}
if (SSL_IS_FIRST_HANDSHAKE(s)) {
/* N.B. s->session_ctx == s->ctx here */
- CRYPTO_atomic_add(&s->session_ctx->stats.sess_accept, 1, &i,
- s->session_ctx->lock);
+ tsan_counter(&s->session_ctx->stats.sess_accept);
} else {
/* N.B. s->ctx may not equal s->session_ctx */
- CRYPTO_atomic_add(&s->ctx->stats.sess_accept_renegotiate, 1, &i,
- s->ctx->lock);
+ tsan_counter(&s->ctx->stats.sess_accept_renegotiate);
s->s3->tmp.cert_request = 0;
}
} else {
- int discard;
if (SSL_IS_FIRST_HANDSHAKE(s))
- CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect, 1, &discard,
- s->session_ctx->lock);
+ tsan_counter(&s->session_ctx->stats.sess_connect);
else
- CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect_renegotiate,
- 1, &discard, s->session_ctx->lock);
+ tsan_counter(&s->session_ctx->stats.sess_connect_renegotiate);
/* mark client_random uninitialized */
memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
/* This is a real handshake so make sure we clean it up at the end */
if (s->server) {
+ /*
+ * To get this far we must have read encrypted data from the client. We
+ * no longer tolerate unencrypted alerts. This value is ignored if less
+ * than TLSv1.3
+ */
+ s->statem.enc_read_state = ENC_READ_STATE_VALID;
if (s->post_handshake_auth != SSL_PHA_REQUESTED)
s->statem.cleanuphand = 1;
if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) {
*/
WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
{
- int discard;
void (*cb) (const SSL *ssl, int type, int val) = NULL;
if (clearbufs) {
ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
/* N.B. s->ctx may not equal s->session_ctx */
- CRYPTO_atomic_add(&s->ctx->stats.sess_accept_good, 1, &discard,
- s->ctx->lock);
+ tsan_counter(&s->ctx->stats.sess_accept_good);
s->handshake_func = ossl_statem_accept;
if (SSL_IS_DTLS(s) && !s->hit) {
ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
}
if (s->hit)
- CRYPTO_atomic_add(&s->session_ctx->stats.sess_hit, 1, &discard,
- s->session_ctx->lock);
+ tsan_counter(&s->session_ctx->stats.sess_hit);
s->handshake_func = ossl_statem_connect;
- CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect_good, 1,
- &discard, s->session_ctx->lock);
+ tsan_counter(&s->session_ctx->stats.sess_connect_good);
if (SSL_IS_DTLS(s) && s->hit) {
/*
return SSL_R_LENGTH_MISMATCH;
}
+ /*
+ * The TLSv1.3 spec says the client MUST set this to TLS1_2_VERSION.
+ * The spec only requires servers to check that it isn't SSLv3:
+ * "Any endpoint receiving a Hello message with
+ * ClientHello.legacy_version or ServerHello.legacy_version set to
+ * 0x0300 MUST abort the handshake with a "protocol_version" alert."
+ * We are slightly stricter and require that it isn't SSLv3 or lower.
+ * We tolerate TLSv1 and TLSv1.1.
+ */
+ if (client_version <= SSL3_VERSION)
+ return SSL_R_BAD_LEGACY_VERSION;
+
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
/* TODO(TLS1.3): Remove this before release */
if (candidate_vers == TLS1_3_VERSION_DRAFT
if (highver != 0 && s->version != vent->version)
continue;
+ if (highver == 0 && (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) != 0)
+ highver = vent->version;
+
method = vent->cmeth();
err = ssl_method_error(s, method);
if (err != 0) {