(sc->s3.client_random); + if (outlen > sizeof(sc->s3.client_random)) + outlen = sizeof(sc->s3.client_random); + memcpy(out, sc->s3.client_random, outlen); return outlen; } size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) { + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl); + + if (sc == NULL) + return 0; + if (outlen == 0) - return sizeof(ssl->s3.server_random); - if (outlen > sizeof(ssl->s3.server_random)) - outlen = sizeof(ssl->s3.server_random); - memcpy(out, ssl->s3.server_random, outlen); + return sizeof(sc->s3.server_random); + if (outlen > sizeof(sc->s3.server_random)) + outlen = sizeof(sc->s3.server_random); + memcpy(out, sc->s3.server_random, outlen); return outlen; } @@ -4544,7 +5137,12 @@ void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) int SSL_want(const SSL *s) { - return s->rwstate; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return SSL_NOTHING; + + return sc->rwstate; } #ifndef OPENSSL_NO_PSK @@ -4566,40 +5164,53 @@ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) { - if (s == NULL) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) return 0; if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG); return 0; } - OPENSSL_free(s->cert->psk_identity_hint); + OPENSSL_free(sc->cert->psk_identity_hint); if (identity_hint != NULL) { - s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); - if (s->cert->psk_identity_hint == NULL) + sc->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); + if (sc->cert->psk_identity_hint == NULL) return 0; } else - s->cert->psk_identity_hint = NULL; + sc->cert->psk_identity_hint = NULL; return 1; } const char *SSL_get_psk_identity_hint(const SSL *s) { - if (s == NULL || s->session == NULL) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL || sc->session == NULL) return NULL; - return s->session->psk_identity_hint; + + return sc->session->psk_identity_hint; } const char *SSL_get_psk_identity(const SSL *s) { - if (s == NULL || s->session == NULL) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL || sc->session == NULL) return NULL; - return s->session->psk_identity; + + return sc->session->psk_identity; } void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb) { - s->psk_client_callback = cb; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + sc->psk_client_callback = cb; } void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb) @@ -4609,7 +5220,12 @@ void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb) void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb) { - s->psk_server_callback = cb; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + sc->psk_server_callback = cb; } void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb) @@ -4620,7 +5236,12 @@ void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb) void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb) { - s->psk_find_session_cb = cb; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + sc->psk_find_session_cb = cb; } void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, @@ -4631,7 +5252,12 @@ void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) { - s->psk_use_session_cb = cb; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + sc->psk_use_session_cb = cb; } void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, @@ -4707,10 +5333,14 @@ int SSL_set_record_padding_callback(SSL *ssl, size_t len, void *arg)) { BIO *b; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; b = SSL_get_wbio(ssl); if (b == NULL || !BIO_get_ktls_send(b)) { - ssl->record_padding_cb = cb; + sc->record_padding_cb = cb; return 1; } return 0; @@ -4718,21 +5348,36 @@ int SSL_set_record_padding_callback(SSL *ssl, void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg) { - ssl->record_padding_arg = arg; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return; + + sc->record_padding_arg = arg; } void *SSL_get_record_padding_callback_arg(const SSL *ssl) { - return ssl->record_padding_arg; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl); + + if (sc == NULL) + return NULL; + + return sc->record_padding_arg; } int SSL_set_block_padding(SSL *ssl, size_t block_size) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + /* block size of 0 or 1 is basically no padding */ if (block_size == 1) - ssl->block_padding = 0; + sc->block_padding = 0; else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH) - ssl->block_padding = block_size; + sc->block_padding = block_size; else return 0; return 1; @@ -4740,14 +5385,24 @@ int SSL_set_block_padding(SSL *ssl, size_t block_size) int SSL_set_num_tickets(SSL *s, size_t num_tickets) { - s->num_tickets = num_tickets; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + sc->num_tickets = num_tickets; return 1; } size_t SSL_get_num_tickets(const SSL *s) { - return s->num_tickets; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return sc->num_tickets; } int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) @@ -4789,7 +5444,8 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash) } /* Retrieve handshake hashes */ -int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, +int ssl_handshake_hash(SSL_CONNECTION *s, + unsigned char *out, size_t outlen, size_t *hashlen) { EVP_MD_CTX *ctx = NULL; @@ -4824,12 +5480,22 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, int SSL_session_reused(const SSL *s) { - return s->hit; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return sc->hit; } int SSL_is_server(const SSL *s) { - return s->server; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return sc->server; } #ifndef OPENSSL_NO_DEPRECATED_1_1_0 @@ -4843,12 +5509,22 @@ void SSL_set_debug(SSL *s, int debug) void SSL_set_security_level(SSL *s, int level) { - s->cert->sec_level = level; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + sc->cert->sec_level = level; } int SSL_get_security_level(const SSL *s) { - return s->cert->sec_level; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return sc->cert->sec_level; } void SSL_set_security_callback(SSL *s, @@ -4856,24 +5532,44 @@ void SSL_set_security_callback(SSL *s, int op, int bits, int nid, void *other, void *ex)) { - s->cert->sec_cb = cb; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + sc->cert->sec_cb = cb; } int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex) { - return s->cert->sec_cb; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + return sc->cert->sec_cb; } void SSL_set0_security_ex_data(SSL *s, void *ex) { - s->cert->sec_ex = ex; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + sc->cert->sec_ex = ex; } void *SSL_get0_security_ex_data(const SSL *s) { - return s->cert->sec_ex; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + return sc->cert->sec_ex; } void SSL_CTX_set_security_level(SSL_CTX *ctx, int level) @@ -4920,7 +5616,12 @@ uint64_t SSL_CTX_get_options(const SSL_CTX *ctx) uint64_t SSL_get_options(const SSL *s) { - return s->options; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return sc->options; } uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op) @@ -4930,7 +5631,12 @@ uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op) uint64_t SSL_set_options(SSL *s, uint64_t op) { - return s->options |= op; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + return sc->options |= op; } uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op) @@ -4940,12 +5646,22 @@ uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op) uint64_t SSL_clear_options(SSL *s, uint64_t op) { - return s->options &= ~op; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + return sc->options &= ~op; } STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s) { - return s->verified_chain; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return NULL; + + return sc->verified_chain; } IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); @@ -4993,7 +5709,7 @@ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, * Look for data collected during ServerHello and parse if found. * Returns the number of SCTs extracted. */ -static int ct_extract_tls_extension_scts(SSL *s) +static int ct_extract_tls_extension_scts(SSL_CONNECTION *s) { int scts_extracted = 0; @@ -5017,7 +5733,7 @@ static int ct_extract_tls_extension_scts(SSL *s) * - 0 if no OCSP response exists or it contains no SCTs. * - A negative integer if an error occurs. */ -static int ct_extract_ocsp_response_scts(SSL *s) +static int ct_extract_ocsp_response_scts(SSL_CONNECTION *s) { # ifndef OPENSSL_NO_OCSP int scts_extracted = 0; @@ -5068,7 +5784,7 @@ static int ct_extract_ocsp_response_scts(SSL *s) * Return the number of SCTs extracted, or a negative integer if an error * occurs. */ -static int ct_extract_x509v3_extension_scts(SSL *s) +static int ct_extract_x509v3_extension_scts(SSL_CONNECTION *s) { int scts_extracted = 0; X509 *cert = s->session != NULL ? s->session->peer : NULL; @@ -5093,15 +5809,20 @@ static int ct_extract_x509v3_extension_scts(SSL *s) */ const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s) { - if (!s->scts_parsed) { - if (ct_extract_tls_extension_scts(s) < 0 || - ct_extract_ocsp_response_scts(s) < 0 || - ct_extract_x509v3_extension_scts(s) < 0) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; + + if (!sc->scts_parsed) { + if (ct_extract_tls_extension_scts(sc) < 0 || + ct_extract_ocsp_response_scts(sc) < 0 || + ct_extract_x509v3_extension_scts(sc) < 0) goto err; - s->scts_parsed = 1; + sc->scts_parsed = 1; } - return s->scts; + return sc->scts; err: return NULL; } @@ -5132,6 +5853,11 @@ static int ct_strict(const CT_POLICY_EVAL_CTX * ctx, int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, void *arg) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + /* * Since code exists that uses the custom extension handler for CT, look * for this and throw an error if they have already registered to use CT. @@ -5151,8 +5877,8 @@ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, return 0; } - s->ct_validation_callback = callback; - s->ct_validation_callback_arg = arg; + sc->ct_validation_callback = callback; + sc->ct_validation_callback_arg = arg; return 1; } @@ -5178,7 +5904,12 @@ int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, int SSL_ct_is_enabled(const SSL *s) { - return s->ct_validation_callback != NULL; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return sc->ct_validation_callback != NULL; } int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx) @@ -5186,7 +5917,7 @@ int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx) return ctx->ct_validation_callback != NULL; } -int ssl_validate_ct(SSL *s) +int ssl_validate_ct(SSL_CONNECTION *s) { int ret = 0; X509 *cert = s->session != NULL ? s->session->peer : NULL; @@ -5223,7 +5954,8 @@ int ssl_validate_ct(SSL *s) } } - ctx = CT_POLICY_EVAL_CTX_new_ex(s->ctx->libctx, s->ctx->propq); + ctx = CT_POLICY_EVAL_CTX_new_ex(SSL_CONNECTION_GET_CTX(s)->libctx, + SSL_CONNECTION_GET_CTX(s)->propq); if (ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto end; @@ -5232,11 +5964,12 @@ int ssl_validate_ct(SSL *s) issuer = sk_X509_value(s->verified_chain, 1); CT_POLICY_EVAL_CTX_set1_cert(ctx, cert); CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer); - CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store); + CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, + SSL_CONNECTION_GET_CTX(s)->ctlog_store); CT_POLICY_EVAL_CTX_set_time( - ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000); + ctx, (uint64_t)SSL_SESSION_get_time(s->session) * 1000); - scts = SSL_get0_peer_scts(s); + scts = SSL_get0_peer_scts(SSL_CONNECTION_GET_SSL(s)); /* * This function returns success (> 0) only when all the SCTs are valid, 0 @@ -5343,52 +6076,82 @@ void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, int SSL_client_hello_isv2(SSL *s) { - if (s->clienthello == NULL) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->clienthello == NULL) return 0; - return s->clienthello->isv2; + return sc->clienthello->isv2; } unsigned int SSL_client_hello_get0_legacy_version(SSL *s) { - if (s->clienthello == NULL) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->clienthello == NULL) return 0; - return s->clienthello->legacy_version; + return sc->clienthello->legacy_version; } size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out) { - if (s->clienthello == NULL) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->clienthello == NULL) return 0; if (out != NULL) - *out = s->clienthello->random; + *out = sc->clienthello->random; return SSL3_RANDOM_SIZE; } size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out) { - if (s->clienthello == NULL) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->clienthello == NULL) return 0; if (out != NULL) - *out = s->clienthello->session_id; - return s->clienthello->session_id_len; + *out = sc->clienthello->session_id; + return sc->clienthello->session_id_len; } size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out) { - if (s->clienthello == NULL) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->clienthello == NULL) return 0; if (out != NULL) - *out = PACKET_data(&s->clienthello->ciphersuites); - return PACKET_remaining(&s->clienthello->ciphersuites); + *out = PACKET_data(&sc->clienthello->ciphersuites); + return PACKET_remaining(&sc->clienthello->ciphersuites); } size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out) { - if (s->clienthello == NULL) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->clienthello == NULL) return 0; if (out != NULL) - *out = s->clienthello->compressions; - return s->clienthello->compressions_len; + *out = sc->clienthello->compressions; + return sc->clienthello->compressions_len; } int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) @@ -5396,11 +6159,15 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) RAW_EXTENSION *ext; int *present; size_t num = 0, i; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - if (s->clienthello == NULL || out == NULL || outlen == NULL) + if (sc == NULL) return 0; - for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { - ext = s->clienthello->pre_proc_exts + i; + + if (sc->clienthello == NULL || out == NULL || outlen == NULL) + return 0; + for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) { + ext = sc->clienthello->pre_proc_exts + i; if (ext->present) num++; } @@ -5413,8 +6180,8 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; } - for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { - ext = s->clienthello->pre_proc_exts + i; + for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) { + ext = sc->clienthello->pre_proc_exts + i; if (ext->present) { if (ext->received_order >= num) goto err; @@ -5433,11 +6200,15 @@ int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, size_t *num_ext { RAW_EXTENSION *ext; size_t num = 0, i; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; - if (s->clienthello == NULL || num_exts == NULL) + if (sc->clienthello == NULL || num_exts == NULL) return 0; - for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { - ext = s->clienthello->pre_proc_exts + i; + for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) { + ext = sc->clienthello->pre_proc_exts + i; if (ext->present) num++; } @@ -5451,8 +6222,8 @@ int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, size_t *num_ext } if (*num_exts < num) return 0; - for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { - ext = s->clienthello->pre_proc_exts + i; + for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) { + ext = sc->clienthello->pre_proc_exts + i; if (ext->present) { if (ext->received_order >= num) return 0; @@ -5468,11 +6239,15 @@ int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **o { size_t i; RAW_EXTENSION *r; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - if (s->clienthello == NULL) + if (sc == NULL) return 0; - for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) { - r = s->clienthello->pre_proc_exts + i; + + if (sc->clienthello == NULL) + return 0; + for (i = 0; i < sc->clienthello->pre_proc_exts_len; ++i) { + r = sc->clienthello->pre_proc_exts + i; if (r->present && r->type == type) { if (out != NULL) *out = PACKET_data(&r->data); @@ -5486,7 +6261,13 @@ int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **o int SSL_free_buffers(SSL *ssl) { - RECORD_LAYER *rl = &ssl->rlayer; + RECORD_LAYER *rl; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + + rl = &sc->rlayer; if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl)) return 0; @@ -5497,7 +6278,12 @@ int SSL_free_buffers(SSL *ssl) int SSL_alloc_buffers(SSL *ssl) { - return ssl3_setup_buffers(ssl); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + + return ssl3_setup_buffers(sc); } void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) @@ -5511,7 +6297,7 @@ SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) } static int nss_keylog_int(const char *prefix, - SSL *ssl, + SSL_CONNECTION *sc, const uint8_t *parameter_1, size_t parameter_1_len, const uint8_t *parameter_2, @@ -5522,8 +6308,9 @@ static int nss_keylog_int(const char *prefix, size_t out_len = 0; size_t i; size_t prefix_len; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(sc); - if (ssl->ctx->keylog_callback == NULL) + if (sctx->keylog_callback == NULL) return 1; /* @@ -5537,7 +6324,7 @@ static int nss_keylog_int(const char *prefix, prefix_len = strlen(prefix); out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3; if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) { - SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); return 0; } @@ -5557,40 +6344,40 @@ static int nss_keylog_int(const char *prefix, } *cursor = '\0'; - ssl->ctx->keylog_callback(ssl, (const char *)out); + sctx->keylog_callback(SSL_CONNECTION_GET_SSL(sc), (const char *)out); OPENSSL_clear_free(out, out_len); return 1; } -int ssl_log_rsa_client_key_exchange(SSL *ssl, +int ssl_log_rsa_client_key_exchange(SSL_CONNECTION *sc, const uint8_t *encrypted_premaster, size_t encrypted_premaster_len, const uint8_t *premaster, size_t premaster_len) { if (encrypted_premaster_len < 8) { - SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } /* We only want the first 8 bytes of the encrypted premaster as a tag. */ return nss_keylog_int("RSA", - ssl, + sc, encrypted_premaster, 8, premaster, premaster_len); } -int ssl_log_secret(SSL *ssl, +int ssl_log_secret(SSL_CONNECTION *sc, const char *label, const uint8_t *secret, size_t secret_len) { return nss_keylog_int(label, - ssl, - ssl->s3.client_random, + sc, + sc->s3.client_random, SSL3_RANDOM_SIZE, secret, secret_len); @@ -5598,7 +6385,7 @@ int ssl_log_secret(SSL *ssl, #define SSLV2_CIPHER_LEN 3 -int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) +int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites, int sslv2format) { int n; @@ -5668,16 +6455,20 @@ int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, STACK_OF(SSL_CIPHER) **scsvs) { PACKET pkt; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; if (!PACKET_buf_init(&pkt, bytes, len)) return 0; - return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0); + return ossl_bytes_to_cipher_list(sc, &pkt, sk, scsvs, isv2format, 0); } -int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, - STACK_OF(SSL_CIPHER) **skp, - STACK_OF(SSL_CIPHER) **scsvs_out, - int sslv2format, int fatal) +int ossl_bytes_to_cipher_list(SSL_CONNECTION *s, PACKET *cipher_suites, + STACK_OF(SSL_CIPHER) **skp, + STACK_OF(SSL_CIPHER) **scsvs_out, + int sslv2format, int fatal) { const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk = NULL; @@ -5774,14 +6565,24 @@ uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx) int SSL_set_max_early_data(SSL *s, uint32_t max_early_data) { - s->max_early_data = max_early_data; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + sc->max_early_data = max_early_data; return 1; } uint32_t SSL_get_max_early_data(const SSL *s) { - return s->max_early_data; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return sc->max_early_data; } int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data) @@ -5798,44 +6599,59 @@ uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx) int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data) { - s->recv_max_early_data = recv_max_early_data; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + sc->recv_max_early_data = recv_max_early_data; return 1; } uint32_t SSL_get_recv_max_early_data(const SSL *s) { - return s->recv_max_early_data; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return sc->recv_max_early_data; } -__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl) +__owur unsigned int ssl_get_max_send_fragment(const SSL_CONNECTION *sc) { /* Return any active Max Fragment Len extension */ - if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)) - return GET_MAX_FRAGMENT_LENGTH(ssl->session); + if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session)) + return GET_MAX_FRAGMENT_LENGTH(sc->session); /* return current SSL connection setting */ - return ssl->max_send_fragment; + return sc->max_send_fragment; } -__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl) +__owur unsigned int ssl_get_split_send_fragment(const SSL_CONNECTION *sc) { /* Return a value regarding an active Max Fragment Len extension */ - if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session) - && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session)) - return GET_MAX_FRAGMENT_LENGTH(ssl->session); + if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session) + && sc->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(sc->session)) + return GET_MAX_FRAGMENT_LENGTH(sc->session); /* else limit |split_send_fragment| to current |max_send_fragment| */ - if (ssl->split_send_fragment > ssl->max_send_fragment) - return ssl->max_send_fragment; + if (sc->split_send_fragment > sc->max_send_fragment) + return sc->max_send_fragment; /* return current SSL connection setting */ - return ssl->split_send_fragment; + return sc->split_send_fragment; } int SSL_stateless(SSL *s) { int ret; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + /* TODO(QUIC): This will need further work. */ + if (sc == NULL) + return 0; /* Ensure there is no state left over from a previous invocation */ if (!SSL_clear(s)) @@ -5843,14 +6659,14 @@ int SSL_stateless(SSL *s) ERR_clear_error(); - s->s3.flags |= TLS1_FLAGS_STATELESS; + sc->s3.flags |= TLS1_FLAGS_STATELESS; ret = SSL_accept(s); - s->s3.flags &= ~TLS1_FLAGS_STATELESS; + sc->s3.flags &= ~TLS1_FLAGS_STATELESS; - if (ret > 0 && s->ext.cookieok) + if (ret > 0 && sc->ext.cookieok) return 1; - if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s)) + if (sc->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(sc)) return 0; return -1; @@ -5863,16 +6679,26 @@ void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) void SSL_set_post_handshake_auth(SSL *ssl, int val) { - ssl->pha_enabled = val; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return; + + sc->pha_enabled = val; } int SSL_verify_client_post_handshake(SSL *ssl) { - if (!SSL_IS_TLS13(ssl)) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + + if (!SSL_CONNECTION_IS_TLS13(sc)) { ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION); return 0; } - if (!ssl->server) { + if (!sc->server) { ERR_raise(ERR_LIB_SSL, SSL_R_NOT_SERVER); return 0; } @@ -5882,7 +6708,7 @@ int SSL_verify_client_post_handshake(SSL *ssl) return 0; } - switch (ssl->post_handshake_auth) { + switch (sc->post_handshake_auth) { case SSL_PHA_NONE: ERR_raise(ERR_LIB_SSL, SSL_R_EXTENSION_NOT_RECEIVED); return 0; @@ -5900,16 +6726,16 @@ int SSL_verify_client_post_handshake(SSL *ssl) return 0; } - ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING; + sc->post_handshake_auth = SSL_PHA_REQUEST_PENDING; /* checks verify_mode and algorithm_auth */ - if (!send_certificate_request(ssl)) { - ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */ + if (!send_certificate_request(sc)) { + sc->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */ ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIG); return 0; } - ossl_statem_set_in_init(ssl, 1); + ossl_statem_set_in_init(sc, 1); return 1; } @@ -5936,8 +6762,13 @@ void SSL_set_allow_early_data_cb(SSL *s, SSL_allow_early_data_cb_fn cb, void *arg) { - s->allow_early_data_cb = cb; - s->allow_early_data_cb_data = arg; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + sc->allow_early_data_cb = cb; + sc->allow_early_data_cb_data = arg; } const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, @@ -6034,13 +6865,18 @@ void ssl_evp_md_free(const EVP_MD *md) int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey) { - if (!ssl_security(s, SSL_SECOP_TMP_DH, + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (!ssl_security(sc, SSL_SECOP_TMP_DH, EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); return 0; } - EVP_PKEY_free(s->cert->dh_tmp); - s->cert->dh_tmp = dhpkey; + EVP_PKEY_free(sc->cert->dh_tmp); + sc->cert->dh_tmp = dhpkey; return 1; } diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 6274b2e228c645..8b27e792aef570 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -338,45 +338,47 @@ # define SSL3_CK_CIPHERSUITE_FLAG 0x03000000 /* Check if an SSL structure is using DTLS */ -# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) +# define SSL_CONNECTION_IS_DTLS(s) \ + (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) /* Check if we are using TLSv1.3 */ -# define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \ - && (s)->method->version >= TLS1_3_VERSION \ - && (s)->method->version != TLS_ANY_VERSION) +# define SSL_CONNECTION_IS_TLS13(s) (!SSL_CONNECTION_IS_DTLS(s) \ + && SSL_CONNECTION_GET_SSL(s)->method->version >= TLS1_3_VERSION \ + && SSL_CONNECTION_GET_SSL(s)->method->version != TLS_ANY_VERSION) -# define SSL_TREAT_AS_TLS13(s) \ - (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \ +# define SSL_CONNECTION_TREAT_AS_TLS13(s) \ + (SSL_CONNECTION_IS_TLS13(s) \ + || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \ || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \ || (s)->early_data_state == SSL_EARLY_DATA_WRITING \ || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \ || (s)->hello_retry_request == SSL_HRR_PENDING) -# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3.tmp.finish_md_len == 0 \ +# define SSL_IS_FIRST_HANDSHAKE(s) ((s)->s3.tmp.finish_md_len == 0 \ || (s)->s3.tmp.peer_finish_md_len == 0) /* See if we need explicit IV */ # define SSL_USE_EXPLICIT_IV(s) \ - (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) + (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) /* * See if we use signature algorithms extension and signature algorithm * before signatures. */ # define SSL_USE_SIGALGS(s) \ - (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) + (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) /* * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may * apply to others in future. */ # define SSL_USE_TLS1_2_CIPHERS(s) \ - (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) + (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) /* * Determine if a client can use TLS 1.2 ciphersuites: can't rely on method * flags because it may not be set to correct version yet. */ # define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \ - ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \ - (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION))) + ((!SSL_CONNECTION_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \ + (SSL_CONNECTION_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION))) /* * Determine if a client should send signature algorithms extension: * as with TLS1.2 cipher we can't rely on method flags. @@ -487,9 +489,12 @@ struct ssl_method_st { int version; unsigned flags; unsigned long mask; - int (*ssl_new) (SSL *s); - int (*ssl_clear) (SSL *s); + SSL *(*ssl_new) (SSL_CTX *ctx); void (*ssl_free) (SSL *s); + int (*ssl_reset) (SSL *s); + int (*ssl_init) (SSL *s); + int (*ssl_clear) (SSL *s); + void (*ssl_deinit) (SSL *s); int (*ssl_accept) (SSL *s); int (*ssl_connect) (SSL *s); int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes); @@ -1209,14 +1214,32 @@ struct ssl_ctx_st { typedef struct cert_pkey_st CERT_PKEY; +#define SSL_TYPE_SSL_CONNECTION 0 +#define SSL_TYPE_QUIC_CONNECTION 1 +#define SSL_TYPE_QUIC_STREAM 2 + struct ssl_st { + int type; + SSL_CTX *ctx; + const SSL_METHOD *method; + CRYPTO_REF_COUNT references; + CRYPTO_RWLOCK *lock; + /* extra application data */ + CRYPTO_EX_DATA ex_data; +}; + +struct ssl_connection_st { + /* type identifier and common data */ + struct ssl_st ssl; +#ifndef OPENSSL_NO_QUIC + /* pointer to parent SSL of QUIC_CONNECTION or self */ + struct ssl_st *user_ssl; +#endif /* * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, * DTLS1_VERSION) */ int version; - /* SSLv3 */ - const SSL_METHOD *method; /* * There are 2 BIO's even though they are normally both the same. This * is so data can be read and written to different handlers @@ -1535,12 +1558,9 @@ struct ssl_st { SSL_psk_find_session_cb_func psk_find_session_cb; SSL_psk_use_session_cb_func psk_use_session_cb; - SSL_CTX *ctx; /* Verified chain of peer */ STACK_OF(X509) *verified_chain; long verify_result; - /* extra application data */ - CRYPTO_EX_DATA ex_data; /* * What we put in certificate_authorities extension for TLS 1.3 * (ClientHello and CertificateRequest) or just client cert requests for @@ -1549,7 +1569,6 @@ struct ssl_st { */ STACK_OF(X509_NAME) *ca_names; STACK_OF(X509_NAME) *client_ca_names; - CRYPTO_REF_COUNT references; /* protocol behaviour */ uint64_t options; /* API behaviour */ @@ -1776,8 +1795,6 @@ struct ssl_st { void *record_padding_arg; size_t block_padding; - CRYPTO_RWLOCK *lock; - /* The number of TLS1.3 tickets to automatically send */ size_t num_tickets; /* The number of TLS1.3 tickets actually sent so far */ @@ -1801,6 +1818,39 @@ struct ssl_st { size_t shared_sigalgslen; }; +# define SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, c) \ + ((ssl) == NULL ? NULL \ + : ((ssl)->type == SSL_TYPE_SSL_CONNECTION \ + ? (c SSL_CONNECTION *)(ssl) \ + : NULL)) +# define SSL_CONNECTION_NO_CONST +# define SSL_CONNECTION_FROM_SSL_ONLY(ssl) \ + SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, SSL_CONNECTION_NO_CONST) +# define SSL_CONNECTION_FROM_CONST_SSL_ONLY(ssl) \ + SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, const) +# define SSL_CONNECTION_GET_CTX(sc) ((sc)->ssl.ctx) +# ifndef OPENSSL_NO_QUIC +# include "quic/quic_local.h" +# define SSL_CONNECTION_FROM_SSL_int(ssl, c) \ + ((ssl) == NULL ? NULL \ + : ((ssl)->type == SSL_TYPE_SSL_CONNECTION \ + ? (c SSL_CONNECTION *)(ssl) \ + : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \ + ? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \ + : NULL))) +# define SSL_CONNECTION_FROM_SSL(ssl) \ + SSL_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST) +# define SSL_CONNECTION_FROM_CONST_SSL(ssl) \ + SSL_CONNECTION_FROM_SSL_int(ssl, const) +# define SSL_CONNECTION_GET_SSL(sc) ((sc)->user_ssl) +# else +# define SSL_CONNECTION_FROM_SSL(ssl) \ + SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, SSL_CONNECTION_NO_CONST) +# define SSL_CONNECTION_FROM_CONST_SSL(ssl) \ + SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, const) +# define SSL_CONNECTION_GET_SSL(sc) (&(sc)->ssl) +# endif + /* * Structure containing table entry of values associated with the signature * algorithms (signature scheme) extension @@ -2075,37 +2125,39 @@ typedef struct cert_st { * of a mess of functions, but hell, think of it as an opaque structure :-) */ typedef struct ssl3_enc_method { - int (*enc) (SSL *, SSL3_RECORD *, size_t, int, SSL_MAC_BUF *, size_t); - int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int); - int (*setup_key_block) (SSL *); - int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *, - size_t, size_t *); - int (*change_cipher_state) (SSL *, int); - size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *); + int (*enc) (SSL_CONNECTION *, SSL3_RECORD *, size_t, int, + SSL_MAC_BUF *, size_t); + int (*mac) (SSL_CONNECTION *, SSL3_RECORD *, unsigned char *, int); + int (*setup_key_block) (SSL_CONNECTION *); + int (*generate_master_secret) (SSL_CONNECTION *, unsigned char *, + unsigned char *, size_t, size_t *); + int (*change_cipher_state) (SSL_CONNECTION *, int); + size_t (*final_finish_mac) (SSL_CONNECTION *, const char *, size_t, + unsigned char *); const char *client_finished_label; size_t client_finished_label_len; const char *server_finished_label; size_t server_finished_label_len; int (*alert_value) (int); - int (*export_keying_material) (SSL *, unsigned char *, size_t, + int (*export_keying_material) (SSL_CONNECTION *, unsigned char *, size_t, const char *, size_t, const unsigned char *, size_t, int use_context); /* Various flags indicating protocol version requirements */ uint32_t enc_flags; /* Set the handshake header */ - int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type); + int (*set_handshake_header) (SSL_CONNECTION *s, WPACKET *pkt, int type); /* Close construction of the handshake message */ - int (*close_construct_packet) (SSL *s, WPACKET *pkt, int htype); + int (*close_construct_packet) (SSL_CONNECTION *s, WPACKET *pkt, int htype); /* Write out handshake message */ - int (*do_write) (SSL *s); + int (*do_write) (SSL_CONNECTION *s); } SSL3_ENC_METHOD; # define ssl_set_handshake_header(s, pkt, htype) \ - s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype)) + SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->set_handshake_header((s), (pkt), (htype)) # define ssl_close_construct_packet(s, pkt, htype) \ - s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype)) -# define ssl_do_write(s) s->method->ssl3_enc->do_write(s) + SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->close_construct_packet((s), (pkt), (htype)) +# define ssl_do_write(s) SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->do_write(s) /* Values for enc_flags */ @@ -2248,6 +2300,9 @@ const SSL_METHOD *func_name(void) \ version, \ flags, \ mask, \ + ossl_ssl_connection_new, \ + ossl_ssl_connection_free, \ + ossl_ssl_connection_reset, \ tls1_new, \ tls1_clear, \ tls1_free, \ @@ -2285,6 +2340,9 @@ const SSL_METHOD *func_name(void) \ SSL3_VERSION, \ SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \ SSL_OP_NO_SSLv3, \ + ossl_ssl_connection_new, \ + ossl_ssl_connection_free, \ + ossl_ssl_connection_reset, \ ssl3_new, \ ssl3_clear, \ ssl3_free, \ @@ -2323,6 +2381,9 @@ const SSL_METHOD *func_name(void) \ version, \ flags, \ mask, \ + ossl_ssl_connection_new, \ + ossl_ssl_connection_free, \ + ossl_ssl_connection_reset, \ dtls1_new, \ dtls1_clear, \ dtls1_free, \ @@ -2354,14 +2415,14 @@ const SSL_METHOD *func_name(void) \ } struct openssl_ssl_test_functions { - int (*p_ssl_init_wbio_buffer) (SSL *s); - int (*p_ssl3_setup_buffers) (SSL *s); + int (*p_ssl_init_wbio_buffer) (SSL_CONNECTION *s); + int (*p_ssl3_setup_buffers) (SSL_CONNECTION *s); }; const char *ssl_protocol_to_string(int version); /* Returns true if certificate and private key for 'idx' are present */ -static ossl_inline int ssl_has_cert(const SSL *s, int idx) +static ossl_inline int ssl_has_cert(const SSL_CONNECTION *s, int idx) { if (idx < 0 || idx >= SSL_PKEY_NUM) return 0; @@ -2369,7 +2430,8 @@ static ossl_inline int ssl_has_cert(const SSL *s, int idx) && s->cert->pkeys[idx].privatekey != NULL; } -static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups, +static ossl_inline void tls1_get_peer_groups(SSL_CONNECTION *s, + const uint16_t **pgroups, size_t *pgroupslen) { *pgroups = s->ext.peer_supportedgroups; @@ -2378,19 +2440,25 @@ static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups, # ifndef OPENSSL_UNIT_TEST +__owur int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, int type); +__owur SSL *ossl_ssl_connection_new(SSL_CTX *ctx); +void ossl_ssl_connection_free(SSL *ssl); +__owur int ossl_ssl_connection_reset(SSL *ssl); + __owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes); __owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written); -void ssl_clear_cipher_ctx(SSL *s); -int ssl_clear_bad_session(SSL *s); +void ssl_clear_cipher_ctx(SSL_CONNECTION *s); +int ssl_clear_bad_session(SSL_CONNECTION *s); __owur CERT *ssl_cert_new(void); __owur CERT *ssl_cert_dup(CERT *cert); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); -__owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss); -__owur int ssl_get_new_session(SSL *s, int session); -__owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, +__owur int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss); +__owur int ssl_get_new_session(SSL_CONNECTION *s, int session); +__owur SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s, + const unsigned char *sess_id, size_t sess_id_len); -__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); +__owur int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello); __owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); @@ -2402,12 +2470,13 @@ __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, STACK_OF(SSL_CIPHER) **cipher_list_by_id, const char *rule_str, CERT *c); -__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format); -__owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, - STACK_OF(SSL_CIPHER) **skp, - STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, - int fatal); -void ssl_update_cache(SSL *s, int mode); +__owur int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites, + int sslv2format); +__owur int ossl_bytes_to_cipher_list(SSL_CONNECTION *s, PACKET *cipher_suites, + STACK_OF(SSL_CIPHER) **skp, + STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, + int fatal); +void ssl_update_cache(SSL_CONNECTION *s, int mode); __owur int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, const EVP_CIPHER **enc); __owur int ssl_cipher_get_evp(SSL_CTX *ctxc, const SSL_SESSION *s, @@ -2418,24 +2487,27 @@ __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, size_t *int_overhead, size_t *blocksize, size_t *ext_overhead); __owur int ssl_cert_is_disabled(SSL_CTX *ctx, size_t idx); -__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, +__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL_CONNECTION *ssl, const unsigned char *ptr, int all); -__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); -__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); -__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); -__owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); +__owur int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx, + STACK_OF(X509) *chain); +__owur int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx, + STACK_OF(X509) *chain); +__owur int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x); +__owur int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_select_current(CERT *c, X509 *x); __owur int ssl_cert_set_current(CERT *c, long arg); void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg); -__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); -__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); +__owur int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk); +__owur int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags); __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); __owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain); -__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); +__owur int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, + void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other); int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp); @@ -2448,51 +2520,52 @@ __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx); int ssl_undefined_function(SSL *s); __owur int ssl_undefined_void_function(void); __owur int ssl_undefined_const_function(const SSL *s); -__owur int ssl_get_server_cert_serverinfo(SSL *s, +__owur int ssl_get_server_cert_serverinfo(SSL_CONNECTION *s, const unsigned char **serverinfo, size_t *serverinfo_length); -void ssl_set_masks(SSL *s); -__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); +void ssl_set_masks(SSL_CONNECTION *s); +__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL_CONNECTION *sc); __owur int ssl_x509err2alert(int type); void ssl_sort_cipher_list(void); int ssl_load_ciphers(SSL_CTX *ctx); __owur int ssl_setup_sig_algs(SSL_CTX *ctx); int ssl_load_groups(SSL_CTX *ctx); -__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, - size_t len, DOWNGRADE dgrd); -__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, - int free_pms); -__owur EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm); -__owur int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen); -__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, +__owur int ssl_fill_hello_random(SSL_CONNECTION *s, int server, + unsigned char *field, size_t len, + DOWNGRADE dgrd); +__owur int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms, + size_t pmslen, int free_pms); +__owur EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm); +__owur int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen); +__owur int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int genmaster); -__owur int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, +__owur int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey, const unsigned char *ct, size_t ctlen, int gensecret); -__owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, +__owur int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey, unsigned char **ctp, size_t *ctlenp, int gensecret); __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); __owur int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, void *key); -__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl); -__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl); +__owur unsigned int ssl_get_max_send_fragment(const SSL_CONNECTION *sc); +__owur unsigned int ssl_get_split_send_fragment(const SSL_CONNECTION *sc); __owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id); __owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname); __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len); -int ssl3_init_finished_mac(SSL *s); -__owur int ssl3_setup_key_block(SSL *s); -__owur int ssl3_change_cipher_state(SSL *s, int which); -void ssl3_cleanup_key_block(SSL *s); -__owur int ssl3_do_write(SSL *s, int type); -int ssl3_send_alert(SSL *s, int level, int desc); -__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out, +int ssl3_init_finished_mac(SSL_CONNECTION *s); +__owur int ssl3_setup_key_block(SSL_CONNECTION *s); +__owur int ssl3_change_cipher_state(SSL_CONNECTION *s, int which); +void ssl3_cleanup_key_block(SSL_CONNECTION *s); +__owur int ssl3_do_write(SSL_CONNECTION *s, int type); +int ssl3_send_alert(SSL_CONNECTION *s, int level, int desc); +__owur int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, unsigned char *p, size_t len, size_t *secret_size); -__owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt); +__owur int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt); __owur int ssl3_num_ciphers(void); __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u); int ssl3_renegotiate(SSL *ssl); @@ -2500,16 +2573,17 @@ int ssl3_renegotiate_check(SSL *ssl, int initok); void ssl3_digest_master_key_set_params(const SSL_SESSION *session, OSSL_PARAM params[]); __owur int ssl3_dispatch_alert(SSL *s); -__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen, - unsigned char *p); -__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len); -void ssl3_free_digest_list(SSL *s); -__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, +__owur size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender, + size_t slen, unsigned char *p); +__owur int ssl3_finish_mac(SSL_CONNECTION *s, const unsigned char *buf, + size_t len); +void ssl3_free_digest_list(SSL_CONNECTION *s); +__owur unsigned long ssl3_output_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, CERT_PKEY *cpk); -__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, +__owur const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr); -__owur int ssl3_digest_cached_records(SSL *s, int keep); +__owur int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep); __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); __owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes); @@ -2522,34 +2596,35 @@ __owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); __owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); __owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void)); -__owur int ssl3_do_change_cipher_spec(SSL *ssl); +__owur int ssl3_do_change_cipher_spec(SSL_CONNECTION *s); __owur long ssl3_default_timeout(void); -__owur int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype); -__owur int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype); -__owur int tls_setup_handshake(SSL *s); -__owur int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype); -__owur int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype); -__owur int ssl3_handshake_write(SSL *s); +__owur int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, + int htype); +__owur int tls_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype); +__owur int tls_setup_handshake(SSL_CONNECTION *s); +__owur int dtls1_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype); +__owur int dtls1_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype); +__owur int ssl3_handshake_write(SSL_CONNECTION *s); -__owur int ssl_allow_compression(SSL *s); +__owur int ssl_allow_compression(SSL_CONNECTION *s); -__owur int ssl_version_supported(const SSL *s, int version, +__owur int ssl_version_supported(const SSL_CONNECTION *s, int version, const SSL_METHOD **meth); -__owur int ssl_set_client_hello_version(SSL *s); -__owur int ssl_check_version_downgrade(SSL *s); +__owur int ssl_set_client_hello_version(SSL_CONNECTION *s); +__owur int ssl_check_version_downgrade(SSL_CONNECTION *s); __owur int ssl_set_version_bound(int method_version, int version, int *bound); -__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, +__owur int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd); -__owur int ssl_choose_client_version(SSL *s, int version, +__owur int ssl_choose_client_version(SSL_CONNECTION *s, int version, RAW_EXTENSION *extensions); -__owur int ssl_get_min_max_version(const SSL *s, int *min_version, +__owur int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version, int *max_version, int *real_max); __owur long tls1_default_timeout(void); -__owur int dtls1_do_write(SSL *s, int type); -void dtls1_set_message_header(SSL *s, +__owur int dtls1_do_write(SSL_CONNECTION *s, int type); +void dtls1_set_message_header(SSL_CONNECTION *s, unsigned char mt, size_t len, size_t frag_off, size_t frag_len); @@ -2557,27 +2632,29 @@ void dtls1_set_message_header(SSL *s, int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, size_t *written); -__owur int dtls1_read_failed(SSL *s, int code); -__owur int dtls1_buffer_message(SSL *s, int ccs); -__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found); +__owur int dtls1_read_failed(SSL_CONNECTION *s, int code); +__owur int dtls1_buffer_message(SSL_CONNECTION *s, int ccs); +__owur int dtls1_retransmit_message(SSL_CONNECTION *s, unsigned short seq, + int *found); __owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs); -int dtls1_retransmit_buffered_messages(SSL *s); -void dtls1_clear_received_buffer(SSL *s); -void dtls1_clear_sent_buffer(SSL *s); +int dtls1_retransmit_buffered_messages(SSL_CONNECTION *s); +void dtls1_clear_received_buffer(SSL_CONNECTION *s); +void dtls1_clear_sent_buffer(SSL_CONNECTION *s); void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); __owur long dtls1_default_timeout(void); -__owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft); -__owur int dtls1_check_timeout_num(SSL *s); -__owur int dtls1_handle_timeout(SSL *s); -void dtls1_start_timer(SSL *s); -void dtls1_stop_timer(SSL *s); -__owur int dtls1_is_timer_expired(SSL *s); +__owur struct timeval *dtls1_get_timeout(SSL_CONNECTION *s, + struct timeval *timeleft); +__owur int dtls1_check_timeout_num(SSL_CONNECTION *s); +__owur int dtls1_handle_timeout(SSL_CONNECTION *s); +void dtls1_start_timer(SSL_CONNECTION *s); +void dtls1_stop_timer(SSL_CONNECTION *s); +__owur int dtls1_is_timer_expired(SSL_CONNECTION *s); __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, size_t cookie_len); -__owur size_t dtls1_min_mtu(SSL *s); +__owur size_t dtls1_min_mtu(SSL_CONNECTION *s); void dtls1_hm_fragment_free(hm_fragment *frag); -__owur int dtls1_query_mtu(SSL *s); +__owur int dtls1_query_mtu(SSL_CONNECTION *s); __owur int tls1_new(SSL *s); void tls1_free(SSL *s); @@ -2591,64 +2668,66 @@ __owur int dtls1_shutdown(SSL *s); __owur int dtls1_dispatch_alert(SSL *s); -__owur int ssl_init_wbio_buffer(SSL *s); -int ssl_free_wbio_buffer(SSL *s); +__owur int ssl_init_wbio_buffer(SSL_CONNECTION *s); +int ssl_free_wbio_buffer(SSL_CONNECTION *s); -__owur int tls1_change_cipher_state(SSL *s, int which); -__owur int tls1_setup_key_block(SSL *s); -__owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, - unsigned char *p); -__owur int tls1_generate_master_secret(SSL *s, unsigned char *out, +__owur int tls1_change_cipher_state(SSL_CONNECTION *s, int which); +__owur int tls1_setup_key_block(SSL_CONNECTION *s); +__owur size_t tls1_final_finish_mac(SSL_CONNECTION *s, const char *str, + size_t slen, unsigned char *p); +__owur int tls1_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, unsigned char *p, size_t len, size_t *secret_size); -__owur int tls13_setup_key_block(SSL *s); -__owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, +__owur int tls13_setup_key_block(SSL_CONNECTION *s); +__owur size_t tls13_final_finish_mac(SSL_CONNECTION *s, const char *str, size_t slen, unsigned char *p); -__owur int tls13_change_cipher_state(SSL *s, int which); -__owur int tls13_update_key(SSL *s, int send); -__owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md, +__owur int tls13_change_cipher_state(SSL_CONNECTION *s, int which); +__owur int tls13_update_key(SSL_CONNECTION *s, int send); +__owur int tls13_hkdf_expand(SSL_CONNECTION *s, const EVP_MD *md, const unsigned char *secret, const unsigned char *label, size_t labellen, const unsigned char *data, size_t datalen, unsigned char *out, size_t outlen, int fatal); -__owur int tls13_derive_key(SSL *s, const EVP_MD *md, +__owur int tls13_derive_key(SSL_CONNECTION *s, const EVP_MD *md, const unsigned char *secret, unsigned char *key, size_t keylen); -__owur int tls13_derive_iv(SSL *s, const EVP_MD *md, +__owur int tls13_derive_iv(SSL_CONNECTION *s, const EVP_MD *md, const unsigned char *secret, unsigned char *iv, size_t ivlen); -__owur int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, +__owur int tls13_derive_finishedkey(SSL_CONNECTION *s, const EVP_MD *md, const unsigned char *secret, unsigned char *fin, size_t finlen); -int tls13_generate_secret(SSL *s, const EVP_MD *md, +int tls13_generate_secret(SSL_CONNECTION *s, const EVP_MD *md, const unsigned char *prevsecret, const unsigned char *insecret, size_t insecretlen, unsigned char *outsecret); -__owur int tls13_generate_handshake_secret(SSL *s, +__owur int tls13_generate_handshake_secret(SSL_CONNECTION *s, const unsigned char *insecret, size_t insecretlen); -__owur int tls13_generate_master_secret(SSL *s, unsigned char *out, +__owur int tls13_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, unsigned char *prev, size_t prevlen, size_t *secret_size); -__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, +__owur int tls1_export_keying_material(SSL_CONNECTION *s, + unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, int use_context); -__owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, +__owur int tls13_export_keying_material(SSL_CONNECTION *s, + unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *context, size_t contextlen, int use_context); -__owur int tls13_export_keying_material_early(SSL *s, unsigned char *out, - size_t olen, const char *label, - size_t llen, +__owur int tls13_export_keying_material_early(SSL_CONNECTION *s, + unsigned char *out, size_t olen, + const char *label, size_t llen, const unsigned char *context, size_t contextlen); __owur int tls1_alert_code(int code); __owur int tls13_alert_code(int code); __owur int ssl3_alert_code(int code); -__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); +__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CONNECTION *s); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); @@ -2657,80 +2736,87 @@ __owur uint16_t ssl_group_id_tls13_to_internal(uint16_t curve_id); __owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id); __owur int tls1_group_id2nid(uint16_t group_id, int include_unknown); __owur uint16_t tls1_nid2group_id(int nid); -__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves); -__owur uint16_t tls1_shared_group(SSL *s, int nmatch); +__owur int tls1_check_group_id(SSL_CONNECTION *s, uint16_t group_id, + int check_own_curves); +__owur uint16_t tls1_shared_group(SSL_CONNECTION *s, int nmatch); __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen, int *curves, size_t ncurves); __owur int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, const char *str); -__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id); -__owur int tls_valid_group(SSL *s, uint16_t group_id, int minversion, +__owur EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id); +__owur int tls_valid_group(SSL_CONNECTION *s, uint16_t group_id, int minversion, int maxversion, int isec, int *okfortls13); -__owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id); -void tls1_get_formatlist(SSL *s, const unsigned char **pformats, +__owur EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id); +void tls1_get_formatlist(SSL_CONNECTION *s, const unsigned char **pformats, size_t *num_formats); -__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); +__owur int tls1_check_ec_tmp_key(SSL_CONNECTION *s, unsigned long id); -__owur int tls_group_allowed(SSL *s, uint16_t curve, int op); -void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, +__owur int tls_group_allowed(SSL_CONNECTION *s, uint16_t curve, int op); +void tls1_get_supported_groups(SSL_CONNECTION *s, const uint16_t **pgroups, size_t *pgroupslen); -__owur int tls1_set_server_sigalgs(SSL *s); +__owur int tls1_set_server_sigalgs(SSL_CONNECTION *s); -__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, +__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL_CONNECTION *s, + CLIENTHELLO_MSG *hello, SSL_SESSION **ret); -__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, +__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s, + const unsigned char *etick, size_t eticklen, const unsigned char *sess_id, size_t sesslen, SSL_SESSION **psess); -__owur int tls_use_ticket(SSL *s); +__owur int tls_use_ticket(SSL_CONNECTION *s); -void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op); +void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op); __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); __owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, int client); __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client); -int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, - int idx); -void tls1_set_cert_validity(SSL *s); +int tls1_check_chain(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pk, + STACK_OF(X509) *chain, int idx); +void tls1_set_cert_validity(SSL_CONNECTION *s); # ifndef OPENSSL_NO_CT -__owur int ssl_validate_ct(SSL *s); +__owur int ssl_validate_ct(SSL_CONNECTION *s); # endif -__owur EVP_PKEY *ssl_get_auto_dh(SSL *s); +__owur EVP_PKEY *ssl_get_auto_dh(SSL_CONNECTION *s); -__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee); -__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, - int vfy); +__owur int ssl_security_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, int vfy, + int is_ee); +__owur int ssl_security_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk, + X509 *ex, int vfy); -int tls_choose_sigalg(SSL *s, int fatalerrs); +int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs); __owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); void ssl_clear_hash_ctx(EVP_MD_CTX **hash); -__owur long ssl_get_algorithm2(SSL *s); -__owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, +__owur long ssl_get_algorithm2(SSL_CONNECTION *s); +__owur int tls12_copy_sigalgs(SSL_CONNECTION *s, WPACKET *pkt, const uint16_t *psig, size_t psiglen); __owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen); -__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert); -__owur int tls1_process_sigalgs(SSL *s); -__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); +__owur int tls1_save_sigalgs(SSL_CONNECTION *s, PACKET *pkt, int cert); +__owur int tls1_process_sigalgs(SSL_CONNECTION *s); +__owur int tls1_set_peer_legacy_sigalg(SSL_CONNECTION *s, const EVP_PKEY *pkey); __owur int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd); -__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); -__owur int tls_check_sigalg_curve(const SSL *s, int curve); -__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey); -__owur int ssl_set_client_disabled(SSL *s); -__owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde); - -__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, - size_t *hashlen); +__owur size_t tls12_get_psigalgs(SSL_CONNECTION *s, int sent, + const uint16_t **psigs); +__owur int tls_check_sigalg_curve(const SSL_CONNECTION *s, int curve); +__owur int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t, EVP_PKEY *pkey); +__owur int ssl_set_client_disabled(SSL_CONNECTION *s); +__owur int ssl_cipher_disabled(const SSL_CONNECTION *s, const SSL_CIPHER *c, + int op, int echde); + +__owur int ssl_handshake_hash(SSL_CONNECTION *s, + unsigned char *out, size_t outlen, + size_t *hashlen); __owur const EVP_MD *ssl_md(SSL_CTX *ctx, int idx); -__owur const EVP_MD *ssl_handshake_md(SSL *s); -__owur const EVP_MD *ssl_prf_md(SSL *s); +__owur const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s); +__owur const EVP_MD *ssl_prf_md(SSL_CONNECTION *s); /* * ssl_log_rsa_client_key_exchange logs |premaster| to the SSL_CTX associated @@ -2738,7 +2824,7 @@ __owur const EVP_MD *ssl_prf_md(SSL *s); * failure. The entry is identified by the first 8 bytes of * |encrypted_premaster|. */ -__owur int ssl_log_rsa_client_key_exchange(SSL *ssl, +__owur int ssl_log_rsa_client_key_exchange(SSL_CONNECTION *s, const uint8_t *encrypted_premaster, size_t encrypted_premaster_len, const uint8_t *premaster, @@ -2749,7 +2835,7 @@ __owur int ssl_log_rsa_client_key_exchange(SSL *ssl, * logging is available. It returns one on success and zero on failure. It tags * the entry with |label|. */ -__owur int ssl_log_secret(SSL *ssl, const char *label, +__owur int ssl_log_secret(SSL_CONNECTION *s, const char *label, const uint8_t *secret, size_t secret_len); #define MASTER_SECRET_LABEL "CLIENT_RANDOM" @@ -2763,9 +2849,10 @@ __owur int ssl_log_secret(SSL *ssl, const char *label, # ifndef OPENSSL_NO_KTLS /* ktls.c */ -int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, +int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c, const EVP_CIPHER_CTX *dd); -int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, +int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c, + EVP_CIPHER_CTX *dd, void *rl_sequence, ktls_crypto_info_t *crypto_info, int is_tx, unsigned char *iv, unsigned char *key, unsigned char *mac_key, @@ -2784,13 +2871,13 @@ __owur int ssl3_cbc_digest_record(const EVP_MD *md, const unsigned char *mac_secret, size_t mac_secret_length, char is_sslv3); -__owur int srp_generate_server_master_secret(SSL *s); -__owur int srp_generate_client_master_secret(SSL *s); -__owur int srp_verify_server_param(SSL *s); +__owur int srp_generate_server_master_secret(SSL_CONNECTION *s); +__owur int srp_generate_client_master_secret(SSL_CONNECTION *s); +__owur int srp_verify_server_param(SSL_CONNECTION *s); /* statem/statem_srvr.c */ -__owur int send_certificate_request(SSL *s); +__owur int send_certificate_request(SSL_CONNECTION *s); /* statem/extensions_cust.c */ @@ -2800,10 +2887,11 @@ custom_ext_method *custom_ext_find(const custom_ext_methods *exts, void custom_ext_init(custom_ext_methods *meths); -__owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, +__owur int custom_ext_parse(SSL_CONNECTION *s, unsigned int context, + unsigned int ext_type, const unsigned char *ext_data, size_t ext_size, X509 *x, size_t chainidx); -__owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, +__owur int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, int maxversion); __owur int custom_exts_copy(custom_ext_methods *dst, @@ -2828,14 +2916,15 @@ const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, int ssl_evp_md_up_ref(const EVP_MD *md); void ssl_evp_md_free(const EVP_MD *md); -int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, +int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx, const EVP_CIPHER *ciph, const EVP_MD *md); void tls_engine_finish(ENGINE *e); const EVP_CIPHER *tls_get_cipher_from_engine(int nid); const EVP_MD *tls_get_digest_from_engine(int nid); -int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey); +int tls_engine_load_ssl_client_cert(SSL_CONNECTION *s, X509 **px509, + EVP_PKEY **ppkey); int ssl_hmac_old_new(SSL_HMAC *ret); void ssl_hmac_old_free(SSL_HMAC *ctx); int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md); @@ -2845,13 +2934,13 @@ size_t ssl_hmac_old_size(const SSL_HMAC *ctx); int ssl_ctx_srp_ctx_free_intern(SSL_CTX *ctx); int ssl_ctx_srp_ctx_init_intern(SSL_CTX *ctx); -int ssl_srp_ctx_free_intern(SSL *s); -int ssl_srp_ctx_init_intern(SSL *s); +int ssl_srp_ctx_free_intern(SSL_CONNECTION *s); +int ssl_srp_ctx_init_intern(SSL_CONNECTION *s); -int ssl_srp_calc_a_param_intern(SSL *s); -int ssl_srp_server_param_with_username_intern(SSL *s, int *ad); +int ssl_srp_calc_a_param_intern(SSL_CONNECTION *s); +int ssl_srp_server_param_with_username_intern(SSL_CONNECTION *s, int *ad); -void ssl_session_calculate_timeout(SSL_SESSION* ss); +void ssl_session_calculate_timeout(SSL_SESSION *ss); # else /* OPENSSL_UNIT_TEST */ diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 125d4ff56fafcc..4b9d005fa81fd2 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -31,18 +31,23 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); int SSL_use_certificate(SSL *ssl, X509 *x) { int rv; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + if (x == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); return 0; } - rv = ssl_security_cert(ssl, NULL, x, 0, 1); + rv = ssl_security_cert(sc, NULL, x, 0, 1); if (rv != 1) { ERR_raise(ERR_LIB_SSL, rv); return 0; } - return ssl_set_cert(ssl->cert, x); + return ssl_set_cert(sc->cert, x); } int SSL_use_certificate_file(SSL *ssl, const char *file, int type) @@ -76,9 +81,14 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) j = ERR_R_ASN1_LIB; cert = d2i_X509_bio(in, &x); } else if (type == SSL_FILETYPE_PEM) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + goto end; + j = ERR_R_PEM_LIB; - cert = PEM_read_bio_X509(in, &x, ssl->default_passwd_callback, - ssl->default_passwd_callback_userdata); + cert = PEM_read_bio_X509(in, &x, sc->default_passwd_callback, + sc->default_passwd_callback_userdata); } else { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); goto end; @@ -141,12 +151,16 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { int ret; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; if (pkey == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); return 0; } - ret = ssl_set_pkey(ssl->cert, pkey); + ret = ssl_set_pkey(sc->cert, pkey); return ret; } @@ -167,10 +181,15 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) goto end; } if (type == SSL_FILETYPE_PEM) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + goto end; + j = ERR_R_PEM_LIB; pkey = PEM_read_bio_PrivateKey_ex(in, NULL, - ssl->default_passwd_callback, - ssl->default_passwd_callback_userdata, + sc->default_passwd_callback, + sc->default_passwd_callback_userdata, ssl->ctx->libctx, ssl->ctx->propq); } else if (type == SSL_FILETYPE_ASN1) { @@ -438,8 +457,13 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) passwd_callback = ctx->default_passwd_callback; passwd_callback_userdata = ctx->default_passwd_callback_userdata; } else { - passwd_callback = ssl->default_passwd_callback; - passwd_callback_userdata = ssl->default_passwd_callback_userdata; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + + passwd_callback = sc->default_passwd_callback; + passwd_callback_userdata = sc->default_passwd_callback_userdata; } in = BIO_new(BIO_s_file()); @@ -612,13 +636,19 @@ static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type, { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) { + *al = SSL_AD_INTERNAL_ERROR; + return -1; + } /* We only support extensions for the first Certificate */ if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0) return 0; /* Is there serverinfo data for the chosen server cert? */ - if ((ssl_get_server_cert_serverinfo(s, &serverinfo, + if ((ssl_get_server_cert_serverinfo(sc, &serverinfo, &serverinfo_length)) != 0) { /* Find the relevant extension from the serverinfo */ int retval = serverinfo_find_extension(serverinfo, serverinfo_length, @@ -890,18 +920,24 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr size_t i; int j; int rv; - CERT *c = ssl != NULL ? ssl->cert : ctx->cert; + CERT *c; STACK_OF(X509) *dup_chain = NULL; EVP_PKEY *pubkey = NULL; + SSL_CONNECTION *sc = NULL; + + if (ctx == NULL && + (sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL) + return 0; + c = sc != NULL ? sc->cert : ctx->cert; /* Do all security checks before anything else */ - rv = ssl_security_cert(ssl, ctx, x509, 0, 1); + rv = ssl_security_cert(sc, ctx, x509, 0, 1); if (rv != 1) { ERR_raise(ERR_LIB_SSL, rv); goto out; } for (j = 0; j < sk_X509_num(chain); j++) { - rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0); + rv = ssl_security_cert(sc, ctx, sk_X509_value(chain, j), 0, 0); if (rv != 1) { ERR_raise(ERR_LIB_SSL, rv); goto out; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 0a26c1345ca5c3..0a9f025fbb19c8 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -88,13 +88,19 @@ void ssl_session_calculate_timeout(SSL_SESSION *ss) SSL_SESSION *SSL_get_session(const SSL *ssl) /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ { - return ssl->session; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return NULL; + + return sc->session; } SSL_SESSION *SSL_get1_session(SSL *ssl) /* variant of SSL_get_session: caller really gets something */ { SSL_SESSION *sess; + /* * Need to lock this all up rather than just use CRYPTO_add so that * somebody doesn't free ssl->session between when we check it's non-null @@ -102,8 +108,8 @@ SSL_SESSION *SSL_get1_session(SSL *ssl) */ if (!CRYPTO_THREAD_read_lock(ssl->lock)) return NULL; - sess = ssl->session; - if (sess) + sess = SSL_get_session(ssl); + if (sess != NULL) SSL_SESSION_up_ref(sess); CRYPTO_THREAD_unlock(ssl->lock); return sess; @@ -335,10 +341,11 @@ static int def_generate_session_id(SSL *ssl, unsigned char *id, return 0; } -int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) +int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss) { unsigned int tmp; GEN_SESSION_CB cb = def_generate_session_id; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); switch (s->version) { case SSL3_VERSION: @@ -377,10 +384,10 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) } /* Choose which callback will set the session ID */ - if (!CRYPTO_THREAD_read_lock(s->lock)) + if (!CRYPTO_THREAD_read_lock(SSL_CONNECTION_GET_SSL(s)->lock)) return 0; if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) { - CRYPTO_THREAD_unlock(s->lock); + CRYPTO_THREAD_unlock(ssl->lock); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); return 0; @@ -390,11 +397,11 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) else if (s->session_ctx->generate_session_id) cb = s->session_ctx->generate_session_id; CRYPTO_THREAD_unlock(s->session_ctx->lock); - CRYPTO_THREAD_unlock(s->lock); + CRYPTO_THREAD_unlock(ssl->lock); /* Choose a session ID */ memset(ss->session_id, 0, ss->session_id_length); tmp = (int)ss->session_id_length; - if (!cb(s, ss->session_id, &tmp)) { + if (!cb(ssl, ss->session_id, &tmp)) { /* The callback failed */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); @@ -412,7 +419,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) } ss->session_id_length = tmp; /* Finally, check for a conflict */ - if (SSL_has_matching_session_id(s, ss->session_id, + if (SSL_has_matching_session_id(ssl, ss->session_id, (unsigned int)ss->session_id_length)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT); return 0; @@ -421,7 +428,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) return 1; } -int ssl_get_new_session(SSL *s, int session) +int ssl_get_new_session(SSL_CONNECTION *s, int session) { /* This gets used by clients and servers. */ @@ -434,7 +441,7 @@ int ssl_get_new_session(SSL *s, int session) /* If the context has a default timeout, use it */ if (s->session_ctx->session_timeout == 0) - ss->timeout = SSL_get_default_timeout(s); + ss->timeout = SSL_get_default_timeout(SSL_CONNECTION_GET_SSL(s)); else ss->timeout = s->session_ctx->session_timeout; ssl_session_calculate_timeout(ss); @@ -443,7 +450,7 @@ int ssl_get_new_session(SSL *s, int session) s->session = NULL; if (session) { - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { /* * We generate the session id while constructing the * NewSessionTicket in TLSv1.3. @@ -477,7 +484,8 @@ int ssl_get_new_session(SSL *s, int session) return 1; } -SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, +SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s, + const unsigned char *sess_id, size_t sess_id_len) { SSL_SESSION *ret = NULL; @@ -508,7 +516,8 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, if (ret == NULL && s->session_ctx->get_session_cb != NULL) { int copy = 1; - ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©); + ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_SSL(s), + sess_id, sess_id_len, ©); if (ret != NULL) { ssl_tsan_counter(s->session_ctx, @@ -560,7 +569,7 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1 * if the server should issue a new session ticket (to 0 otherwise). */ -int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) +int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello) { /* This is used only by servers. */ @@ -569,7 +578,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) int try_session_cache = 0; SSL_TICKET_STATUS r; - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { /* * By default we will send a new ticket. This can be overridden in the * ticket processing. @@ -664,7 +673,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) goto err; } - if (!SSL_IS_TLS13(s)) { + if (!SSL_CONNECTION_IS_TLS13(s)) { /* We already did this for TLS1.3 */ SSL_SESSION_free(s->session); s->session = ret; @@ -678,7 +687,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) if (ret != NULL) { SSL_SESSION_free(ret); /* In TLSv1.3 s->session was already set to ret, so we NULL it out */ - if (SSL_IS_TLS13(s)) + if (SSL_CONNECTION_IS_TLS13(s)) s->session = NULL; if (!try_session_cache) { @@ -859,7 +868,12 @@ int SSL_SESSION_up_ref(SSL_SESSION *ss) int SSL_set_session(SSL *s, SSL_SESSION *session) { - ssl_clear_bad_session(s); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + ssl_clear_bad_session(sc); if (s->ctx->method != s->method) { if (!SSL_set_ssl_method(s, s->ctx->method)) return 0; @@ -867,10 +881,10 @@ int SSL_set_session(SSL *s, SSL_SESSION *session) if (session != NULL) { SSL_SESSION_up_ref(session); - s->verify_result = session->verify_result; + sc->verify_result = session->verify_result; } - SSL_SESSION_free(s->session); - s->session = session; + SSL_SESSION_free(sc->session); + sc->session = session; return 1; } @@ -1088,42 +1102,53 @@ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg) { - if (s == NULL) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) return 0; - s->ext.session_secret_cb = tls_session_secret_cb; - s->ext.session_secret_cb_arg = arg; + + sc->ext.session_secret_cb = tls_session_secret_cb; + sc->ext.session_secret_cb_arg = arg; return 1; } int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, void *arg) { - if (s == NULL) + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) return 0; - s->ext.session_ticket_cb = cb; - s->ext.session_ticket_cb_arg = arg; + + sc->ext.session_ticket_cb = cb; + sc->ext.session_ticket_cb_arg = arg; return 1; } int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) { - if (s->version >= TLS1_VERSION) { - OPENSSL_free(s->ext.session_ticket); - s->ext.session_ticket = NULL; - s->ext.session_ticket = + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->version >= TLS1_VERSION) { + OPENSSL_free(sc->ext.session_ticket); + sc->ext.session_ticket = NULL; + sc->ext.session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); - if (s->ext.session_ticket == NULL) { + if (sc->ext.session_ticket == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; } if (ext_data != NULL) { - s->ext.session_ticket->length = ext_len; - s->ext.session_ticket->data = s->ext.session_ticket + 1; - memcpy(s->ext.session_ticket->data, ext_data, ext_len); + sc->ext.session_ticket->length = ext_len; + sc->ext.session_ticket->data = sc->ext.session_ticket + 1; + memcpy(sc->ext.session_ticket->data, ext_data, ext_len); } else { - s->ext.session_ticket->length = 0; - s->ext.session_ticket->data = NULL; + sc->ext.session_ticket->length = 0; + sc->ext.session_ticket->data = NULL; } return 1; @@ -1180,11 +1205,12 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t) sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free); } -int ssl_clear_bad_session(SSL *s) +int ssl_clear_bad_session(SSL_CONNECTION *s) { if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) && - !(SSL_in_init(s) || SSL_in_before(s))) { + !(SSL_in_init(SSL_CONNECTION_GET_SSL(s)) + || SSL_in_before(SSL_CONNECTION_GET_SSL(s)))) { SSL_CTX_remove_session(s->session_ctx, s->session); return 1; } else @@ -1293,7 +1319,7 @@ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx, } void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION *(*cb) (struct ssl_st *ssl, + SSL_SESSION *(*cb) (SSL *ssl, const unsigned char *data, int len, int *copy)) { diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index f2316f7c985075..8854abcbd1c025 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -13,7 +13,9 @@ const char *SSL_state_string_long(const SSL *s) { - if (ossl_statem_in_error(s)) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL || ossl_statem_in_error(sc)) return "error"; switch (SSL_get_state(s)) { @@ -120,7 +122,9 @@ const char *SSL_state_string_long(const SSL *s) const char *SSL_state_string(const SSL *s) { - if (ossl_statem_in_error(s)) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL || ossl_statem_in_error(sc)) return "SSLERR"; switch (SSL_get_state(s)) { diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index bbc1233cdb9a8b..b2d8e92235d658 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -18,46 +18,50 @@ #include "../ssl_local.h" #include "statem_local.h" -static int final_renegotiate(SSL *s, unsigned int context, int sent); -static int init_server_name(SSL *s, unsigned int context); -static int final_server_name(SSL *s, unsigned int context, int sent); -static int final_ec_pt_formats(SSL *s, unsigned int context, int sent); -static int init_session_ticket(SSL *s, unsigned int context); +static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent); +static int init_server_name(SSL_CONNECTION *s, unsigned int context); +static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent); +static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context, + int sent); +static int init_session_ticket(SSL_CONNECTION *s, unsigned int context); #ifndef OPENSSL_NO_OCSP -static int init_status_request(SSL *s, unsigned int context); +static int init_status_request(SSL_CONNECTION *s, unsigned int context); #endif #ifndef OPENSSL_NO_NEXTPROTONEG -static int init_npn(SSL *s, unsigned int context); +static int init_npn(SSL_CONNECTION *s, unsigned int context); #endif -static int init_alpn(SSL *s, unsigned int context); -static int final_alpn(SSL *s, unsigned int context, int sent); -static int init_sig_algs_cert(SSL *s, unsigned int context); -static int init_sig_algs(SSL *s, unsigned int context); -static int init_certificate_authorities(SSL *s, unsigned int context); -static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, +static int init_alpn(SSL_CONNECTION *s, unsigned int context); +static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent); +static int init_sig_algs_cert(SSL_CONNECTION *s, unsigned int context); +static int init_sig_algs(SSL_CONNECTION *s, unsigned int context); +static int init_certificate_authorities(SSL_CONNECTION *s, + unsigned int context); +static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s, + WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, +static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRP -static int init_srp(SSL *s, unsigned int context); +static int init_srp(SSL_CONNECTION *s, unsigned int context); #endif -static int init_ec_point_formats(SSL *s, unsigned int context); -static int init_etm(SSL *s, unsigned int context); -static int init_ems(SSL *s, unsigned int context); -static int final_ems(SSL *s, unsigned int context, int sent); -static int init_psk_kex_modes(SSL *s, unsigned int context); -static int final_key_share(SSL *s, unsigned int context, int sent); +static int init_ec_point_formats(SSL_CONNECTION *s, unsigned int context); +static int init_etm(SSL_CONNECTION *s, unsigned int context); +static int init_ems(SSL_CONNECTION *s, unsigned int context); +static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent); +static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context); +static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent); #ifndef OPENSSL_NO_SRTP -static int init_srtp(SSL *s, unsigned int context); +static int init_srtp(SSL_CONNECTION *s, unsigned int context); #endif -static int final_sig_algs(SSL *s, unsigned int context, int sent); -static int final_early_data(SSL *s, unsigned int context, int sent); -static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); -static int init_post_handshake_auth(SSL *s, unsigned int context); -static int final_psk(SSL *s, unsigned int context, int sent); +static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent); +static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent); +static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context, + int sent); +static int init_post_handshake_auth(SSL_CONNECTION *s, unsigned int context); +static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent); /* Structure to define a built-in extension */ typedef struct extensions_definition_st { @@ -72,25 +76,27 @@ typedef struct extensions_definition_st { * Initialise extension before parsing. Always called for relevant contexts * even if extension not present */ - int (*init)(SSL *s, unsigned int context); + int (*init)(SSL_CONNECTION *s, unsigned int context); /* Parse extension sent from client to server */ - int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + int (*parse_ctos)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); /* Parse extension send from server to client */ - int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + int (*parse_stoc)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); /* Construct extension sent from server to client */ - EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context, + EXT_RETURN (*construct_stoc)(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); /* Construct extension sent from client to server */ - EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context, + EXT_RETURN (*construct_ctos)(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); /* * Finalise extension after parsing. Always called where an extensions was * initialised even if the extension was not present. |sent| is set to 1 if * the extension was seen, or 0 otherwise. */ - int (*final)(SSL *s, unsigned int context, int sent); + int (*final)(SSL_CONNECTION *s, unsigned int context, int sent); } EXTENSION_DEFINITION; /* @@ -385,13 +391,14 @@ static const EXTENSION_DEFINITION ext_defs[] = { }; /* Check whether an extension's context matches the current context */ -static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx) +static int validate_context(SSL_CONNECTION *s, unsigned int extctx, + unsigned int thisctx) { /* Check we're allowed to use this extension in this context */ if ((thisctx & extctx) == 0) return 0; - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if ((extctx & SSL_EXT_TLS_ONLY) != 0) return 0; } else if ((extctx & SSL_EXT_DTLS_ONLY) != 0) { @@ -401,7 +408,8 @@ static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx) return 1; } -int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts) +int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx, + RAW_EXTENSION *exts) { size_t i, num_exts, builtin_num = OSSL_NELEM(ext_defs), offset; RAW_EXTENSION *thisext; @@ -445,9 +453,9 @@ int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts) * indicate the extension is not allowed. If returning 1 then |*found| is set to * the definition for the extension we found. */ -static int verify_extension(SSL *s, unsigned int context, unsigned int type, - custom_ext_methods *meths, RAW_EXTENSION *rawexlist, - RAW_EXTENSION **found) +static int verify_extension(SSL_CONNECTION *s, unsigned int context, + unsigned int type, custom_ext_methods *meths, + RAW_EXTENSION *rawexlist, RAW_EXTENSION **found) { size_t i; size_t builtin_num = OSSL_NELEM(ext_defs); @@ -493,7 +501,8 @@ static int verify_extension(SSL *s, unsigned int context, unsigned int type, * the extension is relevant for the current context |thisctx| or not. Returns * 1 if the extension is relevant for this context, and 0 otherwise */ -int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx) +int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, + unsigned int thisctx) { int is_tls13; @@ -504,9 +513,9 @@ int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx) if ((thisctx & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) is_tls13 = 1; else - is_tls13 = SSL_IS_TLS13(s); + is_tls13 = SSL_CONNECTION_IS_TLS13(s); - if ((SSL_IS_DTLS(s) + if ((SSL_CONNECTION_IS_DTLS(s) && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) || (s->version == SSL3_VERSION && (extctx & SSL_EXT_SSL3_ALLOWED) == 0) @@ -543,7 +552,8 @@ int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx) * found, or an internal error occurred. We only check duplicates for * extensions that we know about. We ignore others. */ -int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, +int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, + unsigned int context, RAW_EXTENSION **res, size_t *len, int init) { PACKET extensions = *packet; @@ -631,8 +641,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, thisex->type = type; thisex->received_order = i++; if (s->ext.debug_cb) - s->ext.debug_cb(s, !s->server, thisex->type, - PACKET_data(&thisex->data), + s->ext.debug_cb(SSL_CONNECTION_GET_SSL(s), !s->server, + thisex->type, PACKET_data(&thisex->data), PACKET_remaining(&thisex->data), s->ext.debug_arg); } @@ -674,11 +684,11 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, * Certificate. Returns 1 on success or 0 on failure. If an extension is not * present this counted as success. */ -int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, +int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context, RAW_EXTENSION *exts, X509 *x, size_t chainidx) { RAW_EXTENSION *currext = &exts[idx]; - int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + int (*parser)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) = NULL; /* Skip if the extension is not present */ @@ -724,7 +734,8 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, * working on a Certificate message then we also pass the Certificate |x| and * its position in the |chainidx|, with 0 being the first certificate. */ -int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, +int tls_parse_all_extensions(SSL_CONNECTION *s, int context, + RAW_EXTENSION *exts, X509 *x, size_t chainidx, int fin) { size_t i, numexts = OSSL_NELEM(ext_defs); @@ -759,8 +770,8 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, return 1; } -int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, - int max_version) +int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, + unsigned int thisctx, int max_version) { /* Skip if not relevant for our context */ if ((extctx & thisctx) == 0) @@ -770,7 +781,7 @@ int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, if (!extension_is_relevant(s, extctx, thisctx) || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0 && (thisctx & SSL_EXT_CLIENT_HELLO) != 0 - && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))) + && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION))) return 0; return 1; @@ -784,7 +795,8 @@ int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, * 0 being the first in the chain). Returns 1 on success or 0 on failure. On a * failure construction stops at the first extension to fail to construct. */ -int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, +int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { size_t i; @@ -824,7 +836,8 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, } for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) { - EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context, + EXT_RETURN (*construct)(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); EXT_RETURN ret; @@ -865,7 +878,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, * otherwise. These functions return 1 on success or 0 on failure. */ -static int final_renegotiate(SSL *s, unsigned int context, int sent) +static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent) { if (!s->server) { /* @@ -905,7 +918,7 @@ static ossl_inline void ssl_tsan_decr(const SSL_CTX *ctx, } } -static int init_server_name(SSL *s, unsigned int context) +static int init_server_name(SSL_CONNECTION *s, unsigned int context) { if (s->server) { s->servername_done = 0; @@ -917,22 +930,24 @@ static int init_server_name(SSL *s, unsigned int context) return 1; } -static int final_server_name(SSL *s, unsigned int context, int sent) +static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent) { int ret = SSL_TLSEXT_ERR_NOACK; int altmp = SSL_AD_UNRECOGNIZED_NAME; - int was_ticket = (SSL_get_options(s) & SSL_OP_NO_TICKET) == 0; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + int was_ticket = (SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0; - if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) { + if (!ossl_assert(sctx != NULL) || !ossl_assert(s->session_ctx != NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - if (s->ctx->ext.servername_cb != NULL) - ret = s->ctx->ext.servername_cb(s, &altmp, - s->ctx->ext.servername_arg); + if (sctx->ext.servername_cb != NULL) + ret = sctx->ext.servername_cb(ssl, &altmp, + sctx->ext.servername_arg); else if (s->session_ctx->ext.servername_cb != NULL) - ret = s->session_ctx->ext.servername_cb(s, &altmp, + ret = s->session_ctx->ext.servername_cb(ssl, &altmp, s->session_ctx->ext.servername_arg); /* @@ -960,9 +975,9 @@ static int final_server_name(SSL *s, unsigned int context, int sent) * context, to avoid the confusing situation of having sess_accept_good * exceed sess_accept (zero) for the new context. */ - if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx + if (SSL_IS_FIRST_HANDSHAKE(s) && sctx != s->session_ctx && s->hello_retry_request == SSL_HRR_NONE) { - ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept); + ssl_tsan_counter(sctx, &sctx->stats.sess_accept); ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept); } @@ -972,10 +987,10 @@ static int final_server_name(SSL *s, unsigned int context, int sent) * Also, if this is not a resumption, create a new session ID */ if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected - && was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) { + && was_ticket && (SSL_get_options(ssl) & SSL_OP_NO_TICKET) != 0) { s->ext.ticket_expected = 0; if (!s->hit) { - SSL_SESSION* ss = SSL_get_session(s); + SSL_SESSION* ss = SSL_get_session(ssl); if (ss != NULL) { OPENSSL_free(ss->ext.tick); @@ -1001,7 +1016,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent) case SSL_TLSEXT_ERR_ALERT_WARNING: /* TLSv1.3 doesn't have warning alerts so we suppress this */ - if (!SSL_IS_TLS13(s)) + if (!SSL_CONNECTION_IS_TLS13(s)) ssl3_send_alert(s, SSL3_AL_WARNING, altmp); s->servername_done = 0; return 1; @@ -1015,7 +1030,8 @@ static int final_server_name(SSL *s, unsigned int context, int sent) } } -static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) +static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context, + int sent) { unsigned long alg_k, alg_a; @@ -1053,7 +1069,7 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) return 1; } -static int init_session_ticket(SSL *s, unsigned int context) +static int init_session_ticket(SSL_CONNECTION *s, unsigned int context) { if (!s->server) s->ext.ticket_expected = 0; @@ -1062,7 +1078,7 @@ static int init_session_ticket(SSL *s, unsigned int context) } #ifndef OPENSSL_NO_OCSP -static int init_status_request(SSL *s, unsigned int context) +static int init_status_request(SSL_CONNECTION *s, unsigned int context) { if (s->server) { s->ext.status_type = TLSEXT_STATUSTYPE_nothing; @@ -1081,7 +1097,7 @@ static int init_status_request(SSL *s, unsigned int context) #endif #ifndef OPENSSL_NO_NEXTPROTONEG -static int init_npn(SSL *s, unsigned int context) +static int init_npn(SSL_CONNECTION *s, unsigned int context) { s->s3.npn_seen = 0; @@ -1089,7 +1105,7 @@ static int init_npn(SSL *s, unsigned int context) } #endif -static int init_alpn(SSL *s, unsigned int context) +static int init_alpn(SSL_CONNECTION *s, unsigned int context) { OPENSSL_free(s->s3.alpn_selected); s->s3.alpn_selected = NULL; @@ -1102,12 +1118,12 @@ static int init_alpn(SSL *s, unsigned int context) return 1; } -static int final_alpn(SSL *s, unsigned int context, int sent) +static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent) { if (!s->server && !sent && s->session->ext.alpn_selected != NULL) s->ext.early_data_ok = 0; - if (!s->server || !SSL_IS_TLS13(s)) + if (!s->server || !SSL_CONNECTION_IS_TLS13(s)) return 1; /* @@ -1122,7 +1138,7 @@ static int final_alpn(SSL *s, unsigned int context, int sent) return tls_handle_alpn(s); } -static int init_sig_algs(SSL *s, unsigned int context) +static int init_sig_algs(SSL_CONNECTION *s, unsigned int context) { /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3.tmp.peer_sigalgs); @@ -1132,7 +1148,8 @@ static int init_sig_algs(SSL *s, unsigned int context) return 1; } -static int init_sig_algs_cert(SSL *s, ossl_unused unsigned int context) +static int init_sig_algs_cert(SSL_CONNECTION *s, + ossl_unused unsigned int context) { /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); @@ -1143,7 +1160,7 @@ static int init_sig_algs_cert(SSL *s, ossl_unused unsigned int context) } #ifndef OPENSSL_NO_SRP -static int init_srp(SSL *s, unsigned int context) +static int init_srp(SSL_CONNECTION *s, unsigned int context) { OPENSSL_free(s->srp_ctx.login); s->srp_ctx.login = NULL; @@ -1152,7 +1169,7 @@ static int init_srp(SSL *s, unsigned int context) } #endif -static int init_ec_point_formats(SSL *s, unsigned int context) +static int init_ec_point_formats(SSL_CONNECTION *s, unsigned int context) { OPENSSL_free(s->ext.peer_ecpointformats); s->ext.peer_ecpointformats = NULL; @@ -1161,14 +1178,14 @@ static int init_ec_point_formats(SSL *s, unsigned int context) return 1; } -static int init_etm(SSL *s, unsigned int context) +static int init_etm(SSL_CONNECTION *s, unsigned int context) { s->ext.use_etm = 0; return 1; } -static int init_ems(SSL *s, unsigned int context) +static int init_ems(SSL_CONNECTION *s, unsigned int context) { if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) { s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; @@ -1178,7 +1195,7 @@ static int init_ems(SSL *s, unsigned int context) return 1; } -static int final_ems(SSL *s, unsigned int context, int sent) +static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent) { /* * Check extended master secret extension is not dropped on @@ -1204,14 +1221,15 @@ static int final_ems(SSL *s, unsigned int context, int sent) return 1; } -static int init_certificate_authorities(SSL *s, unsigned int context) +static int init_certificate_authorities(SSL_CONNECTION *s, unsigned int context) { sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); s->s3.tmp.peer_ca_names = NULL; return 1; } -static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, +static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s, + WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -1240,7 +1258,7 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, +static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1254,7 +1272,7 @@ static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, } #ifndef OPENSSL_NO_SRTP -static int init_srtp(SSL *s, unsigned int context) +static int init_srtp(SSL_CONNECTION *s, unsigned int context) { if (s->server) s->srtp_profile = NULL; @@ -1263,9 +1281,9 @@ static int init_srtp(SSL *s, unsigned int context) } #endif -static int final_sig_algs(SSL *s, unsigned int context, int sent) +static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent) { - if (!sent && SSL_IS_TLS13(s) && !s->hit) { + if (!sent && SSL_CONNECTION_IS_TLS13(s) && !s->hit) { SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_R_MISSING_SIGALGS_EXTENSION); return 0; @@ -1274,10 +1292,10 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent) return 1; } -static int final_key_share(SSL *s, unsigned int context, int sent) +static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent) { #if !defined(OPENSSL_NO_TLS1_3) - if (!SSL_IS_TLS13(s)) + if (!SSL_CONNECTION_IS_TLS13(s)) return 1; /* Nothing to do for key_share in an HRR */ @@ -1434,13 +1452,14 @@ static int final_key_share(SSL *s, unsigned int context, int sent) return 1; } -static int init_psk_kex_modes(SSL *s, unsigned int context) +static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context) { s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE; return 1; } -int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, +int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, + const unsigned char *msgstart, size_t binderoffset, const unsigned char *binderin, unsigned char *binderout, SSL_SESSION *sess, int sign, int external) @@ -1462,6 +1481,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, int hashsizei = EVP_MD_get_size(md); int ret = -1; int usepskfored = 0; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* Ensure cast to size_t is safe */ if (!ossl_assert(hashsizei >= 0)) { @@ -1581,8 +1601,8 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, goto err; } - mackey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, finishedkey, + mackey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC", + sctx->propq, finishedkey, hashsize); if (mackey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1593,8 +1613,8 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, binderout = tmpbinder; bindersize = hashsize; - if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), s->ctx->libctx, - s->ctx->propq, mackey, NULL) <= 0 + if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), sctx->libctx, + sctx->propq, mackey, NULL) <= 0 || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 || bindersize != hashsize) { @@ -1620,7 +1640,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, return ret; } -static int final_early_data(SSL *s, unsigned int context, int sent) +static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent) { if (!sent) return 1; @@ -1647,7 +1667,7 @@ static int final_early_data(SSL *s, unsigned int context, int sent) || !s->ext.early_data_ok || s->hello_retry_request != SSL_HRR_NONE || (s->allow_early_data_cb != NULL - && !s->allow_early_data_cb(s, + && !s->allow_early_data_cb(SSL_CONNECTION_GET_SSL(s), s->allow_early_data_cb_data))) { s->ext.early_data = SSL_EARLY_DATA_REJECTED; } else { @@ -1663,7 +1683,8 @@ static int final_early_data(SSL *s, unsigned int context, int sent) return 1; } -static int final_maxfragmentlen(SSL *s, unsigned int context, int sent) +static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context, + int sent) { /* * Session resumption on server-side with MFL extension active @@ -1687,7 +1708,8 @@ static int final_maxfragmentlen(SSL *s, unsigned int context, int sent) return 1; } -static int init_post_handshake_auth(SSL *s, ossl_unused unsigned int context) +static int init_post_handshake_auth(SSL_CONNECTION *s, + ossl_unused unsigned int context) { s->post_handshake_auth = SSL_PHA_NONE; @@ -1698,7 +1720,7 @@ static int init_post_handshake_auth(SSL *s, ossl_unused unsigned int context) * If clients offer "pre_shared_key" without a "psk_key_exchange_modes" * extension, servers MUST abort the handshake. */ -static int final_psk(SSL *s, unsigned int context, int sent) +static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent) { if (s->server && sent && s->clienthello != NULL && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 92207693e7bbc2..74ecbe527a057c 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -12,7 +12,7 @@ #include "internal/cryptlib.h" #include "statem_local.h" -EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -32,7 +32,7 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -58,7 +58,7 @@ EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, } /* Push a Max Fragment Len extension into ClientHello */ -EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -83,7 +83,8 @@ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, } #ifndef OPENSSL_NO_SRP -EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_srp(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { /* Add SRP username if there is one */ @@ -108,19 +109,20 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, } #endif -static int use_ecc(SSL *s, int min_version, int max_version) +static int use_ecc(SSL_CONNECTION *s, int min_version, int max_version) { int i, end, ret = 0; unsigned long alg_k, alg_a; STACK_OF(SSL_CIPHER) *cipher_stack = NULL; const uint16_t *pgroups = NULL; size_t num_groups, j; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); /* See if we support any ECC ciphersuites */ if (s->version == SSL3_VERSION) return 0; - cipher_stack = SSL_get1_supported_ciphers(s); + cipher_stack = SSL_get1_supported_ciphers(ssl); end = sk_SSL_CIPHER_num(cipher_stack); for (i = 0; i < end; i++) { const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); @@ -151,7 +153,7 @@ static int use_ecc(SSL *s, int min_version, int max_version) return 0; } -EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -182,7 +184,7 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -201,7 +203,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, * if we don't have EC support then we don't send this extension. */ if (!use_ecc(s, min_version, max_version) - && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)) + && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION)) return EXT_RETURN_NOT_SENT; /* @@ -266,7 +268,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -307,7 +309,7 @@ EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -334,7 +336,7 @@ EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, } #ifndef OPENSSL_NO_OCSP -EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -399,10 +401,12 @@ EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, #endif #ifndef OPENSSL_NO_NEXTPROTONEG -EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { - if (s->ctx->ext.npn_select_cb == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) + if (SSL_CONNECTION_GET_CTX(s)->ext.npn_select_cb == NULL + || !SSL_IS_FIRST_HANDSHAKE(s)) return EXT_RETURN_NOT_SENT; /* @@ -419,7 +423,8 @@ EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, } #endif -EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { s->s3.alpn_sent = 0; @@ -443,11 +448,12 @@ EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_SRTP -EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s); + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(ssl); int i, end; if (clnt == NULL) @@ -484,7 +490,8 @@ EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, } #endif -EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) @@ -500,7 +507,8 @@ EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, } #ifndef OPENSSL_NO_CT -EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { if (s->ct_validation_callback == NULL) @@ -520,7 +528,8 @@ EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, } #endif -EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) @@ -535,7 +544,7 @@ EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -578,7 +587,7 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, /* * Construct a psk_kex_modes extension. */ -EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -605,7 +614,7 @@ EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, } #ifndef OPENSSL_NO_TLS1_3 -static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) +static int add_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int curve_id) { unsigned char *encoded_point = NULL; EVP_PKEY *key_share_key = NULL; @@ -661,7 +670,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) } #endif -EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -721,7 +730,8 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, #endif } -EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { EXT_RETURN ret = EXT_RETURN_FAIL; @@ -749,7 +759,7 @@ EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, return ret; } -EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -761,12 +771,13 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, SSL_SESSION *psksess = NULL; SSL_SESSION *edsess = NULL; const EVP_MD *handmd = NULL; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if (s->hello_retry_request == SSL_HRR_PENDING) handmd = ssl_handshake_md(s); if (s->psk_use_session_cb != NULL - && (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess) + && (!s->psk_use_session_cb(ssl, handmd, &id, &idlen, &psksess) || (psksess != NULL && psksess->ssl_version != TLS1_3_VERSION))) { SSL_SESSION_free(psksess); @@ -780,7 +791,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, size_t psklen = 0; memset(identity, 0, sizeof(identity)); - psklen = s->psk_client_callback(s, NULL, identity, sizeof(identity) - 1, + psklen = s->psk_client_callback(ssl, NULL, + identity, sizeof(identity) - 1, psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { @@ -801,7 +813,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, * We found a PSK using an old style callback. We don't know * the digest so we default to SHA256 as per the TLSv1.3 spec */ - cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); + cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); if (cipher == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -918,7 +930,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, */ #define PSK_PRE_BINDER_OVERHEAD (2 + 2 + 2 + 2 + 4 + 2 + 1) -EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -946,7 +958,8 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, if (s->session->ssl_version == TLS1_3_VERSION && s->session->ext.ticklen != 0 && s->session->cipher != NULL) { - const EVP_MD *md = ssl_md(s->ctx, s->session->cipher->algorithm2); + const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s), + s->session->cipher->algorithm2); if (md != NULL) { /* @@ -987,7 +1000,8 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, /* * Construct the pre_shared_key extension */ -EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 @@ -996,6 +1010,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL; const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL; int dores = 0; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); s->ext.tick_identity = 0; @@ -1022,7 +1037,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } - mdres = ssl_md(s->ctx, s->session->cipher->algorithm2); + mdres = ssl_md(sctx, s->session->cipher->algorithm2); if (mdres == NULL) { /* * Don't recognize this cipher so we can't use the session. @@ -1095,7 +1110,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_NOT_SENT; if (s->psksession != NULL) { - mdpsk = ssl_md(s->ctx, s->psksession->cipher->algorithm2); + mdpsk = ssl_md(sctx, s->psksession->cipher->algorithm2); if (mdpsk == NULL) { /* * Don't recognize this cipher so we can't use the session. @@ -1185,7 +1200,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, #endif } -EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pkt, ossl_unused unsigned int context, ossl_unused X509 *x, ossl_unused size_t chainidx) @@ -1214,7 +1229,8 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, /* * Parse the server's renegotiation binding and abort if it's not right */ -int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { size_t expected_len = s->s3.previous_client_finished_len @@ -1268,7 +1284,8 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, } /* Parse the server's max fragment len extension packet */ -int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { unsigned int value; @@ -1306,7 +1323,8 @@ int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, return 1; } -int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { if (s->ext.hostname == NULL) { @@ -1334,7 +1352,8 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, return 1; } -int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { size_t ecpointformats_len; @@ -1373,13 +1392,16 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, return 1; } -int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + if (s->ext.session_ticket_cb != NULL && - !s->ext.session_ticket_cb(s, PACKET_data(pkt), - PACKET_remaining(pkt), - s->ext.session_ticket_cb_arg)) { + !s->ext.session_ticket_cb(ssl, PACKET_data(pkt), + PACKET_remaining(pkt), + s->ext.session_ticket_cb_arg)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); return 0; } @@ -1399,7 +1421,8 @@ int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, } #ifndef OPENSSL_NO_OCSP -int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { @@ -1415,12 +1438,12 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); return 0; } - if (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0) { + if (!SSL_CONNECTION_IS_TLS13(s) && PACKET_remaining(pkt) > 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { /* We only know how to handle this if it's for the first Certificate in * the chain. We ignore any other responses. */ @@ -1440,8 +1463,8 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_CT -int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { /* We ignore this if the server sends it in a CertificateRequest */ @@ -1508,7 +1531,7 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * elements of zero length are allowed and the set of elements must exactly * fill the length of the block. Returns 1 on success or 0 on failure. */ -static int ssl_next_proto_validate(SSL *s, PACKET *pkt) +static int ssl_next_proto_validate(SSL_CONNECTION *s, PACKET *pkt) { PACKET tmp_protocol; @@ -1523,19 +1546,20 @@ static int ssl_next_proto_validate(SSL *s, PACKET *pkt) return 1; } -int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { unsigned char *selected; unsigned char selected_len; PACKET tmppkt; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* Check if we are in a renegotiation. If so ignore this extension */ if (!SSL_IS_FIRST_HANDSHAKE(s)) return 1; /* We must have requested it. */ - if (s->ctx->ext.npn_select_cb == NULL) { + if (sctx->ext.npn_select_cb == NULL) { SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); return 0; } @@ -1546,10 +1570,10 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* SSLfatal() already called */ return 0; } - if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len, - PACKET_data(pkt), - PACKET_remaining(pkt), - s->ctx->ext.npn_select_cb_arg) != + if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_SSL(s), + &selected, &selected_len, + PACKET_data(pkt), PACKET_remaining(pkt), + sctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); return 0; @@ -1575,8 +1599,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } #endif -int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { size_t len; @@ -1640,8 +1664,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } #ifndef OPENSSL_NO_SRTP -int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { unsigned int id, ct, mki; int i; @@ -1664,7 +1688,7 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } /* Throw an error if the server gave us an unsolicited extension */ - clnt = SSL_get_srtp_profiles(s); + clnt = SSL_get_srtp_profiles(SSL_CONNECTION_GET_SSL(s)); if (clnt == NULL) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_NO_SRTP_PROFILES); return 0; @@ -1689,8 +1713,8 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } #endif -int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_stoc_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { /* Ignore if inappropriate ciphersuite */ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) @@ -1705,8 +1729,8 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; } -int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) return 1; @@ -1717,7 +1741,8 @@ int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; } -int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { unsigned int version; @@ -1748,7 +1773,8 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, return 1; } -int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, +int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 @@ -1836,7 +1862,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->session->kex_group = group_id; } - if ((ginf = tls1_group_id_lookup(s->ctx, group_id)) == NULL) { + if ((ginf = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s), + group_id)) == NULL) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); return 0; } @@ -1885,8 +1912,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; } -int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { PACKET cookie; @@ -1900,7 +1927,8 @@ int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; } -int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { @@ -1938,7 +1966,8 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, return 1; } -int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, +int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c index 401a4c5c76b104..a2c563b86b7e28 100644 --- a/ssl/statem/extensions_cust.c +++ b/ssl/statem/extensions_cust.c @@ -110,7 +110,8 @@ void custom_ext_init(custom_ext_methods *exts) } /* Pass received custom extension data to the application for parsing. */ -int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, +int custom_ext_parse(SSL_CONNECTION *s, unsigned int context, + unsigned int ext_type, const unsigned char *ext_data, size_t ext_size, X509 *x, size_t chainidx) { @@ -154,11 +155,11 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, meth->ext_flags |= SSL_EXT_FLAG_RECEIVED; /* If no parse function set return success */ - if (!meth->parse_cb) + if (meth->parse_cb == NULL) return 1; - if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx, - &al, meth->parse_arg) <= 0) { + if (meth->parse_cb(SSL_CONNECTION_GET_SSL(s), ext_type, context, ext_data, + ext_size, x, chainidx, &al, meth->parse_arg) <= 0) { SSLfatal(s, al, SSL_R_BAD_EXTENSION); return 0; } @@ -170,8 +171,8 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, * Request custom extension data from the application and add to the return * buffer. */ -int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, - int maxversion) +int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, + size_t chainidx, int maxversion) { custom_ext_methods *exts = &s->cert->custext; custom_ext_method *meth; @@ -204,7 +205,8 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, continue; if (meth->add_cb != NULL) { - int cb_retval = meth->add_cb(s, meth->ext_type, context, &out, + int cb_retval = meth->add_cb(SSL_CONNECTION_GET_SSL(s), + meth->ext_type, context, &out, &outlen, x, chainidx, &al, meth->add_arg); @@ -239,7 +241,8 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, meth->ext_flags |= SSL_EXT_FLAG_SENT; } if (meth->free_cb != NULL) - meth->free_cb(s, meth->ext_type, context, out, meth->add_arg); + meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context, + out, meth->add_arg); } return 1; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 6100362d6e09c7..311b89878f1987 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -38,7 +38,8 @@ /* * Parse the client's renegotiation binding and abort if it's not right */ -int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { unsigned int ilen; @@ -91,8 +92,8 @@ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, * extension. * - On session reconnect, the servername extension may be absent. */ -int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) +int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { unsigned int servname_type; PACKET sni, hostname; @@ -126,7 +127,7 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, * In TLSv1.2 and below the SNI is associated with the session. In TLSv1.3 * we always use the SNI value from the handshake. */ - if (!s->hit || SSL_IS_TLS13(s)) { + if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) { if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) { SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, SSL_R_BAD_EXTENSION); return 0; @@ -163,7 +164,8 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, return 1; } -int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { unsigned int value; @@ -200,8 +202,8 @@ int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, } #ifndef OPENSSL_NO_SRP -int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { PACKET srp_I; @@ -220,7 +222,8 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } #endif -int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { PACKET ec_point_format_list; @@ -243,13 +246,14 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, return 1; } -int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { if (s->ext.session_ticket_cb && - !s->ext.session_ticket_cb(s, PACKET_data(pkt), - PACKET_remaining(pkt), - s->ext.session_ticket_cb_arg)) { + !s->ext.session_ticket_cb(SSL_CONNECTION_GET_SSL(s), + PACKET_data(pkt), PACKET_remaining(pkt), + s->ext.session_ticket_cb_arg)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -257,7 +261,7 @@ int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, return 1; } -int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, +int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt, ossl_unused unsigned int context, ossl_unused X509 *x, ossl_unused size_t chainidx) @@ -278,8 +282,8 @@ int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, return 1; } -int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { PACKET supported_sig_algs; @@ -298,7 +302,8 @@ int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } #ifndef OPENSSL_NO_OCSP -int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { PACKET responder_id_list, exts; @@ -402,8 +407,8 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, #endif #ifndef OPENSSL_NO_NEXTPROTONEG -int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { /* * We shouldn't accept this extension on a @@ -420,8 +425,8 @@ int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * Save the ALPN extension in a ClientHello.|pkt| holds the contents of the ALPN * extension, not including type and length. Returns: 1 on success, 0 on error. */ -int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { PACKET protocol_list, save_protocol_list, protocol; @@ -457,16 +462,17 @@ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } #ifndef OPENSSL_NO_SRTP -int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; unsigned int ct, mki_len, id; int i, srtp_pref; PACKET subpkt; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); /* Ignore this if we have no SRTP profiles */ - if (SSL_get_srtp_profiles(s) == NULL) + if (SSL_get_srtp_profiles(ssl) == NULL) return 1; /* Pull off the length of the cipher suite list and check it is even */ @@ -477,7 +483,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - srvr = SSL_get_srtp_profiles(s); + srvr = SSL_get_srtp_profiles(ssl); s->srtp_profile = NULL; /* Search all profiles for a match initially */ srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr); @@ -524,8 +530,8 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } #endif -int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) s->ext.use_etm = 1; @@ -537,7 +543,8 @@ int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * Process a psk_kex_modes extension received in the ClientHello. |pkt| contains * the raw PACKET data for the extension. Returns 1 on success or 0 on failure. */ -int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 @@ -566,8 +573,8 @@ int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, * Process a key_share extension received in the ClientHello. |pkt| contains * the raw PACKET data for the extension. Returns 1 on success or 0 on failure. */ -int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int group_id; @@ -679,8 +686,8 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; } -int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int format, version, key_share, group_id; @@ -693,9 +700,11 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, unsigned char hrr[MAX_HRR_SIZE]; size_t rawlen, hmaclen, hrrlen, ciphlen; unsigned long tm, now; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* Ignore any cookie if we're not set up to verify it */ - if (s->ctx->verify_stateless_cookie_cb == NULL + if (sctx->verify_stateless_cookie_cb == NULL || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return 1; @@ -716,8 +725,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Verify the HMAC of the cookie */ hctx = EVP_MD_CTX_create(); - pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, + pkey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC", + sctx->propq, s->session_ctx->ext.cookie_hmac_key, sizeof(s->session_ctx->ext.cookie_hmac_key)); if (hctx == NULL || pkey == NULL) { @@ -728,8 +737,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } hmaclen = SHA256_DIGEST_LENGTH; - if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, - s->ctx->propq, pkey, NULL) <= 0 + if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", sctx->libctx, + sctx->propq, pkey, NULL) <= 0 || EVP_DigestSign(hctx, hmac, &hmaclen, data, rawlen - SHA256_DIGEST_LENGTH) <= 0 || hmaclen != SHA256_DIGEST_LENGTH) { @@ -809,8 +818,9 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } /* Verify the app cookie */ - if (s->ctx->verify_stateless_cookie_cb(s, PACKET_data(&appcookie), - PACKET_remaining(&appcookie)) == 0) { + if (sctx->verify_stateless_cookie_cb(ssl, + PACKET_data(&appcookie), + PACKET_remaining(&appcookie)) == 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH); return 0; } @@ -830,8 +840,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE) || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, s->tmp_session_id_len) - || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, - &ciphlen) + || !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, + &ciphlen) || !WPACKET_put_bytes_u8(&hrrpkt, 0) || !WPACKET_start_sub_packet_u16(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); @@ -886,7 +896,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; } -int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { PACKET supported_groups_list; @@ -899,7 +910,7 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, return 0; } - if (!s->hit || SSL_IS_TLS13(s)) { + if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) { OPENSSL_free(s->ext.peer_supportedgroups); s->ext.peer_supportedgroups = NULL; s->ext.peer_supportedgroups_len = 0; @@ -914,8 +925,8 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, return 1; } -int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { /* The extension must always be empty */ if (PACKET_remaining(pkt) != 0) { @@ -932,7 +943,7 @@ int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } -int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { if (PACKET_remaining(pkt) != 0) { @@ -948,7 +959,7 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, return 1; } -static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, +static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL_CONNECTION *s, PACKET *tick, SSL_SESSION **sess) { SSL_SESSION *tmpsess = NULL; @@ -976,14 +987,16 @@ static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, return SSL_TICKET_SUCCESS; } -int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) +int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) { PACKET identities, binders, binder; size_t binderoffset, hashsize; SSL_SESSION *sess = NULL; unsigned int id, i, ext = 0; const EVP_MD *md = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + SSL *ssl = SSL_CONNECTION_GET_SSL(s); /* * If we have no PSK kex mode that we recognise then we can't resume so @@ -1012,7 +1025,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, idlen = PACKET_remaining(&identity); if (s->psk_find_session_cb != NULL - && !s->psk_find_session_cb(s, PACKET_data(&identity), idlen, + && !s->psk_find_session_cb(ssl, PACKET_data(&identity), idlen, &sess)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION); return 0; @@ -1030,7 +1043,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - pskdatalen = s->psk_server_callback(s, pskid, pskdata, + pskdatalen = s->psk_server_callback(ssl, pskid, pskdata, sizeof(pskdata)); OPENSSL_free(pskid); if (pskdatalen > PSK_MAX_PSK_LEN) { @@ -1044,7 +1057,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * We found a PSK using an old style callback. We don't know * the digest so we default to SHA256 as per the TLSv1.3 spec */ - cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); + cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); if (cipher == NULL) { OPENSSL_cleanse(pskdata, pskdatalen); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1155,13 +1168,13 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } } - md = ssl_md(s->ctx, sess->cipher->algorithm2); + md = ssl_md(sctx, sess->cipher->algorithm2); if (md == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } if (!EVP_MD_is_a(md, - EVP_MD_get0_name(ssl_md(s->ctx, + EVP_MD_get0_name(ssl_md(sctx, s->s3.tmp.new_cipher->algorithm2)))) { /* The ciphersuite is not compatible with this session. */ SSL_SESSION_free(sess); @@ -1212,7 +1225,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } -int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, +int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *s, PACKET *pkt, ossl_unused unsigned int context, ossl_unused X509 *x, ossl_unused size_t chainidx) @@ -1231,7 +1244,7 @@ int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, /* * Add the server's renegotiation binding */ -EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1255,7 +1268,7 @@ EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1266,7 +1279,7 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, * Prior to TLSv1.3 we ignore any SNI in the current handshake if resuming. * We just use the servername from the initial handshake. */ - if (s->hit && !SSL_IS_TLS13(s)) + if (s->hit && !SSL_CONNECTION_IS_TLS13(s)) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) @@ -1279,7 +1292,7 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, } /* Add/include the server's max fragment len extension into ServerHello */ -EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1301,7 +1314,7 @@ EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1327,7 +1340,7 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1347,7 +1360,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, } /* Copy group ID if supported */ - version = SSL_version(s); + version = SSL_version(SSL_CONNECTION_GET_SSL(s)); for (i = 0; i < numgroups; i++) { uint16_t group = groups[i]; @@ -1387,7 +1400,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1406,7 +1419,7 @@ EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, } #ifndef OPENSSL_NO_OCSP -EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1417,7 +1430,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, if (!s->ext.status_expected) return EXT_RETURN_NOT_SENT; - if (SSL_IS_TLS13(s) && chainidx != 0) + if (SSL_CONNECTION_IS_TLS13(s) && chainidx != 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) @@ -1431,7 +1444,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, * send back an empty extension, with the certificate status appearing as a * separate message */ - if (SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) { + if (SSL_CONNECTION_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; } @@ -1445,7 +1458,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, #endif #ifndef OPENSSL_NO_NEXTPROTONEG -EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1453,13 +1466,14 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, unsigned int npalen; int ret; int npn_seen = s->s3.npn_seen; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); s->s3.npn_seen = 0; - if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL) + if (!npn_seen || sctx->ext.npn_advertised_cb == NULL) return EXT_RETURN_NOT_SENT; - ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen, - s->ctx->ext.npn_advertised_cb_arg); + ret = sctx->ext.npn_advertised_cb(SSL_CONNECTION_GET_SSL(s), &npa, &npalen, + sctx->ext.npn_advertised_cb_arg); if (ret == SSL_TLSEXT_ERR_OK) { if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { @@ -1473,7 +1487,7 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, } #endif -EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { if (s->s3.alpn_selected == NULL) @@ -1495,7 +1509,7 @@ EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, } #ifndef OPENSSL_NO_SRTP -EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1516,7 +1530,8 @@ EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, } #endif -EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { if (!s->ext.use_etm) @@ -1545,7 +1560,8 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) @@ -1560,11 +1576,11 @@ EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - if (!ossl_assert(SSL_IS_TLS13(s))) { + if (!ossl_assert(SSL_CONNECTION_IS_TLS13(s))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1580,7 +1596,7 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1630,7 +1646,8 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } - if ((ginf = tls1_group_id_lookup(s->ctx, s->s3.group_id)) == NULL) { + if ((ginf = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s), + s->s3.group_id)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1713,7 +1730,8 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, #endif } -EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 @@ -1723,11 +1741,13 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, EVP_MD_CTX *hctx; EVP_PKEY *pkey; int ret = EXT_RETURN_FAIL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return EXT_RETURN_NOT_SENT; - if (s->ctx->gen_stateless_cookie_cb == NULL) { + if (sctx->gen_stateless_cookie_cb == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_COOKIE_CALLBACK_SET); return EXT_RETURN_FAIL; } @@ -1740,8 +1760,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) - || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, - &ciphlen) + || !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, + &ciphlen) /* Is there a key_share extension present in this HRR? */ || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) || !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL)) @@ -1772,7 +1792,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, } /* Generate the application cookie */ - if (s->ctx->gen_stateless_cookie_cb(s, appcookie1, &appcookielen) == 0) { + if (sctx->gen_stateless_cookie_cb(ssl, appcookie1, + &appcookielen) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); return EXT_RETURN_FAIL; } @@ -1795,8 +1816,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, /* HMAC the cookie */ hctx = EVP_MD_CTX_create(); - pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, + pkey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC", + sctx->propq, s->session_ctx->ext.cookie_hmac_key, sizeof(s->session_ctx->ext.cookie_hmac_key)); if (hctx == NULL || pkey == NULL) { @@ -1804,8 +1825,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, goto err; } - if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, - s->ctx->propq, pkey, NULL) <= 0 + if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", sctx->libctx, + sctx->propq, pkey, NULL) <= 0 || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, totcookielen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1837,7 +1858,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, #endif } -EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1852,7 +1873,8 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, if (((s->s3.tmp.new_cipher->id & 0xFFFF) != 0x80 && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81) - || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) + || (SSL_get_options(SSL_CONNECTION_GET_SSL(s)) + & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) { @@ -1863,7 +1885,7 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1895,7 +1917,8 @@ EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx) { if (!s->hit) diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 12c8886fac1029..d3ac21d357ecaf 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -62,29 +62,49 @@ typedef enum { SUB_STATE_END_HANDSHAKE } SUB_STATE_RETURN; -static int state_machine(SSL *s, int server); -static void init_read_state_machine(SSL *s); -static SUB_STATE_RETURN read_state_machine(SSL *s); -static void init_write_state_machine(SSL *s); -static SUB_STATE_RETURN write_state_machine(SSL *s); +static int state_machine(SSL_CONNECTION *s, int server); +static void init_read_state_machine(SSL_CONNECTION *s); +static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s); +static void init_write_state_machine(SSL_CONNECTION *s); +static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s); OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) { - return ssl->statem.hand_state; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl); + + if (sc == NULL) + return TLS_ST_BEFORE; + + return sc->statem.hand_state; } int SSL_in_init(const SSL *s) { - return s->statem.in_init; + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return sc->statem.in_init; } int SSL_is_init_finished(const SSL *s) { - return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK); + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + return !(sc->statem.in_init) && (sc->statem.hand_state == TLS_ST_OK); } int SSL_in_before(const SSL *s) { + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + /* * Historically being "in before" meant before anything had happened. In the * current code though we remain in the "before" state for a while after we @@ -92,14 +112,14 @@ int SSL_in_before(const SSL *s) * first message to arrive). There "in before" is taken to mean "in before" * and not started any handshake process yet. */ - return (s->statem.hand_state == TLS_ST_BEFORE) - && (s->statem.state == MSG_FLOW_UNINITED); + return (sc->statem.hand_state == TLS_ST_BEFORE) + && (sc->statem.state == MSG_FLOW_UNINITED); } /* * Clear the state machine state and reset back to MSG_FLOW_UNINITED */ -void ossl_statem_clear(SSL *s) +void ossl_statem_clear(SSL_CONNECTION *s) { s->statem.state = MSG_FLOW_UNINITED; s->statem.hand_state = TLS_ST_BEFORE; @@ -110,13 +130,13 @@ void ossl_statem_clear(SSL *s) /* * Set the state machine up ready for a renegotiation handshake */ -void ossl_statem_set_renegotiate(SSL *s) +void ossl_statem_set_renegotiate(SSL_CONNECTION *s) { s->statem.in_init = 1; s->statem.request_state = TLS_ST_SW_HELLO_REQ; } -void ossl_statem_send_fatal(SSL *s, int al) +void ossl_statem_send_fatal(SSL_CONNECTION *s, int al) { /* We shouldn't call SSLfatal() twice. Once is enough */ if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) @@ -134,7 +154,8 @@ void ossl_statem_send_fatal(SSL *s, int al) * into an error state and sends an alert if appropriate. * This is a permanent error for the current connection. */ -void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...) +void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, + const char *fmt, ...) { va_list args; @@ -164,7 +185,7 @@ void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...) * 1: Yes * 0: No */ -int ossl_statem_in_error(const SSL *s) +int ossl_statem_in_error(const SSL_CONNECTION *s) { if (s->statem.state == MSG_FLOW_ERROR) return 1; @@ -172,17 +193,17 @@ int ossl_statem_in_error(const SSL *s) return 0; } -void ossl_statem_set_in_init(SSL *s, int init) +void ossl_statem_set_in_init(SSL_CONNECTION *s, int init) { s->statem.in_init = init; } -int ossl_statem_get_in_handshake(SSL *s) +int ossl_statem_get_in_handshake(SSL_CONNECTION *s) { return s->statem.in_handshake; } -void ossl_statem_set_in_handshake(SSL *s, int inhand) +void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand) { if (inhand) s->statem.in_handshake++; @@ -191,7 +212,7 @@ void ossl_statem_set_in_handshake(SSL *s, int inhand) } /* Are we in a sensible state to skip over unreadable early data? */ -int ossl_statem_skip_early_data(SSL *s) +int ossl_statem_skip_early_data(SSL_CONNECTION *s) { if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) return 0; @@ -212,7 +233,7 @@ int ossl_statem_skip_early_data(SSL *s) * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake() * or similar. */ -void ossl_statem_check_finish_init(SSL *s, int sending) +void ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending) { if (sending == -1) { if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END @@ -246,7 +267,7 @@ void ossl_statem_check_finish_init(SSL *s, int sending) } } -void ossl_statem_set_hello_verify_done(SSL *s) +void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s) { s->statem.state = MSG_FLOW_UNINITED; s->statem.in_init = 1; @@ -262,22 +283,34 @@ void ossl_statem_set_hello_verify_done(SSL *s) int ossl_statem_connect(SSL *s) { - return state_machine(s, 0); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return -1; + + return state_machine(sc, 0); } int ossl_statem_accept(SSL *s) { - return state_machine(s, 1); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return -1; + + return state_machine(sc, 1); } typedef void (*info_cb) (const SSL *, int, int); -static info_cb get_callback(SSL *s) +static info_cb get_callback(SSL_CONNECTION *s) { + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + if (s->info_callback != NULL) return s->info_callback; - else if (s->ctx->info_callback != NULL) - return s->ctx->info_callback; + else if (sctx->info_callback != NULL) + return sctx->info_callback; return NULL; } @@ -310,13 +343,14 @@ static info_cb get_callback(SSL *s) * 1: Success * <=0: NBIO or error */ -static int state_machine(SSL *s, int server) +static int state_machine(SSL_CONNECTION *s, int server) { BUF_MEM *buf = NULL; void (*cb) (const SSL *ssl, int type, int val) = NULL; OSSL_STATEM *st = &s->statem; int ret = -1; int ssret; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if (st->state == MSG_FLOW_ERROR) { /* Shouldn't have been called if we're already in the error state */ @@ -329,21 +363,21 @@ static int state_machine(SSL *s, int server) cb = get_callback(s); st->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) { + if (!SSL_in_init(ssl) || SSL_in_before(ssl)) { /* * If we are stateless then we already called SSL_clear() - don't do * it again and clear the STATELESS flag itself. */ - if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s)) + if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(ssl)) return -1; } #ifndef OPENSSL_NO_SCTP - if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { + if (SSL_CONNECTION_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(ssl))) { /* * Notify SCTP BIO socket to enter handshake mode and prevent stream * identifier other than 0. */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, st->in_handshake, NULL); } #endif @@ -358,8 +392,8 @@ static int state_machine(SSL *s, int server) s->server = server; if (cb != NULL) { - if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_IS_TLS13(s)) - cb(s, SSL_CB_HANDSHAKE_START, 1); + if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_CONNECTION_IS_TLS13(s)) + cb(ssl, SSL_CB_HANDSHAKE_START, 1); } /* @@ -368,7 +402,7 @@ static int state_machine(SSL *s, int server) * doomed to failure. */ - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); @@ -415,14 +449,14 @@ static int state_machine(SSL *s, int server) * SCTP */ #ifndef OPENSSL_NO_SCTP - if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s))) + if (!SSL_CONNECTION_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(ssl))) #endif if (!ssl_init_wbio_buffer(s)) { SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); goto end; } - if ((SSL_in_before(s)) + if ((SSL_in_before(ssl)) || s->renegotiate) { if (!tls_setup_handshake(s)) { /* SSLfatal() already called */ @@ -472,12 +506,12 @@ static int state_machine(SSL *s, int server) st->in_handshake--; #ifndef OPENSSL_NO_SCTP - if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { + if (SSL_CONNECTION_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(ssl))) { /* * Notify SCTP BIO socket to leave handshake mode and allow stream * identifier other than 0. */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, st->in_handshake, NULL); } #endif @@ -485,9 +519,9 @@ static int state_machine(SSL *s, int server) BUF_MEM_free(buf); if (cb != NULL) { if (server) - cb(s, SSL_CB_ACCEPT_EXIT, ret); + cb(ssl, SSL_CB_ACCEPT_EXIT, ret); else - cb(s, SSL_CB_CONNECT_EXIT, ret); + cb(ssl, SSL_CB_CONNECT_EXIT, ret); } return ret; } @@ -495,14 +529,14 @@ static int state_machine(SSL *s, int server) /* * Initialise the MSG_FLOW_READING sub-state machine */ -static void init_read_state_machine(SSL *s) +static void init_read_state_machine(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; st->read_state = READ_STATE_HEADER; } -static int grow_init_buf(SSL *s, size_t size) { +static int grow_init_buf(SSL_CONNECTION *s, size_t size) { size_t msg_offset = (char *)s->init_msg - s->init_buf->data; @@ -543,17 +577,18 @@ static int grow_init_buf(SSL *s, size_t size) { * control returns to the calling application. When this function is recalled we * will resume in the same state where we left off. */ -static SUB_STATE_RETURN read_state_machine(SSL *s) +static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; int ret, mt; size_t len = 0; - int (*transition) (SSL *s, int mt); + int (*transition) (SSL_CONNECTION *s, int mt); PACKET pkt; - MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt); - WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst); - size_t (*max_message_size) (SSL *s); + MSG_PROCESS_RETURN(*process_message) (SSL_CONNECTION *s, PACKET *pkt); + WORK_STATE(*post_process_message) (SSL_CONNECTION *s, WORK_STATE wst); + size_t (*max_message_size) (SSL_CONNECTION *s); void (*cb) (const SSL *ssl, int type, int val) = NULL; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); cb = get_callback(s); @@ -578,7 +613,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) switch (st->read_state) { case READ_STATE_HEADER: /* Get the state the peer wants to move to */ - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { /* * In DTLS we get the whole message in one go - header and body */ @@ -595,9 +630,9 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) if (cb != NULL) { /* Notify callback of an impending state change */ if (s->server) - cb(s, SSL_CB_ACCEPT_LOOP, 1); + cb(ssl, SSL_CB_ACCEPT_LOOP, 1); else - cb(s, SSL_CB_CONNECT_LOOP, 1); + cb(ssl, SSL_CB_CONNECT_LOOP, 1); } /* * Validate that we are allowed to move to the new state and move @@ -613,7 +648,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) } /* dtls_get_message already did this */ - if (!SSL_IS_DTLS(s) + if (!SSL_CONNECTION_IS_DTLS(s) && s->s3.tmp.message_size > 0 && !grow_init_buf(s, s->s3.tmp.message_size + SSL3_HM_HEADER_LENGTH)) { @@ -625,7 +660,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) /* Fall through */ case READ_STATE_BODY: - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { /* * Actually we already have the body, but we give DTLS the * opportunity to do any further processing. @@ -655,7 +690,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) return SUB_STATE_ERROR; case MSG_PROCESS_FINISHED_READING: - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { dtls1_stop_timer(s); } return SUB_STATE_FINISHED; @@ -687,7 +722,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) break; case WORK_FINISHED_STOP: - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { dtls1_stop_timer(s); } return SUB_STATE_FINISHED; @@ -705,13 +740,13 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) /* * Send a previously constructed message to the peer. */ -static int statem_do_write(SSL *s) +static int statem_do_write(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; if (st->hand_state == TLS_ST_CW_CHANGE || st->hand_state == TLS_ST_SW_CHANGE) { - if (SSL_IS_DTLS(s)) + if (SSL_CONNECTION_IS_DTLS(s)) return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); else return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); @@ -723,7 +758,7 @@ static int statem_do_write(SSL *s) /* * Initialise the MSG_FLOW_WRITING sub-state machine */ -static void init_write_state_machine(SSL *s) +static void init_write_state_machine(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; @@ -761,20 +796,22 @@ static void init_write_state_machine(SSL *s) * message has been completed. As for WRITE_STATE_PRE_WORK this could also * result in an NBIO event. */ -static SUB_STATE_RETURN write_state_machine(SSL *s) +static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; int ret; - WRITE_TRAN(*transition) (SSL *s); - WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst); - WORK_STATE(*post_work) (SSL *s, WORK_STATE wst); - int (*get_construct_message_f) (SSL *s, - int (**confunc) (SSL *s, WPACKET *pkt), + WRITE_TRAN(*transition) (SSL_CONNECTION *s); + WORK_STATE(*pre_work) (SSL_CONNECTION *s, WORK_STATE wst); + WORK_STATE(*post_work) (SSL_CONNECTION *s, WORK_STATE wst); + int (*get_construct_message_f) (SSL_CONNECTION *s, + int (**confunc) (SSL_CONNECTION *s, + WPACKET *pkt), int *mt); void (*cb) (const SSL *ssl, int type, int val) = NULL; - int (*confunc) (SSL *s, WPACKET *pkt); + int (*confunc) (SSL_CONNECTION *s, WPACKET *pkt); int mt; WPACKET pkt; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); cb = get_callback(s); @@ -796,9 +833,9 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) if (cb != NULL) { /* Notify callback of an impending state change */ if (s->server) - cb(s, SSL_CB_ACCEPT_LOOP, 1); + cb(ssl, SSL_CB_ACCEPT_LOOP, 1); else - cb(s, SSL_CB_CONNECT_LOOP, 1); + cb(ssl, SSL_CB_CONNECT_LOOP, 1); } switch (transition(s)) { case WRITE_TRAN_CONTINUE: @@ -864,7 +901,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) /* Fall through */ case WRITE_STATE_SEND: - if (SSL_IS_DTLS(s) && st->use_timer) { + if (SSL_CONNECTION_IS_DTLS(s) && st->use_timer) { dtls1_start_timer(s); } ret = statem_do_write(s); @@ -904,7 +941,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) /* * Flush the write BIO */ -int statem_flush(SSL *s) +int statem_flush(SSL_CONNECTION *s) { s->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { @@ -923,7 +960,7 @@ int statem_flush(SSL *s) * 1: Yes (application data allowed) * 0: No (application data not allowed) */ -int ossl_statem_app_data_allowed(SSL *s) +int ossl_statem_app_data_allowed(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; @@ -957,7 +994,7 @@ int ossl_statem_app_data_allowed(SSL *s) * This function returns 1 if TLS exporter is ready to export keying * material, or 0 if otherwise. */ -int ossl_statem_export_allowed(SSL *s) +int ossl_statem_export_allowed(SSL_CONNECTION *s) { return s->s3.previous_server_finished_len != 0 && s->statem.hand_state != TLS_ST_SW_FINISHED; @@ -967,7 +1004,7 @@ int ossl_statem_export_allowed(SSL *s) * Return 1 if early TLS exporter is ready to export keying material, * or 0 if otherwise. */ -int ossl_statem_export_early_allowed(SSL *s) +int ossl_statem_export_early_allowed(SSL_CONNECTION *s) { /* * The early exporter secret is only present on the server if we diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h index 5db31b63585d30..b904ee50c80e6f 100644 --- a/ssl/statem/statem.h +++ b/ssl/statem/statem.h @@ -130,10 +130,11 @@ typedef struct ossl_statem_st OSSL_STATEM; __owur int ossl_statem_accept(SSL *s); __owur int ossl_statem_connect(SSL *s); -void ossl_statem_clear(SSL *s); -void ossl_statem_set_renegotiate(SSL *s); -void ossl_statem_send_fatal(SSL *s, int al); -void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...); +void ossl_statem_clear(SSL_CONNECTION *s); +void ossl_statem_set_renegotiate(SSL_CONNECTION *s); +void ossl_statem_send_fatal(SSL_CONNECTION *s, int al); +void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, + const char *fmt, ...); # define SSL_AD_NO_ALERT -1 # define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al)) # define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL) @@ -142,16 +143,16 @@ void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...); ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ ossl_statem_fatal) -int ossl_statem_in_error(const SSL *s); -void ossl_statem_set_in_init(SSL *s, int init); -int ossl_statem_get_in_handshake(SSL *s); -void ossl_statem_set_in_handshake(SSL *s, int inhand); -__owur int ossl_statem_skip_early_data(SSL *s); -void ossl_statem_check_finish_init(SSL *s, int send); -void ossl_statem_set_hello_verify_done(SSL *s); -__owur int ossl_statem_app_data_allowed(SSL *s); -__owur int ossl_statem_export_allowed(SSL *s); -__owur int ossl_statem_export_early_allowed(SSL *s); +int ossl_statem_in_error(const SSL_CONNECTION *s); +void ossl_statem_set_in_init(SSL_CONNECTION *s, int init); +int ossl_statem_get_in_handshake(SSL_CONNECTION *s); +void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand); +__owur int ossl_statem_skip_early_data(SSL_CONNECTION *s); +void ossl_statem_check_finish_init(SSL_CONNECTION *s, int send); +void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s); +__owur int ossl_statem_app_data_allowed(SSL_CONNECTION *s); +__owur int ossl_statem_export_allowed(SSL_CONNECTION *s); +__owur int ossl_statem_export_early_allowed(SSL_CONNECTION *s); /* Flush the write BIO */ -int statem_flush(SSL *s); +int statem_flush(SSL_CONNECTION *s); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 06e390fd09175a..2f2043671aa72f 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -28,12 +28,14 @@ #include #include "internal/cryptlib.h" -static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt); -static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt); - -static ossl_inline int cert_req_allowed(SSL *s); -static int key_exchange_expected(SSL *s); -static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, +static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, + PACKET *pkt); +static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL_CONNECTION *s, + PACKET *pkt); + +static ossl_inline int cert_req_allowed(SSL_CONNECTION *s); +static int key_exchange_expected(SSL_CONNECTION *s); +static int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt); /* @@ -43,7 +45,7 @@ static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, * 1: Yes * 0: No */ -static ossl_inline int cert_req_allowed(SSL *s) +static ossl_inline int cert_req_allowed(SSL_CONNECTION *s) { /* TLS does not like anon-DH with client cert */ if ((s->version > SSL3_VERSION @@ -61,7 +63,7 @@ static ossl_inline int cert_req_allowed(SSL *s) * 1: Yes * 0: No */ -static int key_exchange_expected(SSL *s) +static int key_exchange_expected(SSL_CONNECTION *s) { long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; @@ -86,7 +88,7 @@ static int key_exchange_expected(SSL *s) * Return values are 1 for success (transition allowed) and 0 on error * (transition not allowed) */ -static int ossl_statem_client13_read_transition(SSL *s, int mt) +static int ossl_statem_client13_read_transition(SSL_CONNECTION *s, int mt) { OSSL_STATEM *st = &s->statem; @@ -171,7 +173,8 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) /* Restore digest for PHA before adding message.*/ # error Internal DTLS version error #endif - if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) { + if (!SSL_CONNECTION_IS_DTLS(s) + && s->post_handshake_auth == SSL_PHA_EXT_SENT) { s->post_handshake_auth = SSL_PHA_REQUESTED; /* * In TLS, this is called before the message is added to the @@ -203,7 +206,7 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) * Return values are 1 for success (transition allowed) and 0 on error * (transition not allowed) */ -int ossl_statem_client_read_transition(SSL *s, int mt) +int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt) { OSSL_STATEM *st = &s->statem; int ske_expected; @@ -212,7 +215,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) * Note that after writing the first ClientHello we don't know what version * we are going to negotiate yet, so we don't take this branch until later. */ - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { if (!ossl_statem_client13_read_transition(s, mt)) goto err; return 1; @@ -228,7 +231,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) return 1; } - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if (mt == DTLS1_MT_HELLO_VERIFY_REQUEST) { st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; return 1; @@ -260,7 +263,8 @@ int ossl_statem_client_read_transition(SSL *s, int mt) return 1; } } else { - if (SSL_IS_DTLS(s) && mt == DTLS1_MT_HELLO_VERIFY_REQUEST) { + if (SSL_CONNECTION_IS_DTLS(s) + && mt == DTLS1_MT_HELLO_VERIFY_REQUEST) { st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; return 1; } else if (s->version >= TLS1_VERSION @@ -381,7 +385,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) err: /* No valid transition found */ - if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { + if (SSL_CONNECTION_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { BIO *rbio; /* @@ -390,7 +394,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) */ s->init_num = 0; s->rwstate = SSL_READING; - rbio = SSL_get_rbio(s); + rbio = SSL_get_rbio(SSL_CONNECTION_GET_SSL(s)); BIO_clear_retry_flags(rbio); BIO_set_retry_read(rbio); return 0; @@ -404,7 +408,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) * move to next when the TLSv1.3 client is writing messages to be sent to the * server. */ -static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) +static WRITE_TRAN ossl_statem_client13_write_transition(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; @@ -493,7 +497,7 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) * ossl_statem_client_write_transition() works out what handshake state to * move to next when the client is writing messages to be sent to the server. */ -WRITE_TRAN ossl_statem_client_write_transition(SSL *s) +WRITE_TRAN ossl_statem_client_write_transition(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; @@ -502,7 +506,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) * version we are going to negotiate yet, so we don't take this branch until * later */ - if (SSL_IS_TLS13(s)) + if (SSL_CONNECTION_IS_TLS13(s)) return ossl_statem_client13_write_transition(s); switch (st->hand_state) { @@ -608,7 +612,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) #if defined(OPENSSL_NO_NEXTPROTONEG) st->hand_state = TLS_ST_CW_FINISHED; #else - if (!SSL_IS_DTLS(s) && s->s3.npn_seen) + if (!SSL_CONNECTION_IS_DTLS(s) && s->s3.npn_seen) st->hand_state = TLS_ST_CW_NEXT_PROTO; else st->hand_state = TLS_ST_CW_FINISHED; @@ -644,7 +648,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) * If we can renegotiate now then do so, otherwise wait for a more * convenient time. */ - if (ssl3_renegotiate_check(s, 1)) { + if (ssl3_renegotiate_check(SSL_CONNECTION_GET_SSL(s), 1)) { if (!tls_setup_handshake(s)) { /* SSLfatal() already called */ return WRITE_TRAN_ERROR; @@ -661,7 +665,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) * Perform any pre work that needs to be done prior to sending a message from * the client to the server. */ -WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) +WORK_STATE ossl_statem_client_pre_work(SSL_CONNECTION *s, WORK_STATE wst) { OSSL_STATEM *st = &s->statem; @@ -672,7 +676,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_CW_CLNT_HELLO: s->shutdown = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { /* every DTLS ClientHello resets Finished MAC */ if (!ssl3_init_finished_mac(s)) { /* SSLfatal() already called */ @@ -682,7 +686,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) break; case TLS_ST_CW_CHANGE: - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if (s->hit) { /* * We're into the last flight so we don't retransmit these @@ -691,7 +695,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) st->use_timer = 0; } #ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { + if (BIO_dgram_is_sctp(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s)))) { /* Calls SSLfatal() as required */ return dtls_wait_for_dry(s); } @@ -725,9 +729,10 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) * Perform any work that needs to be done after sending a message from the * client to the server. */ -WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) +WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst) { OSSL_STATEM *st = &s->statem; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); s->init_num = 0; @@ -756,7 +761,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) return WORK_MORE_A; } - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { /* Treat the next message as the first packet */ s->first_packet = 1; } @@ -779,7 +784,8 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) break; case TLS_ST_CW_CHANGE: - if (SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING) + if (SSL_CONNECTION_IS_TLS13(s) + || s->hello_retry_request == SSL_HRR_PENDING) break; if (s->early_data_state == SSL_EARLY_DATA_CONNECTING && s->max_early_data > 0) { @@ -802,25 +808,25 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) else s->session->compress_meth = s->s3.tmp.new_compression->id; #endif - if (!s->method->ssl3_enc->setup_key_block(s)) { + if (!ssl->method->ssl3_enc->setup_key_block(s)) { /* SSLfatal() already called */ return WORK_ERROR; } - if (!s->method->ssl3_enc->change_cipher_state(s, + if (!ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { #ifndef OPENSSL_NO_SCTP if (s->hit) { /* * Change to new shared key of SCTP-Auth, will be ignored if * no SCTP used. */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); } #endif @@ -831,25 +837,25 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) case TLS_ST_CW_FINISHED: #ifndef OPENSSL_NO_SCTP - if (wst == WORK_MORE_A && SSL_IS_DTLS(s) && s->hit == 0) { + if (wst == WORK_MORE_A && SSL_CONNECTION_IS_DTLS(s) && s->hit == 0) { /* * Change to new shared key of SCTP-Auth, will be ignored if * no SCTP used. */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); } #endif if (statem_flush(s) != 1) return WORK_MORE_B; - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { if (!tls13_save_handshake_digest_for_pha(s)) { /* SSLfatal() already called */ return WORK_ERROR; } if (s->post_handshake_auth != SSL_PHA_REQUESTED) { - if (!s->method->ssl3_enc->change_cipher_state(s, + if (!ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; @@ -879,7 +885,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) * 1: Success * 0: Error */ -int ossl_statem_client_construct_message(SSL *s, +int ossl_statem_client_construct_message(SSL_CONNECTION *s, confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem; @@ -891,7 +897,7 @@ int ossl_statem_client_construct_message(SSL *s, return 0; case TLS_ST_CW_CHANGE: - if (SSL_IS_DTLS(s)) + if (SSL_CONNECTION_IS_DTLS(s)) *confunc = dtls_construct_change_cipher_spec; else *confunc = tls_construct_change_cipher_spec; @@ -952,7 +958,7 @@ int ossl_statem_client_construct_message(SSL *s, * Returns the maximum allowed length for the current message that we are * reading. Excludes the message header. */ -size_t ossl_statem_client_max_message_size(SSL *s) +size_t ossl_statem_client_max_message_size(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; @@ -996,8 +1002,8 @@ size_t ossl_statem_client_max_message_size(SSL *s) return CCS_MAX_LENGTH; case TLS_ST_CR_SESSION_TICKET: - return (SSL_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13 - : SESSION_TICKET_MAX_LENGTH_TLS12; + return (SSL_CONNECTION_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13 + : SESSION_TICKET_MAX_LENGTH_TLS12; case TLS_ST_CR_FINISHED: return FINISHED_MAX_LENGTH; @@ -1013,7 +1019,8 @@ size_t ossl_statem_client_max_message_size(SSL *s) /* * Process a message that the client has received from the server. */ -MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL_CONNECTION *s, + PACKET *pkt) { OSSL_STATEM *st = &s->statem; @@ -1071,7 +1078,8 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt) * Perform any further processing required following the receipt of a message * from the server */ -WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) +WORK_STATE ossl_statem_client_post_process_message(SSL_CONNECTION *s, + WORK_STATE wst) { OSSL_STATEM *st = &s->statem; @@ -1090,7 +1098,7 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) } } -int tls_construct_client_hello(SSL *s, WPACKET *pkt) +int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) { unsigned char *p; size_t sess_id_len; @@ -1100,6 +1108,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) #endif SSL_SESSION *sess = s->session; unsigned char *session_id; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* Work out what SSL/TLS/DTLS version to use */ protverr = ssl_set_client_hello_version(s); @@ -1125,7 +1134,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) * for DTLS if client_random is initialized, reuse it, we are * required to use same upon reply to HelloVerify */ - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { size_t idx; i = 1; for (idx = 0; idx < sizeof(s->s3.client_random); idx++) { @@ -1192,7 +1201,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) s->tmp_session_id_len = sess_id_len; session_id = s->tmp_session_id; if (s->hello_retry_request == SSL_HRR_NONE - && RAND_bytes_ex(s->ctx->libctx, s->tmp_session_id, + && RAND_bytes_ex(sctx->libctx, s->tmp_session_id, sess_id_len, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -1217,7 +1226,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) } /* cookie stuff for DTLS */ - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if (s->d1->cookie_len > sizeof(s->d1->cookie) || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie, s->d1->cookie_len)) { @@ -1232,7 +1241,8 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) return 0; } - if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), pkt)) { + if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(SSL_CONNECTION_GET_SSL(s)), + pkt)) { /* SSLfatal() already called */ return 0; } @@ -1248,11 +1258,12 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) } #ifndef OPENSSL_NO_COMP if (ssl_allow_compression(s) - && s->ctx->comp_methods - && (SSL_IS_DTLS(s) || s->s3.tmp.max_ver < TLS1_3_VERSION)) { - int compnum = sk_SSL_COMP_num(s->ctx->comp_methods); + && sctx->comp_methods + && (SSL_CONNECTION_IS_DTLS(s) + || s->s3.tmp.max_ver < TLS1_3_VERSION)) { + int compnum = sk_SSL_COMP_num(sctx->comp_methods); for (i = 0; i < compnum; i++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); + comp = sk_SSL_COMP_value(sctx->comp_methods, i); if (!WPACKET_put_bytes_u8(pkt, comp->id)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -1275,7 +1286,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) return 1; } -MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt) { size_t cookie_len; PACKET cookiepkt; @@ -1301,11 +1312,13 @@ MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt) return MSG_PROCESS_FINISHED_READING; } -static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) +static int set_client_ciphersuite(SSL_CONNECTION *s, + const unsigned char *cipherchars) { STACK_OF(SSL_CIPHER) *sk; const SSL_CIPHER *c; int i; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); c = ssl_get_cipher_by_char(s, cipherchars, 0); if (c == NULL) { @@ -1330,7 +1343,7 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) return 0; } - if (SSL_IS_TLS13(s) && s->s3.tmp.new_cipher != NULL + if (SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.new_cipher != NULL && s->s3.tmp.new_cipher->id != c->id) { /* ServerHello selected a different ciphersuite to that in the HRR */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CIPHER_RETURNED); @@ -1345,15 +1358,15 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) if (s->session->cipher != NULL) s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { - if (SSL_IS_TLS13(s)) { - const EVP_MD *md = ssl_md(s->ctx, c->algorithm2); + if (SSL_CONNECTION_IS_TLS13(s)) { + const EVP_MD *md = ssl_md(sctx, c->algorithm2); /* * In TLSv1.3 it is valid for the server to select a different * ciphersuite as long as the hash is the same. */ if (md == NULL - || md != ssl_md(s->ctx, s->session->cipher->algorithm2)) { + || md != ssl_md(sctx, s->session->cipher->algorithm2)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); return 0; @@ -1373,7 +1386,7 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) return 1; } -MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) { PACKET session_id, extpkt; size_t session_id_len; @@ -1383,6 +1396,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) unsigned int sversion; unsigned int context; RAW_EXTENSION *extensions = NULL; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); #ifndef OPENSSL_NO_COMP SSL_COMP *comp; #endif @@ -1460,7 +1474,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) } } - if (SSL_IS_TLS13(s) || hrr) { + if (SSL_CONNECTION_IS_TLS13(s) || hrr) { if (compression != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INVALID_COMPRESSION_ALGORITHM); @@ -1488,8 +1502,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) * Now we have chosen the version we need to check again that the extensions * are appropriate for this version. */ - context = SSL_IS_TLS13(s) ? SSL_EXT_TLS1_3_SERVER_HELLO - : SSL_EXT_TLS1_2_SERVER_HELLO; + context = SSL_CONNECTION_IS_TLS13(s) ? SSL_EXT_TLS1_3_SERVER_HELLO + : SSL_EXT_TLS1_2_SERVER_HELLO; if (!tls_validate_all_contexts(s, context, extensions)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION); goto err; @@ -1497,7 +1511,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) s->hit = 0; - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { /* * In TLSv1.3 a ServerHello message signals a key change so the end of * the message must be on a record boundary. @@ -1536,8 +1550,9 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) * backwards compat reasons */ int master_key_length; + master_key_length = sizeof(s->session->master_key); - if (s->ext.session_secret_cb(s, s->session->master_key, + if (s->ext.session_secret_cb(ssl, s->session->master_key, &master_key_length, NULL, &pref_cipher, s->ext.session_secret_cb_arg) @@ -1589,7 +1604,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) * echo of what we originally sent in the ClientHello and should not be * used for resumption. */ - if (!SSL_IS_TLS13(s)) { + if (!SSL_CONNECTION_IS_TLS13(s)) { s->session->session_id_length = session_id_len; /* session_id_len could be 0 */ if (session_id_len > 0) @@ -1642,7 +1657,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COMPRESSION_DISABLED); goto err; } else { - comp = ssl3_comp_find(s->ctx->comp_methods, compression); + comp = ssl3_comp_find(SSL_CONNECTION_GET_CTX(s)->comp_methods, + compression); } if (compression != 0 && comp == NULL) { @@ -1660,7 +1676,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) } #ifndef OPENSSL_NO_SCTP - if (SSL_IS_DTLS(s) && s->hit) { + if (SSL_CONNECTION_IS_DTLS(s) && s->hit) { unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; size_t labellen; @@ -1677,7 +1693,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG) labellen += 1; - if (SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(ssl, sctpauthkey, sizeof(sctpauthkey), labelbuffer, labellen, NULL, 0, 0) <= 0) { @@ -1685,7 +1701,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) goto err; } - BIO_ctrl(SSL_get_wbio(s), + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); } @@ -1695,9 +1711,9 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) * In TLSv1.3 we have some post-processing to change cipher state, otherwise * we're done with this message */ - if (SSL_IS_TLS13(s) - && (!s->method->ssl3_enc->setup_key_block(s) - || !s->method->ssl3_enc->change_cipher_state(s, + if (SSL_CONNECTION_IS_TLS13(s) + && (!ssl->method->ssl3_enc->setup_key_block(s) + || !ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) { /* SSLfatal() already called */ goto err; @@ -1710,7 +1726,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } -static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, +static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, PACKET *extpkt) { RAW_EXTENSION *extensions = NULL; @@ -1770,20 +1786,22 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, } /* prepare server cert verification by setting s->session->peer_chain from pkt */ -MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, + PACKET *pkt) { unsigned long cert_list_len, cert_len; X509 *x = NULL; const unsigned char *certstart, *certbytes; size_t chainidx; unsigned int context = 0; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if ((s->session->peer_chain = sk_X509_new_null()) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } - if ((SSL_IS_TLS13(s) && !PACKET_get_1(pkt, &context)) + if ((SSL_CONNECTION_IS_TLS13(s) && !PACKET_get_1(pkt, &context)) || context != 0 || !PACKET_get_net_3(pkt, &cert_list_len) || PACKET_remaining(pkt) != cert_list_len @@ -1799,7 +1817,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) } certstart = certbytes; - x = X509_new_ex(s->ctx->libctx, s->ctx->propq); + x = X509_new_ex(sctx->libctx, sctx->propq); if (x == NULL) { SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_MALLOC_FAILURE); ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); @@ -1816,7 +1834,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) goto err; } - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { RAW_EXTENSION *rawexts = NULL; PACKET extensions; @@ -1857,7 +1875,8 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) * On success set s->session->peer and s->session->verify_result. * Else the peer certificate verification callback may request retry. */ -WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst) +WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, + WORK_STATE wst) { X509 *x; EVP_PKEY *pkey = NULL; @@ -1915,7 +1934,7 @@ WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst) * skip check since TLS 1.3 ciphersuites can be used with any certificate * type. */ - if (!SSL_IS_TLS13(s)) { + if (!SSL_CONNECTION_IS_TLS13(s)) { if ((clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CERTIFICATE_TYPE); return WORK_ERROR; @@ -1928,7 +1947,7 @@ WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst) s->session->verify_result = s->verify_result; /* Save the current hash state for when we receive the CertificateVerify */ - if (SSL_IS_TLS13(s) + if (SSL_CONNECTION_IS_TLS13(s) && !ssl_handshake_hash(s, s->cert_verify_hash, sizeof(s->cert_verify_hash), &s->cert_verify_hash_len)) { @@ -1938,7 +1957,7 @@ WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst) return WORK_FINISHED_CONTINUE; } -static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt) +static int tls_process_ske_psk_preamble(SSL_CONNECTION *s, PACKET *pkt) { #ifndef OPENSSL_NO_PSK PACKET psk_identity_hint; @@ -1977,7 +1996,7 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt) #endif } -static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey) +static int tls_process_ske_srp(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **pkey) { #ifndef OPENSSL_NO_SRP PACKET prime, generator, salt, server_pub; @@ -2022,7 +2041,7 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey) #endif } -static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) +static int tls_process_ske_dhe(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **pkey) { PACKET prime, generator, pub_key; EVP_PKEY *peer_tmp = NULL; @@ -2030,6 +2049,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) EVP_PKEY_CTX *pctx = NULL; OSSL_PARAM *params = NULL; OSSL_PARAM_BLD *tmpl = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); int ret = 0; if (!PACKET_get_length_prefixed_2(pkt, &prime) @@ -2060,7 +2080,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) goto err; } - pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq); + pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, "DH", sctx->propq); if (pctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -2072,7 +2092,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) } EVP_PKEY_CTX_free(pctx); - pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, peer_tmp, s->ctx->propq); + pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, peer_tmp, sctx->propq); if (pctx == NULL /* * EVP_PKEY_param_check() will verify that the DH params are using @@ -2118,7 +2138,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) return ret; } -static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) +static int tls_process_ske_ecdhe(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **pkey) { PACKET encoded_pt; unsigned int curve_type, curve_id; @@ -2176,13 +2196,14 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) return 1; } -MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, PACKET *pkt) { long alg_k; EVP_PKEY *pkey = NULL; EVP_MD_CTX *md_ctx = NULL; EVP_PKEY_CTX *pctx = NULL; PACKET save_param_start, signature; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); alg_k = s->s3.tmp.new_cipher->algorithm_mkey; @@ -2255,7 +2276,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) goto err; } - if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) { + if (!tls1_lookup_md(sctx, s->s3.tmp.peer_sigalg, &md)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); goto err; @@ -2278,7 +2299,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) if (EVP_DigestVerifyInit_ex(md_ctx, &pctx, md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, + sctx->libctx, sctx->propq, pkey, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; @@ -2331,7 +2352,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } -MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, + PACKET *pkt) { size_t i; @@ -2339,7 +2361,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) for (i = 0; i < SSL_PKEY_NUM; i++) s->s3.tmp.valid_flags[i] = 0; - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { PACKET reqctx, extensions; RAW_EXTENSION *rawexts = NULL; @@ -2444,13 +2466,15 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) * SSL_get1_peer_certificate() returns something sensible in * client_cert_cb. */ - if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED) + if (SSL_CONNECTION_IS_TLS13(s) + && s->post_handshake_auth != SSL_PHA_REQUESTED) return MSG_PROCESS_CONTINUE_READING; return MSG_PROCESS_CONTINUE_PROCESSING; } -MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, + PACKET *pkt) { unsigned int ticklen; unsigned long ticket_lifetime_hint, age_add = 0; @@ -2458,16 +2482,18 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) RAW_EXTENSION *exts = NULL; PACKET nonce; EVP_MD *sha256 = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); PACKET_null_init(&nonce); if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint) - || (SSL_IS_TLS13(s) + || (SSL_CONNECTION_IS_TLS13(s) && (!PACKET_get_net_4(pkt, &age_add) || !PACKET_get_length_prefixed_1(pkt, &nonce))) || !PACKET_get_net_2(pkt, &ticklen) - || (SSL_IS_TLS13(s) ? (ticklen == 0 || PACKET_remaining(pkt) < ticklen) - : PACKET_remaining(pkt) != ticklen)) { + || (SSL_CONNECTION_IS_TLS13(s) ? (ticklen == 0 + || PACKET_remaining(pkt) < ticklen) + : PACKET_remaining(pkt) != ticklen)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -2488,7 +2514,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * post-handshake and the session may have already gone into the session * cache. */ - if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) { + if (SSL_CONNECTION_IS_TLS13(s) || s->session->session_id_length > 0) { SSL_SESSION *new_sess; /* @@ -2501,7 +2527,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) } if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0 - && !SSL_IS_TLS13(s)) { + && !SSL_CONNECTION_IS_TLS13(s)) { /* * In TLSv1.2 and below the arrival of a new tickets signals that * any old ticket we were using is now out of date, so we remove the @@ -2535,7 +2561,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) s->session->ext.tick_age_add = age_add; s->session->ext.ticklen = ticklen; - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { PACKET extpkt; if (!PACKET_as_length_prefixed_2(pkt, &extpkt) @@ -2566,7 +2592,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * elsewhere in OpenSSL. The session ID is set to the SHA256 hash of the * ticket. */ - sha256 = EVP_MD_fetch(s->ctx->libctx, "SHA2-256", s->ctx->propq); + sha256 = EVP_MD_fetch(sctx->libctx, "SHA2-256", sctx->propq); if (sha256 == NULL) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); @@ -2588,7 +2614,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) s->session->not_resumable = 0; /* This is a standalone message in TLSv1.3, so there is no more to read */ - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { const EVP_MD *md = ssl_handshake_md(s); int hashleni = EVP_MD_get_size(md); size_t hashlen; @@ -2629,7 +2655,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * In TLSv1.3 this is called from the extensions code, otherwise it is used to * parse a separate message. Returns 1 on success or 0 on failure */ -int tls_process_cert_status_body(SSL *s, PACKET *pkt) +int tls_process_cert_status_body(SSL_CONNECTION *s, PACKET *pkt) { size_t resplen; unsigned int type; @@ -2660,7 +2686,7 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt) } -MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_cert_status(SSL_CONNECTION *s, PACKET *pkt) { if (!tls_process_cert_status_body(s, pkt)) { /* SSLfatal() already called */ @@ -2676,8 +2702,10 @@ MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) * In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0 * on failure. */ -int tls_process_initial_server_flight(SSL *s) +int tls_process_initial_server_flight(SSL_CONNECTION *s) { + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + /* * at this point we check that we have the required stuff from * the server @@ -2693,8 +2721,9 @@ int tls_process_initial_server_flight(SSL *s) * message, or NULL and -1 otherwise */ if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing - && s->ctx->ext.status_cb != NULL) { - int ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); + && sctx->ext.status_cb != NULL) { + int ret = sctx->ext.status_cb(SSL_CONNECTION_GET_SSL(s), + sctx->ext.status_arg); if (ret == 0) { SSLfatal(s, SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE, @@ -2720,7 +2749,7 @@ int tls_process_initial_server_flight(SSL *s) return 1; } -MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_server_done(SSL_CONNECTION *s, PACKET *pkt) { if (PACKET_remaining(pkt) > 0) { /* should contain no data */ @@ -2744,7 +2773,7 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt) return MSG_PROCESS_FINISHED_READING; } -static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) +static int tls_construct_cke_psk_preamble(SSL_CONNECTION *s, WPACKET *pkt) { #ifndef OPENSSL_NO_PSK int ret = 0; @@ -2767,7 +2796,8 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) memset(identity, 0, sizeof(identity)); - psklen = s->psk_client_callback(s, s->session->psk_identity_hint, + psklen = s->psk_client_callback(SSL_CONNECTION_GET_SSL(s), + s->session->psk_identity_hint, identity, sizeof(identity) - 1, psk, sizeof(psk)); @@ -2821,7 +2851,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) #endif } -static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) +static int tls_construct_cke_rsa(SSL_CONNECTION *s, WPACKET *pkt) { unsigned char *encdata = NULL; EVP_PKEY *pkey = NULL; @@ -2829,6 +2859,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) size_t enclen; unsigned char *pms = NULL; size_t pmslen = 0; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (s->session->peer == NULL) { /* @@ -2853,7 +2884,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) pms[0] = s->client_version >> 8; pms[1] = s->client_version & 0xff; - if (RAND_bytes_ex(s->ctx->libctx, pms + 2, pmslen - 2, 0) <= 0) { + if (RAND_bytes_ex(sctx->libctx, pms + 2, pmslen - 2, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } @@ -2864,7 +2895,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) goto err; } - pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pkey, s->ctx->propq); + pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pkey, sctx->propq); if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0 || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); @@ -2901,7 +2932,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) return 0; } -static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) +static int tls_construct_cke_dhe(SSL_CONNECTION *s, WPACKET *pkt) { EVP_PKEY *ckey = NULL, *skey = NULL; unsigned char *keybytes = NULL; @@ -2964,7 +2995,7 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) return ret; } -static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt) +static int tls_construct_cke_ecdhe(SSL_CONNECTION *s, WPACKET *pkt) { unsigned char *encodedPoint = NULL; size_t encoded_pt_len = 0; @@ -3008,7 +3039,7 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt) return ret; } -static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) +static int tls_construct_cke_gost(SSL_CONNECTION *s, WPACKET *pkt) { #ifndef OPENSSL_NO_GOST /* GOST key exchange message creation */ @@ -3021,6 +3052,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) int dgst_nid = NID_id_GostR3411_94; unsigned char *pms = NULL; size_t pmslen = 0; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if ((s->s3.tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0) dgst_nid = NID_id_GostR3411_2012_256; @@ -3035,9 +3067,9 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) return 0; } - pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, + pkey_ctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, X509_get0_pubkey(peer_cert), - s->ctx->propq); + sctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); return 0; @@ -3059,7 +3091,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0 /* Generate session key */ - || RAND_bytes_ex(s->ctx->libctx, pms, pmslen, 0) <= 0) { + || RAND_bytes_ex(sctx->libctx, pms, pmslen, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; }; @@ -3119,7 +3151,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) } #ifndef OPENSSL_NO_GOST -int ossl_gost18_cke_cipher_nid(const SSL *s) +int ossl_gost18_cke_cipher_nid(const SSL_CONNECTION *s) { if ((s->s3.tmp.new_cipher->algorithm_enc & SSL_MAGMA) != 0) return NID_magma_ctr; @@ -3129,11 +3161,13 @@ int ossl_gost18_cke_cipher_nid(const SSL *s) return NID_undef; } -int ossl_gost_ukm(const SSL *s, unsigned char *dgst_buf) +int ossl_gost_ukm(const SSL_CONNECTION *s, unsigned char *dgst_buf) { EVP_MD_CTX * hash = NULL; unsigned int md_len; - const EVP_MD *md = ssl_evp_md_fetch(s->ctx->libctx, NID_id_GostR3411_2012_256, s->ctx->propq); + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + const EVP_MD *md = ssl_evp_md_fetch(sctx->libctx, NID_id_GostR3411_2012_256, + sctx->propq); if (md == NULL) return 0; @@ -3154,7 +3188,7 @@ int ossl_gost_ukm(const SSL *s, unsigned char *dgst_buf) } #endif -static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) +static int tls_construct_cke_gost18(SSL_CONNECTION *s, WPACKET *pkt) { #ifndef OPENSSL_NO_GOST /* GOST 2018 key exchange message creation */ @@ -3166,6 +3200,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) size_t pmslen = 0; size_t msglen; int cipher_nid = ossl_gost18_cke_cipher_nid(s); + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (cipher_nid == NID_undef) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -3185,7 +3220,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) goto err; } - if (RAND_bytes_ex(s->ctx->libctx, pms, pmslen, 0) <= 0) { + if (RAND_bytes_ex(sctx->libctx, pms, pmslen, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3198,9 +3233,9 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) goto err; } - pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, + pkey_ctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, X509_get0_pubkey(peer_cert), - s->ctx->propq); + sctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; @@ -3251,7 +3286,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) #endif } -static int tls_construct_cke_srp(SSL *s, WPACKET *pkt) +static int tls_construct_cke_srp(SSL_CONNECTION *s, WPACKET *pkt) { #ifndef OPENSSL_NO_SRP unsigned char *abytes = NULL; @@ -3278,7 +3313,7 @@ static int tls_construct_cke_srp(SSL *s, WPACKET *pkt) #endif } -int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) +int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt) { unsigned long alg_k; @@ -3328,7 +3363,7 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) return 0; } -int tls_client_key_exchange_post_work(SSL *s) +int tls_client_key_exchange_post_work(SSL_CONNECTION *s) { unsigned char *pms = NULL; size_t pmslen = 0; @@ -3362,10 +3397,11 @@ int tls_client_key_exchange_post_work(SSL *s) pmslen = 0; #ifndef OPENSSL_NO_SCTP - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; size_t labellen; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); /* * Add new shared key for SCTP-Auth, will be ignored if no SCTP @@ -3379,14 +3415,14 @@ int tls_client_key_exchange_post_work(SSL *s) if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG) labellen += 1; - if (SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(ssl, sctpauthkey, sizeof(sctpauthkey), labelbuffer, labellen, NULL, 0, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); } #endif @@ -3404,7 +3440,7 @@ int tls_client_key_exchange_post_work(SSL *s) * cert exists, if we have a suitable digest for TLS 1.2 if static DH client * certificates can be used and optionally checks suitability for Suite B. */ -static int ssl3_check_client_certificate(SSL *s) +static int ssl3_check_client_certificate(SSL_CONNECTION *s) { /* If no suitable signature algorithm can't use certificate */ if (!tls_choose_sigalg(s, 0) || s->s3.tmp.sigalg == NULL) @@ -3419,16 +3455,17 @@ static int ssl3_check_client_certificate(SSL *s) return 1; } -WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst) +WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, WORK_STATE wst) { X509 *x509 = NULL; EVP_PKEY *pkey = NULL; int i; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if (wst == WORK_MORE_A) { /* Let cert callback update client certificates if required */ if (s->cert->cert_cb) { - i = s->cert->cert_cb(s, s->cert->cert_cb_arg); + i = s->cert->cert_cb(ssl, s->cert->cert_cb_arg); if (i < 0) { s->rwstate = SSL_X509_LOOKUP; return WORK_MORE_A; @@ -3463,7 +3500,8 @@ WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst) } s->rwstate = SSL_NOTHING; if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { - if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey)) + if (!SSL_use_certificate(ssl, x509) + || !SSL_use_PrivateKey(ssl, pkey)) i = 0; } else if (i == 1) { i = 0; @@ -3498,9 +3536,11 @@ WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst) return WORK_ERROR; } -int tls_construct_client_certificate(SSL *s, WPACKET *pkt) +int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt) { - if (SSL_IS_TLS13(s)) { + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + + if (SSL_CONNECTION_IS_TLS13(s)) { if (s->pha_context == NULL) { /* no context available, add 0-length context */ if (!WPACKET_put_bytes_u8(pkt, 0)) { @@ -3519,9 +3559,9 @@ int tls_construct_client_certificate(SSL *s, WPACKET *pkt) return 0; } - if (SSL_IS_TLS13(s) + if (SSL_CONNECTION_IS_TLS13(s) && SSL_IS_FIRST_HANDSHAKE(s) - && (!s->method->ssl3_enc->change_cipher_state(s, + && (!ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { /* * This is a fatal error, which leaves enc_write_ctx in an inconsistent @@ -3534,7 +3574,7 @@ int tls_construct_client_certificate(SSL *s, WPACKET *pkt) return 1; } -int ssl3_check_cert_and_algorithm(SSL *s) +int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s) { const SSL_CERT_LOOKUP *clu; size_t idx; @@ -3578,7 +3618,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #ifndef OPENSSL_NO_NEXTPROTONEG -int tls_construct_next_proto(SSL *s, WPACKET *pkt) +int tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt) { size_t len, padding_len; unsigned char *padding = NULL; @@ -3598,8 +3638,10 @@ int tls_construct_next_proto(SSL *s, WPACKET *pkt) } #endif -MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_hello_req(SSL_CONNECTION *s, PACKET *pkt) { + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + if (PACKET_remaining(pkt) > 0) { /* should contain no data */ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); @@ -3618,15 +3660,16 @@ MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt) * HelloRequest it will do a full handshake. Either behaviour is reasonable * but doing one for TLS and another for DTLS is odd. */ - if (SSL_IS_DTLS(s)) - SSL_renegotiate(s); + if (SSL_CONNECTION_IS_DTLS(s)) + SSL_renegotiate(ssl); else - SSL_renegotiate_abbreviated(s); + SSL_renegotiate_abbreviated(ssl); return MSG_PROCESS_FINISHED_READING; } -static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) +static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL_CONNECTION *s, + PACKET *pkt) { PACKET extensions; RAW_EXTENSION *rawexts = NULL; @@ -3654,26 +3697,30 @@ static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } -int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) +int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509, EVP_PKEY **ppkey) { int i = 0; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + #ifndef OPENSSL_NO_ENGINE - if (s->ctx->client_cert_engine) { + if (sctx->client_cert_engine) { i = tls_engine_load_ssl_client_cert(s, px509, ppkey); if (i != 0) return i; } #endif - if (s->ctx->client_cert_cb) - i = s->ctx->client_cert_cb(s, px509, ppkey); + if (sctx->client_cert_cb) + i = sctx->client_cert_cb(SSL_CONNECTION_GET_SSL(s), px509, ppkey); return i; } -int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) +int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk, + WPACKET *pkt) { int i; size_t totlen = 0, len, maxlen, maxverok = 0; int empty_reneg_info_scsv = !s->renegotiate; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); /* Set disabled masks for this session */ if (!ssl_set_client_disabled(s)) { @@ -3695,7 +3742,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) * chop number of supported ciphers to keep it well below this if we * use TLS v1.2 */ - if (TLS1_get_version(s) >= TLS1_2_VERSION) + if (TLS1_get_version(ssl) >= TLS1_2_VERSION) maxlen = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; else #endif @@ -3715,14 +3762,14 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) continue; - if (!s->method->put_cipher_by_char(c, pkt, &len)) { + if (!ssl->method->put_cipher_by_char(c, pkt, &len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } /* Sanity check that the maximum version we offer has ciphers enabled */ if (!maxverok) { - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if (DTLS_VERSION_GE(c->max_dtls, s->s3.tmp.max_ver) && DTLS_VERSION_LE(c->min_dtls, s->s3.tmp.max_ver)) maxverok = 1; @@ -3752,7 +3799,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) static SSL_CIPHER scsv = { 0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) { + if (!ssl->method->put_cipher_by_char(&scsv, pkt, &len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3761,7 +3808,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) static SSL_CIPHER scsv = { 0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) { + if (!ssl->method->put_cipher_by_char(&scsv, pkt, &len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3771,7 +3818,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) return 1; } -int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt) +int tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt) { if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) { diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 2838d51bdb25d1..6068c833c65749 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -43,15 +43,17 @@ static unsigned char bitmask_start_values[] = static unsigned char bitmask_end_values[] = { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f }; -static void dtls1_fix_message_header(SSL *s, size_t frag_off, +static void dtls1_fix_message_header(SSL_CONNECTION *s, size_t frag_off, size_t frag_len); -static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p); -static void dtls1_set_message_header_int(SSL *s, unsigned char mt, +static unsigned char *dtls1_write_message_header(SSL_CONNECTION *s, + unsigned char *p); +static void dtls1_set_message_header_int(SSL_CONNECTION *s, unsigned char mt, size_t len, unsigned short seq_num, size_t frag_off, size_t frag_len); -static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len); +static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, + size_t *len); static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) { @@ -109,13 +111,14 @@ void dtls1_hm_fragment_free(hm_fragment *frag) * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or * SSL3_RT_CHANGE_CIPHER_SPEC) */ -int dtls1_do_write(SSL *s, int type) +int dtls1_do_write(SSL_CONNECTION *s, int type) { int ret; size_t written; size_t curr_mtu; int retry = 1; size_t len, frag_off, mac_size, blocksize, used_len; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if (!dtls1_query_mtu(s)) return -1; @@ -248,9 +251,9 @@ int dtls1_do_write(SSL *s, int type) * retransmit anything. continue as if everything is fine and * wait for an alert to handle the retransmit */ - if (retry && BIO_ctrl(SSL_get_wbio(s), + if (retry && BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) { - if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { + if (!(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) { if (!dtls1_query_mtu(s)) return -1; /* Have one more go */ @@ -303,7 +306,7 @@ int dtls1_do_write(SSL *s, int type) if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), s, + (size_t)(s->init_off + s->init_num), ssl, s->msg_callback_arg); s->init_off = 0; /* done writing this message */ @@ -328,7 +331,7 @@ int dtls1_do_write(SSL *s, int type) return 0; } -int dtls_get_message(SSL *s, int *mt) +int dtls_get_message(SSL_CONNECTION *s, int *mt) { struct hm_header_st *msg_hdr; unsigned char *p; @@ -356,7 +359,8 @@ int dtls_get_message(SSL *s, int *mt) if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { if (s->msg_callback) { s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, - p, 1, s, s->msg_callback_arg); + p, 1, SSL_CONNECTION_GET_SSL(s), + s->msg_callback_arg); } /* * This isn't a real handshake message so skip the processing below. @@ -387,7 +391,7 @@ int dtls_get_message(SSL *s, int *mt) * DTLS to do any further processing it wants at the same point that TLS would * be asked for the message body. */ -int dtls_get_message_body(SSL *s, size_t *len) +int dtls_get_message_body(SSL_CONNECTION *s, size_t *len) { unsigned char *msg = (unsigned char *)s->init_buf->data; size_t msg_len = s->init_num + DTLS1_HM_HEADER_LENGTH; @@ -416,7 +420,7 @@ int dtls_get_message_body(SSL *s, size_t *len) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, - s, s->msg_callback_arg); + SSL_CONNECTION_GET_SSL(s), s->msg_callback_arg); end: *len = s->init_num; @@ -428,7 +432,7 @@ int dtls_get_message_body(SSL *s, size_t *len) * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but * may be greater if the maximum certificate list size requires it. */ -static size_t dtls1_max_handshake_message_len(const SSL *s) +static size_t dtls1_max_handshake_message_len(const SSL_CONNECTION *s) { size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; if (max_len < s->max_cert_list) @@ -436,7 +440,8 @@ static size_t dtls1_max_handshake_message_len(const SSL *s) return max_len; } -static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr) +static int dtls1_preprocess_fragment(SSL_CONNECTION *s, + struct hm_header_st *msg_hdr) { size_t frag_off, frag_len, msg_len; @@ -482,7 +487,7 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr) * Returns 1 if there is a buffered fragment available, 0 if not, or -1 on a * fatal error. */ -static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len) +static int dtls1_retrieve_buffered_fragment(SSL_CONNECTION *s, size_t *len) { /*- * (0) check whether the desired fragment is available @@ -545,8 +550,8 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len) } } -static int -dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) +static int dtls1_reassemble_fragment(SSL_CONNECTION *s, + const struct hm_header_st *msg_hdr) { hm_fragment *frag = NULL; pitem *item = NULL; @@ -554,6 +559,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) unsigned char seq64be[8]; size_t frag_len = msg_hdr->frag_len; size_t readbytes; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) @@ -594,11 +600,11 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) unsigned char devnull[256]; while (frag_len) { - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - devnull, - frag_len > - sizeof(devnull) ? sizeof(devnull) : - frag_len, 0, &readbytes); + i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, + devnull, + frag_len > + sizeof(devnull) ? sizeof(devnull) : + frag_len, 0, &readbytes); if (i <= 0) goto err; frag_len -= readbytes; @@ -607,9 +613,9 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) } /* read the body of the fragment (header has already been read */ - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - frag->fragment + msg_hdr->frag_off, - frag_len, 0, &readbytes); + i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, + frag->fragment + msg_hdr->frag_off, + frag_len, 0, &readbytes); if (i <= 0 || readbytes != frag_len) i = -1; if (i <= 0) @@ -654,8 +660,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) return -1; } -static int -dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) +static int dtls1_process_out_of_seq_message(SSL_CONNECTION *s, + const struct hm_header_st *msg_hdr) { int i = -1; hm_fragment *frag = NULL; @@ -663,6 +669,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) unsigned char seq64be[8]; size_t frag_len = msg_hdr->frag_len; size_t readbytes; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) goto err; @@ -691,11 +698,11 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) unsigned char devnull[256]; while (frag_len) { - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - devnull, - frag_len > - sizeof(devnull) ? sizeof(devnull) : - frag_len, 0, &readbytes); + i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, + devnull, + frag_len > + sizeof(devnull) ? sizeof(devnull) : + frag_len, 0, &readbytes); if (i <= 0) goto err; frag_len -= readbytes; @@ -718,9 +725,9 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) /* * read the body of the fragment (header has already been read */ - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - frag->fragment, frag_len, 0, - &readbytes); + i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, + frag->fragment, frag_len, 0, + &readbytes); if (i<=0 || readbytes != frag_len) i = -1; if (i <= 0) @@ -752,13 +759,15 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) return 0; } -static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) +static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, + size_t *len) { unsigned char wire[DTLS1_HM_HEADER_LENGTH]; size_t mlen, frag_off, frag_len; int i, ret, recvd_type; struct hm_header_st msg_hdr; size_t readbytes; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); *errtype = 0; @@ -776,8 +785,8 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) } /* read handshake message header */ - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire, - DTLS1_HM_HEADER_LENGTH, 0, &readbytes); + i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, &recvd_type, wire, + DTLS1_HM_HEADER_LENGTH, 0, &readbytes); if (i <= 0) { /* nbio, or an error */ s->rwstate = SSL_READING; *len = 0; @@ -849,7 +858,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - wire, DTLS1_HM_HEADER_LENGTH, s, + wire, DTLS1_HM_HEADER_LENGTH, ssl, s->msg_callback_arg); s->init_num = 0; @@ -870,8 +879,8 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[frag_off], frag_len, 0, &readbytes); + i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, + &p[frag_off], frag_len, 0, &readbytes); /* * This shouldn't ever fail due to NBIO because we already checked @@ -919,7 +928,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) * ssl->session->read_compression assign * ssl->session->read_hash assign */ -int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt) +int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt) { if (s->version == DTLS1_BAD_VER) { s->d1->next_handshake_write_seq++; @@ -938,13 +947,14 @@ int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt) * Wait for a dry event. Should only be called at a point in the handshake * where we are not expecting any data from the peer except an alert. */ -WORK_STATE dtls_wait_for_dry(SSL *s) +WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s) { int ret, errtype; size_t len; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); /* read app data until dry event */ - ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); + ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(ssl)); if (ret < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return WORK_ERROR; @@ -965,16 +975,18 @@ WORK_STATE dtls_wait_for_dry(SSL *s) s->s3.in_read_app_data = 2; s->rwstate = SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); + BIO_clear_retry_flags(SSL_get_rbio(ssl)); + BIO_set_retry_read(SSL_get_rbio(ssl)); return WORK_MORE_A; } return WORK_FINISHED_CONTINUE; } #endif -int dtls1_read_failed(SSL *s, int code) +int dtls1_read_failed(SSL_CONNECTION *s, int code) { + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + if (code > 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -988,9 +1000,9 @@ int dtls1_read_failed(SSL *s, int code) return code; } /* done, no need to send a retransmit */ - if (!SSL_in_init(s)) + if (!SSL_in_init(ssl)) { - BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); + BIO_set_flags(SSL_get_rbio(ssl), BIO_FLAGS_READ); return code; } @@ -1012,7 +1024,7 @@ int dtls1_get_queue_priority(unsigned short seq, int is_ccs) return seq * 2 - is_ccs; } -int dtls1_retransmit_buffered_messages(SSL *s) +int dtls1_retransmit_buffered_messages(SSL_CONNECTION *s) { pqueue *sent = s->d1->sent_messages; piterator iter; @@ -1034,7 +1046,7 @@ int dtls1_retransmit_buffered_messages(SSL *s) return 1; } -int dtls1_buffer_message(SSL *s, int is_ccs) +int dtls1_buffer_message(SSL_CONNECTION *s, int is_ccs) { pitem *item; hm_fragment *frag; @@ -1105,7 +1117,7 @@ int dtls1_buffer_message(SSL *s, int is_ccs) return 1; } -int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) +int dtls1_retransmit_message(SSL_CONNECTION *s, unsigned short seq, int *found) { int ret; /* XDTLS: for now assuming that read/writes are blocking */ @@ -1178,7 +1190,7 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) return ret; } -void dtls1_set_message_header(SSL *s, +void dtls1_set_message_header(SSL_CONNECTION *s, unsigned char mt, size_t len, size_t frag_off, size_t frag_len) { @@ -1193,7 +1205,7 @@ void dtls1_set_message_header(SSL *s, /* don't actually do the writing, wait till the MTU has been retrieved */ static void -dtls1_set_message_header_int(SSL *s, unsigned char mt, +dtls1_set_message_header_int(SSL_CONNECTION *s, unsigned char mt, size_t len, unsigned short seq_num, size_t frag_off, size_t frag_len) { @@ -1207,7 +1219,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, } static void -dtls1_fix_message_header(SSL *s, size_t frag_off, size_t frag_len) +dtls1_fix_message_header(SSL_CONNECTION *s, size_t frag_off, size_t frag_len) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; @@ -1215,7 +1227,8 @@ dtls1_fix_message_header(SSL *s, size_t frag_off, size_t frag_len) msg_hdr->frag_len = frag_len; } -static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p) +static unsigned char *dtls1_write_message_header(SSL_CONNECTION *s, + unsigned char *p) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; @@ -1240,7 +1253,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) n2l3(data, msg_hdr->frag_len); } -int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype) +int dtls1_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype) { unsigned char *header; @@ -1264,7 +1277,7 @@ int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype) return 1; } -int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype) +int dtls1_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype) { size_t msglen; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 36587837e6a752..93100cc74362c7 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -40,12 +40,13 @@ const unsigned char hrrrandom[] = { * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or * SSL3_RT_CHANGE_CIPHER_SPEC) */ -int ssl3_do_write(SSL *s, int type) +int ssl3_do_write(SSL_CONNECTION *s, int type) { int ret; size_t written = 0; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); - ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], + ret = ssl3_write_bytes(ssl, type, &s->init_buf->data[s->init_off], s->init_num, &written); if (ret < 0) return -1; @@ -55,7 +56,8 @@ int ssl3_do_write(SSL *s, int type) * ignore the result anyway * TLS1.3 KeyUpdate and NewSessionTicket do not need to be added */ - if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET + if (!SSL_CONNECTION_IS_TLS13(s) + || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) if (!ssl3_finish_mac(s, @@ -65,7 +67,7 @@ int ssl3_do_write(SSL *s, int type) if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), s, + (size_t)(s->init_off + s->init_num), ssl, s->msg_callback_arg); return 1; } @@ -74,7 +76,7 @@ int ssl3_do_write(SSL *s, int type) return 0; } -int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype) +int tls_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype) { size_t msglen; @@ -88,9 +90,11 @@ int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype) return 1; } -int tls_setup_handshake(SSL *s) +int tls_setup_handshake(SSL_CONNECTION *s) { int ver_min, ver_max, ok; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (!ssl3_init_finished_mac(s)) { /* SSLfatal() already called */ @@ -106,11 +110,11 @@ int tls_setup_handshake(SSL *s) } /* Sanity check that we have MD5-SHA1 if we need it */ - if (s->ctx->ssl_digest_methods[SSL_MD_MD5_SHA1_IDX] == NULL) { + if (sctx->ssl_digest_methods[SSL_MD_MD5_SHA1_IDX] == NULL) { int md5sha1_needed = 0; /* We don't have MD5-SHA1 - do we need it? */ - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if (DTLS_VERSION_LE(ver_max, DTLS1_VERSION)) md5sha1_needed = 1; } else { @@ -129,12 +133,12 @@ int tls_setup_handshake(SSL *s) ok = 1; /* Don't allow TLSv1.1 or below to be negotiated */ - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if (DTLS_VERSION_LT(ver_min, DTLS1_2_VERSION)) - ok = SSL_set_min_proto_version(s, DTLS1_2_VERSION); + ok = SSL_set_min_proto_version(ssl, DTLS1_2_VERSION); } else { if (ver_min < TLS1_2_VERSION) - ok = SSL_set_min_proto_version(s, TLS1_2_VERSION); + ok = SSL_set_min_proto_version(ssl, TLS1_2_VERSION); } if (!ok) { /* Shouldn't happen */ @@ -145,7 +149,7 @@ int tls_setup_handshake(SSL *s) ok = 0; if (s->server) { - STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(s); + STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(ssl); int i; /* @@ -156,7 +160,7 @@ int tls_setup_handshake(SSL *s) for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if (DTLS_VERSION_GE(ver_max, c->min_dtls) && DTLS_VERSION_LE(ver_max, c->max_dtls)) ok = 1; @@ -178,7 +182,7 @@ int tls_setup_handshake(SSL *s) ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_accept); } else { /* N.B. s->ctx may not equal s->session_ctx */ - ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept_renegotiate); + ssl_tsan_counter(sctx, &sctx->stats.sess_accept_renegotiate); s->s3.tmp.cert_request = 0; } @@ -195,7 +199,7 @@ int tls_setup_handshake(SSL *s) s->s3.tmp.cert_req = 0; - if (SSL_IS_DTLS(s)) + if (SSL_CONNECTION_IS_DTLS(s)) s->statem.use_timer = 1; } @@ -209,7 +213,7 @@ int tls_setup_handshake(SSL *s) #define TLS13_TBS_START_SIZE 64 #define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1) -static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, +static int get_cert_verify_tbs_data(SSL_CONNECTION *s, unsigned char *tls13tbs, void **hdata, size_t *hdatalen) { #ifdef CHARSET_EBCDIC @@ -225,7 +229,8 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, static const char servercontext[] = "TLS 1.3, server CertificateVerify"; static const char clientcontext[] = "TLS 1.3, client CertificateVerify"; #endif - if (SSL_IS_TLS13(s)) { + + if (SSL_CONNECTION_IS_TLS13(s)) { size_t hashlen; /* Set the first 64 bytes of to-be-signed data to octet 32 */ @@ -270,7 +275,7 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, return 1; } -int tls_construct_cert_verify(SSL *s, WPACKET *pkt) +int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt) { EVP_PKEY *pkey = NULL; const EVP_MD *md = NULL; @@ -281,6 +286,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) unsigned char *sig = NULL; unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (lu == NULL || s->s3.tmp.cert == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -288,7 +294,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) } pkey = s->s3.tmp.cert->privatekey; - if (pkey == NULL || !tls1_lookup_md(s->ctx, lu, &md)) { + if (pkey == NULL || !tls1_lookup_md(sctx, lu, &md)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -312,7 +318,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) if (EVP_DigestSignInit_ex(mctx, &pctx, md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, + sctx->libctx, sctx->propq, pkey, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; @@ -394,7 +400,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) return 0; } -MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) { EVP_PKEY *pkey = NULL; const unsigned char *data; @@ -411,6 +417,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; EVP_MD_CTX *mctx = EVP_MD_CTX_new(); EVP_PKEY_CTX *pctx = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (mctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); @@ -446,7 +453,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) goto err; } - if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) { + if (!tls1_lookup_md(sctx, s->s3.tmp.peer_sigalg, &md)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -490,7 +497,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) if (EVP_DigestVerifyInit_ex(mctx, &pctx, md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, + sctx->libctx, sctx->propq, pkey, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; @@ -547,7 +554,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) * want to make sure that SSL_get1_peer_certificate() will return the actual * server certificate from the client_cert_cb callback. */ - if (!s->server && SSL_IS_TLS13(s) && s->s3.tmp.cert_req == 1) + if (!s->server && SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.cert_req == 1) ret = MSG_PROCESS_CONTINUE_PROCESSING; else ret = MSG_PROCESS_CONTINUE_READING; @@ -561,11 +568,12 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) return ret; } -int tls_construct_finished(SSL *s, WPACKET *pkt) +int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt) { size_t finish_md_len; const char *sender; size_t slen; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); /* This is a real handshake so make sure we clean it up at the end */ if (!s->server && s->post_handshake_auth != SSL_PHA_REQUESTED) @@ -575,26 +583,26 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) * We only change the keys if we didn't already do this when we sent the * client certificate */ - if (SSL_IS_TLS13(s) + if (SSL_CONNECTION_IS_TLS13(s) && !s->server && s->s3.tmp.cert_req == 0 - && (!s->method->ssl3_enc->change_cipher_state(s, + && (!ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {; /* SSLfatal() already called */ return 0; } if (s->server) { - sender = s->method->ssl3_enc->server_finished_label; - slen = s->method->ssl3_enc->server_finished_label_len; + sender = ssl->method->ssl3_enc->server_finished_label; + slen = ssl->method->ssl3_enc->server_finished_label_len; } else { - sender = s->method->ssl3_enc->client_finished_label; - slen = s->method->ssl3_enc->client_finished_label_len; + sender = ssl->method->ssl3_enc->client_finished_label; + slen = ssl->method->ssl3_enc->client_finished_label_len; } - finish_md_len = s->method->ssl3_enc->final_finish_mac(s, - sender, slen, - s->s3.tmp.finish_md); + finish_md_len = ssl->method->ssl3_enc->final_finish_mac(s, + sender, slen, + s->s3.tmp.finish_md); if (finish_md_len == 0) { /* SSLfatal() already called */ return 0; @@ -611,9 +619,9 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) * Log the master secret, if logging is enabled. We don't log it for * TLSv1.3: there's a different key schedule for that. */ - if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL, - s->session->master_key, - s->session->master_key_length)) { + if (!SSL_CONNECTION_IS_TLS13(s) + && !ssl_log_secret(s, MASTER_SECRET_LABEL, s->session->master_key, + s->session->master_key_length)) { /* SSLfatal() already called */ return 0; } @@ -638,7 +646,7 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) return 1; } -int tls_construct_key_update(SSL *s, WPACKET *pkt) +int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt) { if (!WPACKET_put_bytes_u8(pkt, s->key_update)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -649,7 +657,7 @@ int tls_construct_key_update(SSL *s, WPACKET *pkt) return 1; } -MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, PACKET *pkt) { unsigned int updatetype; @@ -698,22 +706,23 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen * to far. */ -int ssl3_take_mac(SSL *s) +int ssl3_take_mac(SSL_CONNECTION *s) { const char *sender; size_t slen; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if (!s->server) { - sender = s->method->ssl3_enc->server_finished_label; - slen = s->method->ssl3_enc->server_finished_label_len; + sender = ssl->method->ssl3_enc->server_finished_label; + slen = ssl->method->ssl3_enc->server_finished_label_len; } else { - sender = s->method->ssl3_enc->client_finished_label; - slen = s->method->ssl3_enc->client_finished_label_len; + sender = ssl->method->ssl3_enc->client_finished_label; + slen = ssl->method->ssl3_enc->client_finished_label_len; } s->s3.tmp.peer_finish_md_len = - s->method->ssl3_enc->final_finish_mac(s, sender, slen, - s->s3.tmp.peer_finish_md); + ssl->method->ssl3_enc->final_finish_mac(s, sender, slen, + s->s3.tmp.peer_finish_md); if (s->s3.tmp.peer_finish_md_len == 0) { /* SSLfatal() already called */ @@ -723,7 +732,8 @@ int ssl3_take_mac(SSL *s) return 1; } -MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s, + PACKET *pkt) { size_t remain; @@ -733,7 +743,7 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) * been consumed by ssl_get_message() so there should be no bytes left, * unless we're using DTLS1_BAD_VER, which has an extra 2 bytes */ - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if ((s->version == DTLS1_BAD_VER && remain != DTLS1_CCS_HEADER_LENGTH + 1) || (s->version != DTLS1_BAD_VER @@ -760,7 +770,7 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { dtls1_reset_seq_numbers(s, SSL3_CC_READ); if (s->version == DTLS1_BAD_VER) @@ -772,16 +782,18 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no * SCTP is used */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL); + BIO_ctrl(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s)), + BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL); #endif } return MSG_PROCESS_CONTINUE_READING; } -MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) { size_t md_len; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); /* This is a real handshake so make sure we clean it up at the end */ @@ -794,7 +806,8 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) s->statem.enc_read_state = ENC_READ_STATE_VALID; if (s->post_handshake_auth != SSL_PHA_REQUESTED) s->statem.cleanuphand = 1; - if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) { + if (SSL_CONNECTION_IS_TLS13(s) + && !tls13_save_handshake_digest_for_pha(s)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } @@ -804,13 +817,14 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) * In TLSv1.3 a Finished message signals a key change so the end of the * message must be on a record boundary. */ - if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) { + if (SSL_CONNECTION_IS_TLS13(s) + && RECORD_LAYER_processed_read_pending(&s->rlayer)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_NOT_ON_RECORD_BOUNDARY); return MSG_PROCESS_ERROR; } /* If this occurs, we have missed a message */ - if (!SSL_IS_TLS13(s) && !s->s3.change_cipher_spec) { + if (!SSL_CONNECTION_IS_TLS13(s) && !s->s3.change_cipher_spec) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_GOT_A_FIN_BEFORE_A_CCS); return MSG_PROCESS_ERROR; } @@ -850,24 +864,24 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) * In TLS1.3 we also have to change cipher state and do any final processing * of the initial server flight (if we are a client) */ - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { if (s->server) { if (s->post_handshake_auth != SSL_PHA_REQUESTED && - !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) { + !ssl->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } } else { /* TLS 1.3 gets the secret size from the handshake md */ size_t dummy; - if (!s->method->ssl3_enc->generate_master_secret(s, + if (!ssl->method->ssl3_enc->generate_master_secret(s, s->master_secret, s->handshake_secret, 0, &dummy)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } - if (!s->method->ssl3_enc->change_cipher_state(s, + if (!ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; @@ -882,7 +896,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) return MSG_PROCESS_FINISHED_READING; } -int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt) +int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt) { if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -893,7 +907,8 @@ int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt) } /* Add a certificate to the WPACKET */ -static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain) +static int ssl_add_cert_to_wpacket(SSL_CONNECTION *s, WPACKET *pkt, + X509 *x, int chain) { int len; unsigned char *outbytes; @@ -909,7 +924,7 @@ static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain) return 0; } - if (SSL_IS_TLS13(s) + if (SSL_CONNECTION_IS_TLS13(s) && !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x, chain)) { /* SSLfatal() already called */ @@ -920,13 +935,14 @@ static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain) } /* Add certificate chain to provided WPACKET */ -static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) +static int ssl_add_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, CERT_PKEY *cpk) { int i, chain_count; X509 *x; STACK_OF(X509) *extra_certs; STACK_OF(X509) *chain = NULL; X509_STORE *chain_store; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (cpk == NULL || cpk->x509 == NULL) return 1; @@ -939,18 +955,18 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) if (cpk->chain != NULL) extra_certs = cpk->chain; else - extra_certs = s->ctx->extra_certs; + extra_certs = sctx->extra_certs; if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs) chain_store = NULL; else if (s->cert->chain_store) chain_store = s->cert->chain_store; else - chain_store = s->ctx->cert_store; + chain_store = sctx->cert_store; if (chain_store != NULL) { - X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(s->ctx->libctx, - s->ctx->propq); + X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(sctx->libctx, + sctx->propq); if (xs_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); @@ -1015,7 +1031,8 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) return 1; } -unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) +unsigned long ssl3_output_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, + CERT_PKEY *cpk) { if (!WPACKET_start_sub_packet_u24(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1038,14 +1055,16 @@ unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) * in NBIO events. If |clearbufs| is set then init_buf and the wbio buffer is * freed up as well. */ -WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, +WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, int clearbufs, int stop) { void (*cb) (const SSL *ssl, int type, int val) = NULL; int cleanuphand = s->statem.cleanuphand; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (clearbufs) { - if (!SSL_IS_DTLS(s) + if (!SSL_CONNECTION_IS_DTLS(s) #ifndef OPENSSL_NO_SCTP /* * RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS @@ -1053,7 +1072,7 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, * MUST NOT be used. * Hence the init_buf can be cleared when DTLS over SCTP as transport is used. */ - || BIO_dgram_is_sctp(SSL_get_wbio(s)) + || BIO_dgram_is_sctp(SSL_get_wbio(ssl)) #endif ) { /* @@ -1071,7 +1090,7 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, s->init_num = 0; } - if (SSL_IS_TLS13(s) && !s->server + if (SSL_CONNECTION_IS_TLS13(s) && !s->server && s->post_handshake_auth == SSL_PHA_REQUESTED) s->post_handshake_auth = SSL_PHA_EXT_SENT; @@ -1093,14 +1112,14 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, * In TLSv1.3 we update the cache as part of constructing the * NewSessionTicket */ - if (!SSL_IS_TLS13(s)) + if (!SSL_CONNECTION_IS_TLS13(s)) ssl_update_cache(s, SSL_SESS_CACHE_SERVER); /* N.B. s->ctx may not equal s->session_ctx */ - ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept_good); + ssl_tsan_counter(sctx, &sctx->stats.sess_accept_good); s->handshake_func = ossl_statem_accept; } else { - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { /* * We encourage applications to only use TLSv1.3 tickets once, * so we remove this one from the cache. @@ -1124,7 +1143,7 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, &s->session_ctx->stats.sess_connect_good); } - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { /* done with handshaking */ s->d1->handshake_read_seq = 0; s->d1->handshake_write_seq = 0; @@ -1135,17 +1154,17 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, if (s->info_callback != NULL) cb = s->info_callback; - else if (s->ctx->info_callback != NULL) - cb = s->ctx->info_callback; + else if (sctx->info_callback != NULL) + cb = sctx->info_callback; /* The callback may expect us to not be in init at handshake done */ ossl_statem_set_in_init(s, 0); if (cb != NULL) { if (cleanuphand - || !SSL_IS_TLS13(s) + || !SSL_CONNECTION_IS_TLS13(s) || SSL_IS_FIRST_HANDSHAKE(s)) - cb(s, SSL_CB_HANDSHAKE_DONE, 1); + cb(ssl, SSL_CB_HANDSHAKE_DONE, 1); } if (!stop) { @@ -1157,21 +1176,22 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, return WORK_FINISHED_STOP; } -int tls_get_message_header(SSL *s, int *mt) +int tls_get_message_header(SSL_CONNECTION *s, int *mt) { /* s->init_num < SSL3_HM_HEADER_LENGTH */ int skip_message, i, recvd_type; unsigned char *p; size_t l, readbytes; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); p = (unsigned char *)s->init_buf->data; do { while (s->init_num < SSL3_HM_HEADER_LENGTH) { - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, - &p[s->init_num], - SSL3_HM_HEADER_LENGTH - s->init_num, - 0, &readbytes); + i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, &recvd_type, + &p[s->init_num], + SSL3_HM_HEADER_LENGTH - s->init_num, + 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; return 0; @@ -1226,7 +1246,7 @@ int tls_get_message_header(SSL *s, int *mt) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, SSL3_HM_HEADER_LENGTH, s, + p, SSL3_HM_HEADER_LENGTH, ssl, s->msg_callback_arg); } } while (skip_message); @@ -1266,11 +1286,12 @@ int tls_get_message_header(SSL *s, int *mt) return 1; } -int tls_get_message_body(SSL *s, size_t *len) +int tls_get_message_body(SSL_CONNECTION *s, size_t *len) { size_t n, readbytes; unsigned char *p; int i; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { /* We've already read everything in */ @@ -1281,8 +1302,8 @@ int tls_get_message_body(SSL *s, size_t *len) p = s->init_msg; n = s->s3.tmp.message_size - s->init_num; while (n > 0) { - i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[s->init_num], n, 0, &readbytes); + i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, + &p[s->init_num], n, 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; *len = 0; @@ -1312,7 +1333,7 @@ int tls_get_message_body(SSL *s, size_t *len) } if (s->msg_callback) s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data, - (size_t)s->init_num, s, s->msg_callback_arg); + (size_t)s->init_num, ssl, s->msg_callback_arg); } else { /* * We defer feeding in the HRR until later. We'll do it as part of @@ -1322,8 +1343,9 @@ int tls_get_message_body(SSL *s, size_t *len) */ #define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) /* KeyUpdate and NewSessionTicket do not need to be added */ - if (!SSL_IS_TLS13(s) || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET - && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) { + if (!SSL_CONNECTION_IS_TLS13(s) + || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET + && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) { if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE || memcmp(hrrrandom, @@ -1339,7 +1361,7 @@ int tls_get_message_body(SSL *s, size_t *len) } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, - (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s, + (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ssl, s->msg_callback_arg); } @@ -1403,16 +1425,16 @@ int ssl_x509err2alert(int x509err) return tp->alert; } -int ssl_allow_compression(SSL *s) +int ssl_allow_compression(SSL_CONNECTION *s) { if (s->options & SSL_OP_NO_COMPRESSION) return 0; return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL); } -static int version_cmp(const SSL *s, int a, int b) +static int version_cmp(const SSL_CONNECTION *s, int a, int b) { - int dtls = SSL_IS_DTLS(s); + int dtls = SSL_CONNECTION_IS_DTLS(s); if (a == b) return 0; @@ -1490,7 +1512,7 @@ static const version_info dtls_version_table[] = { * * Returns 0 on success, or an SSL error reason on failure. */ -static int ssl_method_error(const SSL *s, const SSL_METHOD *method) +static int ssl_method_error(const SSL_CONNECTION *s, const SSL_METHOD *method) { int version = method->version; @@ -1516,19 +1538,20 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) * certificate type, or has PSK or a certificate callback configured, or has * a servername callback configure. Otherwise returns 0. */ -static int is_tls13_capable(const SSL *s) +static int is_tls13_capable(const SSL_CONNECTION *s) { int i; int curve; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); - if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) + if (!ossl_assert(sctx != NULL) || !ossl_assert(s->session_ctx != NULL)) return 0; /* * A servername callback can change the available certs, so if a servername * cb is set then we just assume TLSv1.3 will be ok */ - if (s->ctx->ext.servername_cb != NULL + if (sctx->ext.servername_cb != NULL || s->session_ctx->ext.servername_cb != NULL) return 1; @@ -1577,12 +1600,13 @@ static int is_tls13_capable(const SSL *s) * * Returns 1 when supported, otherwise 0 */ -int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth) +int ssl_version_supported(const SSL_CONNECTION *s, int version, + const SSL_METHOD **meth) { const version_info *vent; const version_info *table; - switch (s->method->version) { + switch (SSL_CONNECTION_GET_SSL(s)->method->version) { default: /* Version should match method version for non-ANY method */ return version_cmp(s, version, s->version) == 0; @@ -1620,26 +1644,27 @@ int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth) * * Returns 1 when using the highest enabled version, 0 otherwise. */ -int ssl_check_version_downgrade(SSL *s) +int ssl_check_version_downgrade(SSL_CONNECTION *s) { const version_info *vent; const version_info *table; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* * Check that the current protocol is the highest enabled version * (according to s->ctx->method, as version negotiation may have changed * s->method). */ - if (s->version == s->ctx->method->version) + if (s->version == sctx->method->version) return 1; /* * Apparently we're using a version-flexible SSL_METHOD (not at its * highest protocol version). */ - if (s->ctx->method->version == TLS_method()->version) + if (sctx->method->version == TLS_method()->version) table = tls_version_table; - else if (s->ctx->method->version == DTLS_method()->version) + else if (sctx->method->version == DTLS_method()->version) table = dtls_version_table; else { /* Unexpected state; fail closed. */ @@ -1714,12 +1739,12 @@ int ssl_set_version_bound(int method_version, int version, int *bound) return 1; } -static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd) +static void check_for_downgrade(SSL_CONNECTION *s, int vers, DOWNGRADE *dgrd) { if (vers == TLS1_2_VERSION && ssl_version_supported(s, TLS1_3_VERSION, NULL)) { *dgrd = DOWNGRADE_TO_1_2; - } else if (!SSL_IS_DTLS(s) + } else if (!SSL_CONNECTION_IS_DTLS(s) && vers < TLS1_2_VERSION /* * We need to ensure that a server that disables TLSv1.2 @@ -1744,7 +1769,8 @@ static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd) * * Returns 0 on success or an SSL error reason number on failure. */ -int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) +int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello, + DOWNGRADE *dgrd) { /*- * With version-flexible methods we have an initial state with: @@ -1755,7 +1781,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) * So we detect version-flexible methods via the method version, not the * handle version. */ - int server_version = s->method->version; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + int server_version = ssl->method->version; int client_version = hello->legacy_version; const version_info *vent; const version_info *table; @@ -1766,7 +1793,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) switch (server_version) { default: - if (!SSL_IS_TLS13(s)) { + if (!SSL_CONNECTION_IS_TLS13(s)) { if (version_cmp(s, client_version, s->version) < 0) return SSL_R_WRONG_SSL_VERSION; *dgrd = DOWNGRADE_NONE; @@ -1798,7 +1825,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) if (!suppversions->present && s->hello_retry_request != SSL_HRR_NONE) return SSL_R_UNSUPPORTED_PROTOCOL; - if (suppversions->present && !SSL_IS_DTLS(s)) { + if (suppversions->present && !SSL_CONNECTION_IS_DTLS(s)) { unsigned int candidate_vers = 0; unsigned int best_vers = 0; const SSL_METHOD *best_method = NULL; @@ -1846,7 +1873,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) } check_for_downgrade(s, best_vers, dgrd); s->version = best_vers; - s->method = best_method; + ssl->method = best_method; return 0; } return SSL_R_UNSUPPORTED_PROTOCOL; @@ -1873,7 +1900,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) if (ssl_method_error(s, method) == 0) { check_for_downgrade(s, vent->version, dgrd); s->version = vent->version; - s->method = method; + ssl->method = method; return 0; } disabled = 1; @@ -1892,11 +1919,13 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) * * Returns 1 on success or 0 on error. */ -int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) +int ssl_choose_client_version(SSL_CONNECTION *s, int version, + RAW_EXTENSION *extensions) { const version_info *vent; const version_info *table; int ret, ver_min, ver_max, real_max, origv; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); origv = s->version; s->version = version; @@ -1917,9 +1946,9 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) return 0; } - switch (s->method->version) { + switch (ssl->method->version) { default: - if (s->version != s->method->version) { + if (s->version != ssl->method->version) { s->version = origv; SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION); return 0; @@ -1946,13 +1975,13 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) SSLfatal(s, SSL_AD_PROTOCOL_VERSION, ret); return 0; } - if (SSL_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min) - : s->version < ver_min) { + if (SSL_CONNECTION_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min) + : s->version < ver_min) { s->version = origv; SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); return 0; - } else if (SSL_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max) - : s->version > ver_max) { + } else if (SSL_CONNECTION_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max) + : s->version > ver_max) { s->version = origv; SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); return 0; @@ -1972,7 +2001,7 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) SSL_R_INAPPROPRIATE_FALLBACK); return 0; } - } else if (!SSL_IS_DTLS(s) + } else if (!SSL_CONNECTION_IS_DTLS(s) && s->version < TLS1_2_VERSION && real_max > s->version) { if (memcmp(tls11downgrade, @@ -1990,7 +2019,7 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) if (vent->cmeth == NULL || s->version != vent->version) continue; - s->method = vent->cmeth(); + ssl->method = vent->cmeth(); return 1; } @@ -2021,8 +2050,8 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) * Returns 0 on success or an SSL error reason number on failure. On failure * min_version and max_version will also be set to 0. */ -int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version, - int *real_max) +int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version, + int *max_version, int *real_max) { int version, tmp_real_max; int hole; @@ -2030,8 +2059,9 @@ int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version, const SSL_METHOD *method; const version_info *table; const version_info *vent; + const SSL *ssl = SSL_CONNECTION_GET_SSL(s); - switch (s->method->version) { + switch (ssl->method->version) { default: /* * If this SSL handle is not from a version flexible method we don't @@ -2128,7 +2158,7 @@ int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version, * * Returns 0 on success or an SSL error reason number on failure. */ -int ssl_set_client_hello_version(SSL *s) +int ssl_set_client_hello_version(SSL_CONNECTION *s) { int ver_min, ver_max, ret; @@ -2147,7 +2177,7 @@ int ssl_set_client_hello_version(SSL *s) s->version = ver_max; /* TLS1.3 always uses TLS1.2 in the legacy_version field */ - if (!SSL_IS_DTLS(s) && ver_max > TLS1_2_VERSION) + if (!SSL_CONNECTION_IS_DTLS(s) && ver_max > TLS1_2_VERSION) ver_max = TLS1_2_VERSION; s->client_version = ver_max; @@ -2160,7 +2190,7 @@ int ssl_set_client_hello_version(SSL *s) * used. Returns 1 if the group is in the list (and allowed if |checkallow| is * 1) or 0 otherwise. */ -int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, +int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups, size_t num_groups, int checkallow) { size_t i; @@ -2188,7 +2218,8 @@ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, } /* Replace ClientHello1 in the transcript hash with a synthetic message */ -int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, +int create_synthetic_message_hash(SSL_CONNECTION *s, + const unsigned char *hashval, size_t hashlen, const unsigned char *hrr, size_t hrrlen) { @@ -2246,7 +2277,7 @@ static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b) return X509_NAME_cmp(*a, *b); } -int parse_ca_names(SSL *s, PACKET *pkt) +int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt) { STACK_OF(X509_NAME) *ca_sk = sk_X509_NAME_new(ca_dn_cmp); X509_NAME *xn = NULL; @@ -2300,23 +2331,25 @@ int parse_ca_names(SSL *s, PACKET *pkt) return 0; } -const STACK_OF(X509_NAME) *get_ca_names(SSL *s) +const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s) { const STACK_OF(X509_NAME) *ca_sk = NULL; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if (s->server) { - ca_sk = SSL_get_client_CA_list(s); + ca_sk = SSL_get_client_CA_list(ssl); if (ca_sk != NULL && sk_X509_NAME_num(ca_sk) == 0) ca_sk = NULL; } if (ca_sk == NULL) - ca_sk = SSL_get0_CA_list(s); + ca_sk = SSL_get0_CA_list(ssl); return ca_sk; } -int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt) +int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk, + WPACKET *pkt) { /* Start sub-packet for client CA list */ if (!WPACKET_start_sub_packet_u16(pkt)) { @@ -2352,7 +2385,7 @@ int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt) } /* Create a buffer containing data to be signed for server key exchange */ -size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, +size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs, const void *param, size_t paramlen) { size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen; @@ -2375,7 +2408,7 @@ size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, * Saves the current handshake digest for Post-Handshake Auth, * Done after ClientFinished is processed, done exactly once */ -int tls13_save_handshake_digest_for_pha(SSL *s) +int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s) { if (s->pha_dgst == NULL) { if (!ssl3_digest_cached_records(s, 1)) @@ -2402,7 +2435,7 @@ int tls13_save_handshake_digest_for_pha(SSL *s) * Restores the Post-Handshake Auth handshake digest * Done just before sending/processing the Cert Request */ -int tls13_restore_handshake_digest_for_pha(SSL *s) +int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s) { if (s->pha_dgst == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h index 00323f7ca47847..22b6ddb584dcf8 100644 --- a/ssl/statem/statem_local.h +++ b/ssl/statem/statem_local.h @@ -54,116 +54,142 @@ typedef enum { MSG_PROCESS_CONTINUE_READING } MSG_PROCESS_RETURN; -typedef int (*confunc_f) (SSL *s, WPACKET *pkt); +typedef int (*confunc_f) (SSL_CONNECTION *s, WPACKET *pkt); -int ssl3_take_mac(SSL *s); -int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, +int ssl3_take_mac(SSL_CONNECTION *s); +int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups, size_t num_groups, int checkallow); -int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, +int create_synthetic_message_hash(SSL_CONNECTION *s, + const unsigned char *hashval, size_t hashlen, const unsigned char *hrr, size_t hrrlen); -int parse_ca_names(SSL *s, PACKET *pkt); -const STACK_OF(X509_NAME) *get_ca_names(SSL *s); -int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt); -size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, +int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt); +const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s); +int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk, + WPACKET *pkt); +size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs, const void *param, size_t paramlen); /* * TLS/DTLS client state machine functions */ -int ossl_statem_client_read_transition(SSL *s, int mt); -WRITE_TRAN ossl_statem_client_write_transition(SSL *s); -WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst); -WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst); -int ossl_statem_client_construct_message(SSL *s, +int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt); +WRITE_TRAN ossl_statem_client_write_transition(SSL_CONNECTION *s); +WORK_STATE ossl_statem_client_pre_work(SSL_CONNECTION *s, WORK_STATE wst); +WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst); +int ossl_statem_client_construct_message(SSL_CONNECTION *s, confunc_f *confunc, int *mt); -size_t ossl_statem_client_max_message_size(SSL *s); -MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt); -WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst); +size_t ossl_statem_client_max_message_size(SSL_CONNECTION *s); +MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL_CONNECTION *s, + PACKET *pkt); +WORK_STATE ossl_statem_client_post_process_message(SSL_CONNECTION *s, + WORK_STATE wst); /* * TLS/DTLS server state machine functions */ -int ossl_statem_server_read_transition(SSL *s, int mt); -WRITE_TRAN ossl_statem_server_write_transition(SSL *s); -WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst); -WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst); -int ossl_statem_server_construct_message(SSL *s, +int ossl_statem_server_read_transition(SSL_CONNECTION *s, int mt); +WRITE_TRAN ossl_statem_server_write_transition(SSL_CONNECTION *s); +WORK_STATE ossl_statem_server_pre_work(SSL_CONNECTION *s, WORK_STATE wst); +WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst); +int ossl_statem_server_construct_message(SSL_CONNECTION *s, confunc_f *confunc,int *mt); -size_t ossl_statem_server_max_message_size(SSL *s); -MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt); -WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst); +size_t ossl_statem_server_max_message_size(SSL_CONNECTION *s); +MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL_CONNECTION *s, + PACKET *pkt); +WORK_STATE ossl_statem_server_post_process_message(SSL_CONNECTION *s, + WORK_STATE wst); /* Functions for getting new message data */ -__owur int tls_get_message_header(SSL *s, int *mt); -__owur int tls_get_message_body(SSL *s, size_t *len); -__owur int dtls_get_message(SSL *s, int *mt); -__owur int dtls_get_message_body(SSL *s, size_t *len); +__owur int tls_get_message_header(SSL_CONNECTION *s, int *mt); +__owur int tls_get_message_body(SSL_CONNECTION *s, size_t *len); +__owur int dtls_get_message(SSL_CONNECTION *s, int *mt); +__owur int dtls_get_message_body(SSL_CONNECTION *s, size_t *len); /* Message construction and processing functions */ -__owur int tls_process_initial_server_flight(SSL *s); -__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt); -__owur int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt); -__owur int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt); +__owur int tls_process_initial_server_flight(SSL_CONNECTION *s); +__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s, + PACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt); +__owur int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt); +__owur int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt); -__owur int tls_construct_finished(SSL *s, WPACKET *pkt); -__owur int tls_construct_key_update(SSL *s, WPACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt); -__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, - int stop); -__owur WORK_STATE dtls_wait_for_dry(SSL *s); +__owur int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt); +__owur int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, + PACKET *pkt); +__owur WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, WORK_STATE wst, + int clearbufs, int stop); +__owur WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s); /* some client-only functions */ -__owur int tls_construct_client_hello(SSL *s, WPACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt); -__owur int tls_process_cert_status_body(SSL *s, PACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt); -__owur int tls_construct_cert_verify(SSL *s, WPACKET *pkt); -__owur WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst); -__owur int tls_construct_client_certificate(SSL *s, WPACKET *pkt); -__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); -__owur int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt); -__owur int tls_client_key_exchange_post_work(SSL *s); -__owur int tls_construct_cert_status_body(SSL *s, WPACKET *pkt); -__owur int tls_construct_cert_status(SSL *s, WPACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt); -__owur WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst); -__owur int ssl3_check_cert_and_algorithm(SSL *s); +__owur int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, + PACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, + PACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, + PACKET *pkt); +__owur int tls_process_cert_status_body(SSL_CONNECTION *s, PACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL_CONNECTION *s, + PACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_server_done(SSL_CONNECTION *s, + PACKET *pkt); +__owur int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt); +__owur WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, + WORK_STATE wst); +__owur int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt); +__owur int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509, + EVP_PKEY **ppkey); +__owur int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt); +__owur int tls_client_key_exchange_post_work(SSL_CONNECTION *s); +__owur int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt); +__owur int tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, + PACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, + PACKET *pkt); +__owur WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, + WORK_STATE wst); +__owur int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s); #ifndef OPENSSL_NO_NEXTPROTONEG -__owur int tls_construct_next_proto(SSL *s, WPACKET *pkt); +__owur int tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt); #endif -__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt); -__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt); -__owur int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL_CONNECTION *s, PACKET *pkt); +__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt); +__owur int tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt); /* some server-only functions */ -__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt); -__owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst); -__owur int tls_construct_server_hello(SSL *s, WPACKET *pkt); -__owur int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt); -__owur int tls_construct_server_certificate(SSL *s, WPACKET *pkt); -__owur int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt); -__owur int tls_construct_certificate_request(SSL *s, WPACKET *pkt); -__owur int tls_construct_server_done(SSL *s, WPACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt); -__owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst); -__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, + PACKET *pkt); +__owur WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, + WORK_STATE wst); +__owur int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt); +__owur int dtls_construct_hello_verify_request(SSL_CONNECTION *s, WPACKET *pkt); +__owur int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt); +__owur int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt); +__owur int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt); +__owur int tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, + PACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s, + PACKET *pkt); +__owur WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s, + WORK_STATE wst); +__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, + PACKET *pkt); #ifndef OPENSSL_NO_NEXTPROTONEG -__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s, + PACKET *pkt); #endif -__owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt); -MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt); +__owur int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt); +MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s, + PACKET *pkt); #ifndef OPENSSL_NO_GOST /* These functions are used in GOST18 CKE, both for client and server */ -int ossl_gost18_cke_cipher_nid(const SSL *s); -int ossl_gost_ukm(const SSL *s, unsigned char *dgst_buf); +int ossl_gost18_cke_cipher_nid(const SSL_CONNECTION *s); +int ossl_gost_ukm(const SSL_CONNECTION *s, unsigned char *dgst_buf); #endif /* Extension processing */ @@ -174,252 +200,293 @@ typedef enum ext_return_en { EXT_RETURN_NOT_SENT } EXT_RETURN; -__owur int tls_validate_all_contexts(SSL *s, unsigned int thisctx, +__owur int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx, RAW_EXTENSION *exts); -__owur int extension_is_relevant(SSL *s, unsigned int extctx, +__owur int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, unsigned int thisctx); -__owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, +__owur int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, + unsigned int context, RAW_EXTENSION **res, size_t *len, int init); -__owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, +__owur int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context, RAW_EXTENSION *exts, X509 *x, size_t chainidx); -__owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, +__owur int tls_parse_all_extensions(SSL_CONNECTION *s, int context, + RAW_EXTENSION *exts, X509 *x, size_t chainidx, int fin); -__owur int should_add_extension(SSL *s, unsigned int extctx, +__owur int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, unsigned int thisctx, int max_version); -__owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, +__owur int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -__owur int tls_psk_do_binder(SSL *s, const EVP_MD *md, +__owur int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, const unsigned char *msgstart, size_t binderoffset, const unsigned char *binderin, unsigned char *binderout, SSL_SESSION *sess, int sign, int external); /* Server Extension processing */ -int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRP -int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); +int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); #endif -int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidxl); -int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); +int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_OCSP -int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG -int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); +int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); #endif -int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); +int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP -int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); +int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #endif -int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); -int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); -int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); -int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); -int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); +int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); -int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context, +int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_OCSP -EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG -EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); #endif -EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP -EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); +EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, + X509 *x, size_t chainidx); #endif -EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); /* * Not in public headers as this is not an official extension. Only used when * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. */ #define TLSEXT_TYPE_cryptopro_bug 0xfde8 -EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); /* Client Extension processing */ -EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, + X509 *x, size_t chainidx); +EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, + X509 *x, size_t chainidx); +EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRP -EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); +EXT_RETURN tls_construct_ctos_srp(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); #endif -EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_OCSP -EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG -EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #endif -EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP -EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #endif -EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_CT -EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #endif -EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, +EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context, +EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_OCSP -int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_CT -int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); +int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG -int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); +int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); #endif -int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); +int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP -int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); +int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); #endif -int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); -int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); -int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, +int tls_parse_stoc_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); -int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); -int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); -int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); +int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, + unsigned int context, X509 *x, size_t chainidx); +int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); -int tls_handle_alpn(SSL *s); +int tls_handle_alpn(SSL_CONNECTION *s); -int tls13_save_handshake_digest_for_pha(SSL *s); -int tls13_restore_handshake_digest_for_pha(SSL *s); +int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s); +int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 126778400d2e06..87813633e87d9f 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -43,7 +43,7 @@ ASN1_SEQUENCE(GOST_KX_MESSAGE) = { IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE) -static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt); +static int tls_construct_encrypted_extensions(SSL_CONNECTION *s, WPACKET *pkt); /* * ossl_statem_server13_read_transition() encapsulates the logic for the allowed @@ -54,7 +54,7 @@ static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt); * Return values are 1 for success (transition allowed) and 0 on error * (transition not allowed) */ -static int ossl_statem_server13_read_transition(SSL *s, int mt) +static int ossl_statem_server13_read_transition(SSL_CONNECTION *s, int mt) { OSSL_STATEM *st = &s->statem; @@ -153,11 +153,11 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt) * Return values are 1 for success (transition allowed) and 0 on error * (transition not allowed) */ -int ossl_statem_server_read_transition(SSL *s, int mt) +int ossl_statem_server_read_transition(SSL_CONNECTION *s, int mt) { OSSL_STATEM *st = &s->statem; - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { if (!ossl_statem_server13_read_transition(s, mt)) goto err; return 1; @@ -295,7 +295,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) err: /* No valid transition found */ - if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { + if (SSL_CONNECTION_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { BIO *rbio; /* @@ -304,7 +304,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) */ s->init_num = 0; s->rwstate = SSL_READING; - rbio = SSL_get_rbio(s); + rbio = SSL_get_rbio(SSL_CONNECTION_GET_SSL(s)); BIO_clear_retry_flags(rbio); BIO_set_retry_read(rbio); return 0; @@ -320,7 +320,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) * 1: Yes * 0: No */ -static int send_server_key_exchange(SSL *s) +static int send_server_key_exchange(SSL_CONNECTION *s) { unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; @@ -362,7 +362,7 @@ static int send_server_key_exchange(SSL *s) * 1: Yes * 0: No */ -int send_certificate_request(SSL *s) +int send_certificate_request(SSL_CONNECTION *s) { if ( /* don't request cert unless asked for it: */ @@ -371,7 +371,8 @@ int send_certificate_request(SSL *s) * don't request if post-handshake-only unless doing * post-handshake in TLSv1.3: */ - && (!SSL_IS_TLS13(s) || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE) + && (!SSL_CONNECTION_IS_TLS13(s) + || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE) || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) /* * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert @@ -409,7 +410,7 @@ int send_certificate_request(SSL *s) * move to next when a TLSv1.3 server is writing messages to be sent to the * client. */ -static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) +static WRITE_TRAN ossl_statem_server13_write_transition(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; @@ -541,7 +542,7 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) * ossl_statem_server_write_transition() works out what handshake state to move * to next when the server is writing messages to be sent to the client. */ -WRITE_TRAN ossl_statem_server_write_transition(SSL *s) +WRITE_TRAN ossl_statem_server_write_transition(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; @@ -550,7 +551,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) * to negotiate yet, so we don't take this branch until later */ - if (SSL_IS_TLS13(s)) + if (SSL_CONNECTION_IS_TLS13(s)) return ossl_statem_server13_write_transition(s); switch (st->hand_state) { @@ -582,8 +583,8 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_SR_CLNT_HELLO: - if (SSL_IS_DTLS(s) && !s->d1->cookie_verified - && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) { + if (SSL_CONNECTION_IS_DTLS(s) && !s->d1->cookie_verified + && (SSL_get_options(SSL_CONNECTION_GET_SSL(s)) & SSL_OP_COOKIE_EXCHANGE)) { st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST; } else if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) { /* We must have rejected the renegotiation */ @@ -679,9 +680,10 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) * Perform any pre work that needs to be done prior to sending a message from * the server to the client. */ -WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) +WORK_STATE ossl_statem_server_pre_work(SSL_CONNECTION *s, WORK_STATE wst) { OSSL_STATEM *st = &s->statem; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); switch (st->hand_state) { default: @@ -690,13 +692,13 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_SW_HELLO_REQ: s->shutdown = 0; - if (SSL_IS_DTLS(s)) + if (SSL_CONNECTION_IS_DTLS(s)) dtls1_clear_sent_buffer(s); break; case DTLS_ST_SW_HELLO_VERIFY_REQUEST: s->shutdown = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { dtls1_clear_sent_buffer(s); /* We don't buffer this message so don't use the timer */ st->use_timer = 0; @@ -704,7 +706,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) break; case TLS_ST_SW_SRVR_HELLO: - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { /* * Messages we write from now on should be buffered and * retransmitted if necessary, so we need to use the timer now @@ -715,7 +717,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_SW_SRVR_DONE: #ifndef OPENSSL_NO_SCTP - if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { + if (SSL_CONNECTION_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(ssl))) { /* Calls SSLfatal() as required */ return dtls_wait_for_dry(s); } @@ -723,7 +725,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) return WORK_FINISHED_CONTINUE; case TLS_ST_SW_SESSION_TICKET: - if (SSL_IS_TLS13(s) && s->sent_tickets == 0 + if (SSL_CONNECTION_IS_TLS13(s) && s->sent_tickets == 0 && s->ext.extra_tickets_expected == 0) { /* * Actually this is the end of the handshake, but we're going @@ -734,7 +736,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) */ return tls_finish_handshake(s, wst, 0, 0); } - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { /* * We're into the last flight. We don't retransmit the last flight * unless we need to, so we don't use the timer @@ -744,7 +746,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) break; case TLS_ST_SW_CHANGE: - if (SSL_IS_TLS13(s)) + if (SSL_CONNECTION_IS_TLS13(s)) break; /* Writes to s->session are only safe for initial handshakes */ if (s->session->cipher == NULL) { @@ -753,11 +755,11 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return WORK_ERROR; } - if (!s->method->ssl3_enc->setup_key_block(s)) { + if (!ssl->method->ssl3_enc->setup_key_block(s)) { /* SSLfatal() already called */ return WORK_ERROR; } - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { /* * We're into the last flight. We don't retransmit the last flight * unless we need to, so we don't use the timer. This might have @@ -806,9 +808,10 @@ static ossl_inline int conn_is_closed(void) * Perform any work that needs to be done after sending a message from the * server to the client. */ -WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) +WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) { OSSL_STATEM *st = &s->statem; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); s->init_num = 0; @@ -842,14 +845,15 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) break; case TLS_ST_SW_SRVR_HELLO: - if (SSL_IS_TLS13(s) && s->hello_retry_request == SSL_HRR_PENDING) { + if (SSL_CONNECTION_IS_TLS13(s) + && s->hello_retry_request == SSL_HRR_PENDING) { if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0 && statem_flush(s) != 1) return WORK_MORE_A; break; } #ifndef OPENSSL_NO_SCTP - if (SSL_IS_DTLS(s) && s->hit) { + if (SSL_CONNECTION_IS_DTLS(s) && s->hit) { unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; size_t labellen; @@ -866,7 +870,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG) labellen += 1; - if (SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(ssl, sctpauthkey, sizeof(sctpauthkey), labelbuffer, labellen, NULL, 0, 0) <= 0) { @@ -874,11 +878,11 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) return WORK_ERROR; } - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); } #endif - if (!SSL_IS_TLS13(s) + if (!SSL_CONNECTION_IS_TLS13(s) || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 && s->hello_retry_request != SSL_HRR_COMPLETE)) break; @@ -891,16 +895,16 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) break; } - if (SSL_IS_TLS13(s)) { - if (!s->method->ssl3_enc->setup_key_block(s) - || !s->method->ssl3_enc->change_cipher_state(s, + if (SSL_CONNECTION_IS_TLS13(s)) { + if (!ssl->method->ssl3_enc->setup_key_block(s) + || !ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED - && !s->method->ssl3_enc->change_cipher_state(s, + && !ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_HANDSHAKE |SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return WORK_ERROR; @@ -915,23 +919,22 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) } #ifndef OPENSSL_NO_SCTP - if (SSL_IS_DTLS(s) && !s->hit) { + if (SSL_CONNECTION_IS_DTLS(s) && !s->hit) { /* * Change to new shared key of SCTP-Auth, will be ignored if * no SCTP used. */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); } #endif - if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_SERVER_WRITE)) - { + if (!ssl->method->ssl3_enc->change_cipher_state(s, + SSL3_CHANGE_CIPHER_SERVER_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } - if (SSL_IS_DTLS(s)) + if (SSL_CONNECTION_IS_DTLS(s)) dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); break; @@ -944,22 +947,22 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) if (statem_flush(s) != 1) return WORK_MORE_A; #ifndef OPENSSL_NO_SCTP - if (SSL_IS_DTLS(s) && s->hit) { + if (SSL_CONNECTION_IS_DTLS(s) && s->hit) { /* * Change to new shared key of SCTP-Auth, will be ignored if * no SCTP used. */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, + BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); } #endif - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { /* TLS 1.3 gets the secret size from the handshake md */ size_t dummy; - if (!s->method->ssl3_enc->generate_master_secret(s, + if (!ssl->method->ssl3_enc->generate_master_secret(s, s->master_secret, s->handshake_secret, 0, &dummy) - || !s->method->ssl3_enc->change_cipher_state(s, + || !ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE)) /* SSLfatal() already called */ return WORK_ERROR; @@ -984,8 +987,8 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) case TLS_ST_SW_SESSION_TICKET: clear_sys_error(); - if (SSL_IS_TLS13(s) && statem_flush(s) != 1) { - if (SSL_get_error(s, 0) == SSL_ERROR_SYSCALL + if (SSL_CONNECTION_IS_TLS13(s) && statem_flush(s) != 1) { + if (SSL_get_error(ssl, 0) == SSL_ERROR_SYSCALL && conn_is_closed()) { /* * We ignore connection closed errors in TLSv1.3 when sending a @@ -1014,7 +1017,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) * 1: Success * 0: Error */ -int ossl_statem_server_construct_message(SSL *s, +int ossl_statem_server_construct_message(SSL_CONNECTION *s, confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem; @@ -1026,7 +1029,7 @@ int ossl_statem_server_construct_message(SSL *s, return 0; case TLS_ST_SW_CHANGE: - if (SSL_IS_DTLS(s)) + if (SSL_CONNECTION_IS_DTLS(s)) *confunc = dtls_construct_change_cipher_spec; else *confunc = tls_construct_change_cipher_spec; @@ -1133,7 +1136,7 @@ int ossl_statem_server_construct_message(SSL *s, * Returns the maximum allowed length for the current message that we are * reading. Excludes the message header. */ -size_t ossl_statem_server_max_message_size(SSL *s) +size_t ossl_statem_server_max_message_size(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; @@ -1176,7 +1179,8 @@ size_t ossl_statem_server_max_message_size(SSL *s) /* * Process a message that the server has received from the client. */ -MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL_CONNECTION *s, + PACKET *pkt) { OSSL_STATEM *st = &s->statem; @@ -1222,7 +1226,8 @@ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt) * Perform any further processing required following the receipt of a message * from the client */ -WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst) +WORK_STATE ossl_statem_server_post_process_message(SSL_CONNECTION *s, + WORK_STATE wst) { OSSL_STATEM *st = &s->statem; @@ -1242,7 +1247,7 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst) #ifndef OPENSSL_NO_SRP /* Returns 1 on success, 0 for retryable error, -1 for fatal error */ -static int ssl_check_srp_ext_ClientHello(SSL *s) +static int ssl_check_srp_ext_ClientHello(SSL_CONNECTION *s) { int ret; int al = SSL_AD_UNRECOGNIZED_NAME; @@ -1285,20 +1290,22 @@ int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, return 1; } -int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) +int dtls_construct_hello_verify_request(SSL_CONNECTION *s, WPACKET *pkt) { unsigned int cookie_leni; - if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &cookie_leni) == 0 || - cookie_leni > DTLS1_COOKIE_LENGTH) { + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + + if (sctx->app_gen_cookie_cb == NULL + || sctx->app_gen_cookie_cb(SSL_CONNECTION_GET_SSL(s), s->d1->cookie, + &cookie_leni) == 0 + || cookie_leni > DTLS1_COOKIE_LENGTH) { SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); return 0; } s->d1->cookie_len = cookie_leni; if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie, - s->d1->cookie_len)) { + s->d1->cookie_len)) { SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); return 0; } @@ -1320,7 +1327,8 @@ int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from * 10.8..10.8.3 (which don't work). */ -static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello) +static void ssl_check_for_safari(SSL_CONNECTION *s, + const CLIENTHELLO_MSG *hello) { static const unsigned char kSafariExtensionsBlock[] = { 0x00, 0x0a, /* elliptic_curves extension */ @@ -1361,8 +1369,9 @@ static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello) if (type != TLSEXT_TYPE_server_name) return; - ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ? - sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; + ext_len = TLS1_get_client_version( + SSL_CONNECTION_GET_SSL(s)) >= TLS1_2_VERSION ? + sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; s->s3.is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, ext_len); @@ -1372,7 +1381,7 @@ static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello) ((options & SSL_OP_NO_RENEGOTIATION) == 0 \ && (options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) != 0) -MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) { /* |cookie| will only be initialized for DTLS. */ PACKET session_id, compression, extensions, cookie; @@ -1381,7 +1390,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) /* Check if this is actually an unexpected renegotiation ClientHello */ if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) { - if (!ossl_assert(!SSL_IS_TLS13(s))) { + if (!ossl_assert(!SSL_CONNECTION_IS_TLS13(s))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1511,7 +1520,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) goto err; } - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if (!PACKET_get_length_prefixed_1(pkt, &cookie)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; @@ -1527,7 +1536,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * just return since we do not want to allocate any memory yet. * So check cookie length... */ - if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { + if (SSL_get_options(SSL_CONNECTION_GET_SSL(s)) & SSL_OP_COOKIE_EXCHANGE) { if (clienthello->dtls_cookie_len == 0) { OPENSSL_free(clienthello); return MSG_PROCESS_FINISHED_READING; @@ -1584,7 +1593,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } -static int tls_early_post_process_client_hello(SSL *s) +static int tls_early_post_process_client_hello(SSL_CONNECTION *s) { unsigned int j; int i, al = SSL_AD_INTERNAL_ERROR; @@ -1599,12 +1608,14 @@ static int tls_early_post_process_client_hello(SSL *s) STACK_OF(SSL_CIPHER) *scsvs = NULL; CLIENTHELLO_MSG *clienthello = s->clienthello; DOWNGRADE dgrd = DOWNGRADE_NONE; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + SSL *ssl = SSL_CONNECTION_GET_SSL(s); /* Finished parsing the ClientHello, now we can start processing it */ /* Give the ClientHello callback a crack at things */ - if (s->ctx->client_hello_cb != NULL) { + if (sctx->client_hello_cb != NULL) { /* A failure in the ClientHello callback terminates the connection. */ - switch (s->ctx->client_hello_cb(s, &al, s->ctx->client_hello_cb_arg)) { + switch (sctx->client_hello_cb(ssl, &al, sctx->client_hello_cb_arg)) { case SSL_CLIENT_HELLO_SUCCESS: break; case SSL_CLIENT_HELLO_RETRY: @@ -1640,9 +1651,9 @@ static int tls_early_post_process_client_hello(SSL *s) * Do SSL/TLS version negotiation if applicable. For DTLS we just check * versions are potentially compatible. Version negotiation comes later. */ - if (!SSL_IS_DTLS(s)) { + if (!SSL_CONNECTION_IS_DTLS(s)) { protverr = ssl_choose_server_version(s, clienthello, &dgrd); - } else if (s->method->version != DTLS_ANY_VERSION && + } else if (ssl->method->version != DTLS_ANY_VERSION && DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) { protverr = SSL_R_VERSION_TOO_LOW; } else { @@ -1659,16 +1670,17 @@ static int tls_early_post_process_client_hello(SSL *s) } /* TLSv1.3 specifies that a ClientHello must end on a record boundary */ - if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) { + if (SSL_CONNECTION_IS_TLS13(s) + && RECORD_LAYER_processed_read_pending(&s->rlayer)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_NOT_ON_RECORD_BOUNDARY); goto err; } - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { /* Empty cookie was already handled above by returning early. */ - if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { - if (s->ctx->app_verify_cookie_cb != NULL) { - if (s->ctx->app_verify_cookie_cb(s, clienthello->dtls_cookie, + if (SSL_get_options(ssl) & SSL_OP_COOKIE_EXCHANGE) { + if (sctx->app_verify_cookie_cb != NULL) { + if (sctx->app_verify_cookie_cb(ssl, clienthello->dtls_cookie, clienthello->dtls_cookie_len) == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_COOKIE_MISMATCH); @@ -1684,7 +1696,7 @@ static int tls_early_post_process_client_hello(SSL *s) } s->d1->cookie_verified = 1; } - if (s->method->version == DTLS_ANY_VERSION) { + if (ssl->method->version == DTLS_ANY_VERSION) { protverr = ssl_choose_server_version(s, clienthello, &dgrd); if (protverr != 0) { s->version = s->client_version; @@ -1698,8 +1710,8 @@ static int tls_early_post_process_client_hello(SSL *s) if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites, clienthello->isv2) || - !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs, - clienthello->isv2, 1)) { + !ossl_bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, + &scsvs, clienthello->isv2, 1)) { /* SSLfatal() already called */ goto err; } @@ -1734,9 +1746,9 @@ static int tls_early_post_process_client_hello(SSL *s) } /* For TLSv1.3 we must select the ciphersuite *before* session resumption */ - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { const SSL_CIPHER *cipher = - ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s)); + ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(ssl)); if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_SHARED_CIPHER); @@ -1803,7 +1815,7 @@ static int tls_early_post_process_client_hello(SSL *s) } } - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { memcpy(s->tmp_session_id, s->clienthello->session_id, s->clienthello->session_id_len); s->tmp_session_id_len = s->clienthello->session_id_len; @@ -1813,7 +1825,7 @@ static int tls_early_post_process_client_hello(SSL *s) * If it is a hit, check that the cipher is in the list. In TLSv1.3 we check * ciphersuite compatibility with the session as part of resumption. */ - if (!SSL_IS_TLS13(s) && s->hit) { + if (!SSL_CONNECTION_IS_TLS13(s) && s->hit) { j = 0; id = s->session->cipher->id; @@ -1882,9 +1894,9 @@ static int tls_early_post_process_client_hello(SSL *s) if (!s->hit && s->version >= TLS1_VERSION - && !SSL_IS_TLS13(s) - && !SSL_IS_DTLS(s) - && s->ext.session_secret_cb) { + && !SSL_CONNECTION_IS_TLS13(s) + && !SSL_CONNECTION_IS_DTLS(s) + && s->ext.session_secret_cb != NULL) { const SSL_CIPHER *pref_cipher = NULL; /* * s->session->master_key_length is a size_t, but this is an int for @@ -1893,7 +1905,7 @@ static int tls_early_post_process_client_hello(SSL *s) int master_key_length; master_key_length = sizeof(s->session->master_key); - if (s->ext.session_secret_cb(s, s->session->master_key, + if (s->ext.session_secret_cb(ssl, s->session->master_key, &master_key_length, ciphers, &pref_cipher, s->ext.session_secret_cb_arg) @@ -1908,7 +1920,7 @@ static int tls_early_post_process_client_hello(SSL *s) /* check if some cipher was preferred by call back */ if (pref_cipher == NULL) pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers, - SSL_get_ciphers(s)); + SSL_get_ciphers(ssl)); if (pref_cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_SHARED_CIPHER); goto err; @@ -1928,7 +1940,7 @@ static int tls_early_post_process_client_hello(SSL *s) * algorithms from the client, starting at q. */ s->s3.tmp.new_compression = NULL; - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { /* * We already checked above that the NULL compression method appears in * the list. Now we check there aren't any others (which is illegal in @@ -1953,8 +1965,8 @@ static int tls_early_post_process_client_hello(SSL *s) goto err; } /* Look for resumed compression method */ - for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, m); + for (m = 0; m < sk_SSL_COMP_num(sctx->comp_methods); m++) { + comp = sk_SSL_COMP_value(sctx->comp_methods, m); if (comp_id == comp->id) { s->s3.tmp.new_compression = comp; break; @@ -1977,14 +1989,14 @@ static int tls_early_post_process_client_hello(SSL *s) } } else if (s->hit) { comp = NULL; - } else if (ssl_allow_compression(s) && s->ctx->comp_methods) { + } else if (ssl_allow_compression(s) && sctx->comp_methods) { /* See if we have a match */ int m, nn, v, done = 0; unsigned int o; - nn = sk_SSL_COMP_num(s->ctx->comp_methods); + nn = sk_SSL_COMP_num(sctx->comp_methods); for (m = 0; m < nn; m++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, m); + comp = sk_SSL_COMP_value(sctx->comp_methods, m); v = comp->id; for (o = 0; o < clienthello->compressions_len; o++) { if (v == clienthello->compressions[o]) { @@ -2015,7 +2027,7 @@ static int tls_early_post_process_client_hello(SSL *s) * Given s->peer_ciphers and SSL_get_ciphers, we must pick a cipher */ - if (!s->hit || SSL_IS_TLS13(s)) { + if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) { sk_SSL_CIPHER_free(s->peer_ciphers); s->peer_ciphers = ciphers; if (ciphers == NULL) { @@ -2057,8 +2069,10 @@ static int tls_early_post_process_client_hello(SSL *s) * Call the status request callback if needed. Upon success, returns 1. * Upon failure, returns 0. */ -static int tls_handle_status_request(SSL *s) +static int tls_handle_status_request(SSL_CONNECTION *s) { + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + s->ext.status_expected = 0; /* @@ -2067,8 +2081,8 @@ static int tls_handle_status_request(SSL *s) * and must be called after the cipher has been chosen because this may * influence which certificate is sent */ - if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL - && s->ctx->ext.status_cb != NULL) { + if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && sctx != NULL + && sctx->ext.status_cb != NULL) { int ret; /* If no certificate can't return certificate status */ @@ -2078,7 +2092,8 @@ static int tls_handle_status_request(SSL *s) * et al can pick it up. */ s->cert->key = s->s3.tmp.cert; - ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); + ret = sctx->ext.status_cb(SSL_CONNECTION_GET_SSL(s), + sctx->ext.status_arg); switch (ret) { /* We don't want to send a status request response */ case SSL_TLSEXT_ERR_NOACK: @@ -2105,16 +2120,18 @@ static int tls_handle_status_request(SSL *s) * Call the alpn_select callback if needed. Upon success, returns 1. * Upon failure, returns 0. */ -int tls_handle_alpn(SSL *s) +int tls_handle_alpn(SSL_CONNECTION *s) { const unsigned char *selected = NULL; unsigned char selected_len = 0; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); - if (s->ctx->ext.alpn_select_cb != NULL && s->s3.alpn_proposed != NULL) { - int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len, - s->s3.alpn_proposed, - (unsigned int)s->s3.alpn_proposed_len, - s->ctx->ext.alpn_select_cb_arg); + if (sctx->ext.alpn_select_cb != NULL && s->s3.alpn_proposed != NULL) { + int r = sctx->ext.alpn_select_cb(SSL_CONNECTION_GET_SSL(s), + &selected, &selected_len, + s->s3.alpn_proposed, + (unsigned int)s->s3.alpn_proposed_len, + sctx->ext.alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { OPENSSL_free(s->s3.alpn_selected); @@ -2181,9 +2198,10 @@ int tls_handle_alpn(SSL *s) return 1; } -WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) +WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst) { const SSL_CIPHER *cipher; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); if (wst == WORK_MORE_A) { int rv = tls_early_post_process_client_hello(s); @@ -2196,10 +2214,10 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) wst = WORK_MORE_B; } if (wst == WORK_MORE_B) { - if (!s->hit || SSL_IS_TLS13(s)) { + if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) { /* Let cert callback update server certificates if required */ if (!s->hit && s->cert->cert_cb != NULL) { - int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg); + int rv = s->cert->cert_cb(ssl, s->cert->cert_cb_arg); if (rv == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CERT_CB_ERROR); goto err; @@ -2212,9 +2230,10 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) } /* In TLSv1.3 we selected the ciphersuite before resumption */ - if (!SSL_IS_TLS13(s)) { + if (!SSL_CONNECTION_IS_TLS13(s)) { cipher = - ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s)); + ssl3_choose_cipher(s, s->peer_ciphers, + SSL_get_ciphers(ssl)); if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, @@ -2231,7 +2250,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) /* check whether we should disable session resumption */ if (s->not_resumable_session_cb != NULL) s->session->not_resumable = - s->not_resumable_session_cb(s, + s->not_resumable_session_cb(ssl, ((s->s3.tmp.new_cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0)); if (s->session->not_resumable) @@ -2269,7 +2288,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) * we already did this because cipher negotiation happens earlier, and * we must handle ALPN before we decide whether to accept early_data. */ - if (!SSL_IS_TLS13(s) && !tls_handle_alpn(s)) { + if (!SSL_CONNECTION_IS_TLS13(s) && !tls_handle_alpn(s)) { /* SSLfatal() already called */ goto err; } @@ -2298,13 +2317,14 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) return WORK_ERROR; } -int tls_construct_server_hello(SSL *s, WPACKET *pkt) +int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) { int compm; size_t sl, len; int version; unsigned char *session_id; - int usetls13 = SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING; + int usetls13 = SSL_CONNECTION_IS_TLS13(s) + || s->hello_retry_request == SSL_HRR_PENDING; version = usetls13 ? TLS1_2_VERSION : s->version; if (!WPACKET_put_bytes_u16(pkt, version) @@ -2339,7 +2359,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) * to send back. */ if (s->session->not_resumable || - (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) + (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER) && !s->hit)) s->session->session_id_length = 0; @@ -2367,7 +2387,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) #endif if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) - || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, &len) + || !SSL_CONNECTION_GET_SSL(s)->method->put_cipher_by_char(s->s3.tmp.new_cipher, + pkt, &len) || !WPACKET_put_bytes_u8(pkt, compm)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -2376,7 +2397,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) if (!tls_construct_extensions(s, pkt, s->hello_retry_request == SSL_HRR_PENDING ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST - : (SSL_IS_TLS13(s) + : (SSL_CONNECTION_IS_TLS13(s) ? SSL_EXT_TLS1_3_SERVER_HELLO : SSL_EXT_TLS1_2_SERVER_HELLO), NULL, 0)) { @@ -2407,7 +2428,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) return 1; } -int tls_construct_server_done(SSL *s, WPACKET *pkt) +int tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt) { if (!s->s3.tmp.cert_request) { if (!ssl3_digest_cached_records(s, 0)) { @@ -2418,7 +2439,7 @@ int tls_construct_server_done(SSL *s, WPACKET *pkt) return 1; } -int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) +int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt) { EVP_PKEY *pkdh = NULL; unsigned char *encodedPoint = NULL; @@ -2432,6 +2453,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) EVP_PKEY_CTX *pctx = NULL; size_t paramlen, paramoffset; int freer = 0, ret = 0; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (!WPACKET_get_total_written(pkt, ¶moffset)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -2467,7 +2489,8 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } #if !defined(OPENSSL_NO_DEPRECATED_3_0) if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { - pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(s, 0, 1024)); + pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(SSL_CONNECTION_GET_SSL(s), + 0, 1024)); if (pkdh == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -2661,7 +2684,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) unsigned char *sigbytes1, *sigbytes2, *tbs; size_t siglen = 0, tbslen; - if (pkey == NULL || !tls1_lookup_md(s->ctx, lu, &md)) { + if (pkey == NULL || !tls1_lookup_md(sctx, lu, &md)) { /* Should never happen */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -2679,7 +2702,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) if (EVP_DigestSignInit_ex(md_ctx, &pctx, md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, + sctx->libctx, sctx->propq, pkey, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -2725,9 +2748,9 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) return ret; } -int tls_construct_certificate_request(SSL *s, WPACKET *pkt) +int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt) { - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { /* Send random context when doing post-handshake auth */ if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) { OPENSSL_free(s->pha_context); @@ -2737,8 +2760,8 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - if (RAND_bytes_ex(s->ctx->libctx, s->pha_context, - s->pha_context_len, 0) <= 0 + if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, + s->pha_context, s->pha_context_len, 0) <= 0 || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -2796,7 +2819,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) return 1; } -static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt) +static int tls_process_cke_psk_preamble(SSL_CONNECTION *s, PACKET *pkt) { #ifndef OPENSSL_NO_PSK unsigned char psk[PSK_MAX_PSK_LEN]; @@ -2821,7 +2844,8 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt) return 0; } - psklen = s->psk_server_callback(s, s->session->psk_identity, + psklen = s->psk_server_callback(SSL_CONNECTION_GET_SSL(s), + s->session->psk_identity, psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { @@ -2855,7 +2879,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt) #endif } -static int tls_process_cke_rsa(SSL *s, PACKET *pkt) +static int tls_process_cke_rsa(SSL_CONNECTION *s, PACKET *pkt) { size_t outlen; PACKET enc_premaster; @@ -2864,6 +2888,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt) int ret = 0; EVP_PKEY_CTX *ctx = NULL; OSSL_PARAM params[3], *p = params; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); rsa = s->cert->pkeys[SSL_PKEY_RSA].privatekey; if (rsa == NULL) { @@ -2889,7 +2914,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt) return 0; } - ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, rsa, s->ctx->propq); + ctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, rsa, sctx->propq); if (ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; @@ -2952,7 +2977,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt) return ret; } -static int tls_process_cke_dhe(SSL *s, PACKET *pkt) +static int tls_process_cke_dhe(SSL_CONNECTION *s, PACKET *pkt) { EVP_PKEY *skey = NULL; unsigned int i; @@ -3003,7 +3028,7 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) return ret; } -static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) +static int tls_process_cke_ecdhe(SSL_CONNECTION *s, PACKET *pkt) { EVP_PKEY *skey = s->s3.tmp.pkey; EVP_PKEY *ckey = NULL; @@ -3059,7 +3084,7 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) return ret; } -static int tls_process_cke_srp(SSL *s, PACKET *pkt) +static int tls_process_cke_srp(SSL_CONNECTION *s, PACKET *pkt) { #ifndef OPENSSL_NO_SRP unsigned int i; @@ -3098,7 +3123,7 @@ static int tls_process_cke_srp(SSL *s, PACKET *pkt) #endif } -static int tls_process_cke_gost(SSL *s, PACKET *pkt) +static int tls_process_cke_gost(SSL_CONNECTION *s, PACKET *pkt) { #ifndef OPENSSL_NO_GOST EVP_PKEY_CTX *pkey_ctx; @@ -3110,6 +3135,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) GOST_KX_MESSAGE *pKX = NULL; const unsigned char *ptr; int ret = 0; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* Get our certificate private key */ alg_a = s->s3.tmp.new_cipher->algorithm_auth; @@ -3128,7 +3154,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; } - pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pk, s->ctx->propq); + pkey_ctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pk, sctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); return 0; @@ -3201,7 +3227,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) #endif } -static int tls_process_cke_gost18(SSL *s, PACKET *pkt) +static int tls_process_cke_gost18(SSL_CONNECTION *s, PACKET *pkt) { #ifndef OPENSSL_NO_GOST unsigned char rnd_dgst[32]; @@ -3212,6 +3238,7 @@ static int tls_process_cke_gost18(SSL *s, PACKET *pkt) size_t outlen = 32, inlen = 0; int ret = 0; int cipher_nid = ossl_gost18_cke_cipher_nid(s); + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (cipher_nid == NID_undef) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -3232,7 +3259,7 @@ static int tls_process_cke_gost18(SSL *s, PACKET *pkt) goto err; } - pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pk, s->ctx->propq); + pkey_ctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pk, sctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; @@ -3279,7 +3306,8 @@ static int tls_process_cke_gost18(SSL *s, PACKET *pkt) #endif } -MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s, + PACKET *pkt) { unsigned long alg_k; @@ -3347,11 +3375,12 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } -WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) +WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s, + WORK_STATE wst) { #ifndef OPENSSL_NO_SCTP if (wst == WORK_MORE_A) { - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; size_t labellen; @@ -3367,7 +3396,8 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG) labellen += 1; - if (SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(SSL_CONNECTION_GET_SSL(s), + sctpauthkey, sizeof(sctpauthkey), labelbuffer, labellen, NULL, 0, 0) <= 0) { @@ -3409,7 +3439,8 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) return WORK_FINISHED_CONTINUE; } -MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, + PACKET *pkt) { int i; MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; @@ -3420,6 +3451,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) PACKET spkt, context; size_t chainidx; SSL_SESSION *new_sess = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* * To get this far we must have read encrypted data from the client. We no @@ -3433,10 +3465,12 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) goto err; } - if (SSL_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context) - || (s->pha_context == NULL && PACKET_remaining(&context) != 0) - || (s->pha_context != NULL && - !PACKET_equal(&context, s->pha_context, s->pha_context_len)))) { + if (SSL_CONNECTION_IS_TLS13(s) + && (!PACKET_get_length_prefixed_1(pkt, &context) + || (s->pha_context == NULL && PACKET_remaining(&context) != 0) + || (s->pha_context != NULL + && !PACKET_equal(&context, s->pha_context, + s->pha_context_len)))) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_INVALID_CONTEXT); goto err; } @@ -3455,7 +3489,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) } certstart = certbytes; - x = X509_new_ex(s->ctx->libctx, s->ctx->propq); + x = X509_new_ex(sctx->libctx, sctx->propq); if (x == NULL) { SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_MALLOC_FAILURE); goto err; @@ -3470,7 +3504,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) goto err; } - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { RAW_EXTENSION *rawexts = NULL; PACKET extensions; @@ -3562,7 +3596,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) * Freeze the handshake buffer. For cert_verify_hash, sizeof(s->cert_verify_hash), &s->cert_verify_hash_len)) { @@ -3593,7 +3627,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) return ret; } -int tls_construct_server_certificate(SSL *s, WPACKET *pkt) +int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt) { CERT_PKEY *cpk = s->s3.tmp.cert; @@ -3606,7 +3640,7 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt) * In TLSv1.3 the certificate chain is always preceded by a 0 length context * for the server Certificate message */ - if (SSL_IS_TLS13(s) && !WPACKET_put_bytes_u8(pkt, 0)) { + if (SSL_CONNECTION_IS_TLS13(s) && !WPACKET_put_bytes_u8(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3618,8 +3652,8 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt) return 1; } -static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, - unsigned char *tick_nonce) +static int create_ticket_prequel(SSL_CONNECTION *s, WPACKET *pkt, + uint32_t age_add, unsigned char *tick_nonce) { uint32_t timeout = (uint32_t)s->session->timeout; @@ -3632,7 +3666,7 @@ static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, */ #define ONE_WEEK_SEC (7 * 24 * 60 * 60) - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { if (s->session->timeout > ONE_WEEK_SEC) timeout = ONE_WEEK_SEC; } else if (s->hit) @@ -3643,7 +3677,7 @@ static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, return 0; } - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { if (!WPACKET_put_bytes_u32(pkt, age_add) || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -3660,7 +3694,8 @@ static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, return 1; } -static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, +static int construct_stateless_ticket(SSL_CONNECTION *s, WPACKET *pkt, + uint32_t age_add, unsigned char *tick_nonce) { unsigned char *senc = NULL; @@ -3676,6 +3711,8 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, unsigned char key_name[TLSEXT_KEYNAME_LENGTH]; int iv_len, ok = 0; size_t macoffset, macendoffset; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* get session encoding length */ slen_full = i2d_SSL_SESSION(s->session, NULL); @@ -3744,13 +3781,13 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, int ret = 0; if (tctx->ext.ticket_key_evp_cb != NULL) - ret = tctx->ext.ticket_key_evp_cb(s, key_name, iv, ctx, + ret = tctx->ext.ticket_key_evp_cb(ssl, key_name, iv, ctx, ssl_hmac_get0_EVP_MAC_CTX(hctx), 1); #ifndef OPENSSL_NO_DEPRECATED_3_0 else if (tctx->ext.ticket_key_cb != NULL) /* if 0 is returned, write an empty ticket */ - ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx, + ret = tctx->ext.ticket_key_cb(ssl, key_name, iv, ctx, ssl_hmac_get0_HMAC_CTX(hctx), 1); #endif @@ -3773,8 +3810,8 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, } iv_len = EVP_CIPHER_CTX_get_iv_length(ctx); } else { - EVP_CIPHER *cipher = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", - s->ctx->propq); + EVP_CIPHER *cipher = EVP_CIPHER_fetch(sctx->libctx, "AES-256-CBC", + sctx->propq); if (cipher == NULL) { /* Error is already recorded */ @@ -3784,7 +3821,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, iv_len = EVP_CIPHER_get_iv_length(cipher); if (iv_len < 0 - || RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0 + || RAND_bytes_ex(sctx->libctx, iv, iv_len, 0) <= 0 || !EVP_EncryptInit_ex(ctx, cipher, NULL, tctx->ext.secure->tick_aes_key, iv) || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, @@ -3846,7 +3883,8 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, return ok; } -static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, +static int construct_stateful_ticket(SSL_CONNECTION *s, WPACKET *pkt, + uint32_t age_add, unsigned char *tick_nonce) { if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) { @@ -3864,7 +3902,7 @@ static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, return 1; } -int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) +int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt) { SSL_CTX *tctx = s->session_ctx; unsigned char tick_nonce[TICKET_NONCE_SIZE]; @@ -3875,7 +3913,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) age_add_u.age_add = 0; - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { size_t i, hashlen; uint64_t nonce; static const unsigned char nonce_label[] = "resumption"; @@ -3910,8 +3948,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) /* SSLfatal() already called */ goto err; } - if (RAND_bytes_ex(s->ctx->libctx, age_add_u.age_add_c, - sizeof(age_add_u), 0) <= 0) { + if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, + age_add_u.age_add_c, sizeof(age_add_u), 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3952,7 +3990,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) } if (tctx->generate_ticket_cb != NULL && - tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) { + tctx->generate_ticket_cb(SSL_CONNECTION_GET_SSL(s), + tctx->ticket_cb_data) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3961,7 +4000,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there * is no point in using full stateless tickets. */ - if (SSL_IS_TLS13(s) + if (SSL_CONNECTION_IS_TLS13(s) && ((s->options & SSL_OP_NO_TICKET) != 0 || (s->max_early_data > 0 && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) { @@ -3975,7 +4014,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) goto err; } - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_NEW_SESSION_TICKET, NULL, 0)) { @@ -4004,7 +4043,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) * In TLSv1.3 this is called from the extensions code, otherwise it is used to * create a separate message. Returns 1 on success or 0 on failure. */ -int tls_construct_cert_status_body(SSL *s, WPACKET *pkt) +int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt) { if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type) || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp, @@ -4016,7 +4055,7 @@ int tls_construct_cert_status_body(SSL *s, WPACKET *pkt) return 1; } -int tls_construct_cert_status(SSL *s, WPACKET *pkt) +int tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt) { if (!tls_construct_cert_status_body(s, pkt)) { /* SSLfatal() already called */ @@ -4031,7 +4070,7 @@ int tls_construct_cert_status(SSL *s, WPACKET *pkt) * tls_process_next_proto reads a Next Protocol Negotiation handshake message. * It sets the next_proto member in s if found */ -MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s, PACKET *pkt) { PACKET next_proto, padding; size_t next_proto_len; @@ -4062,7 +4101,7 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt) } #endif -static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt) +static int tls_construct_encrypted_extensions(SSL_CONNECTION *s, WPACKET *pkt) { if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, NULL, 0)) { @@ -4073,7 +4112,7 @@ static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt) return 1; } -MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s, PACKET *pkt) { if (PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); @@ -4096,7 +4135,7 @@ MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt) } s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; - if (!s->method->ssl3_enc->change_cipher_state(s, + if (!SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->change_cipher_state(s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 26182a1cd6eb34..f54aaf71882782 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -22,7 +22,7 @@ #include /* seed1 through seed5 are concatenated */ -static int tls1_PRF(SSL *s, +static int tls1_PRF(SSL_CONNECTION *s, const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len, const void *seed3, size_t seed3_len, @@ -45,7 +45,9 @@ static int tls1_PRF(SSL *s, ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return 0; } - kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_PRF, s->ctx->propq); + kdf = EVP_KDF_fetch(SSL_CONNECTION_GET_CTX(s)->libctx, + OSSL_KDF_NAME_TLS1_PRF, + SSL_CONNECTION_GET_CTX(s)->propq); if (kdf == NULL) goto err; kctx = EVP_KDF_CTX_new(kdf); @@ -83,7 +85,8 @@ static int tls1_PRF(SSL *s, return 0; } -static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) +static int tls1_generate_key_block(SSL_CONNECTION *s, unsigned char *km, + size_t num) { int ret; @@ -98,7 +101,7 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) return ret; } -int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, +int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx, const EVP_CIPHER *ciph, const EVP_MD *md) { @@ -147,7 +150,7 @@ static int tls_iv_length_within_key_block(const EVP_CIPHER *c) return EVP_CIPHER_get_iv_length(c); } -int tls1_change_cipher_state(SSL *s, int which) +int tls1_change_cipher_state(SSL_CONNECTION *s, int which) { unsigned char *p, *mac_secret; unsigned char *ms, *key, *iv; @@ -224,7 +227,7 @@ int tls1_change_cipher_state(SSL *s, int which) /* * this is done by dtls1_reset_seq_numbers for DTLS */ - if (!SSL_IS_DTLS(s)) + if (!SSL_CONNECTION_IS_DTLS(s)) RECORD_LAYER_reset_read_sequence(&s->rlayer); mac_secret = &(s->s3.read_mac_secret[0]); mac_secret_size = &(s->s3.read_mac_secret_size); @@ -244,14 +247,14 @@ int tls1_change_cipher_state(SSL *s, int which) s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_TLSTREE; else s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_TLSTREE; - if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) { + if (s->enc_write_ctx != NULL && !SSL_CONNECTION_IS_DTLS(s)) { reuse_dd = 1; } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } dd = s->enc_write_ctx; - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { mac_ctx = EVP_MD_CTX_new(); if (mac_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); @@ -280,7 +283,7 @@ int tls1_change_cipher_state(SSL *s, int which) /* * this is done by dtls1_reset_seq_numbers for DTLS */ - if (!SSL_IS_DTLS(s)) + if (!SSL_CONNECTION_IS_DTLS(s)) RECORD_LAYER_reset_write_sequence(&s->rlayer); mac_secret = &(s->s3.write_mac_secret[0]); mac_secret_size = &(s->s3.write_mac_secret_size); @@ -321,9 +324,11 @@ int tls1_change_cipher_state(SSL *s, int which) memcpy(mac_secret, ms, i); if (!(EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + if (mac_type == EVP_PKEY_HMAC) { - mac_key = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, mac_secret, + mac_key = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC", + sctx->propq, mac_secret, *mac_secret_size); } else { /* @@ -336,7 +341,7 @@ int tls1_change_cipher_state(SSL *s, int which) } if (mac_key == NULL || EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_get0_name(m), - s->ctx->libctx, s->ctx->propq, mac_key, + sctx->libctx, sctx->propq, mac_key, NULL) <= 0) { EVP_PKEY_free(mac_key); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -441,7 +446,7 @@ int tls1_change_cipher_state(SSL *s, int which) if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) { if (which & SSL3_CC_WRITE) ssl3_release_write_buffer(s); - SSL_set_options(s, SSL_OP_NO_RENEGOTIATION); + SSL_set_options(SSL_CONNECTION_GET_SSL(s), SSL_OP_NO_RENEGOTIATION); } skip_ktls: @@ -460,7 +465,7 @@ int tls1_change_cipher_state(SSL *s, int which) return 0; } -int tls1_setup_key_block(SSL *s) +int tls1_setup_key_block(SSL_CONNECTION *s) { unsigned char *p; const EVP_CIPHER *c; @@ -473,8 +478,9 @@ int tls1_setup_key_block(SSL *s) if (s->s3.tmp.key_block_length != 0) return 1; - if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type, - &mac_secret_size, &comp, s->ext.use_etm)) { + if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash, + &mac_type, &mac_secret_size, &comp, + s->ext.use_etm)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; @@ -523,7 +529,7 @@ int tls1_setup_key_block(SSL *s) } OSSL_TRACE_END(TLS); if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) - && s->method->version <= TLS1_VERSION) { + && SSL_CONNECTION_GET_SSL(s)->method->version <= TLS1_VERSION) { /* * enable vulnerability countermeasure for CBC ciphers with known-IV * problem (http://www.openssl.org/~bodo/tls-cbc.txt) @@ -544,8 +550,8 @@ int tls1_setup_key_block(SSL *s) return ret; } -size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, - unsigned char *out) +size_t tls1_final_finish_mac(SSL_CONNECTION *s, const char *str, + size_t slen, unsigned char *out) { size_t hashlen; unsigned char hash[EVP_MAX_MD_SIZE]; @@ -574,8 +580,9 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, return finished_size; } -int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - size_t len, size_t *secret_size) +int tls1_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, + unsigned char *p, size_t len, + size_t *secret_size) { if (s->session->flags & SSL_SESS_FLAG_EXTMS) { unsigned char hash[EVP_MAX_MD_SIZE * 2]; @@ -637,8 +644,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, return 1; } -int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, +int tls1_export_keying_material(SSL_CONNECTION *s, unsigned char *out, + size_t olen, const char *label, size_t llen, const unsigned char *context, size_t contextlen, int use_context) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 44204de0e6d2bc..42fe13f12a2db2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -26,8 +26,8 @@ #include "ssl_local.h" #include -static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey); -static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu); +static const SIGALG_LOOKUP *find_sig_alg(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pkey); +static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op, const SIGALG_LOOKUP *lu); SSL3_ENC_METHOD const TLSv1_enc_data = { tls1_enc, @@ -119,19 +119,29 @@ int tls1_new(SSL *s) void tls1_free(SSL *s) { - OPENSSL_free(s->ext.session_ticket); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return; + + OPENSSL_free(sc->ext.session_ticket); ssl3_free(s); } int tls1_clear(SSL *s) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + if (!ssl3_clear(s)) return 0; if (s->method->version == TLS_ANY_VERSION) - s->version = TLS_MAX_VERSION_INTERNAL; + sc->version = TLS_MAX_VERSION_INTERNAL; else - s->version = s->method->version; + sc->version = s->method->version; return 1; } @@ -525,9 +535,11 @@ uint16_t tls1_nid2group_id(int nid) * Set *pgroups to the supported groups list and *pgroupslen to * the number of groups supported. */ -void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, +void tls1_get_supported_groups(SSL_CONNECTION *s, const uint16_t **pgroups, size_t *pgroupslen) { + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + /* For Suite B mode only include P-256, P-384 */ switch (tls1_suiteb(s)) { case SSL_CERT_FLAG_SUITEB_128_LOS: @@ -547,8 +559,8 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, default: if (s->ext.supportedgroups == NULL) { - *pgroups = s->ctx->ext.supported_groups_default; - *pgroupslen = s->ctx->ext.supported_groups_default_len; + *pgroups = sctx->ext.supported_groups_default; + *pgroupslen = sctx->ext.supported_groups_default_len; } else { *pgroups = s->ext.supportedgroups; *pgroupslen = s->ext.supportedgroups_len; @@ -557,10 +569,12 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, } } -int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion, +int tls_valid_group(SSL_CONNECTION *s, uint16_t group_id, + int minversion, int maxversion, int isec, int *okfortls13) { - const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group_id); + const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s), + group_id); int ret; if (okfortls13 != NULL) @@ -569,7 +583,7 @@ int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion, if (ginfo == NULL) return 0; - if (SSL_IS_DTLS(s)) { + if (SSL_CONNECTION_IS_DTLS(s)) { if (ginfo->mindtls < 0 || ginfo->maxdtls < 0) return 0; if (ginfo->maxdtls == 0) @@ -600,9 +614,10 @@ int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion, } /* See if group is allowed by security callback */ -int tls_group_allowed(SSL *s, uint16_t group, int op) +int tls_group_allowed(SSL_CONNECTION *s, uint16_t group, int op) { - const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group); + const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s), + group); unsigned char gtmp[2]; if (ginfo == NULL) @@ -631,7 +646,7 @@ static int tls1_in_list(uint16_t id, const uint16_t *list, size_t listlen) * For nmatch == -2, return the id of the group to use for * a tmp key, or 0 if there is no match. */ -uint16_t tls1_shared_group(SSL *s, int nmatch) +uint16_t tls1_shared_group(SSL_CONNECTION *s, int nmatch) { const uint16_t *pref, *supp; size_t num_pref, num_supp, i; @@ -674,7 +689,7 @@ uint16_t tls1_shared_group(SSL *s, int nmatch) uint16_t id = pref[i]; uint16_t cid = id; - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) cid = ssl_group_id_internal_to_tls13(id); else @@ -817,7 +832,8 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, } /* Check a group id matches preferences */ -int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) +int tls1_check_group_id(SSL_CONNECTION *s, uint16_t group_id, + int check_own_groups) { const uint16_t *groups; size_t groups_len; @@ -869,7 +885,7 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) return tls1_in_list(group_id, groups, groups_len); } -void tls1_get_formatlist(SSL *s, const unsigned char **pformats, +void tls1_get_formatlist(SSL_CONNECTION *s, const unsigned char **pformats, size_t *num_formats) { /* @@ -889,7 +905,7 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats, } /* Check a key is compatible with compression extension */ -static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) +static int tls1_check_pkey_comp(SSL_CONNECTION *s, EVP_PKEY *pkey) { unsigned char comp_id; size_t i; @@ -906,7 +922,7 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) return 0; if (point_conv == POINT_CONVERSION_UNCOMPRESSED) { comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; - } else if (SSL_IS_TLS13(s)) { + } else if (SSL_CONNECTION_IS_TLS13(s)) { /* * ec_point_formats extension is not used in TLSv1.3 so we ignore * this check. @@ -950,7 +966,7 @@ static uint16_t tls1_get_group_id(EVP_PKEY *pkey) * Check cert parameters compatible with extensions: currently just checks EC * certificates have compatible curves and compression. */ -static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md) +static int tls1_check_cert_param(SSL_CONNECTION *s, X509 *x, int check_ee_md) { uint16_t group_id; EVP_PKEY *pkey; @@ -1004,7 +1020,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md) * * Returns 0 when the cipher can't be used or 1 when it can. */ -int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) +int tls1_check_ec_tmp_key(SSL_CONNECTION *s, unsigned long cid) { /* If not Suite B just need a shared group */ if (!tls1_suiteb(s)) @@ -1252,12 +1268,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) } /* Lookup TLS signature algorithm */ -static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL *s, uint16_t sigalg) +static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL_CONNECTION *s, + uint16_t sigalg) { size_t i; const SIGALG_LOOKUP *lu; - for (i = 0, lu = s->ctx->sigalg_lookup_cache; + for (i = 0, lu = SSL_CONNECTION_GET_CTX(s)->sigalg_lookup_cache; /* cache should have the same number of elements as sigalg_lookup_tbl */ i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { @@ -1273,6 +1290,7 @@ static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL *s, uint16_t sigalg) int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd) { const EVP_MD *md; + if (lu == NULL) return 0; /* lu->hash == NID_undef means no associated digest */ @@ -1317,7 +1335,8 @@ static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey, * certificate type from |s| will be used. * Returns the signature algorithm to use, or NULL on error. */ -static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) +static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL_CONNECTION *s, + int idx) { if (idx == -1) { if (s->server) { @@ -1375,7 +1394,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) if (lu == NULL) return NULL; - if (!tls1_lookup_md(s->ctx, lu, NULL)) + if (!tls1_lookup_md(SSL_CONNECTION_GET_CTX(s), lu, NULL)) return NULL; if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) return NULL; @@ -1386,7 +1405,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) return &legacy_rsa_sigalg; } /* Set peer sigalg based key type */ -int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey) +int tls1_set_peer_legacy_sigalg(SSL_CONNECTION *s, const EVP_PKEY *pkey) { size_t idx; const SIGALG_LOOKUP *lu; @@ -1400,7 +1419,7 @@ int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey) return 1; } -size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs) +size_t tls12_get_psigalgs(SSL_CONNECTION *s, int sent, const uint16_t **psigs) { /* * If Suite B mode use Suite B sigalgs only, ignore any other @@ -1440,7 +1459,7 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs) * Called by servers only. Checks that we have a sig alg that supports the * specified EC curve. */ -int tls_check_sigalg_curve(const SSL *s, int curve) +int tls_check_sigalg_curve(const SSL_CONNECTION *s, int curve) { const uint16_t *sigs; size_t siglen, i; @@ -1515,7 +1534,7 @@ static int sigalg_security_bits(SSL_CTX *ctx, const SIGALG_LOOKUP *lu) * algorithms and if so set relevant digest and signature scheme in * s. */ -int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) +int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t sig, EVP_PKEY *pkey) { const uint16_t *sent_sigs; const EVP_MD *md = NULL; @@ -1529,7 +1548,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) /* Should never happen */ if (pkeyid == -1) return -1; - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { /* Disallow DSA for TLS 1.3 */ if (pkeyid == EVP_PKEY_DSA) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE); @@ -1545,7 +1564,8 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) * is consistent with signature: RSA keys can be used for RSA-PSS */ if (lu == NULL - || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224)) + || (SSL_CONNECTION_IS_TLS13(s) + && (lu->hash == NID_sha1 || lu->hash == NID_sha224)) || (pkeyid != lu->sig && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE); @@ -1568,7 +1588,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) } /* For TLS 1.3 or Suite B check curve matches signature algorithm */ - if (SSL_IS_TLS13(s) || tls1_suiteb(s)) { + if (SSL_CONNECTION_IS_TLS13(s) || tls1_suiteb(s)) { int curve = ssl_get_EC_curve_nid(pkey); if (lu->curve != NID_undef && curve != lu->curve) { @@ -1576,7 +1596,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) return 0; } } - if (!SSL_IS_TLS13(s)) { + if (!SSL_CONNECTION_IS_TLS13(s)) { /* Check curve matches extensions */ if (!tls1_check_group_id(s, tls1_get_group_id(pkey), 1)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CURVE); @@ -1609,7 +1629,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); return 0; } - if (!tls1_lookup_md(s->ctx, lu, &md)) { + if (!tls1_lookup_md(SSL_CONNECTION_GET_CTX(s), lu, &md)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); return 0; } @@ -1619,7 +1639,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) */ sigalgstr[0] = (sig >> 8) & 0xff; sigalgstr[1] = sig & 0xff; - secbits = sigalg_security_bits(s->ctx, lu); + secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu); if (secbits == 0 || !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, md != NULL ? EVP_MD_get_type(md) : NID_undef, @@ -1634,17 +1654,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid) { - if (s->s3.tmp.peer_sigalg == NULL) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) return 0; - *pnid = s->s3.tmp.peer_sigalg->sig; + + if (sc->s3.tmp.peer_sigalg == NULL) + return 0; + *pnid = sc->s3.tmp.peer_sigalg->sig; return 1; } int SSL_get_signature_type_nid(const SSL *s, int *pnid) { - if (s->s3.tmp.sigalg == NULL) + const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->s3.tmp.sigalg == NULL) return 0; - *pnid = s->s3.tmp.sigalg->sig; + *pnid = sc->s3.tmp.sigalg->sig; return 1; } @@ -1658,7 +1688,7 @@ int SSL_get_signature_type_nid(const SSL *s, int *pnid) * * Call ssl_cipher_disabled() to check that it's enabled or not. */ -int ssl_set_client_disabled(SSL *s) +int ssl_set_client_disabled(SSL_CONNECTION *s) { s->s3.tmp.mask_a = 0; s->s3.tmp.mask_k = 0; @@ -1691,14 +1721,15 @@ int ssl_set_client_disabled(SSL *s) * * Returns 1 when it's disabled, 0 when enabled. */ -int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe) +int ssl_cipher_disabled(const SSL_CONNECTION *s, const SSL_CIPHER *c, + int op, int ecdhe) { if (c->algorithm_mkey & s->s3.tmp.mask_k || c->algorithm_auth & s->s3.tmp.mask_a) return 1; if (s->s3.tmp.max_ver == 0) return 1; - if (!SSL_IS_DTLS(s)) { + if (!SSL_CONNECTION_IS_DTLS(s)) { int min_tls = c->min_tls; /* @@ -1712,21 +1743,22 @@ int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe) if ((min_tls > s->s3.tmp.max_ver) || (c->max_tls < s->s3.tmp.min_ver)) return 1; } - if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver) - || DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver))) + if (SSL_CONNECTION_IS_DTLS(s) + && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver) + || DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver))) return 1; return !ssl_security(s, op, c->strength_bits, 0, (void *)c); } -int tls_use_ticket(SSL *s) +int tls_use_ticket(SSL_CONNECTION *s) { if ((s->options & SSL_OP_NO_TICKET)) return 0; return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL); } -int tls1_set_server_sigalgs(SSL *s) +int tls1_set_server_sigalgs(SSL_CONNECTION *s) { size_t i; @@ -1783,7 +1815,8 @@ int tls1_set_server_sigalgs(SSL *s) * ret: (output) on return, if a ticket was decrypted, then this is set to * point to the resulting session. */ -SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, +SSL_TICKET_STATUS tls_get_ticket_from_client(SSL_CONNECTION *s, + CLIENTHELLO_MSG *hello, SSL_SESSION **ret) { size_t size; @@ -1833,8 +1866,10 @@ SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, * psess: (output) on return, if a ticket was decrypted, then this is set to * point to the resulting session. */ -SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, - size_t eticklen, const unsigned char *sess_id, +SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s, + const unsigned char *etick, + size_t eticklen, + const unsigned char *sess_id, size_t sesslen, SSL_SESSION **psess) { SSL_SESSION *sess = NULL; @@ -1856,7 +1891,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, ret = SSL_TICKET_EMPTY; goto end; } - if (!SSL_IS_TLS13(s) && s->ext.session_secret_cb) { + if (!SSL_CONNECTION_IS_TLS13(s) && s->ext.session_secret_cb) { /* * Indicate that the ticket couldn't be decrypted rather than * generating the session from ticket now, trigger @@ -1894,7 +1929,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, int rv = 0; if (tctx->ext.ticket_key_evp_cb != NULL) - rv = tctx->ext.ticket_key_evp_cb(s, nctick, + rv = tctx->ext.ticket_key_evp_cb(SSL_CONNECTION_GET_SSL(s), nctick, nctick + TLSEXT_KEYNAME_LENGTH, ctx, ssl_hmac_get0_EVP_MAC_CTX(hctx), @@ -1902,7 +1937,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, #ifndef OPENSSL_NO_DEPRECATED_3_0 else if (tctx->ext.ticket_key_cb != NULL) /* if 0 is returned, write an empty ticket */ - rv = tctx->ext.ticket_key_cb(s, nctick, + rv = tctx->ext.ticket_key_cb(SSL_CONNECTION_GET_SSL(s), nctick, nctick + TLSEXT_KEYNAME_LENGTH, ctx, ssl_hmac_get0_HMAC_CTX(hctx), 0); #endif @@ -1918,6 +1953,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, renew_ticket = 1; } else { EVP_CIPHER *aes256cbc = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* Check key name matches */ if (memcmp(etick, tctx->ext.tick_key_name, @@ -1926,8 +1962,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, goto end; } - aes256cbc = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", - s->ctx->propq); + aes256cbc = EVP_CIPHER_fetch(sctx->libctx, "AES-256-CBC", + sctx->propq); if (aes256cbc == NULL || ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, sizeof(tctx->ext.secure->tick_hmac_key), @@ -1940,7 +1976,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, goto end; } EVP_CIPHER_free(aes256cbc); - if (SSL_IS_TLS13(s)) + if (SSL_CONNECTION_IS_TLS13(s)) renew_ticket = 1; } /* @@ -2042,7 +2078,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, if (keyname_len > TLSEXT_KEYNAME_LENGTH) keyname_len = TLSEXT_KEYNAME_LENGTH; - retcb = s->session_ctx->decrypt_ticket_cb(s, sess, etick, keyname_len, + retcb = s->session_ctx->decrypt_ticket_cb(SSL_CONNECTION_GET_SSL(s), + sess, etick, keyname_len, ret, s->session_ctx->ticket_cb_data); switch (retcb) { @@ -2080,7 +2117,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, } } - if (s->ext.session_secret_cb == NULL || SSL_IS_TLS13(s)) { + if (s->ext.session_secret_cb == NULL || SSL_CONNECTION_IS_TLS13(s)) { switch (ret) { case SSL_TICKET_NO_DECRYPT: case SSL_TICKET_SUCCESS_RENEW: @@ -2095,7 +2132,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, } /* Check to see if a signature algorithm is allowed */ -static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) +static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op, + const SIGALG_LOOKUP *lu) { unsigned char sigalgstr[2]; int secbits; @@ -2103,30 +2141,31 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) if (lu == NULL || !lu->enabled) return 0; /* DSA is not allowed in TLS 1.3 */ - if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA) + if (SSL_CONNECTION_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA) return 0; /* * At some point we should fully axe DSA/etc. in ClientHello as per TLS 1.3 * spec */ - if (!s->server && !SSL_IS_DTLS(s) && s->s3.tmp.min_ver >= TLS1_3_VERSION + if (!s->server && !SSL_CONNECTION_IS_DTLS(s) + && s->s3.tmp.min_ver >= TLS1_3_VERSION && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX || lu->hash_idx == SSL_MD_MD5_IDX || lu->hash_idx == SSL_MD_SHA224_IDX)) return 0; /* See if public key algorithm allowed */ - if (ssl_cert_is_disabled(s->ctx, lu->sig_idx)) + if (ssl_cert_is_disabled(SSL_CONNECTION_GET_CTX(s), lu->sig_idx)) return 0; if (lu->sig == NID_id_GostR3410_2012_256 || lu->sig == NID_id_GostR3410_2012_512 || lu->sig == NID_id_GostR3410_2001) { /* We never allow GOST sig algs on the server with TLSv1.3 */ - if (s->server && SSL_IS_TLS13(s)) + if (s->server && SSL_CONNECTION_IS_TLS13(s)) return 0; if (!s->server - && s->method->version == TLS_ANY_VERSION + && SSL_CONNECTION_GET_SSL(s)->method->version == TLS_ANY_VERSION && s->s3.tmp.max_ver >= TLS1_3_VERSION) { int i, num; STACK_OF(SSL_CIPHER) *sk; @@ -2140,7 +2179,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) if (s->s3.tmp.min_ver >= TLS1_3_VERSION) return 0; - sk = SSL_get_ciphers(s); + sk = SSL_get_ciphers(SSL_CONNECTION_GET_SSL(s)); num = sk != NULL ? sk_SSL_CIPHER_num(sk) : 0; for (i = 0; i < num; i++) { const SSL_CIPHER *c; @@ -2159,7 +2198,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) } /* Finally see if security callback allows it */ - secbits = sigalg_security_bits(s->ctx, lu); + secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu); sigalgstr[0] = (lu->sigalg >> 8) & 0xff; sigalgstr[1] = lu->sigalg & 0xff; return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr); @@ -2171,7 +2210,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) * disabled. */ -void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) +void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op) { const uint16_t *sigalgs; size_t i, sigalgslen; @@ -2200,7 +2239,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) *pmask_a |= disabled_mask; } -int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, +int tls12_copy_sigalgs(SSL_CONNECTION *s, WPACKET *pkt, const uint16_t *psig, size_t psiglen) { size_t i; @@ -2218,7 +2257,7 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, * If TLS 1.3 must have at least one valid TLS 1.3 message * signing algorithm: i.e. neither RSA nor SHA1/SHA224 */ - if (rv == 0 && (!SSL_IS_TLS13(s) + if (rv == 0 && (!SSL_CONNECTION_IS_TLS13(s) || (lu->sig != EVP_PKEY_RSA && lu->hash != NID_sha1 && lu->hash != NID_sha224))) @@ -2230,7 +2269,8 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, } /* Given preference and allowed sigalgs set shared sigalgs */ -static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig, +static size_t tls12_shared_sigalgs(SSL_CONNECTION *s, + const SIGALG_LOOKUP **shsig, const uint16_t *pref, size_t preflen, const uint16_t *allow, size_t allowlen) { @@ -2256,7 +2296,7 @@ static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig, } /* Set shared signature algorithms for SSL structures */ -static int tls1_set_shared_sigalgs(SSL *s) +static int tls1_set_shared_sigalgs(SSL_CONNECTION *s) { const uint16_t *pref, *allow, *conf; size_t preflen, allowlen, conflen; @@ -2336,7 +2376,7 @@ int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen) return 1; } -int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert) +int tls1_save_sigalgs(SSL_CONNECTION *s, PACKET *pkt, int cert) { /* Extension ignored for inappropriate versions */ if (!SSL_USE_SIGALGS(s)) @@ -2356,7 +2396,7 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert) /* Set preferred digest for each key type */ -int tls1_process_sigalgs(SSL *s) +int tls1_process_sigalgs(SSL_CONNECTION *s) { size_t i; uint32_t *pvalid = s->s3.tmp.valid_flags; @@ -2372,10 +2412,11 @@ int tls1_process_sigalgs(SSL *s) int idx = sigptr->sig_idx; /* Ignore PKCS1 based sig algs in TLSv1.3 */ - if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA) + if (SSL_CONNECTION_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA) continue; /* If not disabled indicate we can explicitly sign */ - if (pvalid[idx] == 0 && !ssl_cert_is_disabled(s->ctx, idx)) + if (pvalid[idx] == 0 + && !ssl_cert_is_disabled(SSL_CONNECTION_GET_CTX(s), idx)) pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN; } return 1; @@ -2385,8 +2426,16 @@ int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignhash, unsigned char *rsig, unsigned char *rhash) { - uint16_t *psig = s->s3.tmp.peer_sigalgs; - size_t numsigalgs = s->s3.tmp.peer_sigalgslen; + uint16_t *psig; + size_t numsigalgs; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + psig = sc->s3.tmp.peer_sigalgs; + numsigalgs = sc->s3.tmp.peer_sigalgslen; + if (psig == NULL || numsigalgs > INT_MAX) return 0; if (idx >= 0) { @@ -2399,7 +2448,7 @@ int SSL_get_sigalgs(SSL *s, int idx, *rhash = (unsigned char)((*psig >> 8) & 0xff); if (rsig != NULL) *rsig = (unsigned char)(*psig & 0xff); - lu = tls1_lookup_sigalg(s, *psig); + lu = tls1_lookup_sigalg(sc, *psig); if (psign != NULL) *psign = lu != NULL ? lu->sig : NID_undef; if (phash != NULL) @@ -2415,12 +2464,17 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, unsigned char *rsig, unsigned char *rhash) { const SIGALG_LOOKUP *shsigalgs; - if (s->shared_sigalgs == NULL + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + if (sc->shared_sigalgs == NULL || idx < 0 - || idx >= (int)s->shared_sigalgslen - || s->shared_sigalgslen > INT_MAX) + || idx >= (int)sc->shared_sigalgslen + || sc->shared_sigalgslen > INT_MAX) return 0; - shsigalgs = s->shared_sigalgs[idx]; + shsigalgs = sc->shared_sigalgs[idx]; if (phash != NULL) *phash = shsigalgs->hash; if (psign != NULL) @@ -2431,7 +2485,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, *rsig = (unsigned char)(shsigalgs->sigalg & 0xff); if (rhash != NULL) *rhash = (unsigned char)((shsigalgs->sigalg >> 8) & 0xff); - return (int)s->shared_sigalgslen; + return (int)sc->shared_sigalgslen; } /* Maximum possible number of unique entries in sigalgs array */ @@ -2612,19 +2666,20 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client) return 0; } -static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) +static int tls1_check_sig_alg(SSL_CONNECTION *s, X509 *x, int default_nid) { int sig_nid, use_pc_sigalgs = 0; size_t i; const SIGALG_LOOKUP *sigalg; size_t sigalgslen; + if (default_nid == -1) return 1; sig_nid = X509_get_signature_nid(x); if (default_nid) return sig_nid == default_nid ? 1 : 0; - if (SSL_IS_TLS13(s) && s->s3.tmp.peer_cert_sigalgs != NULL) { + if (SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.peer_cert_sigalgs != NULL) { /* * If we're in TLSv1.3 then we only get here if we're checking the * chain. If the peer has specified peer_cert_sigalgs then we use them @@ -2674,8 +2729,8 @@ static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x) (CERT_PKEY_VALID_FLAGS|CERT_PKEY_CA_SIGNATURE|CERT_PKEY_CA_PARAM \ | CERT_PKEY_ISSUER_NAME|CERT_PKEY_CERT_TYPE) -int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, - int idx) +int tls1_check_chain(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pk, + STACK_OF(X509) *chain, int idx) { int i; int rv = 0; @@ -2684,6 +2739,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, CERT *c = s->cert; uint32_t *pvalid; unsigned int suiteb_flags = tls1_suiteb(s); + /* idx == -1 means checking server chains */ if (idx != -1) { /* idx == -2 means checking client certificate chains */ @@ -2733,9 +2789,11 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, * Check all signature algorithms are consistent with signature * algorithms extension if TLS 1.2 or later and strict mode. */ - if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) { + if (TLS1_get_version(SSL_CONNECTION_GET_SSL(s)) >= TLS1_2_VERSION + && strict_mode) { int default_nid; int rsign = 0; + if (s->s3.tmp.peer_cert_sigalgs != NULL || s->s3.tmp.peer_sigalgs != NULL) { default_nid = 0; @@ -2798,7 +2856,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, } } /* Check signature algorithm of each cert in chain */ - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { /* * We only get here if the application has called SSL_check_chain(), * so check_flags is always set. @@ -2899,7 +2957,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, end: - if (TLS1_get_version(s) >= TLS1_2_VERSION) + if (TLS1_get_version(SSL_CONNECTION_GET_SSL(s)) >= TLS1_2_VERSION) rv |= *pvalid & (CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN); else rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN; @@ -2921,7 +2979,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, } /* Set validity of certificates in an SSL structure */ -void tls1_set_cert_validity(SSL *s) +void tls1_set_cert_validity(SSL_CONNECTION *s) { tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_PSS_SIGN); @@ -2937,10 +2995,15 @@ void tls1_set_cert_validity(SSL *s) /* User level utility function to check a chain is suitable */ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) { - return tls1_check_chain(s, x, pk, chain, -1); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + return tls1_check_chain(sc, x, pk, chain, -1); } -EVP_PKEY *ssl_get_auto_dh(SSL *s) +EVP_PKEY *ssl_get_auto_dh(SSL_CONNECTION *s) { EVP_PKEY *dhp = NULL; BIGNUM *p; @@ -2948,6 +3011,7 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s) EVP_PKEY_CTX *pctx = NULL; OSSL_PARAM_BLD *tmpl = NULL; OSSL_PARAM *params = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (s->cert->dh_tmp_auto != 2) { if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { @@ -2963,7 +3027,8 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s) } /* Do not pick a prime that is too weak for the current security level */ - sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL); + sec_level_bits = ssl_get_security_level_bits(SSL_CONNECTION_GET_SSL(s), + NULL, NULL); if (dh_secbits < sec_level_bits) dh_secbits = sec_level_bits; @@ -2980,7 +3045,7 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s) if (p == NULL) goto err; - pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq); + pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, "DH", sctx->propq); if (pctx == NULL || EVP_PKEY_fromdata_init(pctx) != 1) goto err; @@ -3004,10 +3069,12 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s) return dhp; } -static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op) +static int ssl_security_cert_key(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, + int op) { int secbits = -1; EVP_PKEY *pkey = X509_get0_pubkey(x); + if (pkey) { /* * If no parameters this will return -1 and fail using the default @@ -3017,16 +3084,18 @@ static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op) */ secbits = EVP_PKEY_get_security_bits(pkey); } - if (s) + if (s != NULL) return ssl_security(s, op, secbits, 0, x); else return ssl_ctx_security(ctx, op, secbits, 0, x); } -static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) +static int ssl_security_cert_sig(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, + int op) { /* Lookup signature algorithm digest */ int secbits, nid, pknid; + /* Don't check signature if self signed */ if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) return 1; @@ -3035,13 +3104,14 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) /* If digest NID not defined use signature NID */ if (nid == NID_undef) nid = pknid; - if (s) + if (s != NULL) return ssl_security(s, op, secbits, nid, x); else return ssl_ctx_security(ctx, op, secbits, nid, x); } -int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee) +int ssl_security_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, int vfy, + int is_ee) { if (vfy) vfy = SSL_SECOP_PEER; @@ -3063,9 +3133,11 @@ int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee) * one to the peer. Return values: 1 if ok otherwise error code to use */ -int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy) +int ssl_security_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk, + X509 *x, int vfy) { int rv, start_idx, i; + if (x == NULL) { x = sk_X509_value(sk, 0); if (x == NULL) @@ -3092,7 +3164,8 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy) * with the signature algorithm "lu" and return index of certificate. */ -static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) +static int tls12_get_cert_sigalg_idx(const SSL_CONNECTION *s, + const SIGALG_LOOKUP *lu) { int sig_idx = lu->sig_idx; const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(sig_idx); @@ -3113,13 +3186,14 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) * the key. * Returns true if the cert is usable and false otherwise. */ -static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, - EVP_PKEY *pkey) +static int check_cert_usable(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig, + X509 *x, EVP_PKEY *pkey) { const SIGALG_LOOKUP *lu; int mdnid, pknid, supported; size_t i; const char *mdname = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* * If the given EVP_PKEY cannot support signing with this digest, @@ -3127,9 +3201,9 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, */ if (sig->hash != NID_undef) mdname = OBJ_nid2sn(sig->hash); - supported = EVP_PKEY_digestsign_supports_digest(pkey, s->ctx->libctx, + supported = EVP_PKEY_digestsign_supports_digest(pkey, sctx->libctx, mdname, - s->ctx->propq); + sctx->propq); if (supported <= 0) return 0; @@ -3171,7 +3245,7 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, * the signature_algorithm_cert restrictions sent by the peer (if any). * Returns false if no usable certificate is found. */ -static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) +static int has_usable_cert(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig, int idx) { /* TLS 1.2 callers can override sig->sig_idx, but not TLS 1.3 callers. */ if (idx == -1) @@ -3187,7 +3261,7 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) * Returns true if the supplied cert |x| and key |pkey| is usable with the * specified signature scheme |sig|, or false otherwise. */ -static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, +static int is_cert_usable(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig, X509 *x, EVP_PKEY *pkey) { size_t idx; @@ -3207,12 +3281,14 @@ static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, * |pkey|. |x| and |pkey| may be NULL in which case we additionally look at our * available certs/keys to find one that works. */ -static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) +static const SIGALG_LOOKUP *find_sig_alg(SSL_CONNECTION *s, X509 *x, + EVP_PKEY *pkey) { const SIGALG_LOOKUP *lu = NULL; size_t i; int curve = -1; EVP_PKEY *tmppkey; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* Look for a shared sigalgs matching possible certificates */ for (i = 0; i < s->shared_sigalgslen; i++) { @@ -3225,7 +3301,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) || lu->sig == EVP_PKEY_RSA) continue; /* Check that we have a cert, and signature_algorithms_cert */ - if (!tls1_lookup_md(s->ctx, lu, NULL)) + if (!tls1_lookup_md(sctx, lu, NULL)) continue; if ((pkey == NULL && !has_usable_cert(s, lu, -1)) || (pkey != NULL && !is_cert_usable(s, lu, x, pkey))) @@ -3241,7 +3317,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) continue; } else if (lu->sig == EVP_PKEY_RSA_PSS) { /* validate that key is large enough for the signature algorithm */ - if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu)) + if (!rsa_pss_check_min_key_size(sctx, tmppkey, lu)) continue; } break; @@ -3264,7 +3340,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) * a fatal error: we will either try another certificate or not present one * to the server. In this case no error is set. */ -int tls_choose_sigalg(SSL *s, int fatalerrs) +int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs) { const SIGALG_LOOKUP *lu = NULL; int sig_idx = -1; @@ -3272,7 +3348,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) s->s3.tmp.cert = NULL; s->s3.tmp.sigalg = NULL; - if (SSL_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_TLS13(s)) { lu = find_sig_alg(s, NULL, NULL); if (lu == NULL) { if (!fatalerrs) @@ -3292,6 +3368,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) size_t i; if (s->s3.tmp.peer_sigalgs != NULL) { int curve = -1; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* For Suite B need to match signature algorithm to curve */ if (tls1_suiteb(s)) @@ -3322,7 +3399,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) /* validate that key is large enough for the signature algorithm */ EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey; - if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu)) + if (!rsa_pss_check_min_key_size(sctx, pkey, lu)) continue; } if (curve == -1 || lu->curve == curve) @@ -3334,7 +3411,9 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) * in supported_algorithms extension, so when we have GOST-based ciphersuite, * we have to assume GOST support. */ - if (i == s->shared_sigalgslen && s->s3.tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) { + if (i == s->shared_sigalgslen + && (s->s3.tmp.new_cipher->algorithm_auth + & (SSL_aGOST01 | SSL_aGOST12)) != 0) { if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { if (!fatalerrs) return 1; @@ -3416,13 +3495,18 @@ int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode) int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return 0; + if (mode != TLSEXT_max_fragment_length_DISABLED && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } - ssl->ext.max_fragment_len_mode = mode; + sc->ext.max_fragment_len_mode = mode; return 1; } diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 3ae97ac82284e4..edeb926e22f095 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -688,12 +688,12 @@ static int ssl_print_random(BIO *bio, int indent, return 1; } -static int ssl_print_signature(BIO *bio, int indent, const SSL *ssl, +static int ssl_print_signature(BIO *bio, int indent, const SSL_CONNECTION *sc, const unsigned char **pmsg, size_t *pmsglen) { if (*pmsglen < 2) return 0; - if (SSL_USE_SIGALGS(ssl)) { + if (SSL_USE_SIGALGS(sc)) { const unsigned char *p = *pmsg; unsigned int sigalg = (p[0] << 8) | p[1]; @@ -948,7 +948,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server, return 1; } -static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent, +static int ssl_print_client_hello(BIO *bio, const SSL_CONNECTION *sc, int indent, const unsigned char *msg, size_t msglen) { size_t len; @@ -960,7 +960,7 @@ static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent, return 0; if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) return 0; - if (SSL_IS_DTLS(ssl)) { + if (SSL_CONNECTION_IS_DTLS(sc)) { if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) return 0; } @@ -1051,9 +1051,9 @@ static int ssl_print_server_hello(BIO *bio, int indent, return 1; } -static int ssl_get_keyex(const char **pname, const SSL *ssl) +static int ssl_get_keyex(const char **pname, const SSL_CONNECTION *sc) { - unsigned long alg_k = ssl->s3.tmp.new_cipher->algorithm_mkey; + unsigned long alg_k = sc->s3.tmp.new_cipher->algorithm_mkey; if (alg_k & SSL_kRSA) { *pname = "rsa"; @@ -1099,11 +1099,11 @@ static int ssl_get_keyex(const char **pname, const SSL *ssl) return 0; } -static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, +static int ssl_print_client_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc, const unsigned char *msg, size_t msglen) { const char *algname; - int id = ssl_get_keyex(&algname, ssl); + int id = ssl_get_keyex(&algname, sc); BIO_indent(bio, indent, 80); BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); @@ -1116,7 +1116,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, case SSL_kRSA: case SSL_kRSAPSK: - if (TLS1_get_version(ssl) == SSL3_VERSION) { + if (TLS1_get_version(SSL_CONNECTION_GET_SSL(sc)) == SSL3_VERSION) { ssl_print_hex(bio, indent + 2, "EncryptedPreMasterSecret", msg, msglen); } else { @@ -1151,11 +1151,11 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, return !msglen; } -static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl, +static int ssl_print_server_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc, const unsigned char *msg, size_t msglen) { const char *algname; - int id = ssl_get_keyex(&algname, ssl); + int id = ssl_get_keyex(&algname, sc); BIO_indent(bio, indent, 80); BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); @@ -1215,7 +1215,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl, break; } if (!(id & SSL_PSK)) - ssl_print_signature(bio, indent, ssl, &msg, &msglen); + ssl_print_signature(bio, indent, sc, &msg, &msglen); return !msglen; } @@ -1254,13 +1254,13 @@ static int ssl_print_certificate(BIO *bio, int indent, return 1; } -static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, +static int ssl_print_certificates(BIO *bio, const SSL_CONNECTION *sc, int server, int indent, const unsigned char *msg, size_t msglen) { size_t clen; - if (SSL_IS_TLS13(ssl) + if (SSL_CONNECTION_IS_TLS13(sc) && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen)) return 0; @@ -1275,7 +1275,7 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, while (clen > 0) { if (!ssl_print_certificate(bio, indent + 2, &msg, &clen)) return 0; - if (SSL_IS_TLS13(ssl) + if (SSL_CONNECTION_IS_TLS13(sc) && !ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE, &msg, &clen)) return 0; @@ -1284,13 +1284,13 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, return 1; } -static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, +static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc, const unsigned char *msg, size_t msglen) { size_t xlen; unsigned int sigalg; - if (SSL_IS_TLS13(ssl)) { + if (SSL_CONNECTION_IS_TLS13(sc)) { if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen)) return 0; if (!ssl_print_extensions(bio, indent, 1, @@ -1311,7 +1311,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, msg += xlen; msglen -= xlen + 1; } - if (SSL_USE_SIGALGS(ssl)) { + if (SSL_USE_SIGALGS(sc)) { if (msglen < 2) return 0; xlen = (msg[0] << 8) | msg[1]; @@ -1365,7 +1365,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, xlen -= dlen + 2; msg += dlen; } - if (SSL_IS_TLS13(ssl)) { + if (SSL_CONNECTION_IS_TLS13(sc)) { if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2, &msg, &msglen)) return 0; @@ -1373,7 +1373,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, return msglen == 0; } -static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, +static int ssl_print_ticket(BIO *bio, int indent, const SSL_CONNECTION *sc, const unsigned char *msg, size_t msglen) { unsigned int tick_life; @@ -1393,7 +1393,7 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, msg += 4; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life); - if (SSL_IS_TLS13(ssl)) { + if (SSL_CONNECTION_IS_TLS13(sc)) { unsigned int ticket_age_add; if (msglen < 4) @@ -1413,7 +1413,7 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, } if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen)) return 0; - if (SSL_IS_TLS13(ssl) + if (SSL_CONNECTION_IS_TLS13(sc) && !ssl_print_extensions(bio, indent + 2, 0, SSL3_MT_NEWSESSION_TICKET, &msg, &msglen)) return 0; @@ -1422,7 +1422,7 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, return 1; } -static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, +static int ssl_print_handshake(BIO *bio, const SSL_CONNECTION *sc, int server, const unsigned char *msg, size_t msglen, int indent) { @@ -1438,7 +1438,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen); msg += 4; msglen -= 4; - if (SSL_IS_DTLS(ssl)) { + if (SSL_CONNECTION_IS_DTLS(sc)) { if (msglen < 8) return 0; BIO_indent(bio, indent, 80); @@ -1454,7 +1454,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, return 0; switch (htype) { case SSL3_MT_CLIENT_HELLO: - if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen)) + if (!ssl_print_client_hello(bio, sc, indent + 2, msg, msglen)) return 0; break; @@ -1469,27 +1469,27 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, break; case SSL3_MT_SERVER_KEY_EXCHANGE: - if (!ssl_print_server_keyex(bio, indent + 2, ssl, msg, msglen)) + if (!ssl_print_server_keyex(bio, indent + 2, sc, msg, msglen)) return 0; break; case SSL3_MT_CLIENT_KEY_EXCHANGE: - if (!ssl_print_client_keyex(bio, indent + 2, ssl, msg, msglen)) + if (!ssl_print_client_keyex(bio, indent + 2, sc, msg, msglen)) return 0; break; case SSL3_MT_CERTIFICATE: - if (!ssl_print_certificates(bio, ssl, server, indent + 2, msg, msglen)) + if (!ssl_print_certificates(bio, sc, server, indent + 2, msg, msglen)) return 0; break; case SSL3_MT_CERTIFICATE_VERIFY: - if (!ssl_print_signature(bio, indent + 2, ssl, &msg, &msglen)) + if (!ssl_print_signature(bio, indent + 2, sc, &msg, &msglen)) return 0; break; case SSL3_MT_CERTIFICATE_REQUEST: - if (!ssl_print_cert_request(bio, indent + 2, ssl, msg, msglen)) + if (!ssl_print_cert_request(bio, indent + 2, sc, msg, msglen)) return 0; break; @@ -1503,7 +1503,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, break; case SSL3_MT_NEWSESSION_TICKET: - if (!ssl_print_ticket(bio, indent + 2, ssl, msg, msglen)) + if (!ssl_print_ticket(bio, indent + 2, sc, msg, msglen)) return 0; break; @@ -1536,6 +1536,10 @@ void SSL_trace(int write_p, int version, int content_type, { const unsigned char *msg = buf; BIO *bio = arg; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); + + if (sc == NULL) + return; switch (content_type) { case SSL3_RT_HEADER: @@ -1543,7 +1547,7 @@ void SSL_trace(int write_p, int version, int content_type, int hvers; /* avoid overlapping with length at the end of buffer */ - if (msglen < (size_t)(SSL_IS_DTLS(ssl) ? + if (msglen < (size_t)(SSL_CONNECTION_IS_DTLS(sc) ? DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { BIO_puts(bio, write_p ? "Sent" : "Received"); ssl_print_hex(bio, 0, " too short message", msg, msglen); @@ -1553,7 +1557,7 @@ void SSL_trace(int write_p, int version, int content_type, BIO_puts(bio, write_p ? "Sent" : "Received"); BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", ssl_trace_str(hvers, ssl_version_tbl), hvers); - if (SSL_IS_DTLS(ssl)) { + if (SSL_CONNECTION_IS_DTLS(sc)) { BIO_printf(bio, " epoch=%d, sequence_number=%04x%04x%04x\n", (msg[3] << 8 | msg[4]), @@ -1573,7 +1577,7 @@ void SSL_trace(int write_p, int version, int content_type, break; case SSL3_RT_HANDSHAKE: - if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p, + if (!ssl_print_handshake(bio, sc, sc->server ? write_p : !write_p, msg, msglen, 4)) BIO_printf(bio, "Message length parse error!\n"); break; diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 5e010aac6b79ba..1bfafcb3c93cfb 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -31,13 +31,15 @@ static const unsigned char label_prefix[] = "tls13 "; * The |data| value may be zero length. Any errors will be treated as fatal if * |fatal| is set. Returns 1 on success 0 on failure. */ -int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, +int tls13_hkdf_expand(SSL_CONNECTION *s, const EVP_MD *md, + const unsigned char *secret, const unsigned char *label, size_t labellen, const unsigned char *data, size_t datalen, unsigned char *out, size_t outlen, int fatal) { - EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, - s->ctx->propq); + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + EVP_KDF *kdf = EVP_KDF_fetch(sctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, + sctx->propq); EVP_KDF_CTX *kctx; OSSL_PARAM params[7], *p = params; int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; @@ -107,7 +109,8 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, * Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on * success 0 on failure. */ -int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, +int tls13_derive_key(SSL_CONNECTION *s, const EVP_MD *md, + const unsigned char *secret, unsigned char *key, size_t keylen) { #ifdef CHARSET_EBCDIC @@ -124,7 +127,8 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, * Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on * success 0 on failure. */ -int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret, +int tls13_derive_iv(SSL_CONNECTION *s, const EVP_MD *md, + const unsigned char *secret, unsigned char *iv, size_t ivlen) { #ifdef CHARSET_EBCDIC @@ -137,7 +141,7 @@ int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret, NULL, 0, iv, ivlen, 1); } -int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, +int tls13_derive_finishedkey(SSL_CONNECTION *s, const EVP_MD *md, const unsigned char *secret, unsigned char *fin, size_t finlen) { @@ -156,7 +160,7 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, * length |insecretlen|, generate a new secret and store it in the location * pointed to by |outsecret|. Returns 1 on success 0 on failure. */ -int tls13_generate_secret(SSL *s, const EVP_MD *md, +int tls13_generate_secret(SSL_CONNECTION *s, const EVP_MD *md, const unsigned char *prevsecret, const unsigned char *insecret, size_t insecretlen, @@ -175,8 +179,9 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, #else static const char derived_secret_label[] = "derived"; #endif + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); - kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, s->ctx->propq); + kdf = EVP_KDF_fetch(sctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, sctx->propq); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) { @@ -225,8 +230,9 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, * handshake secret. This requires the early secret to already have been * generated. Returns 1 on success 0 on failure. */ -int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, - size_t insecretlen) +int tls13_generate_handshake_secret(SSL_CONNECTION *s, + const unsigned char *insecret, + size_t insecretlen) { /* Calls SSLfatal() if required */ return tls13_generate_secret(s, ssl_handshake_md(s), s->early_secret, @@ -239,7 +245,7 @@ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, * secret and store its length in |*secret_size|. Returns 1 on success 0 on * failure. */ -int tls13_generate_master_secret(SSL *s, unsigned char *out, +int tls13_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, unsigned char *prev, size_t prevlen, size_t *secret_size) { @@ -254,7 +260,7 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out, * Generates the mac for the Finished message. Returns the length of the MAC or * 0 on error. */ -size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, +size_t tls13_final_finish_mac(SSL_CONNECTION *s, const char *str, size_t slen, unsigned char *out) { const EVP_MD *md = ssl_handshake_md(s); @@ -264,14 +270,15 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, unsigned char *key = NULL; size_t len = 0, hashlen; OSSL_PARAM params[2], *p = params; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (md == NULL) return 0; /* Safe to cast away const here since we're not "getting" any data */ - if (s->ctx->propq != NULL) + if (sctx->propq != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, - (char *)s->ctx->propq, + (char *)sctx->propq, 0); *p = OSSL_PARAM_construct_end(); @@ -280,7 +287,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, goto err; } - if (str == s->method->ssl3_enc->server_finished_label) { + if (str == SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->server_finished_label) { key = s->server_finished_secret; } else if (SSL_IS_FIRST_HANDSHAKE(s)) { key = s->client_finished_secret; @@ -292,7 +299,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, key = finsecret; } - if (!EVP_Q_mac(s->ctx->libctx, "HMAC", s->ctx->propq, mdname, + if (!EVP_Q_mac(sctx->libctx, "HMAC", sctx->propq, mdname, params, key, hashlen, hash, hashlen, /* outsize as per sizeof(peer_finish_md) */ out, EVP_MAX_MD_SIZE * 2, &len)) { @@ -309,14 +316,14 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, * There isn't really a key block in TLSv1.3, but we still need this function * for initialising the cipher and hash. Returns 1 on success or 0 on failure. */ -int tls13_setup_key_block(SSL *s) +int tls13_setup_key_block(SSL_CONNECTION *s) { const EVP_CIPHER *c; const EVP_MD *hash; s->session->cipher = s->s3.tmp.new_cipher; - if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, NULL, - 0)) { + if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash, + NULL, NULL, NULL, 0)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; @@ -330,7 +337,8 @@ int tls13_setup_key_block(SSL *s) return 1; } -static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, +static int derive_secret_key_and_iv(SSL_CONNECTION *s, int sending, + const EVP_MD *md, const EVP_CIPHER *ciph, const unsigned char *insecret, const unsigned char *hash, @@ -400,7 +408,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, return 1; } -int tls13_change_cipher_state(SSL *s, int which) +int tls13_change_cipher_state(SSL_CONNECTION *s, int which) { #ifdef CHARSET_EBCDIC static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; @@ -436,6 +444,7 @@ int tls13_change_cipher_state(SSL *s, int which) int ret = 0; const EVP_MD *md = NULL; const EVP_CIPHER *cipher = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); #if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13) ktls_crypto_info_t crypto_info; void *rl_sequence; @@ -529,14 +538,14 @@ int tls13_change_cipher_state(SSL *s, int which) * This ups the ref count on cipher so we better make sure we free * it again */ - if (!ssl_cipher_get_evp_cipher(s->ctx, sslcipher, &cipher)) { + if (!ssl_cipher_get_evp_cipher(sctx, sslcipher, &cipher)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); EVP_MD_CTX_free(mdctx); goto err; } - md = ssl_md(s->ctx, sslcipher->algorithm2); + md = ssl_md(sctx, sslcipher->algorithm2); if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL) || !EVP_DigestUpdate(mdctx, hdata, handlen) || !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) { @@ -754,7 +763,7 @@ int tls13_change_cipher_state(SSL *s, int which) return ret; } -int tls13_update_key(SSL *s, int sending) +int tls13_update_key(SSL_CONNECTION *s, int sending) { #ifdef CHARSET_EBCDIC static const unsigned char application_traffic[] = { 0x74, 0x72 ,0x61 ,0x66 ,0x66 ,0x69 ,0x63 ,0x20 ,0x75 ,0x70 ,0x64, 0x00}; @@ -813,7 +822,8 @@ int tls13_alert_code(int code) return tls1_alert_code(code); } -int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, +int tls13_export_keying_material(SSL_CONNECTION *s, + unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *context, size_t contextlen, int use_context) @@ -855,7 +865,8 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, return ret; } -int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, +int tls13_export_keying_material_early(SSL_CONNECTION *s, + unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *context, size_t contextlen) @@ -882,7 +893,7 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, else sslcipher = SSL_SESSION_get0_cipher(s->session); - md = ssl_md(s->ctx, sslcipher->algorithm2); + md = ssl_md(SSL_CONNECTION_GET_CTX(s), sslcipher->algorithm2); /* * Calculate the hash value and store it in |data|. The reason why diff --git a/ssl/tls_depr.c b/ssl/tls_depr.c index 1761ba1d8ef1fd..85ed9f25f92959 100644 --- a/ssl/tls_depr.c +++ b/ssl/tls_depr.c @@ -64,10 +64,14 @@ const EVP_MD *tls_get_digest_from_engine(int nid) } #ifndef OPENSSL_NO_ENGINE -int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey) +int tls_engine_load_ssl_client_cert(SSL_CONNECTION *s, X509 **px509, + EVP_PKEY **ppkey) { - return ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, - SSL_get_client_CA_list(s), + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + + return ENGINE_load_ssl_client_cert(SSL_CONNECTION_GET_CTX(s)->client_cert_engine, + ssl, + SSL_get_client_CA_list(ssl), px509, ppkey, NULL, NULL, NULL); } #endif diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index a4ec363cfba626..2f1d2198fd1ec9 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -57,7 +57,7 @@ int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx) * The public API SSL_SRP_CTX_free() is deprecated so we use * ssl_srp_ctx_free_intern() internally. */ -int ssl_srp_ctx_free_intern(SSL *s) +int ssl_srp_ctx_free_intern(SSL_CONNECTION *s) { if (s == NULL) return 0; @@ -78,18 +78,21 @@ int ssl_srp_ctx_free_intern(SSL *s) int SSL_SRP_CTX_free(SSL *s) { - return ssl_srp_ctx_free_intern(s); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + /* the call works with NULL sc */ + return ssl_srp_ctx_free_intern(sc); } /* * The public API SSL_SRP_CTX_init() is deprecated so we use * ssl_srp_ctx_init_intern() internally. */ -int ssl_srp_ctx_init_intern(SSL *s) +int ssl_srp_ctx_init_intern(SSL_CONNECTION *s) { - SSL_CTX *ctx; + SSL_CTX *ctx = SSL_CONNECTION_GET_CTX(s); - if ((s == NULL) || ((ctx = s->ctx) == NULL)) + if (s == NULL || ctx == NULL) return 0; memset(&s->srp_ctx, 0, sizeof(s->srp_ctx)); @@ -156,7 +159,10 @@ int ssl_srp_ctx_init_intern(SSL *s) int SSL_SRP_CTX_init(SSL *s) { - return ssl_srp_ctx_init_intern(s); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + /* the call works with NULL sc */ + return ssl_srp_ctx_init_intern(sc); } /* @@ -184,15 +190,17 @@ int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx) * The public API SSL_srp_server_param_with_username() is deprecated so we use * ssl_srp_server_param_with_username_intern() internally. */ -int ssl_srp_server_param_with_username_intern(SSL *s, int *ad) +int ssl_srp_server_param_with_username_intern(SSL_CONNECTION *s, int *ad) { unsigned char b[SSL_MAX_MASTER_KEY_LENGTH]; int al; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) && ((al = - s->srp_ctx.TLS_ext_srp_username_callback(s, ad, + s->srp_ctx.TLS_ext_srp_username_callback(SSL_CONNECTION_GET_SSL(s), + ad, s->srp_ctx.SRP_cb_arg)) != SSL_ERROR_NONE)) return al; @@ -203,7 +211,8 @@ int ssl_srp_server_param_with_username_intern(SSL *s, int *ad) (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL)) return SSL3_AL_FATAL; - if (RAND_priv_bytes_ex(s->ctx->libctx, b, sizeof(b), 0) <= 0) + if (RAND_priv_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, b, sizeof(b), + 0) <= 0) return SSL3_AL_FATAL; s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL); OPENSSL_cleanse(b, sizeof(b)); @@ -212,13 +221,18 @@ int ssl_srp_server_param_with_username_intern(SSL *s, int *ad) return ((s->srp_ctx.B = SRP_Calc_B_ex(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, - s->srp_ctx.v, s->ctx->libctx, s->ctx->propq)) != + s->srp_ctx.v, sctx->libctx, sctx->propq)) != NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL; } int SSL_srp_server_param_with_username(SSL *s, int *ad) { - return ssl_srp_server_param_with_username_intern(s, ad); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return SSL3_AL_FATAL; + + return ssl_srp_server_param_with_username_intern(sc, ad); } /* @@ -228,17 +242,23 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad) int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp) { - SRP_gN *GN = SRP_get_default_gN(grp); + SRP_gN *GN; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return -1; + + GN = SRP_get_default_gN(grp); if (GN == NULL) return -1; - s->srp_ctx.N = BN_dup(GN->N); - s->srp_ctx.g = BN_dup(GN->g); - BN_clear_free(s->srp_ctx.v); - s->srp_ctx.v = NULL; - BN_clear_free(s->srp_ctx.s); - s->srp_ctx.s = NULL; - if (!SRP_create_verifier_BN_ex(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, - s->srp_ctx.N, s->srp_ctx.g, s->ctx->libctx, + sc->srp_ctx.N = BN_dup(GN->N); + sc->srp_ctx.g = BN_dup(GN->g); + BN_clear_free(sc->srp_ctx.v); + sc->srp_ctx.v = NULL; + BN_clear_free(sc->srp_ctx.s); + sc->srp_ctx.s = NULL; + if (!SRP_create_verifier_BN_ex(user, pass, &sc->srp_ctx.s, &sc->srp_ctx.v, + sc->srp_ctx.N, sc->srp_ctx.g, s->ctx->libctx, s->ctx->propq)) return -1; @@ -248,66 +268,72 @@ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return -1; + if (N != NULL) { - if (s->srp_ctx.N != NULL) { - if (!BN_copy(s->srp_ctx.N, N)) { - BN_free(s->srp_ctx.N); - s->srp_ctx.N = NULL; + if (sc->srp_ctx.N != NULL) { + if (!BN_copy(sc->srp_ctx.N, N)) { + BN_free(sc->srp_ctx.N); + sc->srp_ctx.N = NULL; } } else - s->srp_ctx.N = BN_dup(N); + sc->srp_ctx.N = BN_dup(N); } if (g != NULL) { - if (s->srp_ctx.g != NULL) { - if (!BN_copy(s->srp_ctx.g, g)) { - BN_free(s->srp_ctx.g); - s->srp_ctx.g = NULL; + if (sc->srp_ctx.g != NULL) { + if (!BN_copy(sc->srp_ctx.g, g)) { + BN_free(sc->srp_ctx.g); + sc->srp_ctx.g = NULL; } } else - s->srp_ctx.g = BN_dup(g); + sc->srp_ctx.g = BN_dup(g); } if (sa != NULL) { - if (s->srp_ctx.s != NULL) { - if (!BN_copy(s->srp_ctx.s, sa)) { - BN_free(s->srp_ctx.s); - s->srp_ctx.s = NULL; + if (sc->srp_ctx.s != NULL) { + if (!BN_copy(sc->srp_ctx.s, sa)) { + BN_free(sc->srp_ctx.s); + sc->srp_ctx.s = NULL; } } else - s->srp_ctx.s = BN_dup(sa); + sc->srp_ctx.s = BN_dup(sa); } if (v != NULL) { - if (s->srp_ctx.v != NULL) { - if (!BN_copy(s->srp_ctx.v, v)) { - BN_free(s->srp_ctx.v); - s->srp_ctx.v = NULL; + if (sc->srp_ctx.v != NULL) { + if (!BN_copy(sc->srp_ctx.v, v)) { + BN_free(sc->srp_ctx.v); + sc->srp_ctx.v = NULL; } } else - s->srp_ctx.v = BN_dup(v); + sc->srp_ctx.v = BN_dup(v); } if (info != NULL) { - if (s->srp_ctx.info) - OPENSSL_free(s->srp_ctx.info); - if ((s->srp_ctx.info = OPENSSL_strdup(info)) == NULL) + if (sc->srp_ctx.info) + OPENSSL_free(sc->srp_ctx.info); + if ((sc->srp_ctx.info = OPENSSL_strdup(info)) == NULL) return -1; } - if (!(s->srp_ctx.N) || - !(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v)) + if (!(sc->srp_ctx.N) || + !(sc->srp_ctx.g) || !(sc->srp_ctx.s) || !(sc->srp_ctx.v)) return -1; return 1; } -int srp_generate_server_master_secret(SSL *s) +int srp_generate_server_master_secret(SSL_CONNECTION *s) { BIGNUM *K = NULL, *u = NULL; int ret = 0, tmp_len = 0; unsigned char *tmp = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N)) goto err; if ((u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, - s->ctx->libctx, s->ctx->propq)) == NULL) + sctx->libctx, sctx->propq)) == NULL) goto err; if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, s->srp_ctx.N)) == NULL) @@ -328,37 +354,38 @@ int srp_generate_server_master_secret(SSL *s) } /* client side */ -int srp_generate_client_master_secret(SSL *s) +int srp_generate_client_master_secret(SSL_CONNECTION *s) { BIGNUM *x = NULL, *u = NULL, *K = NULL; int ret = 0, tmp_len = 0; char *passwd = NULL; unsigned char *tmp = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* * Checks if b % n == 0 */ if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0 || (u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, - s->ctx->libctx, s->ctx->propq)) + sctx->libctx, sctx->propq)) == NULL || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s, - s->srp_ctx.SRP_cb_arg)) + if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(SSL_CONNECTION_GET_SSL(s), + s->srp_ctx.SRP_cb_arg)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED); goto err; } if ((x = SRP_Calc_x_ex(s->srp_ctx.s, s->srp_ctx.login, passwd, - s->ctx->libctx, s->ctx->propq)) == NULL + sctx->libctx, sctx->propq)) == NULL || (K = SRP_Calc_client_key_ex(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x, s->srp_ctx.a, u, - s->ctx->libctx, - s->ctx->propq)) == NULL) { + sctx->libctx, + sctx->propq)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -380,7 +407,7 @@ int srp_generate_client_master_secret(SSL *s) return ret; } -int srp_verify_server_param(SSL *s) +int srp_verify_server_param(SSL_CONNECTION *s) { SRP_CTX *srp = &s->srp_ctx; /* @@ -399,7 +426,8 @@ int srp_verify_server_param(SSL *s) } if (srp->SRP_verify_param_callback) { - if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) { + if (srp->SRP_verify_param_callback(SSL_CONNECTION_GET_SSL(s), + srp->SRP_cb_arg) <= 0) { SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_R_CALLBACK_FAILED); return 0; } @@ -416,11 +444,12 @@ int srp_verify_server_param(SSL *s) * The public API SRP_Calc_A_param() is deprecated so we use * ssl_srp_calc_a_param_intern() internally. */ -int ssl_srp_calc_a_param_intern(SSL *s) +int ssl_srp_calc_a_param_intern(SSL_CONNECTION *s) { unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; - if (RAND_priv_bytes_ex(s->ctx->libctx, rnd, sizeof(rnd), 0) <= 0) + if (RAND_priv_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, + rnd, sizeof(rnd), 0) <= 0) return 0; s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); OPENSSL_cleanse(rnd, sizeof(rnd)); @@ -433,34 +462,59 @@ int ssl_srp_calc_a_param_intern(SSL *s) int SRP_Calc_A_param(SSL *s) { - return ssl_srp_calc_a_param_intern(s); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return 0; + + return ssl_srp_calc_a_param_intern(sc); } BIGNUM *SSL_get_srp_g(SSL *s) { - if (s->srp_ctx.g != NULL) - return s->srp_ctx.g; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; + + if (sc->srp_ctx.g != NULL) + return sc->srp_ctx.g; return s->ctx->srp_ctx.g; } BIGNUM *SSL_get_srp_N(SSL *s) { - if (s->srp_ctx.N != NULL) - return s->srp_ctx.N; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; + + if (sc->srp_ctx.N != NULL) + return sc->srp_ctx.N; return s->ctx->srp_ctx.N; } char *SSL_get_srp_username(SSL *s) { - if (s->srp_ctx.login != NULL) - return s->srp_ctx.login; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; + + if (sc->srp_ctx.login != NULL) + return sc->srp_ctx.login; return s->ctx->srp_ctx.login; } char *SSL_get_srp_userinfo(SSL *s) { - if (s->srp_ctx.info != NULL) - return s->srp_ctx.info; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + + if (sc == NULL) + return NULL; + + if (sc->srp_ctx.info != NULL) + return sc->srp_ctx.info; return s->ctx->srp_ctx.info; } diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c index 2395b9d9220990..b11d5e3461315e 100644 --- a/test/dtls_mtu_test.c +++ b/test/dtls_mtu_test.c @@ -55,6 +55,7 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) size_t mtus[30]; unsigned char buf[600]; int rv = 0; + SSL_CONNECTION *clnt_sc; memset(buf, 0x5a, sizeof(buf)); @@ -132,8 +133,10 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) } } } + if (!TEST_ptr(clnt_sc = SSL_CONNECTION_FROM_SSL_ONLY(clnt_ssl))) + goto end; rv = 1; - if (SSL_READ_ETM(clnt_ssl)) + if (SSL_READ_ETM(clnt_sc)) rv = 2; end: SSL_free(clnt_ssl); diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index 7b2798b353b7e0..fc7f0263001df2 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -978,9 +978,15 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) return; } else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH) { if (SSL_is_server(peer->ssl)) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(peer->ssl); + + if (sc == NULL) { + peer->status = PEER_ERROR; + return; + } /* Make the server believe it's received the extension */ if (test_ctx->extra.server.force_pha) - peer->ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; + sc->post_handshake_auth = SSL_PHA_EXT_RECEIVED; ret = SSL_verify_client_post_handshake(peer->ssl); if (!ret) { peer->status = PEER_ERROR; diff --git a/test/sslapitest.c b/test/sslapitest.c index 1ab2534efccad0..5ee58082291abd 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1529,6 +1529,7 @@ static int execute_cleanse_plaintext(const SSL_METHOD *smeth, int testresult = 0; SSL3_RECORD *rr; void *zbuf; + SSL_CONNECTION *serversc; static unsigned char cbuf[16000]; static unsigned char sbuf[16000]; @@ -1589,7 +1590,9 @@ static int execute_cleanse_plaintext(const SSL_METHOD *smeth, * layer is a plaintext record. We can gather the pointer to check * for zeroization after SSL_read(). */ - rr = serverssl->rlayer.rrec; + if (!TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl))) + goto end; + rr = serversc->rlayer.rrec; zbuf = &rr->data[rr->off]; if (!TEST_int_eq(rr->length, sizeof(cbuf))) goto end; diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index d2df29e6fda429..0ce5ee1328b520 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -304,12 +304,13 @@ static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc) static int test_tls13_encryption(void) { SSL_CTX *ctx = NULL; - SSL *s = NULL; + SSL *ssl = NULL; SSL3_RECORD rec; unsigned char *key = NULL, *iv = NULL, *seq = NULL; const EVP_CIPHER *ciph = EVP_aes_128_gcm(); int ret = 0; size_t ivlen, ctr; + SSL_CONNECTION *s; /* * Encrypted TLSv1.3 records always have an outer content type of @@ -325,8 +326,8 @@ static int test_tls13_encryption(void) goto err; } - s = SSL_new(ctx); - if (!TEST_ptr(s)) { + ssl = SSL_new(ctx); + if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl))) { TEST_info("Failed creating SSL"); goto err; } @@ -339,7 +340,7 @@ static int test_tls13_encryption(void) if (!TEST_ptr(s->enc_write_ctx)) goto err; - s->s3.tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES); + s->s3.tmp.new_cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES); if (!TEST_ptr(s->s3.tmp.new_cipher)) { TEST_info("Failed to find cipher"); goto err; @@ -405,7 +406,7 @@ static int test_tls13_encryption(void) OPENSSL_free(key); OPENSSL_free(iv); OPENSSL_free(seq); - SSL_free(s); + SSL_free(ssl); SSL_CTX_free(ctx); return ret; } diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index bf214d3d5ba755..6a2479210adb3a 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -126,7 +126,7 @@ static unsigned char server_ats_iv[] = { }; /* Mocked out implementations of various functions */ -int ssl3_digest_cached_records(SSL *s, int keep) +int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep) { return 1; } @@ -134,7 +134,7 @@ int ssl3_digest_cached_records(SSL *s, int keep) static int full_hash = 0; /* Give a hash of the currently set handshake */ -int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, +int ssl_handshake_hash(SSL_CONNECTION *s, unsigned char *out, size_t outlen, size_t *hashlen) { if (sizeof(hs_start_hash) > outlen @@ -152,7 +152,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, return 1; } -const EVP_MD *ssl_handshake_md(SSL *s) +const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s) { return EVP_sha256(); } @@ -185,7 +185,7 @@ int tls1_alert_code(int code) return code; } -int ssl_log_secret(SSL *ssl, +int ssl_log_secret(SSL_CONNECTION *sc, const char *label, const uint8_t *secret, size_t secret_len) @@ -198,20 +198,21 @@ const EVP_MD *ssl_md(SSL_CTX *ctx, int idx) return EVP_sha256(); } -void ossl_statem_send_fatal(SSL *s, int al) +void ossl_statem_send_fatal(SSL_CONNECTION *s, int al) { } -void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...) +void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, + const char *fmt, ...) { } -int ossl_statem_export_allowed(SSL *s) +int ossl_statem_export_allowed(SSL_CONNECTION *s) { return 1; } -int ossl_statem_export_early_allowed(SSL *s) +int ossl_statem_export_early_allowed(SSL_CONNECTION *s) { return 1; } @@ -226,7 +227,7 @@ void ssl_evp_md_free(const EVP_MD *md) /* End of mocked out code */ -static int test_secret(SSL *s, unsigned char *prk, +static int test_secret(SSL_CONNECTION *s, unsigned char *prk, const unsigned char *label, size_t labellen, const unsigned char *ref_secret, const unsigned char *ref_key, const unsigned char *ref_iv) @@ -274,7 +275,8 @@ static int test_secret(SSL *s, unsigned char *prk, static int test_handshake_secrets(void) { SSL_CTX *ctx = NULL; - SSL *s = NULL; + SSL *ssl = NULL; + SSL_CONNECTION *s; int ret = 0; size_t hashsize; unsigned char out_master_secret[EVP_MAX_MD_SIZE]; @@ -284,8 +286,8 @@ static int test_handshake_secrets(void) if (!TEST_ptr(ctx)) goto err; - s = SSL_new(ctx); - if (!TEST_ptr(s )) + ssl = SSL_new(ctx); + if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl))) goto err; s->session = SSL_SESSION_new(); @@ -396,7 +398,7 @@ static int test_handshake_secrets(void) ret = 1; err: - SSL_free(s); + SSL_free(ssl); SSL_CTX_free(ctx); return ret; }