Loading apps/s_server.c +4 −4 Original line number Diff line number Diff line Loading @@ -451,16 +451,16 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg) /* Structure passed to cert status callback */ typedef struct tlsextstatusctx_st { int timeout; /* File to load OCSP Response from (or NULL if no file) */ char *respin; /* Default responder to use */ char *host, *path, *port; int use_ssl; int timeout; int verbose; } tlsextstatusctx; static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, NULL, 0, -1, 0 }; static tlsextstatusctx tlscstatp = { -1 }; #ifndef OPENSSL_NO_OCSP Loading Loading @@ -553,7 +553,7 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, err: ret = SSL_TLSEXT_ERR_ALERT_FATAL; done: if (aia) { if (aia != NULL) { OPENSSL_free(host); OPENSSL_free(path); OPENSSL_free(port); Loading Loading @@ -589,7 +589,7 @@ static int cert_status_cb(SSL *s, void *arg) } resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); BIO_free(derbio); if (!resp) { if (resp == NULL) { BIO_puts(bio_err, "cert_status: Error reading OCSP response\n"); goto err; } Loading ssl/statem/statem_clnt.c +4 −3 Original line number Diff line number Diff line Loading @@ -144,7 +144,8 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) if (mt == SSL3_MT_CERTIFICATE_REQUEST) { st->hand_state = TLS_ST_CR_CERT_REQ; return 1; } else if (mt == SSL3_MT_CERTIFICATE) { } if (mt == SSL3_MT_CERTIFICATE) { st->hand_state = TLS_ST_CR_CERT; return 1; } Loading Loading @@ -200,7 +201,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) * Note that after a ClientHello we don't know what version we are going * to negotiate yet, so we don't take this branch until later */ if (s->method->version == TLS1_3_VERSION) { if (SSL_IS_TLS13(s)) { if (!ossl_statem_client13_read_transition(s, mt)) goto err; return 1; Loading Loading @@ -414,7 +415,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) * version we are going to negotiate yet, so we don't take this branch until * later */ if (s->method->version == TLS1_3_VERSION) if (SSL_IS_TLS13(s)) return ossl_statem_client13_write_transition(s); switch (st->hand_state) { Loading ssl/statem/statem_srvr.c +4 −6 Original line number Diff line number Diff line Loading @@ -150,7 +150,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) { OSSL_STATEM *st = &s->statem; if (s->method->version == TLS1_3_VERSION) { if (SSL_IS_TLS13(s)) { if (!ossl_statem_server13_read_transition(s, mt)) goto err; return 1; Loading Loading @@ -422,10 +422,8 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_SW_CERT: if (s->tlsext_status_expected) st->hand_state = TLS_ST_SW_CERT_STATUS; else st->hand_state = TLS_ST_SW_FINISHED; st->hand_state = s->tlsext_status_expected ? TLS_ST_SW_CERT_STATUS : TLS_ST_SW_FINISHED; return WRITE_TRAN_CONTINUE; case TLS_ST_SW_CERT_STATUS: Loading Loading @@ -455,7 +453,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) * to negotiate yet, so we don't take this branch until later */ if (s->method->version == TLS1_3_VERSION) if (SSL_IS_TLS13(s)) return ossl_statem_server13_write_transition(s); switch (st->hand_state) { Loading ssl/t1_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -943,7 +943,7 @@ int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op) static int tls_use_ticket(SSL *s) { if (s->options & SSL_OP_NO_TICKET || SSL_IS_TLS13(s)) if ((s->options & SSL_OP_NO_TICKET) || SSL_IS_TLS13(s)) return 0; return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL); } Loading ssl/tls13_enc.c +31 −43 Original line number Diff line number Diff line Loading @@ -17,16 +17,11 @@ /* Always filled with zeros */ static const unsigned char default_zeros[EVP_MAX_MD_SIZE]; static const unsigned char keylabel[] = "key"; static const unsigned char ivlabel[] = "iv"; static const unsigned char finishedlabel[] = "finished"; /* * Given a |secret|; a |label| of length |labellen|; and a |hash| of the * handshake messages, derive a new secret |outlen| bytes long and store it in * the location pointed to be |out|. The |hash| value may be NULL. * * Returns 1 on success 0 on failure. * the location pointed to be |out|. The |hash| value may be NULL. Returns 1 on * success 0 on failure. */ static int tls13_hkdf_expand(SSL *s, const unsigned char *secret, const unsigned char *label, size_t labellen, Loading Loading @@ -82,9 +77,8 @@ static int tls13_hkdf_expand(SSL *s, const unsigned char *secret, /* * Given a input secret |insecret| and a |label| of length |labellen|, derive a * new |secret|. This will be the length of the current hash output size and * will be based on the current state of the handshake hashes. * * Returns 1 on success 0 on failure. * will be based on the current state of the handshake hashes. Returns 1 on * success 0 on failure. */ int tls13_derive_secret(SSL *s, const unsigned char *insecret, const unsigned char *label, size_t labellen, Loading @@ -104,25 +98,27 @@ int tls13_derive_secret(SSL *s, const unsigned char *insecret, } /* * Given a |secret| generate a |key| of length |keylen| bytes. * * Returns 1 on success 0 on failure. * Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on * success 0 on failure. */ int tls13_derive_key(SSL *s, const unsigned char *secret, unsigned char *key, size_t keylen) { static const unsigned char keylabel[] = "key"; return tls13_hkdf_expand(s, secret, keylabel, sizeof(keylabel) - 1, NULL, key, keylen); } /* * Given a |secret| generate an |iv| of length |ivlen| bytes. * * Returns 1 on success 0 on failure. * Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on * success 0 on failure. */ int tls13_derive_iv(SSL *s, const unsigned char *secret, unsigned char *iv, size_t ivlen) { static const unsigned char ivlabel[] = "iv"; return tls13_hkdf_expand(s, secret, ivlabel, sizeof(ivlabel) - 1, NULL, iv, ivlen); } Loading @@ -130,6 +126,8 @@ int tls13_derive_iv(SSL *s, const unsigned char *secret, unsigned char *iv, static int tls13_derive_finishedkey(SSL *s, const unsigned char *secret, unsigned char *fin, size_t finlen) { static const unsigned char finishedlabel[] = "finished"; return tls13_hkdf_expand(s, secret, finishedlabel, sizeof(finishedlabel) - 1, NULL, fin, finlen); } Loading @@ -137,9 +135,7 @@ static int tls13_derive_finishedkey(SSL *s, const unsigned char *secret, /* * Given the previous secret |prevsecret| and a new input secret |insecret| of * length |insecretlen|, generate a new secret and store it in the location * pointed to by |outsecret|. * * Returns 1 on success 0 on failure. * pointed to by |outsecret|. Returns 1 on success 0 on failure. */ static int tls13_generate_secret(SSL *s, const unsigned char *prevsecret, const unsigned char *insecret, Loading Loading @@ -183,9 +179,7 @@ static int tls13_generate_secret(SSL *s, const unsigned char *prevsecret, /* * Given an input secret |insecret| of length |insecretlen| generate the early * secret. * * Returns 1 on success 0 on failure. * secret. Returns 1 on success 0 on failure. */ int tls13_generate_early_secret(SSL *s, const unsigned char *insecret, size_t insecretlen) Loading @@ -197,9 +191,7 @@ int tls13_generate_early_secret(SSL *s, const unsigned char *insecret, /* * Given an input secret |insecret| of length |insecretlen| generate the * handshake secret. This requires the early secret to already have been * generated. * * Returns 1 on success 0 on failure. * generated. Returns 1 on success 0 on failure. */ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, size_t insecretlen) Loading @@ -210,9 +202,8 @@ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, /* * Given the handshake secret |prev| of length |prevlen| generate the master * secret and store its length in |*secret_size| * * Returns 1 on success 0 on failure. * secret and store its length in |*secret_size|. Returns 1 on success 0 on * failure. */ int tls13_generate_master_secret(SSL *s, unsigned char *out, unsigned char *prev, size_t prevlen, Loading @@ -223,9 +214,8 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out, } /* * Generates the mac for the Finished message. * * Returns the length of the MAC or 0 on error. * Generates the mac for the Finished message. Returns the length of the MAC or * 0 on error. */ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, unsigned char *out) Loading Loading @@ -262,9 +252,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, /* * There isn't really a key block in TLSv1.3, but we still need this function * for initialising the cipher and hash. * * Returns 1 on success or 0 on failure. * for initialising the cipher and hash. Returns 1 on success or 0 on failure. */ int tls13_setup_key_block(SSL *s) { Loading @@ -285,17 +273,16 @@ int tls13_setup_key_block(SSL *s) return 1; } const unsigned char client_handshake_traffic[] = int tls13_change_cipher_state(SSL *s, int which) { static const unsigned char client_handshake_traffic[] = "client handshake traffic secret"; const unsigned char client_application_traffic[] = static const unsigned char client_application_traffic[] = "client application traffic secret"; const unsigned char server_handshake_traffic[] = static const unsigned char server_handshake_traffic[] = "server handshake traffic secret"; const unsigned char server_application_traffic[] = static const unsigned char server_application_traffic[] = "server application traffic secret"; int tls13_change_cipher_state(SSL *s, int which) { unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char secret[EVP_MAX_MD_SIZE]; Loading Loading @@ -396,6 +383,7 @@ int tls13_change_cipher_state(SSL *s, int which) } } else if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) { int taglen; if (s->s3->tmp.new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = 8; Loading Loading
apps/s_server.c +4 −4 Original line number Diff line number Diff line Loading @@ -451,16 +451,16 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg) /* Structure passed to cert status callback */ typedef struct tlsextstatusctx_st { int timeout; /* File to load OCSP Response from (or NULL if no file) */ char *respin; /* Default responder to use */ char *host, *path, *port; int use_ssl; int timeout; int verbose; } tlsextstatusctx; static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, NULL, 0, -1, 0 }; static tlsextstatusctx tlscstatp = { -1 }; #ifndef OPENSSL_NO_OCSP Loading Loading @@ -553,7 +553,7 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, err: ret = SSL_TLSEXT_ERR_ALERT_FATAL; done: if (aia) { if (aia != NULL) { OPENSSL_free(host); OPENSSL_free(path); OPENSSL_free(port); Loading Loading @@ -589,7 +589,7 @@ static int cert_status_cb(SSL *s, void *arg) } resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); BIO_free(derbio); if (!resp) { if (resp == NULL) { BIO_puts(bio_err, "cert_status: Error reading OCSP response\n"); goto err; } Loading
ssl/statem/statem_clnt.c +4 −3 Original line number Diff line number Diff line Loading @@ -144,7 +144,8 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) if (mt == SSL3_MT_CERTIFICATE_REQUEST) { st->hand_state = TLS_ST_CR_CERT_REQ; return 1; } else if (mt == SSL3_MT_CERTIFICATE) { } if (mt == SSL3_MT_CERTIFICATE) { st->hand_state = TLS_ST_CR_CERT; return 1; } Loading Loading @@ -200,7 +201,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) * Note that after a ClientHello we don't know what version we are going * to negotiate yet, so we don't take this branch until later */ if (s->method->version == TLS1_3_VERSION) { if (SSL_IS_TLS13(s)) { if (!ossl_statem_client13_read_transition(s, mt)) goto err; return 1; Loading Loading @@ -414,7 +415,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) * version we are going to negotiate yet, so we don't take this branch until * later */ if (s->method->version == TLS1_3_VERSION) if (SSL_IS_TLS13(s)) return ossl_statem_client13_write_transition(s); switch (st->hand_state) { Loading
ssl/statem/statem_srvr.c +4 −6 Original line number Diff line number Diff line Loading @@ -150,7 +150,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) { OSSL_STATEM *st = &s->statem; if (s->method->version == TLS1_3_VERSION) { if (SSL_IS_TLS13(s)) { if (!ossl_statem_server13_read_transition(s, mt)) goto err; return 1; Loading Loading @@ -422,10 +422,8 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_SW_CERT: if (s->tlsext_status_expected) st->hand_state = TLS_ST_SW_CERT_STATUS; else st->hand_state = TLS_ST_SW_FINISHED; st->hand_state = s->tlsext_status_expected ? TLS_ST_SW_CERT_STATUS : TLS_ST_SW_FINISHED; return WRITE_TRAN_CONTINUE; case TLS_ST_SW_CERT_STATUS: Loading Loading @@ -455,7 +453,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) * to negotiate yet, so we don't take this branch until later */ if (s->method->version == TLS1_3_VERSION) if (SSL_IS_TLS13(s)) return ossl_statem_server13_write_transition(s); switch (st->hand_state) { Loading
ssl/t1_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -943,7 +943,7 @@ int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op) static int tls_use_ticket(SSL *s) { if (s->options & SSL_OP_NO_TICKET || SSL_IS_TLS13(s)) if ((s->options & SSL_OP_NO_TICKET) || SSL_IS_TLS13(s)) return 0; return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL); } Loading
ssl/tls13_enc.c +31 −43 Original line number Diff line number Diff line Loading @@ -17,16 +17,11 @@ /* Always filled with zeros */ static const unsigned char default_zeros[EVP_MAX_MD_SIZE]; static const unsigned char keylabel[] = "key"; static const unsigned char ivlabel[] = "iv"; static const unsigned char finishedlabel[] = "finished"; /* * Given a |secret|; a |label| of length |labellen|; and a |hash| of the * handshake messages, derive a new secret |outlen| bytes long and store it in * the location pointed to be |out|. The |hash| value may be NULL. * * Returns 1 on success 0 on failure. * the location pointed to be |out|. The |hash| value may be NULL. Returns 1 on * success 0 on failure. */ static int tls13_hkdf_expand(SSL *s, const unsigned char *secret, const unsigned char *label, size_t labellen, Loading Loading @@ -82,9 +77,8 @@ static int tls13_hkdf_expand(SSL *s, const unsigned char *secret, /* * Given a input secret |insecret| and a |label| of length |labellen|, derive a * new |secret|. This will be the length of the current hash output size and * will be based on the current state of the handshake hashes. * * Returns 1 on success 0 on failure. * will be based on the current state of the handshake hashes. Returns 1 on * success 0 on failure. */ int tls13_derive_secret(SSL *s, const unsigned char *insecret, const unsigned char *label, size_t labellen, Loading @@ -104,25 +98,27 @@ int tls13_derive_secret(SSL *s, const unsigned char *insecret, } /* * Given a |secret| generate a |key| of length |keylen| bytes. * * Returns 1 on success 0 on failure. * Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on * success 0 on failure. */ int tls13_derive_key(SSL *s, const unsigned char *secret, unsigned char *key, size_t keylen) { static const unsigned char keylabel[] = "key"; return tls13_hkdf_expand(s, secret, keylabel, sizeof(keylabel) - 1, NULL, key, keylen); } /* * Given a |secret| generate an |iv| of length |ivlen| bytes. * * Returns 1 on success 0 on failure. * Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on * success 0 on failure. */ int tls13_derive_iv(SSL *s, const unsigned char *secret, unsigned char *iv, size_t ivlen) { static const unsigned char ivlabel[] = "iv"; return tls13_hkdf_expand(s, secret, ivlabel, sizeof(ivlabel) - 1, NULL, iv, ivlen); } Loading @@ -130,6 +126,8 @@ int tls13_derive_iv(SSL *s, const unsigned char *secret, unsigned char *iv, static int tls13_derive_finishedkey(SSL *s, const unsigned char *secret, unsigned char *fin, size_t finlen) { static const unsigned char finishedlabel[] = "finished"; return tls13_hkdf_expand(s, secret, finishedlabel, sizeof(finishedlabel) - 1, NULL, fin, finlen); } Loading @@ -137,9 +135,7 @@ static int tls13_derive_finishedkey(SSL *s, const unsigned char *secret, /* * Given the previous secret |prevsecret| and a new input secret |insecret| of * length |insecretlen|, generate a new secret and store it in the location * pointed to by |outsecret|. * * Returns 1 on success 0 on failure. * pointed to by |outsecret|. Returns 1 on success 0 on failure. */ static int tls13_generate_secret(SSL *s, const unsigned char *prevsecret, const unsigned char *insecret, Loading Loading @@ -183,9 +179,7 @@ static int tls13_generate_secret(SSL *s, const unsigned char *prevsecret, /* * Given an input secret |insecret| of length |insecretlen| generate the early * secret. * * Returns 1 on success 0 on failure. * secret. Returns 1 on success 0 on failure. */ int tls13_generate_early_secret(SSL *s, const unsigned char *insecret, size_t insecretlen) Loading @@ -197,9 +191,7 @@ int tls13_generate_early_secret(SSL *s, const unsigned char *insecret, /* * Given an input secret |insecret| of length |insecretlen| generate the * handshake secret. This requires the early secret to already have been * generated. * * Returns 1 on success 0 on failure. * generated. Returns 1 on success 0 on failure. */ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, size_t insecretlen) Loading @@ -210,9 +202,8 @@ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, /* * Given the handshake secret |prev| of length |prevlen| generate the master * secret and store its length in |*secret_size| * * Returns 1 on success 0 on failure. * secret and store its length in |*secret_size|. Returns 1 on success 0 on * failure. */ int tls13_generate_master_secret(SSL *s, unsigned char *out, unsigned char *prev, size_t prevlen, Loading @@ -223,9 +214,8 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out, } /* * Generates the mac for the Finished message. * * Returns the length of the MAC or 0 on error. * Generates the mac for the Finished message. Returns the length of the MAC or * 0 on error. */ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, unsigned char *out) Loading Loading @@ -262,9 +252,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, /* * There isn't really a key block in TLSv1.3, but we still need this function * for initialising the cipher and hash. * * Returns 1 on success or 0 on failure. * for initialising the cipher and hash. Returns 1 on success or 0 on failure. */ int tls13_setup_key_block(SSL *s) { Loading @@ -285,17 +273,16 @@ int tls13_setup_key_block(SSL *s) return 1; } const unsigned char client_handshake_traffic[] = int tls13_change_cipher_state(SSL *s, int which) { static const unsigned char client_handshake_traffic[] = "client handshake traffic secret"; const unsigned char client_application_traffic[] = static const unsigned char client_application_traffic[] = "client application traffic secret"; const unsigned char server_handshake_traffic[] = static const unsigned char server_handshake_traffic[] = "server handshake traffic secret"; const unsigned char server_application_traffic[] = static const unsigned char server_application_traffic[] = "server application traffic secret"; int tls13_change_cipher_state(SSL *s, int which) { unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char secret[EVP_MAX_MD_SIZE]; Loading Loading @@ -396,6 +383,7 @@ int tls13_change_cipher_state(SSL *s, int which) } } else if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) { int taglen; if (s->s3->tmp.new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = 8; Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>