ECH: Properly apply libctx and propq from SSL_CTX

author Tomas Mraz <tomas@openssl.org>

Thu, 18 Dec 2025 10:43:41 +0000 (11:43 +0100)

committer Tomas Mraz <tomas@openssl.org>

Thu, 18 Dec 2025 10:48:37 +0000 (11:48 +0100)
author Tomas Mraz <tomas@openssl.org>
Thu, 18 Dec 2025 10:43:41 +0000 (11:43 +0100)
committer Tomas Mraz <tomas@openssl.org>
Thu, 18 Dec 2025 10:48:37 +0000 (11:48 +0100)
diff --git a/ssl/ech/ech_internal.c b/ssl/ech/ech_internal.c

index d0d00190e7b30cd50bf9ffafc2061f9ddb71150d..1102d1e2669fd258985ca6a803dc049b370d39f8 100644 (file)
--- a/ssl/ech/ech_internal.c
+++ b/ssl/ech/ech_internal.c
@@ -9,12 +9,13 @@
  
  #include <openssl/ssl.h>
  #include <openssl/ech.h>
-#include "../ssl_local.h"
-#include "ech_local.h"
  #include <openssl/rand.h>
-#include "../statem/statem_local.h"
-#include "internal/ech_helpers.h"
  #include <openssl/kdf.h>
+#include "internal/ech_helpers.h"
+#include "internal/ssl_unwrap.h"
+#include "../ssl_local.h"
+#include "../statem/statem_local.h"
+#include "ech_local.h"
  
  #ifndef OPENSSL_NO_ECH
  
@@ -294,16 +295,11 @@ int ossl_ech_send_grease(SSL_CONNECTION *s, WPACKET *pkt)
      size_t cipher_len = 0, cipher_len_jitter = 0;
      unsigned char cid, senderpub[OSSL_ECH_MAX_GREASE_PUB];
      unsigned char cipher[OSSL_ECH_MAX_GREASE_CT];
+    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
  
-    if (s == NULL)
-        return 0;
-    if (s->ssl.ctx == NULL) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
      WPACKET_get_total_written(pkt, &pp_at_start);
      /* randomly select cipher_len to be one of 144, 176, 208, 244 */
-    if (RAND_bytes_ex(s->ssl.ctx->libctx, &cid, 1, 0) <= 0) {
+    if (RAND_bytes_ex(sctx->libctx, &cid, 1, 0) <= 0) {
          SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
          return 0;
      }
@@ -311,7 +307,7 @@ int ossl_ech_send_grease(SSL_CONNECTION *s, WPACKET *pkt)
      cipher_len = 144;
      cipher_len += 32 * cipher_len_jitter;
      /* generate a random (1 octet) client id */
-    if (RAND_bytes_ex(s->ssl.ctx->libctx, &cid, 1, 0) <= 0) {
+    if (RAND_bytes_ex(sctx->libctx, &cid, 1, 0) <= 0) {
          SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
          return 0;
      }
@@ -327,7 +323,7 @@ int ossl_ech_send_grease(SSL_CONNECTION *s, WPACKET *pkt)
      if (OSSL_HPKE_get_grease_value(hpke_suite_in_p, &hpke_suite,
                                     senderpub, &senderpub_len,
                                     cipher, cipher_len,
-                                   s->ssl.ctx->libctx, NULL) != 1) {
+                                   sctx->libctx, sctx->propq) != 1) {
          SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
          return 0;
      }
@@ -1019,6 +1015,7 @@ int ossl_ech_calc_confirm(SSL_CONNECTION *s, int for_hrr,
          + SSL3_RANDOM_SIZE - OSSL_ECH_SIGNAL_LEN;
      unsigned int hashlen = 0;
      unsigned char hashval[EVP_MAX_MD_SIZE];
+    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
  
      if ((md = (EVP_MD *)ssl_handshake_md(s)) == NULL) {
          SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_ECH_REQUIRED);
@@ -1046,7 +1043,7 @@ int ossl_ech_calc_confirm(SSL_CONNECTION *s, int for_hrr,
          } else {
              if (s->ext.ech.hrrsignal_p == NULL) {
                  /* No ECH found so we'll exit, but set random output */
-                if (RAND_bytes_ex(s->ssl.ctx->libctx, acbuf,
+                if (RAND_bytes_ex(sctx->libctx, acbuf,
                                    OSSL_ECH_SIGNAL_LEN, 0) <= 0) {
                      SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_ECH_REQUIRED);
                      goto end;
@@ -1733,6 +1730,7 @@ static unsigned char *hpke_decrypt_encch(SSL_CONNECTION *s,
      size_t info_len = OSSL_ECH_MAX_INFO_LEN;
      int rv = 0;
      OSSL_HPKE_CTX *hctx = NULL;
+    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
  # ifdef OSSL_ECH_SUPERVERBOSE
      size_t publen = 0;
      unsigned char *pub = NULL;
@@ -1783,7 +1781,7 @@ static unsigned char *hpke_decrypt_encch(SSL_CONNECTION *s,
      ERR_set_mark();
      /* Use OSSL_HPKE_* APIs */
      hctx = OSSL_HPKE_CTX_new(hpke_mode, hpke_suite, OSSL_HPKE_ROLE_RECEIVER,
-                             NULL, NULL);
+                             sctx->libctx, sctx->propq);
      if (hctx == NULL)
          goto clearerrs;
      rv = OSSL_HPKE_decap(hctx, senderpub, senderpublen, ee->keyshare,
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c

index 457f13800084906d6a1dddccea13c6a3b512ec87..18c4ed548d464c482725d43c28077974b8654cde 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1401,7 +1401,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
              return EXT_RETURN_FAIL;
          }
          /* for outer CH allocate a similar sized random value */
-        if (RAND_bytes_ex(s->ssl.ctx->libctx, rndbuf, totalrndsize, 0) <= 0) {
+        if (RAND_bytes_ex(sctx->libctx, rndbuf, totalrndsize, 0) <= 0) {
              OPENSSL_free(rndbuf);
              SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
              return EXT_RETURN_FAIL;
@@ -2519,6 +2519,7 @@ EXT_RETURN tls_construct_ctos_ech(SSL_CONNECTION *s, WPACKET *pkt,
                                    size_t chainidx)
  {
      int rv = 0, hpke_mode = OSSL_HPKE_MODE_BASE;
+    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
      OSSL_ECHSTORE_ENTRY *ee = NULL;
      OSSL_HPKE_SUITE hpke_suite = OSSL_HPKE_SUITE_DEFAULT;
      unsigned char config_id_to_use = 0x00, info[OSSL_ECH_MAX_INFO_LEN];
@@ -2597,7 +2598,7 @@ EXT_RETURN tls_construct_ctos_ech(SSL_CONNECTION *s, WPACKET *pkt,
      } OSSL_TRACE_END(TLS);
      config_id_to_use = ee->config_id; /* if requested, use a random config_id instead */
      if ((s->options & SSL_OP_ECH_IGNORE_CID) != 0) {
-        if (RAND_bytes_ex(s->ssl.ctx->libctx, &config_id_to_use, 1, 0) <= 0) {
+        if (RAND_bytes_ex(sctx->libctx, &config_id_to_use, 1, 0) <= 0) {
              SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
              return 0;
          }
@@ -2637,7 +2638,7 @@ EXT_RETURN tls_construct_ctos_ech(SSL_CONNECTION *s, WPACKET *pkt,
  # endif
          s->ext.ech.hpke_ctx = OSSL_HPKE_CTX_new(hpke_mode, hpke_suite,
                                                  OSSL_HPKE_ROLE_SENDER,
-                                                NULL, NULL);
+                                                sctx->libctx, sctx->propq);
          if (s->ext.ech.hpke_ctx == NULL) {
              SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
              goto err;
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c

index 7a5514a556efcd728fd04c22233e0460e80248d4..6a65b8b0b6de67d2c3318438b4b9e264a75531e3 100644 (file)
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -2500,6 +2500,7 @@ EXT_RETURN tls_construct_stoc_ech(SSL_CONNECTION *s, WPACKET *pkt,
  {
      unsigned char *rcfgs = NULL;
      size_t rcfgslen = 0;
+    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
  
      if (context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
          && (s->ext.ech.success == 1 || s->ext.ech.backend == 1)
@@ -2522,7 +2523,7 @@ EXT_RETURN tls_construct_stoc_ech(SSL_CONNECTION *s, WPACKET *pkt,
          && s->ext.ech.attempted == 1) {
          unsigned char randomconf[8];
  
-        if (RAND_bytes_ex(s->ssl.ctx->libctx, randomconf, 8,
+        if (RAND_bytes_ex(sctx->libctx, randomconf, 8,
                            RAND_DRBG_STRENGTH) <= 0) {
              SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
              return 0;
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index cc69dc4356fea434b46de3a12a17dc6e90e5d9d6..b6c68194c29e2037ae1721080c5a4b7121d28a00 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1220,6 +1220,7 @@ __owur CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s,
      BUF_MEM *inner_mem = NULL;
      PACKET rpkt; /* we'll decode back the inner ch to help make the outer */
      SSL_SESSION *sess = NULL;
+    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
      size_t sess_id_len = 0, innerlen = 0;
      int mt = SSL3_MT_CLIENT_HELLO, rv = 0;
      OSSL_HPKE_SUITE suite;
@@ -1277,7 +1278,7 @@ __owur CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s,
              sess_id_len = sizeof(s->tmp_session_id);
              s->tmp_session_id_len = sess_id_len;
              if (s->hello_retry_request == SSL_HRR_NONE
-                && RAND_bytes_ex(s->ssl.ctx->libctx, s->tmp_session_id,
+                && RAND_bytes_ex(sctx->libctx, s->tmp_session_id,
                                   sess_id_len, 0) <= 0) {
                  SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                  return 0;
author	Tomas Mraz <tomas@openssl.org>
	Thu, 18 Dec 2025 10:43:41 +0000 (11:43 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 18 Dec 2025 10:48:37 +0000 (11:48 +0100)
ssl/ech/ech_internal.c		patch \| blob \| blame \| history
ssl/statem/extensions_clnt.c		patch \| blob \| blame \| history
ssl/statem/extensions_srvr.c		patch \| blob \| blame \| history
ssl/statem/statem_clnt.c		patch \| blob \| blame \| history