Clean up and simplify the handshake transcript code.

This provides a cleaner, simpler and more readable API, with code that uses a BUF_MEM instead of a BIO. ok beck@ ("hurry up") and tb@.
author: jsing <> 2018-11-08 22:28:52 +0000
committer: jsing <> 2018-11-08 22:28:52 +0000
commit: 3ddaece0e07a9c99e3a1f04d188c5ece7176ee46 (patch)
tree: ea0388ba51cbbc63fa62e563b9694fedd9ef0f74 /src/lib/libssl/t1_hash.c
parent: 638a717c204f5dd9a5b399e3c095815fb6d15124 (diff)
download: openbsd-3ddaece0e07a9c99e3a1f04d188c5ece7176ee46.tar.gz
openbsd-3ddaece0e07a9c99e3a1f04d188c5ece7176ee46.tar.bz2
openbsd-3ddaece0e07a9c99e3a1f04d188c5ece7176ee46.zip
1 files changed, 81 insertions, 6 deletions
diff --git a/src/lib/libssl/t1_hash.c b/src/lib/libssl/t1_hash.c
index a7e46601e8..f514c5290e 100644
--- a/src/lib/libssl/t1_hash.c
+++ b/src/lib/libssl/t1_hash.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_hash.c,v 1.3 2018/09/05 16:58:59 jsing Exp $ */
+/* $OpenBSD: t1_hash.c,v 1.4 2018/11/08 22:28:52 jsing Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -22,9 +22,9 @@
 int
 tls1_handshake_hash_init(SSL *s)
 {
+        const unsigned char *data;
        const EVP_MD *md;
-        long dlen;
+        size_t len;
-        void *data;
        tls1_handshake_hash_free(s);
@@ -42,12 +42,11 @@ tls1_handshake_hash_init(SSL *s)
                goto err;
        }
-        dlen = BIO_get_mem_data(S3I(s)->handshake_buffer, &data);
+        if (!tls1_transcript_data(s, &data, &len)) {
-        if (dlen <= 0) {
                SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
                goto err;
        }
-        if (!tls1_handshake_hash_update(s, data, dlen)) {
+        if (!tls1_handshake_hash_update(s, data, len)) {
                SSLerror(s, ERR_R_EVP_LIB);
                goto err;
        }
@@ -109,3 +108,79 @@ tls1_handshake_hash_free(SSL *s)
        EVP_MD_CTX_free(S3I(s)->handshake_hash);
        S3I(s)->handshake_hash = NULL;
 }
+int
+tls1_transcript_init(SSL *s)
+{
+        if (S3I(s)->handshake_transcript != NULL)
+                return 0;
+        if ((S3I(s)->handshake_transcript = BUF_MEM_new()) == NULL)
+                return 0;
+        s->s3->flags &= ~TLS1_FLAGS_FREEZE_TRANSCRIPT;
+        return 1;
+}
+void
+tls1_transcript_free(SSL *s)
+{
+        BUF_MEM_free(S3I(s)->handshake_transcript);
+        S3I(s)->handshake_transcript = NULL;
+}
+int
+tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len)
+{
+        size_t olen, nlen;
+        if (S3I(s)->handshake_transcript == NULL)
+                return 1;
+        if (s->s3->flags & TLS1_FLAGS_FREEZE_TRANSCRIPT)
+                return 1;
+        olen = S3I(s)->handshake_transcript->length;
+        nlen = olen + len;
+        if (nlen < olen)
+                return 0;
+        if (BUF_MEM_grow(S3I(s)->handshake_transcript, nlen) == 0)
+                return 0;
+        memcpy(S3I(s)->handshake_transcript->data + olen, buf, len);
+        return 1;
+}
+int
+tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len)
+{
+        if (S3I(s)->handshake_transcript == NULL)
+                return 0;
+        *data = S3I(s)->handshake_transcript->data;
+        *len = S3I(s)->handshake_transcript->length;
+        return 1;
+}
+void
+tls1_transcript_freeze(SSL *s)
+{
+        s->s3->flags |= TLS1_FLAGS_FREEZE_TRANSCRIPT;
+}
+int
+tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len)
+{
+        if (!tls1_handshake_hash_update(s, buf, len))
+                return 0;
+        if (!tls1_transcript_append(s, buf, len))
+                return 0;
+        return 1;
+}
author	jsing <>	2018-11-08 22:28:52 +0000
committer	jsing <>	2018-11-08 22:28:52 +0000
commit	3ddaece0e07a9c99e3a1f04d188c5ece7176ee46 (patch)
tree	ea0388ba51cbbc63fa62e563b9694fedd9ef0f74 /src/lib/libssl/t1_hash.c
parent	638a717c204f5dd9a5b399e3c095815fb6d15124 (diff)
download	openbsd-3ddaece0e07a9c99e3a1f04d188c5ece7176ee46.tar.gz openbsd-3ddaece0e07a9c99e3a1f04d188c5ece7176ee46.tar.bz2 openbsd-3ddaece0e07a9c99e3a1f04d188c5ece7176ee46.zip

diff --git a/src/lib/libssl/t1_hash.c b/src/lib/libssl/t1_hash.c index a7e46601e8..f514c5290e 100644 --- a/src/lib/libssl/t1_hash.c +++ b/src/lib/libssl/t1_hash.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_hash.c,v 1.3 2018/09/05 16:58:59 jsing Exp $ */	1	/* $OpenBSD: t1_hash.c,v 1.4 2018/11/08 22:28:52 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -22,9 +22,9 @@
22	int	22	int
23	tls1_handshake_hash_init(SSL *s)	23	tls1_handshake_hash_init(SSL *s)
24	{	24	{
		25	const unsigned char *data;
25	const EVP_MD *md;	26	const EVP_MD *md;
26	long dlen;	27	size_t len;
27	void *data;
28		28
29	tls1_handshake_hash_free(s);	29	tls1_handshake_hash_free(s);
30		30
@@ -42,12 +42,11 @@ tls1_handshake_hash_init(SSL *s)
42	goto err;	42	goto err;
43	}	43	}
44		44
45	dlen = BIO_get_mem_data(S3I(s)->handshake_buffer, &data);	45	if (!tls1_transcript_data(s, &data, &len)) {
46	if (dlen <= 0) {
47	SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);	46	SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
48	goto err;	47	goto err;
49	}	48	}
50	if (!tls1_handshake_hash_update(s, data, dlen)) {	49	if (!tls1_handshake_hash_update(s, data, len)) {
51	SSLerror(s, ERR_R_EVP_LIB);	50	SSLerror(s, ERR_R_EVP_LIB);
52	goto err;	51	goto err;
53	}	52	}
@@ -109,3 +108,79 @@ tls1_handshake_hash_free(SSL *s)
109	EVP_MD_CTX_free(S3I(s)->handshake_hash);	108	EVP_MD_CTX_free(S3I(s)->handshake_hash);
110	S3I(s)->handshake_hash = NULL;	109	S3I(s)->handshake_hash = NULL;
111	}	110	}
		111
		112	int
		113	tls1_transcript_init(SSL *s)
		114	{
		115	if (S3I(s)->handshake_transcript != NULL)
		116	return 0;
		117
		118	if ((S3I(s)->handshake_transcript = BUF_MEM_new()) == NULL)
		119	return 0;
		120
		121	s->s3->flags &= ~TLS1_FLAGS_FREEZE_TRANSCRIPT;
		122
		123	return 1;
		124	}
		125
		126	void
		127	tls1_transcript_free(SSL *s)
		128	{
		129	BUF_MEM_free(S3I(s)->handshake_transcript);
		130	S3I(s)->handshake_transcript = NULL;
		131	}
		132
		133	int
		134	tls1_transcript_append(SSL s, const unsigned char buf, size_t len)
		135	{
		136	size_t olen, nlen;
		137
		138	if (S3I(s)->handshake_transcript == NULL)
		139	return 1;
		140
		141	if (s->s3->flags & TLS1_FLAGS_FREEZE_TRANSCRIPT)
		142	return 1;
		143
		144	olen = S3I(s)->handshake_transcript->length;
		145	nlen = olen + len;
		146
		147	if (nlen < olen)
		148	return 0;
		149
		150	if (BUF_MEM_grow(S3I(s)->handshake_transcript, nlen) == 0)
		151	return 0;
		152
		153	memcpy(S3I(s)->handshake_transcript->data + olen, buf, len);
		154
		155	return 1;
		156	}
		157
		158	int
		159	tls1_transcript_data(SSL s, const unsigned char data, size_t len)
		160	{
		161	if (S3I(s)->handshake_transcript == NULL)
		162	return 0;
		163
		164	*data = S3I(s)->handshake_transcript->data;
		165	*len = S3I(s)->handshake_transcript->length;
		166
		167	return 1;
		168	}
		169
		170	void
		171	tls1_transcript_freeze(SSL *s)
		172	{
		173	s->s3->flags \|= TLS1_FLAGS_FREEZE_TRANSCRIPT;
		174	}
		175
		176	int
		177	tls1_transcript_record(SSL s, const unsigned char buf, size_t len)
		178	{
		179	if (!tls1_handshake_hash_update(s, buf, len))
		180	return 0;
		181
		182	if (!tls1_transcript_append(s, buf, len))
		183	return 0;
		184
		185	return 1;
		186	}