summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_lib.c
diff options
context:
space:
mode:
authorjsing <>2021-03-21 18:36:34 +0000
committerjsing <>2021-03-21 18:36:34 +0000
commitb4267956efe26acca04e81248b224852ab3b48df (patch)
tree04368005066ac217cbc5ba4c6633356e81eb6d00 /src/lib/libssl/tls13_lib.c
parent25064bbd608cffa42b7bf46d3ea7eeb88d693de4 (diff)
downloadopenbsd-b4267956efe26acca04e81248b224852ab3b48df.tar.gz
openbsd-b4267956efe26acca04e81248b224852ab3b48df.tar.bz2
openbsd-b4267956efe26acca04e81248b224852ab3b48df.zip
Move the TLSv1.3 handshake struct inside the shared handshake struct.
There are currently three different handshake structs that are in use - the SSL_HANDSHAKE struct (as S3I(s)->hs), the SSL_HANDSHAKE_TLS13 struct (as S3I(s)->hs_tls13 or ctx->hs in the TLSv1.3 code) and the infamous 'tmp' embedded in SSL3_STATE_INTERNAL (as S3I(s)->tmp)). This is the first step towards cleaning up the handshake structs so that shared data is in the SSL_HANDSHAKE struct, with sub-structs for TLSv1.2 and TLSv1.3 specific information. Place SSL_HANDSHAKE_TLS13 inside SSL_HANDSHAKE and change ctx->hs to refer to the SSL_HANDSHAKE struct instead of the SSL_HANDSHAKE_TLS13 struct. This allows the TLSv1.3 code to access the shared handshake data without needing the SSL struct. ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/tls13_lib.c')
-rw-r--r--src/lib/libssl/tls13_lib.c44
1 files changed, 22 insertions, 22 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 0b3f636b93..9dbb7d6430 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.57 2021/03/21 16:56:42 jsing Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.58 2021/03/21 18:36:34 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -223,7 +223,7 @@ tls13_legacy_ocsp_status_recv_cb(void *arg)
223static int 223static int
224tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx) 224tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx)
225{ 225{
226 struct tls13_secrets *secrets = ctx->hs->secrets; 226 struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
227 227
228 if (ctx->mode == TLS13_HS_CLIENT) 228 if (ctx->mode == TLS13_HS_CLIENT)
229 return (tls13_update_client_traffic_secret(secrets) && 229 return (tls13_update_client_traffic_secret(secrets) &&
@@ -237,7 +237,7 @@ tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx)
237static int 237static int
238tls13_phh_update_peer_traffic_secret(struct tls13_ctx *ctx) 238tls13_phh_update_peer_traffic_secret(struct tls13_ctx *ctx)
239{ 239{
240 struct tls13_secrets *secrets = ctx->hs->secrets; 240 struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
241 241
242 if (ctx->mode == TLS13_HS_CLIENT) 242 if (ctx->mode == TLS13_HS_CLIENT)
243 return (tls13_update_server_traffic_secret(secrets) && 243 return (tls13_update_server_traffic_secret(secrets) &&
@@ -503,16 +503,16 @@ tls13_synthetic_handshake_message(struct tls13_ctx *ctx)
503int 503int
504tls13_clienthello_hash_init(struct tls13_ctx *ctx) 504tls13_clienthello_hash_init(struct tls13_ctx *ctx)
505{ 505{
506 if (ctx->hs->clienthello_md_ctx != NULL) 506 if (ctx->hs->tls13.clienthello_md_ctx != NULL)
507 return 0; 507 return 0;
508 if ((ctx->hs->clienthello_md_ctx = EVP_MD_CTX_new()) == NULL) 508 if ((ctx->hs->tls13.clienthello_md_ctx = EVP_MD_CTX_new()) == NULL)
509 return 0; 509 return 0;
510 if (!EVP_DigestInit_ex(ctx->hs->clienthello_md_ctx, 510 if (!EVP_DigestInit_ex(ctx->hs->tls13.clienthello_md_ctx,
511 EVP_sha256(), NULL)) 511 EVP_sha256(), NULL))
512 return 0; 512 return 0;
513 513
514 if ((ctx->hs->clienthello_hash == NULL) && 514 if ((ctx->hs->tls13.clienthello_hash == NULL) &&
515 (ctx->hs->clienthello_hash = calloc(1, EVP_MAX_MD_SIZE)) == 515 (ctx->hs->tls13.clienthello_hash = calloc(1, EVP_MAX_MD_SIZE)) ==
516 NULL) 516 NULL)
517 return 0; 517 return 0;
518 518
@@ -520,7 +520,7 @@ tls13_clienthello_hash_init(struct tls13_ctx *ctx)
520} 520}
521 521
522void 522void
523tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs) 523tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs) /* XXX */
524{ 524{
525 EVP_MD_CTX_free(hs->clienthello_md_ctx); 525 EVP_MD_CTX_free(hs->clienthello_md_ctx);
526 hs->clienthello_md_ctx = NULL; 526 hs->clienthello_md_ctx = NULL;
@@ -532,7 +532,7 @@ int
532tls13_clienthello_hash_update_bytes(struct tls13_ctx *ctx, void *data, 532tls13_clienthello_hash_update_bytes(struct tls13_ctx *ctx, void *data,
533 size_t len) 533 size_t len)
534{ 534{
535 return EVP_DigestUpdate(ctx->hs->clienthello_md_ctx, data, len); 535 return EVP_DigestUpdate(ctx->hs->tls13.clienthello_md_ctx, data, len);
536} 536}
537 537
538int 538int
@@ -545,12 +545,12 @@ tls13_clienthello_hash_update(struct tls13_ctx *ctx, CBS *cbs)
545int 545int
546tls13_clienthello_hash_finalize(struct tls13_ctx *ctx) 546tls13_clienthello_hash_finalize(struct tls13_ctx *ctx)
547{ 547{
548 if (!EVP_DigestFinal_ex(ctx->hs->clienthello_md_ctx, 548 if (!EVP_DigestFinal_ex(ctx->hs->tls13.clienthello_md_ctx,
549 ctx->hs->clienthello_hash, 549 ctx->hs->tls13.clienthello_hash,
550 &ctx->hs->clienthello_hash_len)) 550 &ctx->hs->tls13.clienthello_hash_len))
551 return 0; 551 return 0;
552 EVP_MD_CTX_free(ctx->hs->clienthello_md_ctx); 552 EVP_MD_CTX_free(ctx->hs->tls13.clienthello_md_ctx);
553 ctx->hs->clienthello_md_ctx = NULL; 553 ctx->hs->tls13.clienthello_md_ctx = NULL;
554 return 1; 554 return 1;
555} 555}
556 556
@@ -560,18 +560,18 @@ tls13_clienthello_hash_validate(struct tls13_ctx *ctx)
560 unsigned char new_ch_hash[EVP_MAX_MD_SIZE]; 560 unsigned char new_ch_hash[EVP_MAX_MD_SIZE];
561 unsigned int new_ch_hash_len; 561 unsigned int new_ch_hash_len;
562 562
563 if (ctx->hs->clienthello_hash == NULL) 563 if (ctx->hs->tls13.clienthello_hash == NULL)
564 return 0; 564 return 0;
565 565
566 if (!EVP_DigestFinal_ex(ctx->hs->clienthello_md_ctx, 566 if (!EVP_DigestFinal_ex(ctx->hs->tls13.clienthello_md_ctx,
567 new_ch_hash, &new_ch_hash_len)) 567 new_ch_hash, &new_ch_hash_len))
568 return 0; 568 return 0;
569 EVP_MD_CTX_free(ctx->hs->clienthello_md_ctx); 569 EVP_MD_CTX_free(ctx->hs->tls13.clienthello_md_ctx);
570 ctx->hs->clienthello_md_ctx = NULL; 570 ctx->hs->tls13.clienthello_md_ctx = NULL;
571 571
572 if (ctx->hs->clienthello_hash_len != new_ch_hash_len) 572 if (ctx->hs->tls13.clienthello_hash_len != new_ch_hash_len)
573 return 0; 573 return 0;
574 if (memcmp(ctx->hs->clienthello_hash, new_ch_hash, 574 if (memcmp(ctx->hs->tls13.clienthello_hash, new_ch_hash,
575 new_ch_hash_len) != 0) 575 new_ch_hash_len) != 0)
576 return 0; 576 return 0;
577 577
@@ -584,7 +584,7 @@ tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len,
584 size_t out_len) 584 size_t out_len)
585{ 585{
586 struct tls13_secret context, export_out, export_secret; 586 struct tls13_secret context, export_out, export_secret;
587 struct tls13_secrets *secrets = ctx->hs->secrets; 587 struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
588 EVP_MD_CTX *md_ctx = NULL; 588 EVP_MD_CTX *md_ctx = NULL;
589 unsigned int md_out_len; 589 unsigned int md_out_len;
590 int md_len; 590 int md_len;