summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_client.c
diff options
context:
space:
mode:
authorjsing <>2020-01-23 02:24:38 +0000
committerjsing <>2020-01-23 02:24:38 +0000
commit4476e3b2e9e3d974f3729d94af10b6d95ade1c03 (patch)
treeaf6ca5e40d5610fc6e16d77614baf9694fae2310 /src/lib/libssl/tls13_client.c
parent4ef7baf35cedbe7c7b735ab6ff3a7bc351ffcc66 (diff)
downloadopenbsd-4476e3b2e9e3d974f3729d94af10b6d95ade1c03.tar.gz
openbsd-4476e3b2e9e3d974f3729d94af10b6d95ade1c03.tar.bz2
openbsd-4476e3b2e9e3d974f3729d94af10b6d95ade1c03.zip
Pass a CBB to TLSv1.3 send handlers.
This avoids the need for each send handler to call tls13_handshake_msg_start() and tls13_handshake_msg_finish(). ok beck@ tb@
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
-rw-r--r--src/lib/libssl/tls13_client.c21
1 files changed, 5 insertions, 16 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 4ec5e58f02..1d59f33279 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.28 2020/01/22 13:10:51 jsing Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.29 2020/01/23 02:24:38 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -202,18 +202,12 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb)
202} 202}
203 203
204int 204int
205tls13_client_hello_send(struct tls13_ctx *ctx) 205tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb)
206{ 206{
207 CBB body;
208
209 if (ctx->hs->min_version < TLS1_2_VERSION) 207 if (ctx->hs->min_version < TLS1_2_VERSION)
210 tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION); 208 tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION);
211 209
212 if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_CLIENT_HELLO)) 210 if (!tls13_client_hello_build(ctx, cbb))
213 return 0;
214 if (!tls13_client_hello_build(ctx, &body))
215 return 0;
216 if (!tls13_handshake_msg_finish(ctx->hs_msg))
217 return 0; 211 return 0;
218 212
219 return 1; 213 return 1;
@@ -741,7 +735,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
741} 735}
742 736
743int 737int
744tls13_client_finished_send(struct tls13_ctx *ctx) 738tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
745{ 739{
746 struct tls13_secrets *secrets = ctx->hs->secrets; 740 struct tls13_secrets *secrets = ctx->hs->secrets;
747 struct tls13_secret context = { .data = "", .len = 0 }; 741 struct tls13_secret context = { .data = "", .len = 0 };
@@ -754,7 +748,6 @@ tls13_client_finished_send(struct tls13_ctx *ctx)
754 unsigned int hlen; 748 unsigned int hlen;
755 HMAC_CTX *hmac_ctx = NULL; 749 HMAC_CTX *hmac_ctx = NULL;
756 int ret = 0; 750 int ret = 0;
757 CBB body;
758 751
759 finished_key.data = key; 752 finished_key.data = key;
760 finished_key.len = EVP_MD_size(ctx->hash); 753 finished_key.len = EVP_MD_size(ctx->hash);
@@ -776,17 +769,13 @@ tls13_client_finished_send(struct tls13_ctx *ctx)
776 if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) 769 if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len))
777 goto err; 770 goto err;
778 771
779 if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_FINISHED))
780 goto err;
781 hmac_len = HMAC_size(hmac_ctx); 772 hmac_len = HMAC_size(hmac_ctx);
782 if (!CBB_add_space(&body, &verify_data, hmac_len)) 773 if (!CBB_add_space(cbb, &verify_data, hmac_len))
783 goto err; 774 goto err;
784 if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) 775 if (!HMAC_Final(hmac_ctx, verify_data, &hlen))
785 goto err; 776 goto err;
786 if (hlen != hmac_len) 777 if (hlen != hmac_len)
787 goto err; 778 goto err;
788 if (!tls13_handshake_msg_finish(ctx->hs_msg))
789 goto err;
790 779
791 ret = 1; 780 ret = 1;
792 781
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-18 16:48:28 +0000