* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
* SSL3_RT_CHANGE_CIPHER_SPEC)
*/
-int ssl3_do_write(SSL *s, int type)
+int ssl3_do_write(SSL_CONNECTION *s, int type)
{
int ret;
size_t written = 0;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
- ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
+ ret = ssl3_write_bytes(ssl, type, &s->init_buf->data[s->init_off],
s->init_num, &written);
if (ret < 0)
return -1;
* ignore the result anyway
* TLS1.3 KeyUpdate and NewSessionTicket do not need to be added
*/
- if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET
+ if (!SSL_CONNECTION_IS_TLS13(s)
+ || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET
&& s->statem.hand_state != TLS_ST_CW_KEY_UPDATE
&& s->statem.hand_state != TLS_ST_SW_KEY_UPDATE))
if (!ssl3_finish_mac(s,
if (written == s->init_num) {
if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data,
- (size_t)(s->init_off + s->init_num), s,
+ (size_t)(s->init_off + s->init_num), ssl,
s->msg_callback_arg);
return 1;
}
return 0;
}
-int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
+int tls_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype)
{
size_t msglen;
return 1;
}
-int tls_setup_handshake(SSL *s)
+int tls_setup_handshake(SSL_CONNECTION *s)
{
int ver_min, ver_max, ok;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (!ssl3_init_finished_mac(s)) {
/* SSLfatal() already called */
}
/* Sanity check that we have MD5-SHA1 if we need it */
- if (s->ctx->ssl_digest_methods[SSL_MD_MD5_SHA1_IDX] == NULL) {
+ if (sctx->ssl_digest_methods[SSL_MD_MD5_SHA1_IDX] == NULL) {
int md5sha1_needed = 0;
/* We don't have MD5-SHA1 - do we need it? */
- if (SSL_IS_DTLS(s)) {
+ if (SSL_CONNECTION_IS_DTLS(s)) {
if (DTLS_VERSION_LE(ver_max, DTLS1_VERSION))
md5sha1_needed = 1;
} else {
ok = 1;
/* Don't allow TLSv1.1 or below to be negotiated */
- if (SSL_IS_DTLS(s)) {
+ if (SSL_CONNECTION_IS_DTLS(s)) {
if (DTLS_VERSION_LT(ver_min, DTLS1_2_VERSION))
- ok = SSL_set_min_proto_version(s, DTLS1_2_VERSION);
+ ok = SSL_set_min_proto_version(ssl, DTLS1_2_VERSION);
} else {
if (ver_min < TLS1_2_VERSION)
- ok = SSL_set_min_proto_version(s, TLS1_2_VERSION);
+ ok = SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
}
if (!ok) {
/* Shouldn't happen */
ok = 0;
if (s->server) {
- STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(s);
+ STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(ssl);
int i;
/*
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
- if (SSL_IS_DTLS(s)) {
+ if (SSL_CONNECTION_IS_DTLS(s)) {
if (DTLS_VERSION_GE(ver_max, c->min_dtls) &&
DTLS_VERSION_LE(ver_max, c->max_dtls))
ok = 1;
ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_accept);
} else {
/* N.B. s->ctx may not equal s->session_ctx */
- ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept_renegotiate);
+ ssl_tsan_counter(sctx, &sctx->stats.sess_accept_renegotiate);
s->s3.tmp.cert_request = 0;
}
s->s3.tmp.cert_req = 0;
- if (SSL_IS_DTLS(s))
+ if (SSL_CONNECTION_IS_DTLS(s))
s->statem.use_timer = 1;
}
#define TLS13_TBS_START_SIZE 64
#define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1)
-static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
+static int get_cert_verify_tbs_data(SSL_CONNECTION *s, unsigned char *tls13tbs,
void **hdata, size_t *hdatalen)
{
#ifdef CHARSET_EBCDIC
static const char servercontext[] = "TLS 1.3, server CertificateVerify";
static const char clientcontext[] = "TLS 1.3, client CertificateVerify";
#endif
- if (SSL_IS_TLS13(s)) {
+
+ if (SSL_CONNECTION_IS_TLS13(s)) {
size_t hashlen;
/* Set the first 64 bytes of to-be-signed data to octet 32 */
return 1;
}
-int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
+int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt)
{
EVP_PKEY *pkey = NULL;
const EVP_MD *md = NULL;
unsigned char *sig = NULL;
unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg;
+ SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (lu == NULL || s->s3.tmp.cert == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
}
pkey = s->s3.tmp.cert->privatekey;
- if (pkey == NULL || !tls1_lookup_md(s->ctx, lu, &md)) {
+ if (pkey == NULL || !tls1_lookup_md(sctx, lu, &md)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
if (EVP_DigestSignInit_ex(mctx, &pctx,
md == NULL ? NULL : EVP_MD_get0_name(md),
- s->ctx->libctx, s->ctx->propq, pkey,
+ sctx->libctx, sctx->propq, pkey,
NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err;
return 0;
}
-MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
{
EVP_PKEY *pkey = NULL;
const unsigned char *data;
unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
EVP_MD_CTX *mctx = EVP_MD_CTX_new();
EVP_PKEY_CTX *pctx = NULL;
+ SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (mctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) {
+ if (!tls1_lookup_md(sctx, s->s3.tmp.peer_sigalg, &md)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
if (EVP_DigestVerifyInit_ex(mctx, &pctx,
md == NULL ? NULL : EVP_MD_get0_name(md),
- s->ctx->libctx, s->ctx->propq, pkey,
+ sctx->libctx, sctx->propq, pkey,
NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err;
* want to make sure that SSL_get1_peer_certificate() will return the actual
* server certificate from the client_cert_cb callback.
*/
- if (!s->server && SSL_IS_TLS13(s) && s->s3.tmp.cert_req == 1)
+ if (!s->server && SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.cert_req == 1)
ret = MSG_PROCESS_CONTINUE_PROCESSING;
else
ret = MSG_PROCESS_CONTINUE_READING;
return ret;
}
-int tls_construct_finished(SSL *s, WPACKET *pkt)
+int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
{
size_t finish_md_len;
const char *sender;
size_t slen;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* This is a real handshake so make sure we clean it up at the end */
if (!s->server && s->post_handshake_auth != SSL_PHA_REQUESTED)
* We only change the keys if we didn't already do this when we sent the
* client certificate
*/
- if (SSL_IS_TLS13(s)
+ if (SSL_CONNECTION_IS_TLS13(s)
&& !s->server
&& s->s3.tmp.cert_req == 0
- && (!s->method->ssl3_enc->change_cipher_state(s,
+ && (!ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {;
/* SSLfatal() already called */
return 0;
}
if (s->server) {
- sender = s->method->ssl3_enc->server_finished_label;
- slen = s->method->ssl3_enc->server_finished_label_len;
+ sender = ssl->method->ssl3_enc->server_finished_label;
+ slen = ssl->method->ssl3_enc->server_finished_label_len;
} else {
- sender = s->method->ssl3_enc->client_finished_label;
- slen = s->method->ssl3_enc->client_finished_label_len;
+ sender = ssl->method->ssl3_enc->client_finished_label;
+ slen = ssl->method->ssl3_enc->client_finished_label_len;
}
- finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
- sender, slen,
- s->s3.tmp.finish_md);
+ finish_md_len = ssl->method->ssl3_enc->final_finish_mac(s,
+ sender, slen,
+ s->s3.tmp.finish_md);
if (finish_md_len == 0) {
/* SSLfatal() already called */
return 0;
* Log the master secret, if logging is enabled. We don't log it for
* TLSv1.3: there's a different key schedule for that.
*/
- if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL,
- s->session->master_key,
- s->session->master_key_length)) {
+ if (!SSL_CONNECTION_IS_TLS13(s)
+ && !ssl_log_secret(s, MASTER_SECRET_LABEL, s->session->master_key,
+ s->session->master_key_length)) {
/* SSLfatal() already called */
return 0;
}
return 1;
}
-int tls_construct_key_update(SSL *s, WPACKET *pkt)
+int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt)
{
if (!WPACKET_put_bytes_u8(pkt, s->key_update)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 1;
}
-MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, PACKET *pkt)
{
unsigned int updatetype;
* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
* to far.
*/
-int ssl3_take_mac(SSL *s)
+int ssl3_take_mac(SSL_CONNECTION *s)
{
const char *sender;
size_t slen;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (!s->server) {
- sender = s->method->ssl3_enc->server_finished_label;
- slen = s->method->ssl3_enc->server_finished_label_len;
+ sender = ssl->method->ssl3_enc->server_finished_label;
+ slen = ssl->method->ssl3_enc->server_finished_label_len;
} else {
- sender = s->method->ssl3_enc->client_finished_label;
- slen = s->method->ssl3_enc->client_finished_label_len;
+ sender = ssl->method->ssl3_enc->client_finished_label;
+ slen = ssl->method->ssl3_enc->client_finished_label_len;
}
s->s3.tmp.peer_finish_md_len =
- s->method->ssl3_enc->final_finish_mac(s, sender, slen,
- s->s3.tmp.peer_finish_md);
+ ssl->method->ssl3_enc->final_finish_mac(s, sender, slen,
+ s->s3.tmp.peer_finish_md);
if (s->s3.tmp.peer_finish_md_len == 0) {
/* SSLfatal() already called */
return 1;
}
-MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s,
+ PACKET *pkt)
{
size_t remain;
* been consumed by ssl_get_message() so there should be no bytes left,
* unless we're using DTLS1_BAD_VER, which has an extra 2 bytes
*/
- if (SSL_IS_DTLS(s)) {
+ if (SSL_CONNECTION_IS_DTLS(s)) {
if ((s->version == DTLS1_BAD_VER
&& remain != DTLS1_CCS_HEADER_LENGTH + 1)
|| (s->version != DTLS1_BAD_VER
return MSG_PROCESS_ERROR;
}
- if (SSL_IS_DTLS(s)) {
+ if (SSL_CONNECTION_IS_DTLS(s)) {
dtls1_reset_seq_numbers(s, SSL3_CC_READ);
if (s->version == DTLS1_BAD_VER)
* SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
* SCTP is used
*/
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
+ BIO_ctrl(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s)),
+ BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
#endif
}
return MSG_PROCESS_CONTINUE_READING;
}
-MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt)
{
size_t md_len;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* This is a real handshake so make sure we clean it up at the end */
s->statem.enc_read_state = ENC_READ_STATE_VALID;
if (s->post_handshake_auth != SSL_PHA_REQUESTED)
s->statem.cleanuphand = 1;
- if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) {
+ if (SSL_CONNECTION_IS_TLS13(s)
+ && !tls13_save_handshake_digest_for_pha(s)) {
/* SSLfatal() already called */
return MSG_PROCESS_ERROR;
}
* In TLSv1.3 a Finished message signals a key change so the end of the
* message must be on a record boundary.
*/
- if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+ if (SSL_CONNECTION_IS_TLS13(s)
+ && RECORD_LAYER_processed_read_pending(&s->rlayer)) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_NOT_ON_RECORD_BOUNDARY);
return MSG_PROCESS_ERROR;
}
/* If this occurs, we have missed a message */
- if (!SSL_IS_TLS13(s) && !s->s3.change_cipher_spec) {
+ if (!SSL_CONNECTION_IS_TLS13(s) && !s->s3.change_cipher_spec) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
return MSG_PROCESS_ERROR;
}
* In TLS1.3 we also have to change cipher state and do any final processing
* of the initial server flight (if we are a client)
*/
- if (SSL_IS_TLS13(s)) {
+ if (SSL_CONNECTION_IS_TLS13(s)) {
if (s->server) {
if (s->post_handshake_auth != SSL_PHA_REQUESTED &&
- !s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+ !ssl->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) {
/* SSLfatal() already called */
return MSG_PROCESS_ERROR;
}
} else {
/* TLS 1.3 gets the secret size from the handshake md */
size_t dummy;
- if (!s->method->ssl3_enc->generate_master_secret(s,
+ if (!ssl->method->ssl3_enc->generate_master_secret(s,
s->master_secret, s->handshake_secret, 0,
&dummy)) {
/* SSLfatal() already called */
return MSG_PROCESS_ERROR;
}
- if (!s->method->ssl3_enc->change_cipher_state(s,
+ if (!ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) {
/* SSLfatal() already called */
return MSG_PROCESS_ERROR;
return MSG_PROCESS_FINISHED_READING;
}
-int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
+int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt)
{
if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
}
/* Add a certificate to the WPACKET */
-static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain)
+static int ssl_add_cert_to_wpacket(SSL_CONNECTION *s, WPACKET *pkt,
+ X509 *x, int chain)
{
int len;
unsigned char *outbytes;
return 0;
}
- if (SSL_IS_TLS13(s)
+ if (SSL_CONNECTION_IS_TLS13(s)
&& !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x,
chain)) {
/* SSLfatal() already called */
}
/* Add certificate chain to provided WPACKET */
-static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
+static int ssl_add_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, CERT_PKEY *cpk)
{
int i, chain_count;
X509 *x;
STACK_OF(X509) *extra_certs;
STACK_OF(X509) *chain = NULL;
X509_STORE *chain_store;
+ SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (cpk == NULL || cpk->x509 == NULL)
return 1;
if (cpk->chain != NULL)
extra_certs = cpk->chain;
else
- extra_certs = s->ctx->extra_certs;
+ extra_certs = sctx->extra_certs;
if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs)
chain_store = NULL;
else if (s->cert->chain_store)
chain_store = s->cert->chain_store;
else
- chain_store = s->ctx->cert_store;
+ chain_store = sctx->cert_store;
if (chain_store != NULL) {
- X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(s->ctx->libctx,
- s->ctx->propq);
+ X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(sctx->libctx,
+ sctx->propq);
if (xs_ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return 1;
}
-unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
+unsigned long ssl3_output_cert_chain(SSL_CONNECTION *s, WPACKET *pkt,
+ CERT_PKEY *cpk)
{
if (!WPACKET_start_sub_packet_u24(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
* in NBIO events. If |clearbufs| is set then init_buf and the wbio buffer is
* freed up as well.
*/
-WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
+WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst,
int clearbufs, int stop)
{
void (*cb) (const SSL *ssl, int type, int val) = NULL;
int cleanuphand = s->statem.cleanuphand;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (clearbufs) {
- if (!SSL_IS_DTLS(s)
+ if (!SSL_CONNECTION_IS_DTLS(s)
#ifndef OPENSSL_NO_SCTP
/*
* RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS
* MUST NOT be used.
* Hence the init_buf can be cleared when DTLS over SCTP as transport is used.
*/
- || BIO_dgram_is_sctp(SSL_get_wbio(s))
+ || BIO_dgram_is_sctp(SSL_get_wbio(ssl))
#endif
) {
/*
s->init_num = 0;
}
- if (SSL_IS_TLS13(s) && !s->server
+ if (SSL_CONNECTION_IS_TLS13(s) && !s->server
&& s->post_handshake_auth == SSL_PHA_REQUESTED)
s->post_handshake_auth = SSL_PHA_EXT_SENT;
* In TLSv1.3 we update the cache as part of constructing the
* NewSessionTicket
*/
- if (!SSL_IS_TLS13(s))
+ if (!SSL_CONNECTION_IS_TLS13(s))
ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
/* N.B. s->ctx may not equal s->session_ctx */
- ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept_good);
+ ssl_tsan_counter(sctx, &sctx->stats.sess_accept_good);
s->handshake_func = ossl_statem_accept;
} else {
- if (SSL_IS_TLS13(s)) {
+ if (SSL_CONNECTION_IS_TLS13(s)) {
/*
* We encourage applications to only use TLSv1.3 tickets once,
* so we remove this one from the cache.
&s->session_ctx->stats.sess_connect_good);
}
- if (SSL_IS_DTLS(s)) {
+ if (SSL_CONNECTION_IS_DTLS(s)) {
/* done with handshaking */
s->d1->handshake_read_seq = 0;
s->d1->handshake_write_seq = 0;
if (s->info_callback != NULL)
cb = s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb = s->ctx->info_callback;
+ else if (sctx->info_callback != NULL)
+ cb = sctx->info_callback;
/* The callback may expect us to not be in init at handshake done */
ossl_statem_set_in_init(s, 0);
if (cb != NULL) {
if (cleanuphand
- || !SSL_IS_TLS13(s)
+ || !SSL_CONNECTION_IS_TLS13(s)
|| SSL_IS_FIRST_HANDSHAKE(s))
- cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+ cb(ssl, SSL_CB_HANDSHAKE_DONE, 1);
}
if (!stop) {
return WORK_FINISHED_STOP;
}
-int tls_get_message_header(SSL *s, int *mt)
+int tls_get_message_header(SSL_CONNECTION *s, int *mt)
{
/* s->init_num < SSL3_HM_HEADER_LENGTH */
int skip_message, i, recvd_type;
unsigned char *p;
size_t l, readbytes;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
p = (unsigned char *)s->init_buf->data;
do {
while (s->init_num < SSL3_HM_HEADER_LENGTH) {
- i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
- &p[s->init_num],
- SSL3_HM_HEADER_LENGTH - s->init_num,
- 0, &readbytes);
+ i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, &recvd_type,
+ &p[s->init_num],
+ SSL3_HM_HEADER_LENGTH - s->init_num,
+ 0, &readbytes);
if (i <= 0) {
s->rwstate = SSL_READING;
return 0;
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- p, SSL3_HM_HEADER_LENGTH, s,
+ p, SSL3_HM_HEADER_LENGTH, ssl,
s->msg_callback_arg);
}
} while (skip_message);
return 1;
}
-int tls_get_message_body(SSL *s, size_t *len)
+int tls_get_message_body(SSL_CONNECTION *s, size_t *len)
{
size_t n, readbytes;
unsigned char *p;
int i;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) {
/* We've already read everything in */
p = s->init_msg;
n = s->s3.tmp.message_size - s->init_num;
while (n > 0) {
- i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
- &p[s->init_num], n, 0, &readbytes);
+ i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
+ &p[s->init_num], n, 0, &readbytes);
if (i <= 0) {
s->rwstate = SSL_READING;
*len = 0;
}
if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
- (size_t)s->init_num, s, s->msg_callback_arg);
+ (size_t)s->init_num, ssl, s->msg_callback_arg);
} else {
/*
* We defer feeding in the HRR until later. We'll do it as part of
*/
#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2)
/* KeyUpdate and NewSessionTicket do not need to be added */
- if (!SSL_IS_TLS13(s) || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET
- && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) {
+ if (!SSL_CONNECTION_IS_TLS13(s)
+ || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET
+ && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) {
if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO
|| s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE
|| memcmp(hrrrandom,
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
- (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
+ (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ssl,
s->msg_callback_arg);
}
return tp->alert;
}
-int ssl_allow_compression(SSL *s)
+int ssl_allow_compression(SSL_CONNECTION *s)
{
if (s->options & SSL_OP_NO_COMPRESSION)
return 0;
return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
}
-static int version_cmp(const SSL *s, int a, int b)
+static int version_cmp(const SSL_CONNECTION *s, int a, int b)
{
- int dtls = SSL_IS_DTLS(s);
+ int dtls = SSL_CONNECTION_IS_DTLS(s);
if (a == b)
return 0;
*
* Returns 0 on success, or an SSL error reason on failure.
*/
-static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
+static int ssl_method_error(const SSL_CONNECTION *s, const SSL_METHOD *method)
{
int version = method->version;
* certificate type, or has PSK or a certificate callback configured, or has
* a servername callback configure. Otherwise returns 0.
*/
-static int is_tls13_capable(const SSL *s)
+static int is_tls13_capable(const SSL_CONNECTION *s)
{
int i;
int curve;
+ SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
- if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
+ if (!ossl_assert(sctx != NULL) || !ossl_assert(s->session_ctx != NULL))
return 0;
/*
* A servername callback can change the available certs, so if a servername
* cb is set then we just assume TLSv1.3 will be ok
*/
- if (s->ctx->ext.servername_cb != NULL
+ if (sctx->ext.servername_cb != NULL
|| s->session_ctx->ext.servername_cb != NULL)
return 1;
*
* Returns 1 when supported, otherwise 0
*/
-int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth)
+int ssl_version_supported(const SSL_CONNECTION *s, int version,
+ const SSL_METHOD **meth)
{
const version_info *vent;
const version_info *table;
- switch (s->method->version) {
+ switch (SSL_CONNECTION_GET_SSL(s)->method->version) {
default:
/* Version should match method version for non-ANY method */
return version_cmp(s, version, s->version) == 0;
*
* Returns 1 when using the highest enabled version, 0 otherwise.
*/
-int ssl_check_version_downgrade(SSL *s)
+int ssl_check_version_downgrade(SSL_CONNECTION *s)
{
const version_info *vent;
const version_info *table;
+ SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/*
* Check that the current protocol is the highest enabled version
* (according to s->ctx->method, as version negotiation may have changed
* s->method).
*/
- if (s->version == s->ctx->method->version)
+ if (s->version == sctx->method->version)
return 1;
/*
* Apparently we're using a version-flexible SSL_METHOD (not at its
* highest protocol version).
*/
- if (s->ctx->method->version == TLS_method()->version)
+ if (sctx->method->version == TLS_method()->version)
table = tls_version_table;
- else if (s->ctx->method->version == DTLS_method()->version)
+ else if (sctx->method->version == DTLS_method()->version)
table = dtls_version_table;
else {
/* Unexpected state; fail closed. */
return 1;
}
-static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd)
+static void check_for_downgrade(SSL_CONNECTION *s, int vers, DOWNGRADE *dgrd)
{
if (vers == TLS1_2_VERSION
&& ssl_version_supported(s, TLS1_3_VERSION, NULL)) {
*dgrd = DOWNGRADE_TO_1_2;
- } else if (!SSL_IS_DTLS(s)
+ } else if (!SSL_CONNECTION_IS_DTLS(s)
&& vers < TLS1_2_VERSION
/*
* We need to ensure that a server that disables TLSv1.2
*
* Returns 0 on success or an SSL error reason number on failure.
*/
-int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
+int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello,
+ DOWNGRADE *dgrd)
{
/*-
* With version-flexible methods we have an initial state with:
* So we detect version-flexible methods via the method version, not the
* handle version.
*/
- int server_version = s->method->version;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ int server_version = ssl->method->version;
int client_version = hello->legacy_version;
const version_info *vent;
const version_info *table;
switch (server_version) {
default:
- if (!SSL_IS_TLS13(s)) {
+ if (!SSL_CONNECTION_IS_TLS13(s)) {
if (version_cmp(s, client_version, s->version) < 0)
return SSL_R_WRONG_SSL_VERSION;
*dgrd = DOWNGRADE_NONE;
if (!suppversions->present && s->hello_retry_request != SSL_HRR_NONE)
return SSL_R_UNSUPPORTED_PROTOCOL;
- if (suppversions->present && !SSL_IS_DTLS(s)) {
+ if (suppversions->present && !SSL_CONNECTION_IS_DTLS(s)) {
unsigned int candidate_vers = 0;
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
- s->method = best_method;
+ ssl->method = best_method;
return 0;
}
return SSL_R_UNSUPPORTED_PROTOCOL;
if (ssl_method_error(s, method) == 0) {
check_for_downgrade(s, vent->version, dgrd);
s->version = vent->version;
- s->method = method;
+ ssl->method = method;
return 0;
}
disabled = 1;
*
* Returns 1 on success or 0 on error.
*/
-int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
+int ssl_choose_client_version(SSL_CONNECTION *s, int version,
+ RAW_EXTENSION *extensions)
{
const version_info *vent;
const version_info *table;
int ret, ver_min, ver_max, real_max, origv;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
origv = s->version;
s->version = version;
return 0;
}
- switch (s->method->version) {
+ switch (ssl->method->version) {
default:
- if (s->version != s->method->version) {
+ if (s->version != ssl->method->version) {
s->version = origv;
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION);
return 0;
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, ret);
return 0;
}
- if (SSL_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min)
- : s->version < ver_min) {
+ if (SSL_CONNECTION_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min)
+ : s->version < ver_min) {
s->version = origv;
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
return 0;
- } else if (SSL_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max)
- : s->version > ver_max) {
+ } else if (SSL_CONNECTION_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max)
+ : s->version > ver_max) {
s->version = origv;
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
return 0;
SSL_R_INAPPROPRIATE_FALLBACK);
return 0;
}
- } else if (!SSL_IS_DTLS(s)
+ } else if (!SSL_CONNECTION_IS_DTLS(s)
&& s->version < TLS1_2_VERSION
&& real_max > s->version) {
if (memcmp(tls11downgrade,
if (vent->cmeth == NULL || s->version != vent->version)
continue;
- s->method = vent->cmeth();
+ ssl->method = vent->cmeth();
return 1;
}
* Returns 0 on success or an SSL error reason number on failure. On failure
* min_version and max_version will also be set to 0.
*/
-int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version,
- int *real_max)
+int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version,
+ int *max_version, int *real_max)
{
int version, tmp_real_max;
int hole;
const SSL_METHOD *method;
const version_info *table;
const version_info *vent;
+ const SSL *ssl = SSL_CONNECTION_GET_SSL(s);
- switch (s->method->version) {
+ switch (ssl->method->version) {
default:
/*
* If this SSL handle is not from a version flexible method we don't
*
* Returns 0 on success or an SSL error reason number on failure.
*/
-int ssl_set_client_hello_version(SSL *s)
+int ssl_set_client_hello_version(SSL_CONNECTION *s)
{
int ver_min, ver_max, ret;
s->version = ver_max;
/* TLS1.3 always uses TLS1.2 in the legacy_version field */
- if (!SSL_IS_DTLS(s) && ver_max > TLS1_2_VERSION)
+ if (!SSL_CONNECTION_IS_DTLS(s) && ver_max > TLS1_2_VERSION)
ver_max = TLS1_2_VERSION;
s->client_version = ver_max;
* used. Returns 1 if the group is in the list (and allowed if |checkallow| is
* 1) or 0 otherwise.
*/
-int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
+int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups,
size_t num_groups, int checkallow)
{
size_t i;
}
/* Replace ClientHello1 in the transcript hash with a synthetic message */
-int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
+int create_synthetic_message_hash(SSL_CONNECTION *s,
+ const unsigned char *hashval,
size_t hashlen, const unsigned char *hrr,
size_t hrrlen)
{
return X509_NAME_cmp(*a, *b);
}
-int parse_ca_names(SSL *s, PACKET *pkt)
+int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt)
{
STACK_OF(X509_NAME) *ca_sk = sk_X509_NAME_new(ca_dn_cmp);
X509_NAME *xn = NULL;
return 0;
}
-const STACK_OF(X509_NAME) *get_ca_names(SSL *s)
+const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s)
{
const STACK_OF(X509_NAME) *ca_sk = NULL;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->server) {
- ca_sk = SSL_get_client_CA_list(s);
+ ca_sk = SSL_get_client_CA_list(ssl);
if (ca_sk != NULL && sk_X509_NAME_num(ca_sk) == 0)
ca_sk = NULL;
}
if (ca_sk == NULL)
- ca_sk = SSL_get0_CA_list(s);
+ ca_sk = SSL_get0_CA_list(ssl);
return ca_sk;
}
-int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt)
+int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk,
+ WPACKET *pkt)
{
/* Start sub-packet for client CA list */
if (!WPACKET_start_sub_packet_u16(pkt)) {
}
/* Create a buffer containing data to be signed for server key exchange */
-size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
+size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs,
const void *param, size_t paramlen)
{
size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen;
* Saves the current handshake digest for Post-Handshake Auth,
* Done after ClientFinished is processed, done exactly once
*/
-int tls13_save_handshake_digest_for_pha(SSL *s)
+int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s)
{
if (s->pha_dgst == NULL) {
if (!ssl3_digest_cached_records(s, 1))
* Restores the Post-Handshake Auth handshake digest
* Done just before sending/processing the Cert Request
*/
-int tls13_restore_handshake_digest_for_pha(SSL *s)
+int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s)
{
if (s->pha_dgst == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);