diff options
| author | Tomas Mraz <tomas@openssl.org> | 2022-06-20 17:11:28 +0200 |
|---|---|---|
| committer | Hugo Landau <hlandau@openssl.org> | 2022-07-28 10:04:28 +0100 |
| commit | 38b051a1fedc79ebf24a96de2e9a326ad3665baf (patch) | |
| tree | e32fa2a0a5cf8572b48b3cb8a1aac2a20d0b439f /ssl/tls13_enc.c | |
| parent | ce602bb0a20589e5a84c48a55ce13219ab881e84 (diff) | |
SSL object refactoring using SSL_CONNECTION object
Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented a QUIC stream.
It requires adding if after every SSL_CONNECTION_FROM_SSL() call
which itself has to be added to almost every public SSL_ API call.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18612)
Diffstat (limited to 'ssl/tls13_enc.c')
| -rw-r--r-- | ssl/tls13_enc.c | 65 |
1 files changed, 38 insertions, 27 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 5e010aac6b..1bfafcb3c9 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -31,13 +31,15 @@ static const unsigned char label_prefix[] = "tls13 "; * The |data| value may be zero length. Any errors will be treated as fatal if * |fatal| is set. Returns 1 on success 0 on failure. */ -int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, +int tls13_hkdf_expand(SSL_CONNECTION *s, const EVP_MD *md, + const unsigned char *secret, const unsigned char *label, size_t labellen, const unsigned char *data, size_t datalen, unsigned char *out, size_t outlen, int fatal) { - EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, - s->ctx->propq); + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); + EVP_KDF *kdf = EVP_KDF_fetch(sctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, + sctx->propq); EVP_KDF_CTX *kctx; OSSL_PARAM params[7], *p = params; int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; @@ -107,7 +109,8 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, * Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on * success 0 on failure. */ -int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, +int tls13_derive_key(SSL_CONNECTION *s, const EVP_MD *md, + const unsigned char *secret, unsigned char *key, size_t keylen) { #ifdef CHARSET_EBCDIC @@ -124,7 +127,8 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, * Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on * success 0 on failure. */ -int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret, +int tls13_derive_iv(SSL_CONNECTION *s, const EVP_MD *md, + const unsigned char *secret, unsigned char *iv, size_t ivlen) { #ifdef CHARSET_EBCDIC @@ -137,7 +141,7 @@ int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret, NULL, 0, iv, ivlen, 1); } -int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, +int tls13_derive_finishedkey(SSL_CONNECTION *s, const EVP_MD *md, const unsigned char *secret, unsigned char *fin, size_t finlen) { @@ -156,7 +160,7 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, * length |insecretlen|, generate a new secret and store it in the location * pointed to by |outsecret|. Returns 1 on success 0 on failure. */ -int tls13_generate_secret(SSL *s, const EVP_MD *md, +int tls13_generate_secret(SSL_CONNECTION *s, const EVP_MD *md, const unsigned char *prevsecret, const unsigned char *insecret, size_t insecretlen, @@ -175,8 +179,9 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, #else static const char derived_secret_label[] = "derived"; #endif + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); - kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, s->ctx->propq); + kdf = EVP_KDF_fetch(sctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, sctx->propq); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) { @@ -225,8 +230,9 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, * handshake secret. This requires the early secret to already have been * generated. Returns 1 on success 0 on failure. */ -int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, - size_t insecretlen) +int tls13_generate_handshake_secret(SSL_CONNECTION *s, + const unsigned char *insecret, + size_t insecretlen) { /* Calls SSLfatal() if required */ return tls13_generate_secret(s, ssl_handshake_md(s), s->early_secret, @@ -239,7 +245,7 @@ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, * secret and store its length in |*secret_size|. Returns 1 on success 0 on * failure. */ -int tls13_generate_master_secret(SSL *s, unsigned char *out, +int tls13_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, unsigned char *prev, size_t prevlen, size_t *secret_size) { @@ -254,7 +260,7 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out, * Generates the mac for the Finished message. Returns the length of the MAC or * 0 on error. */ -size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, +size_t tls13_final_finish_mac(SSL_CONNECTION *s, const char *str, size_t slen, unsigned char *out) { const EVP_MD *md = ssl_handshake_md(s); @@ -264,14 +270,15 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, unsigned char *key = NULL; size_t len = 0, hashlen; OSSL_PARAM params[2], *p = params; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (md == NULL) return 0; /* Safe to cast away const here since we're not "getting" any data */ - if (s->ctx->propq != NULL) + if (sctx->propq != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, - (char *)s->ctx->propq, + (char *)sctx->propq, 0); *p = OSSL_PARAM_construct_end(); @@ -280,7 +287,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, goto err; } - if (str == s->method->ssl3_enc->server_finished_label) { + if (str == SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->server_finished_label) { key = s->server_finished_secret; } else if (SSL_IS_FIRST_HANDSHAKE(s)) { key = s->client_finished_secret; @@ -292,7 +299,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, key = finsecret; } - if (!EVP_Q_mac(s->ctx->libctx, "HMAC", s->ctx->propq, mdname, + if (!EVP_Q_mac(sctx->libctx, "HMAC", sctx->propq, mdname, params, key, hashlen, hash, hashlen, /* outsize as per sizeof(peer_finish_md) */ out, EVP_MAX_MD_SIZE * 2, &len)) { @@ -309,14 +316,14 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, * There isn't really a key block in TLSv1.3, but we still need this function * for initialising the cipher and hash. Returns 1 on success or 0 on failure. */ -int tls13_setup_key_block(SSL *s) +int tls13_setup_key_block(SSL_CONNECTION *s) { const EVP_CIPHER *c; const EVP_MD *hash; s->session->cipher = s->s3.tmp.new_cipher; - if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, NULL, - 0)) { + if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash, + NULL, NULL, NULL, 0)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; @@ -330,7 +337,8 @@ int tls13_setup_key_block(SSL *s) return 1; } -static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, +static int derive_secret_key_and_iv(SSL_CONNECTION *s, int sending, + const EVP_MD *md, const EVP_CIPHER *ciph, const unsigned char *insecret, const unsigned char *hash, @@ -400,7 +408,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, return 1; } -int tls13_change_cipher_state(SSL *s, int which) +int tls13_change_cipher_state(SSL_CONNECTION *s, int which) { #ifdef CHARSET_EBCDIC static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; @@ -436,6 +444,7 @@ int tls13_change_cipher_state(SSL *s, int which) int ret = 0; const EVP_MD *md = NULL; const EVP_CIPHER *cipher = NULL; + SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); #if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13) ktls_crypto_info_t crypto_info; void *rl_sequence; @@ -529,14 +538,14 @@ int tls13_change_cipher_state(SSL *s, int which) * This ups the ref count on cipher so we better make sure we free * it again */ - if (!ssl_cipher_get_evp_cipher(s->ctx, sslcipher, &cipher)) { + if (!ssl_cipher_get_evp_cipher(sctx, sslcipher, &cipher)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); EVP_MD_CTX_free(mdctx); goto err; } - md = ssl_md(s->ctx, sslcipher->algorithm2); + md = ssl_md(sctx, sslcipher->algorithm2); if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL) || !EVP_DigestUpdate(mdctx, hdata, handlen) || !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) { @@ -754,7 +763,7 @@ skip_ktls: return ret; } -int tls13_update_key(SSL *s, int sending) +int tls13_update_key(SSL_CONNECTION *s, int sending) { #ifdef CHARSET_EBCDIC static const unsigned char application_traffic[] = { 0x74, 0x72 ,0x61 ,0x66 ,0x66 ,0x69 ,0x63 ,0x20 ,0x75 ,0x70 ,0x64, 0x00}; @@ -813,7 +822,8 @@ int tls13_alert_code(int code) return tls1_alert_code(code); } -int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, +int tls13_export_keying_material(SSL_CONNECTION *s, + unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *context, size_t contextlen, int use_context) @@ -855,7 +865,8 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, return ret; } -int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, +int tls13_export_keying_material_early(SSL_CONNECTION *s, + unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *context, size_t contextlen) @@ -882,7 +893,7 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, else sslcipher = SSL_SESSION_get0_cipher(s->session); - md = ssl_md(s->ctx, sslcipher->algorithm2); + md = ssl_md(SSL_CONNECTION_GET_CTX(s), sslcipher->algorithm2); /* * Calculate the hash value and store it in |data|. The reason why |