diff options
Diffstat (limited to 'src/ssl/t1_lib.c')
-rw-r--r-- | src/ssl/t1_lib.c | 81 |
1 files changed, 36 insertions, 45 deletions
diff --git a/src/ssl/t1_lib.c b/src/ssl/t1_lib.c index 7723ccd3..d6ef1ffd 100644 --- a/src/ssl/t1_lib.c +++ b/src/ssl/t1_lib.c @@ -616,9 +616,9 @@ static int ext_sni_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, assert(ssl->tlsext_hostname != NULL); if (ssl->session == NULL) { - OPENSSL_free(ssl->s3->new_session->tlsext_hostname); - ssl->s3->new_session->tlsext_hostname = BUF_strdup(ssl->tlsext_hostname); - if (!ssl->s3->new_session->tlsext_hostname) { + OPENSSL_free(hs->new_session->tlsext_hostname); + hs->new_session->tlsext_hostname = BUF_strdup(ssl->tlsext_hostname); + if (!hs->new_session->tlsext_hostname) { *out_alert = SSL_AD_INTERNAL_ERROR; return 0; } @@ -870,38 +870,32 @@ static int ext_ems_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { static int ext_ems_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { SSL *const ssl = hs->ssl; - /* Whether EMS is negotiated may not change on renegotation. */ - if (ssl->s3->initial_handshake_complete) { - if ((contents != NULL) != ssl->s3->tmp.extended_master_secret) { - OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_EMS_MISMATCH); - *out_alert = SSL_AD_ILLEGAL_PARAMETER; + + if (contents != NULL) { + if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION || + ssl->version == SSL3_VERSION || + CBS_len(contents) != 0) { return 0; } - return 1; - } - - if (contents == NULL) { - return 1; - } - - if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION || - ssl->version == SSL3_VERSION) { - return 0; + hs->extended_master_secret = 1; } - if (CBS_len(contents) != 0) { + /* Whether EMS is negotiated may not change on renegotiation. */ + if (ssl->s3->established_session != NULL && + hs->extended_master_secret != + ssl->s3->established_session->extended_master_secret) { + OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_EMS_MISMATCH); + *out_alert = SSL_AD_ILLEGAL_PARAMETER; return 0; } - ssl->s3->tmp.extended_master_secret = 1; return 1; } static int ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { - SSL *const ssl = hs->ssl; - uint16_t version = ssl3_protocol_version(ssl); + uint16_t version = ssl3_protocol_version(hs->ssl); if (version >= TLS1_3_VERSION || version == SSL3_VERSION) { return 1; @@ -915,12 +909,12 @@ static int ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, return 0; } - ssl->s3->tmp.extended_master_secret = 1; + hs->extended_master_secret = 1; return 1; } static int ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { - if (!hs->ssl->s3->tmp.extended_master_secret) { + if (!hs->extended_master_secret) { return 1; } @@ -1118,7 +1112,7 @@ static int ext_ocsp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, /* OCSP stapling is forbidden on non-certificate ciphers. */ if (CBS_len(contents) != 0 || - !ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { + !ssl_cipher_uses_certificate_auth(hs->new_cipher)) { return 0; } @@ -1152,9 +1146,9 @@ static int ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { SSL *const ssl = hs->ssl; if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION || !hs->ocsp_stapling_requested || - ssl->ocsp_response == NULL || + ssl->cert->ocsp_response == NULL || ssl->s3->session_reused || - !ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { + !ssl_cipher_uses_certificate_auth(hs->new_cipher)) { return 1; } @@ -1341,10 +1335,8 @@ static int ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, * * TODO(davidben): Enforce this anyway. */ if (!ssl->s3->session_reused && - !CBS_stow( - contents, - &ssl->s3->new_session->tlsext_signed_cert_timestamp_list, - &ssl->s3->new_session->tlsext_signed_cert_timestamp_list_length)) { + !CBS_stow(contents, &hs->new_session->tlsext_signed_cert_timestamp_list, + &hs->new_session->tlsext_signed_cert_timestamp_list_length)) { *out_alert = SSL_AD_INTERNAL_ERROR; return 0; } @@ -1371,16 +1363,17 @@ static int ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { /* The extension shouldn't be sent when resuming sessions. */ if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION || ssl->s3->session_reused || - ssl->signed_cert_timestamp_list == NULL) { + ssl->cert->signed_cert_timestamp_list == NULL) { return 1; } CBB contents; return CBB_add_u16(out, TLSEXT_TYPE_certificate_timestamp) && CBB_add_u16_length_prefixed(out, &contents) && - CBB_add_bytes(&contents, - CRYPTO_BUFFER_data(ssl->signed_cert_timestamp_list), - CRYPTO_BUFFER_len(ssl->signed_cert_timestamp_list)) && + CBB_add_bytes( + &contents, + CRYPTO_BUFFER_data(ssl->cert->signed_cert_timestamp_list), + CRYPTO_BUFFER_len(ssl->cert->signed_cert_timestamp_list)) && CBB_flush(out); } @@ -1852,8 +1845,8 @@ static int ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { return 1; } - const uint32_t alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey; - const uint32_t alg_a = ssl->s3->tmp.new_cipher->algorithm_auth; + const uint32_t alg_k = hs->new_cipher->algorithm_mkey; + const uint32_t alg_a = hs->new_cipher->algorithm_auth; const int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA); if (!using_ecc) { @@ -2218,7 +2211,6 @@ static int ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { int ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t **out_secret, size_t *out_secret_len, uint8_t *out_alert, CBS *contents) { - SSL *const ssl = hs->ssl; CBS peer_key; uint16_t group_id; if (!CBS_get_u16(contents, &group_id) || @@ -2240,7 +2232,7 @@ int ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t **out_secret, return 0; } - ssl->s3->new_session->group_id = group_id; + hs->new_session->group_id = group_id; SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx); return 1; } @@ -2322,7 +2314,6 @@ int ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, int *out_found, } int ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { - SSL *const ssl = hs->ssl; uint16_t group_id; CBB kse_bytes, public_key; if (!tls1_get_shared_group(hs, &group_id) || @@ -2339,7 +2330,7 @@ int ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { hs->public_key = NULL; hs->public_key_len = 0; - ssl->s3->new_session->group_id = group_id; + hs->new_session->group_id = group_id; return 1; } @@ -3518,7 +3509,7 @@ int tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len) { } /* tls1_record_handshake_hashes_for_channel_id records the current handshake - * hashes in |ssl->s3->new_session| so that Channel ID resumptions can sign that + * hashes in |hs->new_session| so that Channel ID resumptions can sign that * data. */ int tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; @@ -3530,18 +3521,18 @@ int tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) { } OPENSSL_COMPILE_ASSERT( - sizeof(ssl->s3->new_session->original_handshake_hash) == EVP_MAX_MD_SIZE, + sizeof(hs->new_session->original_handshake_hash) == EVP_MAX_MD_SIZE, original_handshake_hash_is_too_small); size_t digest_len; if (!SSL_TRANSCRIPT_get_hash(&hs->transcript, - ssl->s3->new_session->original_handshake_hash, + hs->new_session->original_handshake_hash, &digest_len)) { return -1; } OPENSSL_COMPILE_ASSERT(EVP_MAX_MD_SIZE <= 0xff, max_md_size_is_too_large); - ssl->s3->new_session->original_handshake_hash_len = (uint8_t)digest_len; + hs->new_session->original_handshake_hash_len = (uint8_t)digest_len; return 1; } |