From aff8c126fd8db84fa4ef623997a8c4200a14a44f Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 8 Dec 2016 14:18:40 -0500 Subject: [PATCH] Move extension data into sub-structs Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/2052) --- include/openssl/ssl.h | 12 +- ssl/s3_lib.c | 142 ++++++++--------- ssl/ssl_asn1.c | 20 +-- ssl/ssl_lib.c | 180 +++++++++++---------- ssl/ssl_locl.h | 292 ++++++++++++++++++----------------- ssl/ssl_sess.c | 117 +++++++------- ssl/ssl_txt.c | 8 +- ssl/statem/extensions.c | 76 +++++---- ssl/statem/extensions_clnt.c | 130 ++++++++-------- ssl/statem/extensions_srvr.c | 70 ++++----- ssl/statem/statem_clnt.c | 61 ++++---- ssl/statem/statem_srvr.c | 57 ++++--- ssl/t1_lib.c | 69 +++++---- test/handshake_helper.c | 8 +- test/ossl_shim/ossl_shim.cc | 2 +- test/ssltest_old.c | 10 +- 16 files changed, 645 insertions(+), 609 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 05bd5ed62f..18d36922e3 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -656,19 +656,23 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, unsigned int cookie_len)); # ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb +# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb +# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb) (SSL *ssl, - const unsigned char - **out, + const unsigned char **out, unsigned int *outlen, - void *arg), void *arg); + void *arg), + void *arg); void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb) (SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, - void *arg), void *arg); + void *arg), + void *arg); void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len); # endif diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 524f5308f3..0f6e94844a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2882,9 +2882,9 @@ void ssl3_clear(SSL *s) s->version = SSL3_VERSION; #if !defined(OPENSSL_NO_NEXTPROTONEG) - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = NULL; - s->next_proto_negotiated_len = 0; + OPENSSL_free(s->ext.npn); + s->ext.npn = NULL; + s->ext.npn_len = 0; #endif } @@ -2969,8 +2969,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_groups(&s->tlsext_supportedgroupslist, - &s->tlsext_supportedgroupslist_length, + return tls1_set_groups(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, &nid, 1); } break; @@ -2979,8 +2979,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (larg == TLSEXT_NAMETYPE_host_name) { size_t len; - OPENSSL_free(s->tlsext_hostname); - s->tlsext_hostname = NULL; + OPENSSL_free(s->ext.hostname); + s->ext.hostname = NULL; ret = 1; if (parg == NULL) @@ -2990,7 +2990,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; } - if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) { + if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); return 0; } @@ -3000,50 +3000,50 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } break; case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: - s->tlsext_debug_arg = parg; + s->ext.debug_arg = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: - ret = s->tlsext_status_type; + ret = s->ext.status_type; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: - s->tlsext_status_type = larg; + s->ext.status_type = larg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: - *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; + *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: - s->tlsext_ocsp_exts = parg; + s->ext.ocsp.exts = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: - *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; + *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: - s->tlsext_ocsp_ids = parg; + s->ext.ocsp.ids = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: - *(unsigned char **)parg = s->tlsext_ocsp_resp; - if (s->tlsext_ocsp_resplen == 0 - || s->tlsext_ocsp_resplen > LONG_MAX) + *(unsigned char **)parg = s->ext.ocsp.resp; + if (s->ext.ocsp.resp_len == 0 + || s->ext.ocsp.resp_len > LONG_MAX) return -1; - return (long)s->tlsext_ocsp_resplen; + return (long)s->ext.ocsp.resp_len; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: - OPENSSL_free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = parg; - s->tlsext_ocsp_resplen = larg; + OPENSSL_free(s->ext.ocsp.resp); + s->ext.ocsp.resp = parg; + s->ext.ocsp.resp_len = larg; ret = 1; break; @@ -3101,10 +3101,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { unsigned char *clist; size_t clistlen; + if (!s->session) return 0; - clist = s->session->tlsext_supportedgroupslist; - clistlen = s->session->tlsext_supportedgroupslist_length / 2; + clist = s->session->ext.supportedgroups; + clistlen = s->session->ext.supportedgroups_len / 2; if (parg) { size_t i; int *cptr = parg; @@ -3123,12 +3124,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } case SSL_CTRL_SET_GROUPS: - return tls1_set_groups(&s->tlsext_supportedgroupslist, - &s->tlsext_supportedgroupslist_length, parg, larg); + return tls1_set_groups(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, parg, larg); case SSL_CTRL_SET_GROUPS_LIST: - return tls1_set_groups_list(&s->tlsext_supportedgroupslist, - &s->tlsext_supportedgroupslist_length, parg); + return tls1_set_groups_list(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, parg); case SSL_CTRL_GET_SHARED_GROUP: return tls1_shared_group(s, larg); @@ -3208,10 +3209,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { SSL_SESSION *sess = s->session; const unsigned char **pformat = parg; - if (!sess || !sess->tlsext_ecpointformatlist) + + if (sess == NULL || sess->ext.ecpointformats == NULL) return 0; - *pformat = sess->tlsext_ecpointformatlist; - return (int)sess->tlsext_ecpointformatlist_length; + *pformat = sess->ext.ecpointformats; + return (int)sess->ext.ecpointformats_len; } #endif @@ -3234,7 +3236,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) break; #endif case SSL_CTRL_SET_TLSEXT_DEBUG_CB: - s->tlsext_debug_cb = (void (*)(SSL *, int, int, + s->ext.debug_cb = (void (*)(SSL *, int, int, const unsigned char *, int, void *))fp; break; @@ -3306,69 +3308,69 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_groups(&ctx->tlsext_supportedgroupslist, - &ctx->tlsext_supportedgroupslist_length, + return tls1_set_groups(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, &nid, 1); } /* break; */ #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: - ctx->tlsext_servername_arg = parg; + ctx->ext.servername_arg = parg; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: { unsigned char *keys = parg; - long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) + - sizeof(ctx->tlsext_tick_hmac_key) + - sizeof(ctx->tlsext_tick_aes_key)); + long tick_keylen = (sizeof(ctx->ext.tick_key_name) + + sizeof(ctx->ext.tick_hmac_key) + + sizeof(ctx->ext.tick_aes_key)); if (keys == NULL) - return tlsext_tick_keylen; - if (larg != tlsext_tick_keylen) { + return tick_keylen; + if (larg != tick_keylen) { SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); return 0; } if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { - memcpy(ctx->tlsext_tick_key_name, keys, - sizeof(ctx->tlsext_tick_key_name)); - memcpy(ctx->tlsext_tick_hmac_key, - keys + sizeof(ctx->tlsext_tick_key_name), - sizeof(ctx->tlsext_tick_hmac_key)); - memcpy(ctx->tlsext_tick_aes_key, - keys + sizeof(ctx->tlsext_tick_key_name) + - sizeof(ctx->tlsext_tick_hmac_key), - sizeof(ctx->tlsext_tick_aes_key)); + memcpy(ctx->ext.tick_key_name, keys, + sizeof(ctx->ext.tick_key_name)); + memcpy(ctx->ext.tick_hmac_key, + keys + sizeof(ctx->ext.tick_key_name), + sizeof(ctx->ext.tick_hmac_key)); + memcpy(ctx->ext.tick_aes_key, + keys + sizeof(ctx->ext.tick_key_name) + + sizeof(ctx->ext.tick_hmac_key), + sizeof(ctx->ext.tick_aes_key)); } else { - memcpy(keys, ctx->tlsext_tick_key_name, - sizeof(ctx->tlsext_tick_key_name)); - memcpy(keys + sizeof(ctx->tlsext_tick_key_name), - ctx->tlsext_tick_hmac_key, - sizeof(ctx->tlsext_tick_hmac_key)); - memcpy(keys + sizeof(ctx->tlsext_tick_key_name) + - sizeof(ctx->tlsext_tick_hmac_key), - ctx->tlsext_tick_aes_key, - sizeof(ctx->tlsext_tick_aes_key)); + memcpy(keys, ctx->ext.tick_key_name, + sizeof(ctx->ext.tick_key_name)); + memcpy(keys + sizeof(ctx->ext.tick_key_name), + ctx->ext.tick_hmac_key, + sizeof(ctx->ext.tick_hmac_key)); + memcpy(keys + sizeof(ctx->ext.tick_key_name) + + sizeof(ctx->ext.tick_hmac_key), + ctx->ext.tick_aes_key, + sizeof(ctx->ext.tick_aes_key)); } return 1; } case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: - return ctx->tlsext_status_type; + return ctx->ext.status_type; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: - ctx->tlsext_status_type = larg; + ctx->ext.status_type = larg; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: - ctx->tlsext_status_arg = parg; + ctx->ext.status_arg = parg; return 1; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG: - *(void**)parg = ctx->tlsext_status_arg; + *(void**)parg = ctx->ext.status_arg; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB: - *(int (**)(SSL*, void*))parg = ctx->tlsext_status_cb; + *(int (**)(SSL*, void*))parg = ctx->ext.status_cb; break; #ifndef OPENSSL_NO_SRP @@ -3404,13 +3406,13 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_EC case SSL_CTRL_SET_GROUPS: - return tls1_set_groups(&ctx->tlsext_supportedgroupslist, - &ctx->tlsext_supportedgroupslist_length, + return tls1_set_groups(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, parg, larg); case SSL_CTRL_SET_GROUPS_LIST: - return tls1_set_groups_list(&ctx->tlsext_supportedgroupslist, - &ctx->tlsext_supportedgroupslist_length, + return tls1_set_groups_list(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, parg); #endif case SSL_CTRL_SET_SIGALGS: @@ -3502,15 +3504,15 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) break; #endif case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: - ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; + ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: - ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; + ctx->ext.status_cb = (int (*)(SSL *, void *))fp; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: - ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, + ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index fd13f90c28..401aeb5eaf 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -183,13 +183,13 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) as.peer = in->peer; ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname, - in->tlsext_hostname); - if (in->tlsext_tick) { + in->ext.hostname); + if (in->ext.tick) { ssl_session_oinit(&as.tlsext_tick, &tlsext_tick, - in->tlsext_tick, in->tlsext_ticklen); + in->ext.tick, in->ext.ticklen); } - if (in->tlsext_tick_lifetime_hint > 0) - as.tlsext_tick_lifetime_hint = in->tlsext_tick_lifetime_hint; + if (in->ext.tick_lifetime_hint > 0) + as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint; #ifndef OPENSSL_NO_PSK ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint, in->psk_identity_hint); @@ -315,7 +315,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, /* NB: this defaults to zero which is X509_V_OK */ ret->verify_result = as->verify_result; - if (!ssl_session_strndup(&ret->tlsext_hostname, as->tlsext_hostname)) + if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname)) goto err; #ifndef OPENSSL_NO_PSK @@ -325,13 +325,13 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, goto err; #endif - ret->tlsext_tick_lifetime_hint = as->tlsext_tick_lifetime_hint; + ret->ext.tick_lifetime_hint = as->tlsext_tick_lifetime_hint; if (as->tlsext_tick) { - ret->tlsext_tick = as->tlsext_tick->data; - ret->tlsext_ticklen = as->tlsext_tick->length; + ret->ext.tick = as->tlsext_tick->data; + ret->ext.ticklen = as->tlsext_tick->length; as->tlsext_tick->data = NULL; } else { - ret->tlsext_tick = NULL; + ret->ext.tick = NULL; } #ifndef OPENSSL_NO_COMP if (as->comp_id) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 65e3ba1824..ddc2ff78e7 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -589,49 +589,46 @@ SSL *SSL_new(SSL_CTX *ctx) SSL_CTX_up_ref(ctx); s->ctx = ctx; - s->tlsext_debug_cb = 0; - s->tlsext_debug_arg = NULL; - s->tlsext_ticket_expected = 0; - s->tlsext_status_type = ctx->tlsext_status_type; - s->tlsext_status_expected = 0; - s->tlsext_ocsp_ids = NULL; - s->tlsext_ocsp_exts = NULL; - s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resplen = 0; + s->ext.debug_cb = 0; + s->ext.debug_arg = NULL; + s->ext.ticket_expected = 0; + s->ext.status_type = ctx->ext.status_type; + s->ext.status_expected = 0; + s->ext.ocsp.ids = NULL; + s->ext.ocsp.exts = NULL; + s->ext.ocsp.resp = NULL; + s->ext.ocsp.resp_len = 0; SSL_CTX_up_ref(ctx); s->initial_ctx = ctx; #ifndef OPENSSL_NO_EC - if (ctx->tlsext_ecpointformatlist) { - s->tlsext_ecpointformatlist = - OPENSSL_memdup(ctx->tlsext_ecpointformatlist, - ctx->tlsext_ecpointformatlist_length); - if (!s->tlsext_ecpointformatlist) + if (ctx->ext.ecpointformats) { + s->ext.ecpointformats = + OPENSSL_memdup(ctx->ext.ecpointformats, + ctx->ext.ecpointformats_len); + if (!s->ext.ecpointformats) goto err; - s->tlsext_ecpointformatlist_length = - ctx->tlsext_ecpointformatlist_length; - } - if (ctx->tlsext_supportedgroupslist) { - s->tlsext_supportedgroupslist = - OPENSSL_memdup(ctx->tlsext_supportedgroupslist, - ctx->tlsext_supportedgroupslist_length); - if (!s->tlsext_supportedgroupslist) + s->ext.ecpointformats_len = + ctx->ext.ecpointformats_len; + } + if (ctx->ext.supportedgroups) { + s->ext.supportedgroups = + OPENSSL_memdup(ctx->ext.supportedgroups, + ctx->ext.supportedgroups_len); + if (!s->ext.supportedgroups) goto err; - s->tlsext_supportedgroupslist_length = - ctx->tlsext_supportedgroupslist_length; + s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; } #endif #ifndef OPENSSL_NO_NEXTPROTONEG - s->next_proto_negotiated = NULL; + s->ext.npn = NULL; #endif - if (s->ctx->alpn_client_proto_list) { - s->alpn_client_proto_list = - OPENSSL_malloc(s->ctx->alpn_client_proto_list_len); - if (s->alpn_client_proto_list == NULL) + if (s->ctx->ext.alpn) { + s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); + if (s->ext.alpn == NULL) goto err; - memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list, - s->ctx->alpn_client_proto_list_len); - s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len; + memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); + s->ext.alpn_len = s->ctx->ext.alpn_len; } s->verified_chain = NULL; @@ -838,7 +835,7 @@ int SSL_dane_enable(SSL *s, const char *basedomain) * accepts them and disables host name checks. To avoid side-effects with * invalid input, set the SNI name first. */ - if (s->tlsext_hostname == NULL) { + if (s->ext.hostname == NULL) { if (!SSL_set_tlsext_host_name(s, basedomain)) { SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); return -1; @@ -997,22 +994,22 @@ void SSL_free(SSL *s) ssl_cert_free(s->cert); /* Free up if allocated */ - OPENSSL_free(s->tlsext_hostname); + OPENSSL_free(s->ext.hostname); SSL_CTX_free(s->initial_ctx); #ifndef OPENSSL_NO_EC - OPENSSL_free(s->tlsext_ecpointformatlist); - OPENSSL_free(s->tlsext_supportedgroupslist); + OPENSSL_free(s->ext.ecpointformats); + OPENSSL_free(s->ext.supportedgroups); #endif /* OPENSSL_NO_EC */ - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); + sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free); #ifndef OPENSSL_NO_OCSP - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); + sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free); #endif #ifndef OPENSSL_NO_CT SCT_LIST_free(s->scts); - OPENSSL_free(s->tlsext_scts); + OPENSSL_free(s->ext.scts); #endif - OPENSSL_free(s->tlsext_ocsp_resp); - OPENSSL_free(s->alpn_client_proto_list); + OPENSSL_free(s->ext.ocsp.resp); + OPENSSL_free(s->ext.alpn); sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); @@ -1028,7 +1025,7 @@ void SSL_free(SSL *s) ASYNC_WAIT_CTX_free(s->waitctx); #if !defined(OPENSSL_NO_NEXTPROTONEG) - OPENSSL_free(s->next_proto_negotiated); + OPENSSL_free(s->ext.npn); #endif #ifndef OPENSSL_NO_SRTP @@ -2168,15 +2165,15 @@ const char *SSL_get_servername(const SSL *s, const int type) if (type != TLSEXT_NAMETYPE_host_name) return NULL; - return s->session && !s->tlsext_hostname ? - s->session->tlsext_hostname : s->tlsext_hostname; + return s->session && !s->ext.hostname ? + s->session->ext.hostname : s->ext.hostname; } int SSL_get_servername_type(const SSL *s) { if (s->session - && (!s->tlsext_hostname ? s->session-> - tlsext_hostname : s->tlsext_hostname)) + && (!s->ext.hostname ? s->session-> + ext.hostname : s->ext.hostname)) return TLSEXT_NAMETYPE_host_name; return -1; } @@ -2251,16 +2248,16 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) { - *data = s->next_proto_negotiated; + *data = s->ext.npn; if (!*data) { *len = 0; } else { - *len = (unsigned int)s->next_proto_negotiated_len; + *len = (unsigned int)s->ext.npn_len; } } /* - * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when + * SSL_CTX_set_npn_advertised_cb sets a callback that is called when * a TLS server needs a list of supported protocols for Next Protocol * Negotiation. The returned list must be in wire format. The list is * returned by setting |out| to point to it and |outlen| to its length. This @@ -2269,15 +2266,15 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, * wishes to advertise. Otherwise, no such extension will be included in the * ServerHello. */ -void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - const unsigned char - **out, - unsigned int *outlen, - void *arg), void *arg) +void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg), + void *arg) { - ctx->next_protos_advertised_cb = cb; - ctx->next_protos_advertised_cb_arg = arg; + ctx->ext.npn_advertised_cb = cb; + ctx->ext.npn_advertised_cb_arg = arg; } /* @@ -2290,15 +2287,16 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, * select a protocol. It is fatal to the connection if this callback returns * a value other than SSL_TLSEXT_ERR_OK. */ -void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, - int (*cb) (SSL *s, unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), void *arg) +void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, + int (*cb) (SSL *s, unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), + void *arg) { - ctx->next_proto_select_cb = cb; - ctx->next_proto_select_cb_arg = arg; + ctx->ext.npn_select_cb = cb; + ctx->ext.npn_select_cb_arg = arg; } #endif @@ -2310,13 +2308,13 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len) { - OPENSSL_free(ctx->alpn_client_proto_list); - ctx->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len); - if (ctx->alpn_client_proto_list == NULL) { + OPENSSL_free(ctx->ext.alpn); + ctx->ext.alpn = OPENSSL_memdup(protos, protos_len); + if (ctx->ext.alpn == NULL) { SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); return 1; } - ctx->alpn_client_proto_list_len = protos_len; + ctx->ext.alpn_len = protos_len; return 0; } @@ -2329,13 +2327,13 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, unsigned int protos_len) { - OPENSSL_free(ssl->alpn_client_proto_list); - ssl->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len); - if (ssl->alpn_client_proto_list == NULL) { + OPENSSL_free(ssl->ext.alpn); + ssl->ext.alpn = OPENSSL_memdup(protos, protos_len); + if (ssl->ext.alpn == NULL) { SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); return 1; } - ssl->alpn_client_proto_list_len = protos_len; + ssl->ext.alpn_len = protos_len; return 0; } @@ -2353,8 +2351,8 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, unsigned int inlen, void *arg), void *arg) { - ctx->alpn_select_cb = cb; - ctx->alpn_select_cb_arg = arg; + ctx->ext.alpn_select_cb = cb; + ctx->ext.alpn_select_cb_arg = arg; } /* @@ -2513,12 +2511,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; /* Setup RFC5077 ticket keys */ - if ((RAND_bytes(ret->tlsext_tick_key_name, - sizeof(ret->tlsext_tick_key_name)) <= 0) - || (RAND_bytes(ret->tlsext_tick_hmac_key, - sizeof(ret->tlsext_tick_hmac_key)) <= 0) - || (RAND_bytes(ret->tlsext_tick_aes_key, - sizeof(ret->tlsext_tick_aes_key)) <= 0)) + if ((RAND_bytes(ret->ext.tick_key_name, + sizeof(ret->ext.tick_key_name)) <= 0) + || (RAND_bytes(ret->ext.tick_hmac_key, + sizeof(ret->ext.tick_hmac_key)) <= 0) + || (RAND_bytes(ret->ext.tick_aes_key, + sizeof(ret->ext.tick_aes_key)) <= 0)) ret->options |= SSL_OP_NO_TICKET; #ifndef OPENSSL_NO_SRP @@ -2556,7 +2554,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->options |= SSL_OP_NO_COMPRESSION; - ret->tlsext_status_type = TLSEXT_STATUSTYPE_nothing; + ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; return ret; err: @@ -2629,10 +2627,10 @@ void SSL_CTX_free(SSL_CTX *a) #endif #ifndef OPENSSL_NO_EC - OPENSSL_free(a->tlsext_ecpointformatlist); - OPENSSL_free(a->tlsext_supportedgroupslist); + OPENSSL_free(a->ext.ecpointformats); + OPENSSL_free(a->ext.supportedgroups); #endif - OPENSSL_free(a->alpn_client_proto_list); + OPENSSL_free(a->ext.alpn); CRYPTO_THREAD_lock_free(a->lock); @@ -4040,9 +4038,9 @@ static int ct_extract_tls_extension_scts(SSL *s) { int scts_extracted = 0; - if (s->tlsext_scts != NULL) { - const unsigned char *p = s->tlsext_scts; - STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->tlsext_scts_len); + if (s->ext.scts != NULL) { + const unsigned char *p = s->ext.scts; + STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len); scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION); @@ -4070,11 +4068,11 @@ static int ct_extract_ocsp_response_scts(SSL *s) STACK_OF(SCT) *scts = NULL; int i; - if (s->tlsext_ocsp_resp == NULL || s->tlsext_ocsp_resplen == 0) + if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0) goto err; - p = s->tlsext_ocsp_resp; - rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->tlsext_ocsp_resplen); + p = s->ext.ocsp.resp; + rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len); if (rsp == NULL) goto err; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c1b331a1a7..06557bb4b2 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -553,18 +553,21 @@ struct ssl_session_st { * implement a maximum cache size. */ struct ssl_session_st *prev, *next; - char *tlsext_hostname; + + struct { + char *hostname; # ifndef OPENSSL_NO_EC - size_t tlsext_ecpointformatlist_length; - unsigned char *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_supportedgroupslist_length; - unsigned char *tlsext_supportedgroupslist; /* peer's list */ + size_t ecpointformats_len; + unsigned char *ecpointformats; /* peer's list */ + size_t supportedgroups_len; + unsigned char *supportedgroups; /* peer's list */ # endif /* OPENSSL_NO_EC */ /* RFC4507 info */ - unsigned char *tlsext_tick; /* Session ticket */ - size_t tlsext_ticklen; /* Session ticket length */ - unsigned long tlsext_tick_lifetime_hint; /* Session lifetime hint in - * seconds */ + unsigned char *tick; /* Session ticket */ + size_t ticklen; /* Session ticket length */ + /* Session lifetime hint in seconds */ + unsigned long tick_lifetime_hint; + } ext; # ifndef OPENSSL_NO_SRP char *srp_username; # endif @@ -775,63 +778,40 @@ struct ssl_ctx_st { ENGINE *client_cert_engine; # endif - /* TLS extensions servername callback */ - int (*tlsext_servername_callback) (SSL *, int *, void *); - void *tlsext_servername_arg; - /* RFC 4507 session ticket keys */ - unsigned char tlsext_tick_key_name[TLSEXT_KEYNAME_LENGTH]; - unsigned char tlsext_tick_hmac_key[32]; - unsigned char tlsext_tick_aes_key[32]; - /* Callback to support customisation of ticket key setting */ - int (*tlsext_ticket_key_cb) (SSL *ssl, - unsigned char *name, unsigned char *iv, - EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); - - /* certificate status request info */ - /* Callback for status request */ - int (*tlsext_status_cb) (SSL *ssl, void *arg); - void *tlsext_status_arg; - -# ifndef OPENSSL_NO_PSK - unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); - unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len); -# endif + /* TLS extensions. */ + struct { + /* TLS extensions servername callback */ + int (*servername_cb) (SSL *, int *, void *); + void *servername_arg; + /* RFC 4507 session ticket keys */ + unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH]; + unsigned char tick_hmac_key[32]; + unsigned char tick_aes_key[32]; + /* Callback to support customisation of ticket key setting */ + int (*ticket_key_cb) (SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); + + /* certificate status request info */ + /* Callback for status request */ + int (*status_cb) (SSL *ssl, void *arg); + void *status_arg; + /* ext status type used for CSR extension (OCSP Stapling) */ + int status_type; -# ifndef OPENSSL_NO_SRP - SRP_CTX srp_ctx; /* ctx for SRP authentication */ -# endif +# ifndef OPENSSL_NO_EC + /* EC extension values inherited by SSL structure */ + size_t ecpointformats_len; + unsigned char *ecpointformats; + size_t supportedgroups_len; + unsigned char *supportedgroups; +# endif /* OPENSSL_NO_EC */ # ifndef OPENSSL_NO_NEXTPROTONEG - /* Next protocol negotiation information */ - - /* - * For a server, this contains a callback function by which the set of - * advertised protocols can be provided. - */ - int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, - unsigned int *len, void *arg); - void *next_protos_advertised_cb_arg; - /* - * For a client, this contains a callback function that selects the next - * protocol from the list provided by the server. - */ - int (*next_proto_select_cb) (SSL *s, unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, void *arg); - void *next_proto_select_cb_arg; -# endif - - /* - * ALPN information (we are in the process of transitioning from NPN to - * ALPN.) - */ + /* + * ALPN information (we are in the process of transitioning from NPN to + * ALPN.) + */ /*- * For a server, this contains a callback function that allows the @@ -843,19 +823,55 @@ struct ssl_ctx_st { * wire-format. * inlen: the length of |in|. */ - int (*alpn_select_cb) (SSL *s, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, void *arg); - void *alpn_select_cb_arg; + int (*alpn_select_cb) (SSL *s, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, void *arg); + void *alpn_select_cb_arg; - /* - * For a client, this contains the list of supported protocols in wire - * format. - */ - unsigned char *alpn_client_proto_list; - size_t alpn_client_proto_list_len; + /* + * For a client, this contains the list of supported protocols in wire + * format. + */ + unsigned char *alpn; + size_t alpn_len; + + /* Next protocol negotiation information */ + + /* + * For a server, this contains a callback function by which the set of + * advertised protocols can be provided. + */ + int (*npn_advertised_cb) (SSL *s, const unsigned char **buf, + unsigned int *len, void *arg); + void *npn_advertised_cb_arg; + /* + * For a client, this contains a callback function that selects the next + * protocol from the list provided by the server. + */ + int (*npn_select_cb) (SSL *s, unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, void *arg); + void *npn_select_cb_arg; +# endif + } ext; + +# ifndef OPENSSL_NO_PSK + unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); + unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +# endif + +# ifndef OPENSSL_NO_SRP + SRP_CTX srp_ctx; /* ctx for SRP authentication */ +# endif /* Shared DANE context */ struct dane_ctx_st dane; @@ -867,16 +883,6 @@ struct ssl_ctx_st { * basis, depending on the chosen cipher. */ int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); -# ifndef OPENSSL_NO_EC - /* EC extension values inherited by SSL structure */ - size_t tlsext_ecpointformatlist_length; - unsigned char *tlsext_ecpointformatlist; - size_t tlsext_supportedgroupslist_length; - unsigned char *tlsext_supportedgroupslist; -# endif /* OPENSSL_NO_EC */ - - /* ext status type used for CSR extension (OCSP Stapling) */ - int tlsext_status_type; CRYPTO_RWLOCK *lock; }; @@ -1039,11 +1045,67 @@ struct ssl_st { size_t max_send_fragment; /* Up to how many pipelines should we use? If 0 then 1 is assumed */ size_t max_pipelines; - /* TLS extension debug callback */ - void (*tlsext_debug_cb) (SSL *s, int client_server, int type, - const unsigned char *data, int len, void *arg); - void *tlsext_debug_arg; - char *tlsext_hostname; + + struct { + /* TLS extension debug callback */ + void (*debug_cb) (SSL *s, int client_server, int type, + const unsigned char *data, int len, void *arg); + void *debug_arg; + char *hostname; + /* certificate status request info */ + /* Status type or -1 if no status type */ + int status_type; + /* Raw extension data, if seen */ + unsigned char *scts; + /* Length of raw extension data, if seen */ + uint16_t scts_len; + /* Expect OCSP CertificateStatus message */ + int status_expected; + + struct { + /* OCSP status request only */ + STACK_OF(OCSP_RESPID) *ids; + X509_EXTENSIONS *exts; + /* OCSP response received or to be sent */ + unsigned char *resp; + size_t resp_len; + } ocsp; + + /* RFC4507 session ticket expected to be received or sent */ + int ticket_expected; +# ifndef OPENSSL_NO_EC + size_t ecpointformats_len; + /* our list */ + unsigned char *ecpointformats; + size_t supportedgroups_len; + /* our list */ + unsigned char *supportedgroups; +# endif /* OPENSSL_NO_EC */ + /* TLS Session Ticket extension override */ + TLS_SESSION_TICKET_EXT *session_ticket; + /* TLS Session Ticket extension callback */ + tls_session_ticket_ext_cb_fn session_ticket_cb; + void *session_ticket_cb_arg; + /* TLS pre-shared secret session resumption */ + tls_session_secret_cb_fn session_secret_cb; + void *session_secret_cb_arg; + /* + * For a client, this contains the list of supported protocols in wire + * format. + */ + unsigned char *alpn; + size_t alpn_len; + /* + * Next protocol negotiation. For the client, this is the protocol that + * we sent in NextProtocol and is set when handling ServerHello + * extensions. For a server, this is the client's selected_protocol from + * NextProtocol and is set when handling the NextProtocol message, before + * the Finished message. + */ + unsigned char *npn; + size_t npn_len; + } ext; + /*- * no further mod of servername * 0 : call the servername extension callback. @@ -1051,9 +1113,6 @@ struct ssl_st { * 2 : don't call servername callback, no ack in server hello */ int servername_done; - /* certificate status request info */ - /* Status type or -1 if no status type */ - int tlsext_status_type; # ifndef OPENSSL_NO_CT /* * Validates that the SCTs (Signed Certificate Timestamps) are sufficient. @@ -1067,62 +1126,17 @@ struct ssl_st { * Lazily populated by CT_get_peer_scts(SSL*) */ STACK_OF(SCT) *scts; - /* Raw extension data, if seen */ - unsigned char *tlsext_scts; - /* Length of raw extension data, if seen */ - uint16_t tlsext_scts_len; /* Have we attempted to find/parse SCTs yet? */ int scts_parsed; # endif - /* Expect OCSP CertificateStatus message */ - int tlsext_status_expected; - /* OCSP status request only */ - STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; - X509_EXTENSIONS *tlsext_ocsp_exts; - /* OCSP response received or to be sent */ - unsigned char *tlsext_ocsp_resp; - size_t tlsext_ocsp_resplen; - /* RFC4507 session ticket expected to be received or sent */ - int tlsext_ticket_expected; -# ifndef OPENSSL_NO_EC - size_t tlsext_ecpointformatlist_length; - /* our list */ - unsigned char *tlsext_ecpointformatlist; - size_t tlsext_supportedgroupslist_length; - /* our list */ - unsigned char *tlsext_supportedgroupslist; -# endif /* OPENSSL_NO_EC */ - /* TLS Session Ticket extension override */ - TLS_SESSION_TICKET_EXT *tlsext_session_ticket; - /* TLS Session Ticket extension callback */ - tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; - void *tls_session_ticket_ext_cb_arg; - /* TLS pre-shared secret session resumption */ - tls_session_secret_cb_fn tls_session_secret_cb; - void *tls_session_secret_cb_arg; SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ # ifndef OPENSSL_NO_NEXTPROTONEG - /* - * Next protocol negotiation. For the client, this is the protocol that - * we sent in NextProtocol and is set when handling ServerHello - * extensions. For a server, this is the client's selected_protocol from - * NextProtocol and is set when handling the NextProtocol message, before - * the Finished message. - */ - unsigned char *next_proto_negotiated; - size_t next_proto_negotiated_len; # endif # define session_ctx initial_ctx /* What we'll do */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What's been chosen */ SRTP_PROTECTION_PROFILE *srtp_profile; - /* - * For a client, this contains the list of supported protocols in wire - * format. - */ - unsigned char *alpn_client_proto_list; - size_t alpn_client_proto_list_len; /*- * 1 if we are renegotiating. * 2 if we are a server and are inside a handshake @@ -1277,7 +1291,7 @@ typedef struct ssl3_state_st { /* * Set if we saw the Next Protocol Negotiation extension from our peer. */ - int next_proto_neg_seen; + int npn_seen; # endif /* diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index c9a9e2364a..df49d85cae 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -129,12 +129,12 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->psk_identity = NULL; #endif dest->ciphers = NULL; - dest->tlsext_hostname = NULL; + dest->ext.hostname = NULL; #ifndef OPENSSL_NO_EC - dest->tlsext_ecpointformatlist = NULL; - dest->tlsext_supportedgroupslist = NULL; + dest->ext.ecpointformats = NULL; + dest->ext.supportedgroups = NULL; #endif - dest->tlsext_tick = NULL; + dest->ext.tick = NULL; #ifndef OPENSSL_NO_SRP dest->srp_username = NULL; #endif @@ -184,37 +184,37 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) goto err; } - if (src->tlsext_hostname) { - dest->tlsext_hostname = OPENSSL_strdup(src->tlsext_hostname); - if (dest->tlsext_hostname == NULL) { + if (src->ext.hostname) { + dest->ext.hostname = OPENSSL_strdup(src->ext.hostname); + if (dest->ext.hostname == NULL) { goto err; } } #ifndef OPENSSL_NO_EC - if (src->tlsext_ecpointformatlist) { - dest->tlsext_ecpointformatlist = - OPENSSL_memdup(src->tlsext_ecpointformatlist, - src->tlsext_ecpointformatlist_length); - if (dest->tlsext_ecpointformatlist == NULL) + if (src->ext.ecpointformats) { + dest->ext.ecpointformats = + OPENSSL_memdup(src->ext.ecpointformats, + src->ext.ecpointformats_len); + if (dest->ext.ecpointformats == NULL) goto err; } - if (src->tlsext_supportedgroupslist) { - dest->tlsext_supportedgroupslist = - OPENSSL_memdup(src->tlsext_supportedgroupslist, - src->tlsext_supportedgroupslist_length); - if (dest->tlsext_supportedgroupslist == NULL) + if (src->ext.supportedgroups) { + dest->ext.supportedgroups = + OPENSSL_memdup(src->ext.supportedgroups, + src->ext.supportedgroups_len); + if (dest->ext.supportedgroups == NULL) goto err; } #endif if (ticket != 0) { - dest->tlsext_tick = - OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen); - if (dest->tlsext_tick == NULL) + dest->ext.tick = + OPENSSL_memdup(src->ext.tick, src->ext.ticklen); + if (dest->ext.tick == NULL) goto err; } else { - dest->tlsext_tick_lifetime_hint = 0; - dest->tlsext_ticklen = 0; + dest->ext.tick_lifetime_hint = 0; + dest->ext.ticklen = 0; } #ifndef OPENSSL_NO_SRP @@ -353,7 +353,7 @@ int ssl_get_new_session(SSL *s, int session) * ServerHello extensions, and before recording the session * ID received from the server, so this block is a noop. */ - if (s->tlsext_ticket_expected) { + if (s->ext.ticket_expected) { ss->session_id_length = 0; goto sess_id_done; } @@ -398,9 +398,9 @@ int ssl_get_new_session(SSL *s, int session) } sess_id_done: - if (s->tlsext_hostname) { - ss->tlsext_hostname = OPENSSL_strdup(s->tlsext_hostname); - if (ss->tlsext_hostname == NULL) { + if (s->ext.hostname) { + ss->ext.hostname = OPENSSL_strdup(s->ext.hostname); + if (ss->ext.hostname == NULL) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; @@ -441,7 +441,7 @@ int ssl_get_new_session(SSL *s, int session) * Side effects: * - If a session is found then s->session is pointed at it (after freeing an * existing session if need be) and s->verify_result is set from the session. - * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 + * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1 * if the server should issue a new session ticket (to 0 otherwise). */ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) @@ -456,7 +456,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) if (hello->session_id_len == 0) try_session_cache = 0; - /* sets s->tlsext_ticket_expected */ + /* sets s->ext.ticket_expected */ r = tls_get_ticket_from_client(s, hello, &ret); switch (r) { case -1: /* Error during processing */ @@ -635,7 +635,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) * The session was from a ticket, so we should issue a ticket for * the new session */ - s->tlsext_ticket_expected = 1; + s->ext.ticket_expected = 1; } } if (fatal) @@ -765,13 +765,15 @@ void SSL_SESSION_free(SSL_SESSION *ss) X509_free(ss->peer); sk_X509_pop_free(ss->peer_chain, X509_free); sk_SSL_CIPHER_free(ss->ciphers); - OPENSSL_free(ss->tlsext_hostname); - OPENSSL_free(ss->tlsext_tick); + OPENSSL_free(ss->ext.hostname); + OPENSSL_free(ss->ext.tick); #ifndef OPENSSL_NO_EC - ss->tlsext_ecpointformatlist_length = 0; - OPENSSL_free(ss->tlsext_ecpointformatlist); - ss->tlsext_supportedgroupslist_length = 0; - OPENSSL_free(ss->tlsext_supportedgroupslist); + OPENSSL_free(ss->ext.ecpointformats); + ss->ext.ecpointformats = NULL; + ss->ext.ecpointformats_len = 0; + OPENSSL_free(ss->ext.supportedgroups); + ss->ext.supportedgroups = NULL; + ss->ext.supportedgroups_len = 0; #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_PSK OPENSSL_free(ss->psk_identity_hint); @@ -869,25 +871,25 @@ const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s) const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s) { - return s->tlsext_hostname; + return s->ext.hostname; } int SSL_SESSION_has_ticket(const SSL_SESSION *s) { - return (s->tlsext_ticklen > 0) ? 1 : 0; + return (s->ext.ticklen > 0) ? 1 : 0; } unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) { - return s->tlsext_tick_lifetime_hint; + return s->ext.tick_lifetime_hint; } void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, size_t *len) { - *len = s->tlsext_ticklen; + *len = s->ext.ticklen; if (tick != NULL) - *tick = s->tlsext_tick; + *tick = s->ext.tick; } X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) @@ -927,20 +929,13 @@ long SSL_CTX_get_timeout(const SSL_CTX *s) } int SSL_set_session_secret_cb(SSL *s, - int (*tls_session_secret_cb) (SSL *s, - void *secret, - int *secret_len, - STACK_OF(SSL_CIPHER) - *peer_ciphers, - const SSL_CIPHER - **cipher, - void *arg), + tls_session_secret_cb_fn tls_session_secret_cb, void *arg) { if (s == NULL) return (0); - s->tls_session_secret_cb = tls_session_secret_cb; - s->tls_session_secret_cb_arg = arg; + s->ext.session_secret_cb = tls_session_secret_cb; + s->ext.session_secret_cb_arg = arg; return (1); } @@ -949,30 +944,30 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, { if (s == NULL) return (0); - s->tls_session_ticket_ext_cb = cb; - s->tls_session_ticket_ext_cb_arg = arg; + s->ext.session_ticket_cb = cb; + s->ext.session_ticket_cb_arg = arg; return (1); } int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) { if (s->version >= TLS1_VERSION) { - OPENSSL_free(s->tlsext_session_ticket); - s->tlsext_session_ticket = NULL; - s->tlsext_session_ticket = + OPENSSL_free(s->ext.session_ticket); + s->ext.session_ticket = NULL; + s->ext.session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); - if (s->tlsext_session_ticket == NULL) { + if (s->ext.session_ticket == NULL) { SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); return 0; } if (ext_data) { - s->tlsext_session_ticket->length = ext_len; - s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; - memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); + s->ext.session_ticket->length = ext_len; + s->ext.session_ticket->data = s->ext.session_ticket + 1; + memcpy(s->ext.session_ticket->data, ext_data, ext_len); } else { - s->tlsext_session_ticket->length = 0; - s->tlsext_session_ticket->data = NULL; + s->ext.session_ticket->length = 0; + s->ext.session_ticket->data = NULL; } return 1; diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 06ea6463ab..7d4a4fd3ec 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -119,18 +119,18 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err; #endif - if (x->tlsext_tick_lifetime_hint) { + if (x->ext.tick_lifetime_hint) { if (BIO_printf(bp, "\n TLS session ticket lifetime hint: %ld (seconds)", - x->tlsext_tick_lifetime_hint) <= 0) + x->ext.tick_lifetime_hint) <= 0) goto err; } - if (x->tlsext_tick) { + if (x->ext.tick) { if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; /* TODO(size_t): Convert this call */ if (BIO_dump_indent - (bp, (const char *)x->tlsext_tick, (int)x->tlsext_ticklen, 4) + (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4) <= 0) goto err; } diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 0c655256ea..2568ac6573 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -457,11 +457,11 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, if (!currext->present) return 1; - if (s->tlsext_debug_cb) - s->tlsext_debug_cb(s, !s->server, currext->type, - PACKET_data(&currext->data), - PACKET_remaining(&currext->data), - s->tlsext_debug_arg); + if (s->ext.debug_cb) + s->ext.debug_cb(s, !s->server, currext->type, + PACKET_data(&currext->data), + PACKET_remaining(&currext->data), + s->ext.debug_arg); /* Skip if we've already parsed this extension */ if (currext->parsed) @@ -714,13 +714,13 @@ static int final_server_name(SSL *s, unsigned int context, int sent, int ret = SSL_TLSEXT_ERR_NOACK; int altmp = SSL_AD_UNRECOGNIZED_NAME; - if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) - ret = s->ctx->tlsext_servername_callback(s, &altmp, - s->ctx->tlsext_servername_arg); + if (s->ctx != NULL && s->ctx->ext.servername_cb != 0) + ret = s->ctx->ext.servername_cb(s, &altmp, + s->ctx->ext.servername_arg); else if (s->initial_ctx != NULL - && s->initial_ctx->tlsext_servername_callback != 0) - ret = s->initial_ctx->tlsext_servername_callback(s, &altmp, - s->initial_ctx->tlsext_servername_arg); + && s->initial_ctx->ext.servername_cb != 0) + ret = s->initial_ctx->ext.servername_cb(s, &altmp, + s->initial_ctx->ext.servername_arg); switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: @@ -757,20 +757,20 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent, * suite, then if server returns an EC point formats lists extension it * must contain uncompressed. */ - if (s->tlsext_ecpointformatlist != NULL - && s->tlsext_ecpointformatlist_length > 0 - && s->session->tlsext_ecpointformatlist != NULL - && s->session->tlsext_ecpointformatlist_length > 0 + if (s->ext.ecpointformats != NULL + && s->ext.ecpointformats_len > 0 + && s->session->ext.ecpointformats != NULL + && s->session->ext.ecpointformats_len > 0 && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; - unsigned char *list = s->session->tlsext_ecpointformatlist; + unsigned char *list = s->session->ext.ecpointformats; - for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) { + for (i = 0; i < s->session->ext.ecpointformats_len; i++) { if (*list++ == TLSEXT_ECPOINTFORMAT_uncompressed) break; } - if (i == s->session->tlsext_ecpointformatlist_length) { + if (i == s->session->ext.ecpointformats_len) { SSLerr(SSL_F_FINAL_EC_PT_FORMATS, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); return 0; @@ -784,7 +784,7 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent, static int init_session_ticket(SSL *s, unsigned int context) { if (!s->server) - s->tlsext_ticket_expected = 0; + s->ext.ticket_expected = 0; return 1; } @@ -793,25 +793,43 @@ static int init_session_ticket(SSL *s, unsigned int context) static int init_status_request(SSL *s, unsigned int context) { if (s->server) { - s->tlsext_status_type = TLSEXT_STATUSTYPE_nothing; + s->ext.status_type = TLSEXT_STATUSTYPE_nothing; } else { /* * Ensure we get sensible values passed to tlsext_status_cb in the event * that we don't receive a status message */ OPENSSL_free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resplen = 0; + s->ext.ocsp_resp = NULL; + s->ext.ocsp_resplen = 0; } return 1; } + +static int final_status_request(SSL *s, unsigned int context, int sent, + int *al) +{ + if (s->server) + return 1; + + /* + * Ensure we get sensible values passed to ext.status_cb in the event + * that we don't receive a status message + */ + OPENSSL_free(s->ext.ocsp.resp); + s->ext.ocsp.resp = NULL; + s->ext.ocsp.resp_len = 0; +>>>>>>> Move extension data into sub-structs + + return 1; +} #endif #ifndef OPENSSL_NO_NEXTPROTONEG static int init_npn(SSL *s, unsigned int context) { - s->s3->next_proto_neg_seen = 0; + s->s3->npn_seen = 0; return 1; } @@ -838,11 +856,11 @@ static int final_alpn(SSL *s, unsigned int context, int sent, int *al) if (!s->server) return 1; - if (s->ctx->alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) { - int r = s->ctx->alpn_select_cb(s, &selected, &selected_len, - s->s3->alpn_proposed, - (unsigned int)s->s3->alpn_proposed_len, - s->ctx->alpn_select_cb_arg); + if (s->ctx->ext.alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) { + int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len, + s->s3->alpn_proposed, + (unsigned int)s->s3->alpn_proposed_len, + s->ctx->ext.alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { OPENSSL_free(s->s3->alpn_selected); @@ -854,7 +872,7 @@ static int final_alpn(SSL *s, unsigned int context, int sent, int *al) s->s3->alpn_selected_len = selected_len; #ifndef OPENSSL_NO_NEXTPROTONEG /* ALPN takes precedence over NPN. */ - s->s3->next_proto_neg_seen = 0; + s->s3->npn_seen = 0; #endif } else { *al = SSL_AD_NO_APPLICATION_PROTOCOL; diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 277e0624a4..be0c979eb9 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -34,7 +34,7 @@ int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, X509 *x, int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx, int *al) { - if (s->tlsext_hostname == NULL) + if (s->ext.hostname == NULL) return 1; /* Add TLS extension servername to the Client Hello message */ @@ -44,8 +44,8 @@ int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x, /* Sub-packet for servername list (always 1 hostname)*/ || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name) - || !WPACKET_sub_memcpy_u16(pkt, s->tlsext_hostname, - strlen(s->tlsext_hostname)) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname, + strlen(s->ext.hostname)) || !WPACKET_close(pkt) || !WPACKET_close(pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME, ERR_R_INTERNAL_ERROR); @@ -145,7 +145,7 @@ int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, X509 *x, * Add TLS extension supported_groups to the ClientHello message */ /* TODO(TLS1.3): Add support for DHE groups */ - pcurves = s->tlsext_supportedgroupslist; + pcurves = s->ext.supportedgroups; if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, ERR_R_INTERNAL_ERROR); @@ -191,30 +191,30 @@ int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, X509 *x, return 1; if (!s->new_session && s->session != NULL - && s->session->tlsext_tick != NULL) { - ticklen = s->session->tlsext_ticklen; - } else if (s->session && s->tlsext_session_ticket != NULL - && s->tlsext_session_ticket->data != NULL) { - ticklen = s->tlsext_session_ticket->length; - s->session->tlsext_tick = OPENSSL_malloc(ticklen); - if (s->session->tlsext_tick == NULL) { + && s->session->ext.tick != NULL) { + ticklen = s->session->ext.ticklen; + } else if (s->session && s->ext.session_ticket != NULL + && s->ext.session_ticket->data != NULL) { + ticklen = s->ext.session_ticket->length; + s->session->ext.tick = OPENSSL_malloc(ticklen); + if (s->session->ext.tick == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR); return 0; } - memcpy(s->session->tlsext_tick, - s->tlsext_session_ticket->data, ticklen); - s->session->tlsext_ticklen = ticklen; + memcpy(s->session->ext.tick, + s->ext.session_ticket->data, ticklen); + s->session->ext.ticklen = ticklen; } else { ticklen = 0; } - if (ticklen == 0 && s->tlsext_session_ticket != NULL && - s->tlsext_session_ticket->data == NULL) + if (ticklen == 0 && s->ext.session_ticket != NULL && + s->ext.session_ticket->data == NULL) return 1; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket) - || !WPACKET_sub_memcpy_u16(pkt, s->session->tlsext_tick, ticklen)) { + || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR); return 0; } @@ -257,7 +257,7 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x, if (x != NULL) return 1; - if (s->tlsext_status_type != TLSEXT_STATUSTYPE_ocsp) + if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) return 1; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) @@ -269,9 +269,9 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x, SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR); return 0; } - for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) { + for (i = 0; i < sk_OCSP_RESPID_num(s->ext.ocsp.ids); i++) { unsigned char *idbytes; - OCSP_RESPID *id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); + OCSP_RESPID *id = sk_OCSP_RESPID_value(s->ext.ocsp.ids, i); int idlen = i2d_OCSP_RESPID(id, NULL); if (idlen <= 0 @@ -288,9 +288,9 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x, SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR); return 0; } - if (s->tlsext_ocsp_exts) { + if (s->ext.ocsp.exts) { unsigned char *extbytes; - int extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); + int extlen = i2d_X509_EXTENSIONS(s->ext.ocsp.exts, NULL); if (extlen < 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, @@ -298,7 +298,7 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x, return 0; } if (!WPACKET_allocate_bytes(pkt, extlen, &extbytes) - || i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &extbytes) + || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes) != extlen) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR); @@ -318,7 +318,7 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x, int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx, int *al) { - if (s->ctx->next_proto_select_cb == NULL || s->s3->tmp.finish_md_len != 0) + if (s->ctx->ext.npn_select_cb == NULL || s->s3->tmp.finish_md_len != 0) return 1; /* @@ -344,15 +344,14 @@ int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx, * finish_md_len is non-zero during a renegotiation, so * this avoids sending ALPN during the renegotiation */ - if (s->alpn_client_proto_list == NULL || s->s3->tmp.finish_md_len != 0) + if (s->ext.alpn == NULL || s->s3->tmp.finish_md_len != 0) return 1; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_application_layer_protocol_negotiation) /* Sub-packet ALPN extension */ || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u16(pkt, s->alpn_client_proto_list, - s->alpn_client_proto_list_len) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len) || !WPACKET_close(pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_ALPN, ERR_R_INTERNAL_ERROR); return 0; @@ -516,7 +515,7 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx, return 0; } - pcurves = s->tlsext_supportedgroupslist; + pcurves = s->ext.supportedgroups; if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR); return 0; @@ -698,18 +697,18 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) { - if (s->tlsext_hostname == NULL || PACKET_remaining(pkt) > 0) { + if (s->ext.hostname == NULL || PACKET_remaining(pkt) > 0) { *al = SSL_AD_UNRECOGNIZED_NAME; return 0; } if (!s->hit) { - if (s->session->tlsext_hostname != NULL) { + if (s->session->ext.hostname != NULL) { *al = SSL_AD_INTERNAL_ERROR; return 0; } - s->session->tlsext_hostname = OPENSSL_strdup(s->tlsext_hostname); - if (s->session->tlsext_hostname == NULL) { + s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); + if (s->session->ext.hostname == NULL) { *al = SSL_AD_INTERNAL_ERROR; return 0; } @@ -722,7 +721,7 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) { - unsigned int ecpointformatlist_length; + unsigned int ecpointformats_len; PACKET ecptformatlist; if (!PACKET_as_length_prefixed_1(pkt, &ecptformatlist)) { @@ -730,22 +729,21 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, return 0; } if (!s->hit) { - ecpointformatlist_length = PACKET_remaining(&ecptformatlist); - s->session->tlsext_ecpointformatlist_length = 0; + ecpointformats_len = PACKET_remaining(&ecptformatlist); + s->session->ext.ecpointformats_len = 0; - OPENSSL_free(s->session->tlsext_ecpointformatlist); - s->session->tlsext_ecpointformatlist = - OPENSSL_malloc(ecpointformatlist_length); - if (s->session->tlsext_ecpointformatlist == NULL) { + OPENSSL_free(s->session->ext.ecpointformats); + s->session->ext.ecpointformats = OPENSSL_malloc(ecpointformats_len); + if (s->session->ext.ecpointformats == NULL) { *al = SSL_AD_INTERNAL_ERROR; return 0; } - s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; + s->session->ext.ecpointformats_len = ecpointformats_len; if (!PACKET_copy_bytes(&ecptformatlist, - s->session->tlsext_ecpointformatlist, - ecpointformatlist_length)) { + s->session->ext.ecpointformats, + ecpointformats_len)) { *al = SSL_AD_INTERNAL_ERROR; return 0; } @@ -758,10 +756,10 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) { - if (s->tls_session_ticket_ext_cb != NULL && - !s->tls_session_ticket_ext_cb(s, PACKET_data(pkt), - PACKET_remaining(pkt), - s->tls_session_ticket_ext_cb_arg)) { + if (s->ext.session_ticket_cb != NULL && + !s->ext.session_ticket_cb(s, PACKET_data(pkt), + PACKET_remaining(pkt), + s->ext.session_ticket_cb_arg)) { *al = SSL_AD_INTERNAL_ERROR; return 0; } @@ -771,7 +769,7 @@ int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, return 0; } - s->tlsext_ticket_expected = 1; + s->ext.ticket_expected = 1; return 1; } @@ -784,7 +782,7 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, * MUST only be sent if we've requested a status * request message. In TLS <= 1.2 it must also be empty. */ - if (s->tlsext_status_type == TLSEXT_STATUSTYPE_nothing + if (s->ext.status_type == TLSEXT_STATUSTYPE_nothing || (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0)) { *al = SSL_AD_UNSUPPORTED_EXTENSION; return 0; @@ -800,7 +798,7 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, } /* Set flag to expect CertificateStatus message */ - s->tlsext_status_expected = 1; + s->ext.status_expected = 1; return 1; } @@ -819,14 +817,14 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) size_t size = PACKET_remaining(pkt); /* Simply copy it off for later processing */ - OPENSSL_free(s->tlsext_scts); - s->tlsext_scts = NULL; + OPENSSL_free(s->ext.scts); + s->ext.scts = NULL; - s->tlsext_scts_len = size; + s->ext.scts_len = size; if (size > 0) { - s->tlsext_scts = OPENSSL_malloc(size); - if (s->tlsext_scts == NULL - || !PACKET_copy_bytes(pkt, s->tlsext_scts, size)) { + s->ext.scts = OPENSSL_malloc(size); + if (s->ext.scts == NULL + || !PACKET_copy_bytes(pkt, s->ext.scts, size)) { *al = SSL_AD_INTERNAL_ERROR; return 0; } @@ -872,7 +870,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) return 1; /* We must have requested it. */ - if (s->ctx->next_proto_select_cb == NULL) { + if (s->ctx->ext.npn_select_cb == NULL) { *al = SSL_AD_UNSUPPORTED_EXTENSION; return 0; } @@ -883,10 +881,10 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) *al = SSL_AD_DECODE_ERROR; return 0; } - if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, - PACKET_data(pkt), - PACKET_remaining(pkt), - s->ctx->next_proto_select_cb_arg) != + if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len, + PACKET_data(pkt), + PACKET_remaining(pkt), + s->ctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK) { *al = SSL_AD_INTERNAL_ERROR; return 0; @@ -896,16 +894,16 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) * Could be non-NULL if server has sent multiple NPN extensions in * a single Serverhello */ - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = OPENSSL_malloc(selected_len); - if (s->next_proto_negotiated == NULL) { + OPENSSL_free(s->ext.npn); + s->ext.npn = OPENSSL_malloc(selected_len); + if (s->ext.npn == NULL) { *al = SSL_AD_INTERNAL_ERROR; return 0; } - memcpy(s->next_proto_negotiated, selected, selected_len); - s->next_proto_negotiated_len = selected_len; - s->s3->next_proto_neg_seen = 1; + memcpy(s->ext.npn, selected, selected_len); + s->ext.npn_len = selected_len; + s->s3->npn_seen = 1; return 1; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index dfe5fc5aca..c868bb9e2c 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -116,7 +116,7 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, return 0; } - if (!PACKET_strndup(&hostname, &s->session->tlsext_hostname)) { + if (!PACKET_strndup(&hostname, &s->session->ext.hostname)) { *al = TLS1_AD_INTERNAL_ERROR; return 0; } @@ -127,9 +127,9 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, * TODO(openssl-team): if the SNI doesn't match, we MUST * fall back to a full handshake. */ - s->servername_done = s->session->tlsext_hostname - && PACKET_equal(&hostname, s->session->tlsext_hostname, - strlen(s->session->tlsext_hostname)); + s->servername_done = s->session->ext.hostname + && PACKET_equal(&hostname, s->session->ext.hostname, + strlen(s->session->ext.hostname)); } return 1; @@ -173,8 +173,8 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, if (!s->hit) { if (!PACKET_memdup(&ec_point_format_list, - &s->session->tlsext_ecpointformatlist, - &s->session->tlsext_ecpointformatlist_length)) { + &s->session->ext.ecpointformats, + &s->session->ext.ecpointformats_len)) { *al = TLS1_AD_INTERNAL_ERROR; return 0; } @@ -187,10 +187,10 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) { - if (s->tls_session_ticket_ext_cb && - !s->tls_session_ticket_ext_cb(s, PACKET_data(pkt), - PACKET_remaining(pkt), - s->tls_session_ticket_ext_cb_arg)) { + if (s->ext.session_ticket_cb && + !s->ext.session_ticket_cb(s, PACKET_data(pkt), + PACKET_remaining(pkt), + s->ext.session_ticket_cb_arg)) { *al = TLS1_AD_INTERNAL_ERROR; return 0; } @@ -229,16 +229,16 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, if (x != NULL) return 1; - if (!PACKET_get_1(pkt, (unsigned int *)&s->tlsext_status_type)) { + if (!PACKET_get_1(pkt, (unsigned int *)&s->ext.status_type)) { *al = SSL_AD_DECODE_ERROR; return 0; } - if (s->tlsext_status_type != TLSEXT_STATUSTYPE_ocsp) { + if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) { /* * We don't know what to do with any other type so ignore it. */ - s->tlsext_status_type = TLSEXT_STATUSTYPE_nothing; + s->ext.status_type = TLSEXT_STATUSTYPE_nothing; return 1; } @@ -251,15 +251,15 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, * We remove any OCSP_RESPIDs from a previous handshake * to prevent unbounded memory growth - CVE-2016-6304 */ - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); + sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free); if (PACKET_remaining(&responder_id_list) > 0) { - s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null(); - if (s->tlsext_ocsp_ids == NULL) { + s->ext.ocsp.ids = sk_OCSP_RESPID_new_null(); + if (s->ext.ocsp.ids == NULL) { *al = SSL_AD_INTERNAL_ERROR; return 0; } } else { - s->tlsext_ocsp_ids = NULL; + s->ext.ocsp.ids = NULL; } while (PACKET_remaining(&responder_id_list) > 0) { @@ -288,7 +288,7 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, return 0; } - if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) { + if (!sk_OCSP_RESPID_push(s->ext.ocsp.ids, id)) { OCSP_RESPID_free(id); *al = SSL_AD_INTERNAL_ERROR; return 0; @@ -304,11 +304,11 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, if (PACKET_remaining(&exts) > 0) { const unsigned char *ext_data = PACKET_data(&exts); - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, + sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free); - s->tlsext_ocsp_exts = + s->ext.ocsp.exts = d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts)); - if (s->tlsext_ocsp_exts == NULL || ext_data != PACKET_end(&exts)) { + if (s->ext.ocsp.exts == NULL || ext_data != PACKET_end(&exts)) { *al = SSL_AD_DECODE_ERROR; return 0; } @@ -339,7 +339,7 @@ int tls_parse_ctos_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) * Finished message could have been computed.) */ if (s->s3->tmp.finish_md_len == 0) - s->s3->next_proto_neg_seen = 1; + s->s3->npn_seen = 1; return 1; } @@ -643,8 +643,8 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, X509 *x, if (!s->hit && !PACKET_memdup(&supported_groups_list, - &s->session->tlsext_supportedgroupslist, - &s->session->tlsext_supportedgroupslist_length)) { + &s->session->ext.supportedgroups, + &s->session->ext.supportedgroups_len)) { *al = SSL_AD_DECODE_ERROR; return 0; } @@ -695,7 +695,7 @@ int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx, int *al) { if (s->hit || s->servername_done != 1 - || s->session->tlsext_hostname == NULL) + || s->session->ext.hostname == NULL) return 1; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) @@ -714,7 +714,7 @@ int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x, unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) - && (s->session->tlsext_ecpointformatlist != NULL); + && (s->session->ext.ecpointformats != NULL); const unsigned char *plist; size_t plistlen; @@ -737,8 +737,8 @@ int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x, int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx, int *al) { - if (!s->tlsext_ticket_expected || !tls_use_ticket(s)) { - s->tlsext_ticket_expected = 0; + if (!s->ext.ticket_expected || !tls_use_ticket(s)) { + s->ext.ticket_expected = 0; return 1; } @@ -755,7 +755,7 @@ int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, X509 *x, int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx, int *al) { - if (!s->tlsext_status_expected) + if (!s->ext.status_expected) return 1; if (SSL_IS_TLS13(s) && chainidx != 0) @@ -789,14 +789,14 @@ int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, X509 *x, const unsigned char *npa; unsigned int npalen; int ret; - int next_proto_neg_seen = s->s3->next_proto_neg_seen; + int npn_seen = s->s3->npn_seen; - s->s3->next_proto_neg_seen = 0; - if (!next_proto_neg_seen || s->ctx->next_protos_advertised_cb == NULL) + s->s3->npn_seen = 0; + if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL) return 1; - ret = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, - s->ctx->next_protos_advertised_cb_arg); + ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen, + s->ctx->ext.npn_advertised_cb_arg); if (ret == SSL_TLSEXT_ERR_OK) { if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { @@ -804,7 +804,7 @@ int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, X509 *x, ERR_R_INTERNAL_ERROR); return 0; } - s->s3->next_proto_neg_seen = 1; + s->s3->npn_seen = 1; } return 1; diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index a3133adcef..82713d2dfb 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -225,7 +225,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) case TLS_ST_CR_SRVR_HELLO: if (s->hit) { - if (s->tlsext_ticket_expected) { + if (s->ext.ticket_expected) { if (mt == SSL3_MT_NEWSESSION_TICKET) { st->hand_state = TLS_ST_CR_SESSION_TICKET; return 1; @@ -239,8 +239,8 @@ int ossl_statem_client_read_transition(SSL *s, int mt) st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; return 1; } else if (s->version >= TLS1_VERSION - && s->tls_session_secret_cb != NULL - && s->session->tlsext_tick != NULL + && s->ext.session_secret_cb != NULL + && s->session->ext.tick != NULL && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { /* * Normally, we can tell if the server is resuming the session @@ -282,9 +282,9 @@ int ossl_statem_client_read_transition(SSL *s, int mt) case TLS_ST_CR_CERT: /* * The CertificateStatus message is optional even if - * |tlsext_status_expected| is set + * |ext.status_expected| is set */ - if (s->tlsext_status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) { + if (s->ext.status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) { st->hand_state = TLS_ST_CR_CERT_STATUS; return 1; } @@ -321,7 +321,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) break; case TLS_ST_CW_FINISHED: - if (s->tlsext_ticket_expected) { + if (s->ext.ticket_expected) { if (mt == SSL3_MT_NEWSESSION_TICKET) { st->hand_state = TLS_ST_CR_SESSION_TICKET; return 1; @@ -478,7 +478,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) #if defined(OPENSSL_NO_NEXTPROTONEG) st->hand_state = TLS_ST_CW_FINISHED; #else - if (!SSL_IS_DTLS(s) && s->s3->next_proto_neg_seen) + if (!SSL_IS_DTLS(s) && s->s3->npn_seen) st->hand_state = TLS_ST_CW_NEXT_PROTO; else st->hand_state = TLS_ST_CW_FINISHED; @@ -872,7 +872,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) * In the case of EAP-FAST, we can have a pre-shared * "ticket" without a session ID. */ - (!sess->session_id_length && !sess->tlsext_tick) || + (!sess->session_id_length && !sess->ext.tick) || (sess->not_resumable)) { if (!ssl_get_new_session(s, 0)) return 0; @@ -1122,7 +1122,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) * server wants to resume. */ if (s->version >= TLS1_VERSION && !SSL_IS_TLS13(s) - && s->tls_session_secret_cb != NULL && s->session->tlsext_tick) { + && s->ext.session_secret_cb != NULL && s->session->ext.tick) { const SSL_CIPHER *pref_cipher = NULL; /* * s->session->master_key_length is a size_t, but this is an int for @@ -1130,10 +1130,10 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) */ int master_key_length; master_key_length = sizeof(s->session->master_key); - if (s->tls_session_secret_cb(s, s->session->master_key, + if (s->ext.session_secret_cb(s, s->session->master_key, &master_key_length, NULL, &pref_cipher, - s->tls_session_secret_cb_arg) + s->ext.session_secret_cb_arg) && master_key_length > 0) { s->session->master_key_length = master_key_length; s->session->cipher = pref_cipher ? @@ -2134,22 +2134,23 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) s->session = new_sess; } - OPENSSL_free(s->session->tlsext_tick); - s->session->tlsext_ticklen = 0; + OPENSSL_free(s->session->ext.tick); + s->session->ext.tick = NULL; + s->session->ext.ticklen = 0; - s->session->tlsext_tick = OPENSSL_malloc(ticklen); - if (s->session->tlsext_tick == NULL) { + s->session->ext.tick = OPENSSL_malloc(ticklen); + if (s->session->ext.tick == NULL) { SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); goto err; } - if (!PACKET_copy_bytes(pkt, s->session->tlsext_tick, ticklen)) { + if (!PACKET_copy_bytes(pkt, s->session->ext.tick, ticklen)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); goto f_err; } - s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint; - s->session->tlsext_ticklen = ticklen; + s->session->ext.tick_lifetime_hint = ticket_lifetime_hint; + s->session->ext.ticklen = ticklen; /* * There are two ways to detect a resumed ticket session. One is to set * an appropriate session ID and then the server must return a match in @@ -2165,7 +2166,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * TODO(size_t): we use sess_len here because EVP_Digest expects an int * but s->session->session_id_length is a size_t */ - if (!EVP_Digest(s->session->tlsext_tick, ticklen, + if (!EVP_Digest(s->session->ext.tick, ticklen, s->session->session_id, &sess_len, EVP_sha256(), NULL)) { SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB); @@ -2204,17 +2205,17 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt, int *al) return 0; } s->tlsext_ocsp_resp = OPENSSL_malloc(resplen); - if (s->tlsext_ocsp_resp == NULL) { + if (s->ext.ocsp_resp == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS_BODY, ERR_R_MALLOC_FAILURE); return 0; } - if (!PACKET_copy_bytes(pkt, s->tlsext_ocsp_resp, resplen)) { + if (!PACKET_copy_bytes(pkt, s->ext.ocsp_resp, resplen)) { *al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS_BODY, SSL_R_LENGTH_MISMATCH); return 0; } - s->tlsext_ocsp_resplen = resplen; + s->ext.ocsp_resplen = resplen; return 1; } @@ -2251,14 +2252,14 @@ int tls_process_initial_server_flight(SSL *s, int *al) } /* - * Call the ocsp status callback if needed. The |tlsext_ocsp_resp| and - * |tlsext_ocsp_resplen| values will be set if we actually received a status + * Call the ocsp status callback if needed. The |ext.ocsp.resp| and + * |ext.ocsp.resp_len| values will be set if we actually received a status * message, or NULL and -1 otherwise */ - if (s->tlsext_status_type != TLSEXT_STATUSTYPE_nothing - && s->ctx->tlsext_status_cb != NULL) { - int ret; - ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); + if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing + && s->ctx->ext.status_cb != NULL) { + int ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); + if (ret == 0) { *al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; SSLerr(SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, @@ -3112,10 +3113,10 @@ int tls_construct_next_proto(SSL *s, WPACKET *pkt) size_t len, padding_len; unsigned char *padding = NULL; - len = s->next_proto_negotiated_len; + len = s->ext.npn_len; padding_len = 32 - ((len + 2) % 32); - if (!WPACKET_sub_memcpy_u8(pkt, s->next_proto_negotiated, len) + if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len) || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) { SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index b3d6419808..475f405768 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -255,7 +255,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) case TLS_ST_SR_CHANGE: #ifndef OPENSSL_NO_NEXTPROTONEG - if (s->s3->next_proto_neg_seen) { + if (s->s3->npn_seen) { if (mt == SSL3_MT_NEXT_PROTO) { st->hand_state = TLS_ST_SR_NEXT_PROTO; return 1; @@ -488,7 +488,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) case TLS_ST_SW_SRVR_HELLO: if (s->hit) { - if (s->tlsext_ticket_expected) + if (s->ext.ticket_expected) st->hand_state = TLS_ST_SW_SESSION_TICKET; else st->hand_state = TLS_ST_SW_CHANGE; @@ -509,7 +509,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_SW_CERT: - if (s->tlsext_status_expected) { + if (s->ext.status_expected) { st->hand_state = TLS_ST_SW_CERT_STATUS; return WRITE_TRAN_CONTINUE; } @@ -541,7 +541,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) st->hand_state = TLS_ST_OK; ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; - } else if (s->tlsext_ticket_expected) { + } else if (s->ext.ticket_expected) { st->hand_state = TLS_ST_SW_SESSION_TICKET; } else { st->hand_state = TLS_ST_SW_CHANGE; @@ -1527,7 +1527,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } } - if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) { + if (!s->hit && s->version >= TLS1_VERSION && s->ext.session_secret_cb) { const SSL_CIPHER *pref_cipher = NULL; /* * s->session->master_key_length is a size_t, but this is an int for @@ -1536,10 +1536,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) int master_key_length; master_key_length = sizeof(s->session->master_key); - if (s->tls_session_secret_cb(s, s->session->master_key, + if (s->ext.session_secret_cb(s, s->session->master_key, &master_key_length, ciphers, &pref_cipher, - s->tls_session_secret_cb_arg) + s->ext.session_secret_cb_arg) && master_key_length > 0) { s->session->master_key_length = master_key_length; s->hit = 1; @@ -1691,7 +1691,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) */ static int tls_handle_status_request(SSL *s, int *al) { - s->tlsext_status_expected = 0; + s->ext.status_expected = 0; /* * If status request then ask callback what to do. Note: this must be @@ -1699,8 +1699,8 @@ static int tls_handle_status_request(SSL *s, int *al) * and must be called after the cipher has been chosen because this may * influence which certificate is sent */ - if (s->tlsext_status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL - && s->ctx->tlsext_status_cb != NULL) { + if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL + && s->ctx->ext.status_cb != NULL) { int ret; CERT_PKEY *certpkey = ssl_get_server_send_pkey(s); @@ -1711,16 +1711,16 @@ static int tls_handle_status_request(SSL *s, int *al) * et al can pick it up. */ s->cert->key = certpkey; - ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); + ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); switch (ret) { /* We don't want to send a status request response */ case SSL_TLSEXT_ERR_NOACK: - s->tlsext_status_expected = 0; + s->ext.status_expected = 0; break; /* status request response should be sent */ case SSL_TLSEXT_ERR_OK: - if (s->tlsext_ocsp_resp) - s->tlsext_status_expected = 1; + if (s->ext.ocsp.resp) + s->ext.status_expected = 1; break; /* something bad happened */ case SSL_TLSEXT_ERR_ALERT_FATAL: @@ -1773,7 +1773,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) != 0)); if (s->session->not_resumable) /* do not send a session ticket */ - s->tlsext_ticket_expected = 0; + s->ext.ticket_expected = 0; } else { /* Session-id reuse */ s->s3->tmp.new_cipher = s->session->cipher; @@ -3371,9 +3371,9 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) * Initialize HMAC and cipher contexts. If callback present it does * all the work otherwise use generated values from parent ctx. */ - if (tctx->tlsext_ticket_key_cb) { + if (tctx->ext.ticket_key_cb) { /* if 0 is returned, write an empty ticket */ - int ret = tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, + int ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx, hctx, 1); if (ret == 0) { @@ -3400,14 +3400,14 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) if (RAND_bytes(iv, iv_len) <= 0) goto err; if (!EVP_EncryptInit_ex(ctx, cipher, NULL, - tctx->tlsext_tick_aes_key, iv)) + tctx->ext.tick_aes_key, iv)) goto err; - if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, - sizeof(tctx->tlsext_tick_hmac_key), + if (!HMAC_Init_ex(hctx, tctx->ext.tick_hmac_key, + sizeof(tctx->ext.tick_hmac_key), EVP_sha256(), NULL)) goto err; - memcpy(key_name, tctx->tlsext_tick_key_name, - sizeof(tctx->tlsext_tick_key_name)); + memcpy(key_name, tctx->ext.tick_key_name, + sizeof(tctx->ext.tick_key_name)); } /* @@ -3465,6 +3465,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) */ int tls_construct_cert_status_body(SSL *s, WPACKET *pkt) { +<<<<<<< 3b72dcd5fb4d2c756a830dba1fc34f4a7ae61b73 if (!WPACKET_put_bytes_u8(pkt, s->tlsext_status_type) || !WPACKET_sub_memcpy_u24(pkt, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen)) { @@ -3478,6 +3479,12 @@ int tls_construct_cert_status_body(SSL *s, WPACKET *pkt) int tls_construct_cert_status(SSL *s, WPACKET *pkt) { if (!tls_construct_cert_status_body(s, pkt)) { +======= + if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type) + || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp, + s->ext.ocsp.resp_len)) { + SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS, ERR_R_INTERNAL_ERROR); +>>>>>>> Move extension data into sub-structs ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); return 0; } @@ -3509,12 +3516,12 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt) goto err; } - if (!PACKET_memdup(&next_proto, &s->next_proto_negotiated, &next_proto_len)) { - s->next_proto_negotiated_len = 0; + if (!PACKET_memdup(&next_proto, &s->ext.npn, &next_proto_len)) { + s->ext.npn_len = 0; goto err; } - s->next_proto_negotiated_len = (unsigned char)next_proto_len; + s->ext.npn_len = (unsigned char)next_proto_len; return MSG_PROCESS_CONTINUE_READING; err: diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f45ffcbc94..ec8b9687bb 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -112,7 +112,7 @@ int tls1_new(SSL *s) void tls1_free(SSL *s) { - OPENSSL_free(s->tlsext_session_ticket); + OPENSSL_free(s->ext.session_ticket); ssl3_free(s); } @@ -265,8 +265,8 @@ int tls1_get_curvelist(SSL *s, int sess, const unsigned char **pcurves, { size_t pcurveslen = 0; if (sess) { - *pcurves = s->session->tlsext_supportedgroupslist; - pcurveslen = s->session->tlsext_supportedgroupslist_length; + *pcurves = s->session->ext.supportedgroups; + pcurveslen = s->session->ext.supportedgroups_len; } else { /* For Suite B mode only include P-256, P-384 */ switch (tls1_suiteb(s)) { @@ -285,8 +285,8 @@ int tls1_get_curvelist(SSL *s, int sess, const unsigned char **pcurves, pcurveslen = 2; break; default: - *pcurves = s->tlsext_supportedgroupslist; - pcurveslen = s->tlsext_supportedgroupslist_length; + *pcurves = s->ext.supportedgroups; + pcurveslen = s->ext.supportedgroups_len; } if (!*pcurves) { *pcurves = eccurves_default; @@ -556,9 +556,9 @@ static int tls1_check_ec_key(SSL *s, * If point formats extension present check it, otherwise everything is * supported (see RFC4492). */ - if (comp_id && s->session->tlsext_ecpointformatlist) { - pformats = s->session->tlsext_ecpointformatlist; - num_formats = s->session->tlsext_ecpointformatlist_length; + if (comp_id && s->session->ext.ecpointformats) { + pformats = s->session->ext.ecpointformats; + num_formats = s->session->ext.ecpointformats_len; for (i = 0; i < num_formats; i++, pformats++) { if (*comp_id == *pformats) break; @@ -601,9 +601,9 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats, /* * If we have a custom point format list use it otherwise use default */ - if (s->tlsext_ecpointformatlist) { - *pformats = s->tlsext_ecpointformatlist; - *num_formats = s->tlsext_ecpointformatlist_length; + if (s->ext.ecpointformats) { + *pformats = s->ext.ecpointformats; + *num_formats = s->ext.ecpointformats_len; } else { *pformats = ecformats_default; /* For Suite B we don't support char2 fields */ @@ -749,12 +749,12 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) static const unsigned char tls12_sigalgs[] = { tlsext_sigalg(TLSEXT_hash_sha512) - tlsext_sigalg(TLSEXT_hash_sha384) - tlsext_sigalg(TLSEXT_hash_sha256) - tlsext_sigalg(TLSEXT_hash_sha224) - tlsext_sigalg(TLSEXT_hash_sha1) + tlsext_sigalg(TLSEXT_hash_sha384) + tlsext_sigalg(TLSEXT_hash_sha256) + tlsext_sigalg(TLSEXT_hash_sha224) + tlsext_sigalg(TLSEXT_hash_sha1) #ifndef OPENSSL_NO_GOST - TLSEXT_hash_gostr3411, TLSEXT_signature_gostr34102001, + TLSEXT_hash_gostr3411, TLSEXT_signature_gostr34102001, TLSEXT_hash_gostr34112012_256, TLSEXT_signature_gostr34102012_256, TLSEXT_hash_gostr34112012_512, TLSEXT_signature_gostr34102012_512 #endif @@ -763,9 +763,10 @@ static const unsigned char tls12_sigalgs[] = { #ifndef OPENSSL_NO_EC static const unsigned char suiteb_sigalgs[] = { tlsext_sigalg_ecdsa(TLSEXT_hash_sha256) - tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) + tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) }; #endif + size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) { /* @@ -1039,7 +1040,7 @@ RAW_EXTENSION *tls_get_extension_by_type(RAW_EXTENSION *exts, size_t numexts, * * If s->tls_session_secret_cb is set then we are expecting a pre-shared key * ciphersuite, in which case we have no use for session tickets and one will - * never be decrypted, nor will s->tlsext_ticket_expected be set to 1. + * never be decrypted, nor will s->ext.ticket_expected be set to 1. * * Returns: * -1: fatal error, either from parsing or decrypting the ticket. @@ -1051,12 +1052,12 @@ RAW_EXTENSION *tls_get_extension_by_type(RAW_EXTENSION *exts, size_t numexts, * 3: a ticket was successfully decrypted and *ret was set. * * Side effects: - * Sets s->tlsext_ticket_expected to 1 if the server will have to issue + * Sets s->ext.ticket_expected to 1 if the server will have to issue * a new session ticket to the client because the client indicated support * (and s->tls_session_secret_cb is NULL) but the client either doesn't have * a session ticket or we couldn't use the one it gave us, or if - * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket. - * Otherwise, s->tlsext_ticket_expected is set to 0. + * s->ctx->ext.ticket_key_cb asked to renew the client's ticket. + * Otherwise, s->ext.ticket_expected is set to 0. */ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, SSL_SESSION **ret) @@ -1066,7 +1067,7 @@ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, RAW_EXTENSION *ticketext; *ret = NULL; - s->tlsext_ticket_expected = 0; + s->ext.ticket_expected = 0; /* * If tickets disabled or not supported by the protocol version @@ -1086,10 +1087,10 @@ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, * The client will accept a ticket but doesn't currently have * one. */ - s->tlsext_ticket_expected = 1; + s->ext.ticket_expected = 1; return 1; } - if (s->tls_session_secret_cb) { + if (s->ext.session_secret_cb) { /* * Indicate that the ticket couldn't be decrypted rather than * generating the session from ticket now, trigger @@ -1103,14 +1104,14 @@ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, hello->session_id, hello->session_id_len, ret); switch (retv) { case 2: /* ticket couldn't be decrypted */ - s->tlsext_ticket_expected = 1; + s->ext.ticket_expected = 1; return 2; case 3: /* ticket was decrypted */ return 3; case 4: /* ticket decrypted but need to renew */ - s->tlsext_ticket_expected = 1; + s->ext.ticket_expected = 1; return 3; default: /* fatal error */ @@ -1158,9 +1159,9 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, ret = -2; goto err; } - if (tctx->tlsext_ticket_key_cb) { + if (tctx->ext.ticket_key_cb) { unsigned char *nctick = (unsigned char *)etick; - int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, + int rv = tctx->ext.ticket_key_cb(s, nctick, nctick + 16, ctx, hctx, 0); if (rv < 0) goto err; @@ -1172,17 +1173,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, renew_ticket = 1; } else { /* Check key name matches */ - if (memcmp(etick, tctx->tlsext_tick_key_name, - sizeof(tctx->tlsext_tick_key_name)) != 0) { + if (memcmp(etick, tctx->ext.tick_key_name, + sizeof(tctx->ext.tick_key_name)) != 0) { ret = 2; goto err; } - if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, - sizeof(tctx->tlsext_tick_hmac_key), + if (HMAC_Init_ex(hctx, tctx->ext.tick_hmac_key, + sizeof(tctx->ext.tick_hmac_key), EVP_sha256(), NULL) <= 0 || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, - tctx->tlsext_tick_aes_key, - etick + sizeof(tctx->tlsext_tick_key_name)) <= + tctx->ext.tick_aes_key, + etick + sizeof(tctx->ext.tick_key_name)) <= 0) { goto err; } diff --git a/test/handshake_helper.c b/test/handshake_helper.c index bf647f1690..9ffd0bf427 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -378,16 +378,16 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, parse_protos(extra->server.npn_protocols, &server_ctx_data->npn_protocols, &server_ctx_data->npn_protocols_len); - SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb, - server_ctx_data); + SSL_CTX_set_npn_advertised_cb(server_ctx, server_npn_cb, + server_ctx_data); } if (extra->server2.npn_protocols != NULL) { parse_protos(extra->server2.npn_protocols, &server2_ctx_data->npn_protocols, &server2_ctx_data->npn_protocols_len); TEST_check(server2_ctx != NULL); - SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb, - server2_ctx_data); + SSL_CTX_set_npn_advertised_cb(server2_ctx, server_npn_cb, + server2_ctx_data); } if (extra->client.npn_protocols != NULL) { parse_protos(extra->client.npn_protocols, diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index 4da340be2d..79edaddae4 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -589,7 +589,7 @@ static bssl::UniquePtr SetupCtx(const TestConfig *config) { SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback); } - SSL_CTX_set_next_protos_advertised_cb( + SSL_CTX_set_npn_advertised_cb( ssl_ctx.get(), NextProtosAdvertisedCallback, NULL); if (!config->select_next_proto.empty()) { SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback, diff --git a/test/ssltest_old.c b/test/ssltest_old.c index c19ab98de0..1bfa983122 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -1662,14 +1662,12 @@ int main(int argc, char *argv[]) "Can't have both -npn_server and -npn_server_reject\n"); goto end; } - SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL); - SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_npn, NULL); + SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL); + SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL); } if (npn_server_reject) { - SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn, - NULL); - SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_rejects_npn, - NULL); + SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL); + SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL); } #endif -- 2.25.1