Fix #1146: ttls_update_checksum() can be called for chunk of ClientHe…

…llo,

while we still don't know the cipher suite. So calculate two checksums
in parallel and copy SHA256 contex if necessary when ClientHello
sets xfrm.ciphersuite_info.

The rest of the patch, besides ttls_update_checksum() changes, is
coding style adjustments.

tls/ciphersuites.c

@@ -76,7 +76,7 @@ static const int ciphersuite_preference[] = {
 	0
 };
 
-static const ttls_ciphersuite_t ciphersuite_definitions[] =
+static const TlsCiphersuite ciphersuite_definitions[] =
 {
 	{ TTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 	  "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
@@ -259,10 +259,10 @@ static const ttls_ciphersuite_t ciphersuite_definitions[] =
 	  0, 0, 0, 0, 0 }
 };
 
-const ttls_ciphersuite_t *
+const TlsCiphersuite *
 ttls_ciphersuite_from_id(int ciphersuite)
 {
-	const ttls_ciphersuite_t *cur = ciphersuite_definitions;
+	const TlsCiphersuite *cur = ciphersuite_definitions;
 
 	while (cur->id) {
 		if (cur->id == ciphersuite)
@@ -276,7 +276,7 @@ ttls_ciphersuite_from_id(int ciphersuite)
 const char *
 ttls_get_ciphersuite_name(const int ciphersuite_id)
 {
-	const ttls_ciphersuite_t *cur;
+	const TlsCiphersuite *cur;
 
 	if (!(cur = ttls_ciphersuite_from_id(ciphersuite_id)))
 		return("unknown");
@@ -285,7 +285,7 @@ ttls_get_ciphersuite_name(const int ciphersuite_id)
 }
 
 ttls_pk_type_t
-ttls_get_ciphersuite_sig_pk_alg(const ttls_ciphersuite_t *info)
+ttls_get_ciphersuite_sig_pk_alg(const TlsCiphersuite *info)
 {
 	switch (info->key_exchange) {
 	case TTLS_KEY_EXCHANGE_RSA:
@@ -307,7 +307,7 @@ ttls_get_ciphersuite_sig_pk_alg(const ttls_ciphersuite_t *info)
 }
 
 ttls_pk_type_t
-ttls_get_ciphersuite_sig_alg(const ttls_ciphersuite_t *info)
+ttls_get_ciphersuite_sig_alg(const TlsCiphersuite *info)
 {
 	switch (info->key_exchange) {
 	case TTLS_KEY_EXCHANGE_RSA:
@@ -324,7 +324,7 @@ ttls_get_ciphersuite_sig_alg(const ttls_ciphersuite_t *info)
 }
 
 int
-ttls_ciphersuite_uses_ec(const ttls_ciphersuite_t *info)
+ttls_ciphersuite_uses_ec(const TlsCiphersuite *info)
 {
 	switch (info->key_exchange) {
 	case TTLS_KEY_EXCHANGE_ECDHE_RSA:

tls/ciphersuites.h

@@ -95,43 +95,37 @@ typedef enum {
 /* Key exchanges allowing client certificate requests */
 //#define TTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
 
-typedef struct ttls_ciphersuite_t ttls_ciphersuite_t;
-
 /* Weak ciphersuite flag  */
 #define TTLS_CIPHERSUITE_WEAK		0x01
 /* Short authentication tag, eg for CCM_8 */
 #define TTLS_CIPHERSUITE_SHORT_TAG	0x02
 
 /**
- * \brief   This structure is used for storing ciphersuite information
+ * This structure is used for storing ciphersuite information.
  */
-struct ttls_ciphersuite_t
-{
-	int id;
-	const char * name;
-
-	ttls_cipher_type_t cipher;
-	ttls_md_type_t mac;
-	ttls_key_exchange_type_t key_exchange;
-
-	int min_major_ver;
-	int min_minor_ver;
-	int max_major_ver;
-	int max_minor_ver;
-
-	unsigned char flags;
-};
-
-const ttls_ciphersuite_t *ttls_ciphersuite_from_id(int ciphersuite_id);
-
-ttls_pk_type_t ttls_get_ciphersuite_sig_pk_alg(const ttls_ciphersuite_t *info);
-ttls_pk_type_t ttls_get_ciphersuite_sig_alg(const ttls_ciphersuite_t *info);
-
-int ttls_ciphersuite_uses_ec(const ttls_ciphersuite_t *info);
-int ttls_ciphersuite_uses_psk(const ttls_ciphersuite_t *info);
+typedef struct {
+	int				id;
+	const char			*name;
+	ttls_cipher_type_t		cipher;
+	ttls_md_type_t			mac;
+	ttls_key_exchange_type_t	key_exchange;
+	int				min_major_ver;
+	int				min_minor_ver;
+	int				max_major_ver;
+	int				max_minor_ver;
+	unsigned char			flags;
+} TlsCiphersuite;
+
+const TlsCiphersuite *ttls_ciphersuite_from_id(int ciphersuite_id);
+
+ttls_pk_type_t ttls_get_ciphersuite_sig_pk_alg(const TlsCiphersuite *info);
+ttls_pk_type_t ttls_get_ciphersuite_sig_alg(const TlsCiphersuite *info);
+
+int ttls_ciphersuite_uses_ec(const TlsCiphersuite *info);
+int ttls_ciphersuite_uses_psk(const TlsCiphersuite *info);
 
 static inline int
-ttls_ciphersuite_has_pfs(const ttls_ciphersuite_t *info)
+ttls_ciphersuite_has_pfs(const TlsCiphersuite *info)
 {
 	switch (info->key_exchange) {
 	case TTLS_KEY_EXCHANGE_DHE_RSA:
@@ -146,7 +140,7 @@ ttls_ciphersuite_has_pfs(const ttls_ciphersuite_t *info)
 }
 
 static inline int
-ttls_ciphersuite_no_pfs(const ttls_ciphersuite_t *info)
+ttls_ciphersuite_no_pfs(const TlsCiphersuite *info)
 {
 	switch (info->key_exchange) {
 	case TTLS_KEY_EXCHANGE_ECDH_RSA:
@@ -161,7 +155,7 @@ ttls_ciphersuite_no_pfs(const ttls_ciphersuite_t *info)
 }
 
 static inline int
-ttls_ciphersuite_uses_ecdh(const ttls_ciphersuite_t *info)
+ttls_ciphersuite_uses_ecdh(const TlsCiphersuite *info)
 {
 	switch (info->key_exchange) {
 	case TTLS_KEY_EXCHANGE_ECDH_RSA:
@@ -173,7 +167,7 @@ ttls_ciphersuite_uses_ecdh(const ttls_ciphersuite_t *info)
 }
 
 static inline int
-ttls_ciphersuite_cert_req_allowed(const ttls_ciphersuite_t *info)
+ttls_ciphersuite_cert_req_allowed(const TlsCiphersuite *info)
 {
 	switch (info->key_exchange) {
 	case TTLS_KEY_EXCHANGE_RSA:
@@ -189,7 +183,7 @@ ttls_ciphersuite_cert_req_allowed(const ttls_ciphersuite_t *info)
 }
 
 static inline int
-ttls_ciphersuite_uses_dhe(const ttls_ciphersuite_t *info)
+ttls_ciphersuite_uses_dhe(const TlsCiphersuite *info)
 {
 	switch (info->key_exchange) {
 	case TTLS_KEY_EXCHANGE_DHE_RSA:
@@ -201,7 +195,7 @@ ttls_ciphersuite_uses_dhe(const ttls_ciphersuite_t *info)
 }
 
 static inline int
-ttls_ciphersuite_uses_ecdhe(const ttls_ciphersuite_t *info)
+ttls_ciphersuite_uses_ecdhe(const TlsCiphersuite *info)
 {
 	switch (info->key_exchange) {
 	case TTLS_KEY_EXCHANGE_ECDHE_ECDSA:
@@ -214,7 +208,7 @@ ttls_ciphersuite_uses_ecdhe(const ttls_ciphersuite_t *info)
 }
 
 static inline int
-ttls_ciphersuite_uses_server_signature(const ttls_ciphersuite_t *info)
+ttls_ciphersuite_uses_server_signature(const TlsCiphersuite *info)
 {
 	switch (info->key_exchange) {
 	case TTLS_KEY_EXCHANGE_DHE_RSA:

tls/tls_cli.c

@@ -448,7 +448,7 @@ static int ssl_write_client_hello(ttls_context *ssl)
 	unsigned char *p, *q;
 	unsigned char offer_compress;
 	const int *ciphersuites;
-	const ttls_ciphersuite_t *ciphersuite_info;
+	const TlsCiphersuite *ciphersuite_info;
 
 	T_DBG2("=> write client hello\n");
 
@@ -828,7 +828,7 @@ static int ssl_parse_server_hello(ttls_context *ssl)
 	unsigned char *buf, *ext;
 	unsigned char comp;
 	int handshake_failure = 0;
-	const ttls_ciphersuite_t *suite_info;
+	const TlsCiphersuite *suite_info;
 
 	T_DBG2("=> parse server hello\n");
 
@@ -1374,7 +1374,7 @@ static int ssl_get_ecdh_params_from_cert(ttls_context *ssl)
 static int ssl_parse_server_key_exchange(ttls_context *ssl)
 {
 	int ret;
-	const ttls_ciphersuite_t *ciphersuite_info =
+	const TlsCiphersuite *ciphersuite_info =
 		ssl->transform_negotiate->ciphersuite_info;
 	unsigned char *p = NULL, *end = NULL;
 
@@ -1591,7 +1591,7 @@ static int ssl_parse_server_key_exchange(ttls_context *ssl)
 #if ! defined(TTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
 static int ssl_parse_certificate_request(ttls_context *ssl)
 {
-	const ttls_ciphersuite_t *ciphersuite_info =
+	const TlsCiphersuite *ciphersuite_info =
 		ssl->transform_negotiate->ciphersuite_info;
 
 	T_DBG2("=> parse certificate request\n");
@@ -1613,7 +1613,7 @@ static int ssl_parse_certificate_request(ttls_context *ssl)
 	unsigned char *buf;
 	size_t n = 0;
 	size_t cert_type_len = 0, dn_len = 0;
-	const ttls_ciphersuite_t *ciphersuite_info =
+	const TlsCiphersuite *ciphersuite_info =
 		ssl->transform_negotiate->ciphersuite_info;
 
 	T_DBG2("=> parse certificate request\n");
@@ -1769,7 +1769,7 @@ static int ssl_write_client_key_exchange(ttls_context *ssl)
 {
 	int ret;
 	size_t i, n;
-	const ttls_ciphersuite_t *ciphersuite_info =
+	const TlsCiphersuite *ciphersuite_info =
 		ssl->transform_negotiate->ciphersuite_info;
 
 	T_DBG2("=> write client key exchange\n");
@@ -1862,7 +1862,7 @@ static int ssl_write_client_key_exchange(ttls_context *ssl)
 
 static int ssl_write_certificate_verify(ttls_context *ssl)
 {
-	const ttls_ciphersuite_t *ciphersuite_info =
+	const TlsCiphersuite *ciphersuite_info =
 		ssl->transform_negotiate->ciphersuite_info;
 	int ret;
 

tls/tls_internal.h

@@ -102,7 +102,7 @@ struct ttls_sig_hash_set_t
  * This structure contains the parameters only needed during handshake.
  *
  * @hash_algs	- set of suitable sig-hash pairs;
- * @fin_sha{256,512} - checksum contexts;
+ * @sni_authmode - authmode from SNI callback;
  * @point_form	- TLS extension flags (for extensions with outgoing ServerHello
  * 		  content that need it (e.g. for RENEGOTIATION_INFO the server
  * 		  already knows because of state of the renegotiation flag, so
@@ -111,6 +111,14 @@ struct ttls_sig_hash_set_t
  * @new_session_ticket - use NewSessionTicket?
  * @resume	- session resume indicator;
  * @cli_exts	- client extension presence;
+ * @pmslen	- premaster length;
+ * @key_cert	- chosen key/cert pair (server);
+ * @sni_key_cert - key/cert list from SNI;
+ * @sni_ca_chain - trusted CAs from SNI callback;
+ * @sni_ca_crt	- trusted CAs CRLs from SNI;
+ * @dhm_ctx	- DHM key exchange;
+ * @ecdh_ctx	- ECDH key exchange;
+ * @fin_sha{256,512} - checksum contexts;
  * @curves	- supported elliptic curves;
  * @randbytes	- random bytes;
  * @finished	- temporal buffer for chunks of Finished message,
@@ -120,36 +128,35 @@ struct ttls_sig_hash_set_t
  */
 typedef struct tls_handshake_t {
 	ttls_sig_hash_set_t		hash_algs;
+	int				sni_authmode;
 
-#if defined(TTLS_DHM_C)
-	ttls_dhm_context dhm_ctx;	/*!<  DHM key exchange		*/
-#endif
-	ttls_ecdh_context ecdh_ctx;	  /*!<  ECDH key exchange	   */
-	ttls_key_cert *key_cert;	 /*!< chosen key/cert pair (server)  */
-	int sni_authmode;		   /*!< authmode from SNI callback	 */
-	ttls_key_cert *sni_key_cert; /*!< key/cert list from SNI		 */
-	ttls_x509_crt *sni_ca_chain;	 /*!< trusted CAs from SNI callback  */
-	ttls_x509_crl *sni_ca_crl;	   /*!< trusted CAs CRLs from SNI	  */
+	unsigned char			point_form		: 1,
+					extended_ms		: 1,
+					new_session_ticket	: 1,
+					resume			: 1,
+					cli_exts		: 1,
+					curves_ext		: 1;
 
-	union {
-		struct shash_desc	desc; /* common for both the contexts */
-		ttls_sha256_context	fin_sha256;
-		ttls_sha512_context	fin_sha512;
-	};
+	size_t				pmslen;
+	ttls_key_cert			*key_cert;
+	ttls_key_cert			*sni_key_cert;
+	ttls_x509_crt			*sni_ca_chain;
+	ttls_x509_crl			*sni_ca_crl;
 
 	void (*calc_verify)(ttls_context *, unsigned char *);
 	void (*calc_finished)(ttls_context *, unsigned char *, int);
 	int  (*tls_prf)(const unsigned char *, size_t, const char *, size_t,
 			const unsigned char *, size_t, unsigned char *, size_t);
 
-	size_t pmslen;	  /*!<  premaster length*/
-	unsigned char		point_form:1,
-				extended_ms:1,
-				new_session_ticket:1,
-				resume:1,
-				cli_exts:1,
-				curves_ext:1;
-
+#if defined(TTLS_DHM_C)
+	ttls_dhm_context		dhm_ctx;
+#endif
+	ttls_ecdh_context		ecdh_ctx;
+	union {
+		struct shash_desc	desc; /* common for both the contexts */
+		ttls_sha256_context	fin_sha256;
+		ttls_sha512_context	fin_sha512;
+	};
 	const ttls_ecp_curve_info	*curves[TTLS_ECP_DP_MAX];
 	union {
 		unsigned char		randbytes[64];
@@ -268,7 +275,7 @@ ttls_own_cert(TlsCtx *tls)
  * Return 0 if everything is OK, -1 if not.
  */
 int ttls_check_cert_usage(const ttls_x509_crt *cert,
-			  const ttls_ciphersuite_t *ciphersuite,
+			  const TlsCiphersuite *ciphersuite,
 			  int cert_endpoint,
 			  uint32_t *flags);