4 files changed, 44 insertions, 50 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 4ec5e58f02..1d59f33279 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.28 2020/01/22 13:10:51 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.29 2020/01/23 02:24:38 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -202,18 +202,12 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb)
 }
 int
-tls13_client_hello_send(struct tls13_ctx *ctx)
+tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb)
 {
-        CBB body;
        if (ctx->hs->min_version < TLS1_2_VERSION)
                tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION);
-        if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_CLIENT_HELLO))
+        if (!tls13_client_hello_build(ctx, cbb))
-                return 0;
-        if (!tls13_client_hello_build(ctx, &body))
-                return 0;
-        if (!tls13_handshake_msg_finish(ctx->hs_msg))
                return 0;
        return 1;
@@ -741,7 +735,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 int
-tls13_client_finished_send(struct tls13_ctx *ctx)
+tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        struct tls13_secrets *secrets = ctx->hs->secrets;
        struct tls13_secret context = { .data = "", .len = 0 };
@@ -754,7 +748,6 @@ tls13_client_finished_send(struct tls13_ctx *ctx)
        unsigned int hlen;
        HMAC_CTX *hmac_ctx = NULL;
        int ret = 0;
-        CBB body;
        finished_key.data = key;
        finished_key.len = EVP_MD_size(ctx->hash);
@@ -776,17 +769,13 @@ tls13_client_finished_send(struct tls13_ctx *ctx)
        if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len))
                goto err;
-        if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_FINISHED))
-                goto err;
        hmac_len = HMAC_size(hmac_ctx);
-        if (!CBB_add_space(&body, &verify_data, hmac_len))
+        if (!CBB_add_space(cbb, &verify_data, hmac_len))
                goto err;
        if (!HMAC_Final(hmac_ctx, verify_data, &hlen))
                goto err;
        if (hlen != hmac_len)
                goto err;
-        if (!tls13_handshake_msg_finish(ctx->hs_msg))
-                goto err;
        ret = 1;
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index d4d998248d..1157d6ecac 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_handshake.c,v 1.40 2020/01/22 13:10:51 jsing Exp $      */
+/*      $OpenBSD: tls13_handshake.c,v 1.41 2020/01/23 02:24:38 jsing Exp $      */
 /*
 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -30,7 +30,7 @@ struct tls13_handshake_action {
        uint8_t                 handshake_complete;
        uint8_t                 preserve_transcript_hash;
-        int (*send)(struct tls13_ctx *ctx);
+        int (*send)(struct tls13_ctx *ctx, CBB *cbb);
        int (*sent)(struct tls13_ctx *ctx);
        int (*recv)(struct tls13_ctx *ctx, CBS *cbs);
 };
@@ -321,17 +321,22 @@ tls13_handshake_send_action(struct tls13_ctx *ctx,
    struct tls13_handshake_action *action)
 {
        ssize_t ret;
+        CBB cbb;
        CBS cbs;
        /* If we have no handshake message, we need to build one. */
        if (ctx->hs_msg == NULL) {
                if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)
                        return TLS13_IO_FAILURE;
+                if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb,
-                /* XXX - provide CBB. */
+                    action->handshake_type))
-                if (!action->send(ctx))
+                        return TLS13_IO_FAILURE;
+                if (!action->send(ctx, &cbb))
                        return TLS13_IO_FAILURE;
-                else if (ctx->alert)
+                if (!tls13_handshake_msg_finish(ctx->hs_msg))
+                        return TLS13_IO_FAILURE;
+                if (ctx->alert)
                        return tls13_send_alert(ctx->rl, ctx->alert);
        }
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index ba34961e33..d8a74ef67a 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.45 2020/01/22 13:10:51 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.46 2020/01/23 02:24:38 jsing Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -257,36 +257,36 @@ int tls13_legacy_shutdown(SSL *ssl);
 int tls13_handshake_perform(struct tls13_ctx *ctx);
-int tls13_client_hello_send(struct tls13_ctx *ctx);
+int tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_hello_sent(struct tls13_ctx *ctx);
 int tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_hello_retry_send(struct tls13_ctx *ctx);
+int tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx);
+int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_certificate_send(struct tls13_ctx *ctx);
+int tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_certificate_verify_send(struct tls13_ctx *ctx);
+int tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs);
 int tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_finished_send(struct tls13_ctx *ctx);
+int tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_finished_sent(struct tls13_ctx *ctx);
-int tls13_client_key_update_send(struct tls13_ctx *ctx);
+int tls13_client_key_update_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_key_update_recv(struct tls13_ctx *ctx, CBS *cbs);
 int tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_hello_send(struct tls13_ctx *ctx);
+int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_hello_retry_send(struct tls13_ctx *ctx);
+int tls13_server_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx);
+int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_certificate_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_certificate_request_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_certificate_verify_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs);
 int tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_finished_send(struct tls13_ctx *ctx);
+int tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb);
 void tls13_error_clear(struct tls13_error *error);
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index ee7b92b9a3..88935cf645 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.7 2020/01/22 15:47:22 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.8 2020/01/23 02:24:38 jsing Exp $ */
 /*
 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -220,7 +220,7 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 int
-tls13_client_hello_retry_send(struct tls13_ctx *ctx)
+tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        return 0;
 }
@@ -232,7 +232,7 @@ tls13_server_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 int
-tls13_client_end_of_early_data_send(struct tls13_ctx *ctx)
+tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        return 0;
 }
@@ -244,7 +244,7 @@ tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 int
-tls13_client_certificate_send(struct tls13_ctx *ctx)
+tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        return 0;
 }
@@ -256,7 +256,7 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 int
-tls13_client_certificate_verify_send(struct tls13_ctx *ctx)
+tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        return 0;
 }
@@ -276,7 +276,7 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 int
-tls13_client_key_update_send(struct tls13_ctx *ctx)
+tls13_client_key_update_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        return 0;
 }
@@ -288,7 +288,7 @@ tls13_client_key_update_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 int
-tls13_server_hello_send(struct tls13_ctx *ctx)
+tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        ctx->handshake_stage.hs_type |= NEGOTIATED;
@@ -296,37 +296,37 @@ tls13_server_hello_send(struct tls13_ctx *ctx)
 }
 int
-tls13_server_hello_retry_send(struct tls13_ctx *ctx)
+tls13_server_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        return 0;
 }
 int
-tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx)
+tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        return 0;
 }
 int
-tls13_server_certificate_send(struct tls13_ctx *ctx)
+tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        return 0;
 }
 int
-tls13_server_certificate_request_send(struct tls13_ctx *ctx)
+tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        return 0;
 }
 int
-tls13_server_certificate_verify_send(struct tls13_ctx *ctx)
+tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        return 0;
 }
 int
-tls13_server_finished_send(struct tls13_ctx *ctx)
+tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb)
 {
        return 0;
 }

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 4ec5e58f02..1d59f33279 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.28 2020/01/22 13:10:51 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.29 2020/01/23 02:24:38 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -202,18 +202,12 @@ tls13_client_hello_build(struct tls13_ctx ctx, CBB cbb)
202	}	202	}
203		203
204	int	204	int
205	tls13_client_hello_send(struct tls13_ctx *ctx)	205	tls13_client_hello_send(struct tls13_ctx ctx, CBB cbb)
206	{	206	{
207	CBB body;
208
209	if (ctx->hs->min_version < TLS1_2_VERSION)	207	if (ctx->hs->min_version < TLS1_2_VERSION)
210	tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION);	208	tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION);
211		209
212	if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_CLIENT_HELLO))	210	if (!tls13_client_hello_build(ctx, cbb))
213	return 0;
214	if (!tls13_client_hello_build(ctx, &body))
215	return 0;
216	if (!tls13_handshake_msg_finish(ctx->hs_msg))
217	return 0;	211	return 0;
218		212
219	return 1;	213	return 1;
@@ -741,7 +735,7 @@ tls13_server_finished_recv(struct tls13_ctx ctx, CBS cbs)
741	}	735	}
742		736
743	int	737	int
744	tls13_client_finished_send(struct tls13_ctx *ctx)	738	tls13_client_finished_send(struct tls13_ctx ctx, CBB cbb)
745	{	739	{
746	struct tls13_secrets *secrets = ctx->hs->secrets;	740	struct tls13_secrets *secrets = ctx->hs->secrets;
747	struct tls13_secret context = { .data = "", .len = 0 };	741	struct tls13_secret context = { .data = "", .len = 0 };
@@ -754,7 +748,6 @@ tls13_client_finished_send(struct tls13_ctx *ctx)
754	unsigned int hlen;	748	unsigned int hlen;
755	HMAC_CTX *hmac_ctx = NULL;	749	HMAC_CTX *hmac_ctx = NULL;
756	int ret = 0;	750	int ret = 0;
757	CBB body;
758		751
759	finished_key.data = key;	752	finished_key.data = key;
760	finished_key.len = EVP_MD_size(ctx->hash);	753	finished_key.len = EVP_MD_size(ctx->hash);
@@ -776,17 +769,13 @@ tls13_client_finished_send(struct tls13_ctx *ctx)
776	if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len))	769	if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len))
777	goto err;	770	goto err;
778		771
779	if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_FINISHED))
780	goto err;
781	hmac_len = HMAC_size(hmac_ctx);	772	hmac_len = HMAC_size(hmac_ctx);
782	if (!CBB_add_space(&body, &verify_data, hmac_len))	773	if (!CBB_add_space(cbb, &verify_data, hmac_len))
783	goto err;	774	goto err;
784	if (!HMAC_Final(hmac_ctx, verify_data, &hlen))	775	if (!HMAC_Final(hmac_ctx, verify_data, &hlen))
785	goto err;	776	goto err;
786	if (hlen != hmac_len)	777	if (hlen != hmac_len)
787	goto err;	778	goto err;
788	if (!tls13_handshake_msg_finish(ctx->hs_msg))
789	goto err;
790		779
791	ret = 1;	780	ret = 1;
792		781


diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index d4d998248d..1157d6ecac 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_handshake.c,v 1.40 2020/01/22 13:10:51 jsing Exp $ */	1	/* $OpenBSD: tls13_handshake.c,v 1.41 2020/01/23 02:24:38 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>	3	* Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
4	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>	4	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -30,7 +30,7 @@ struct tls13_handshake_action {
30	uint8_t handshake_complete;	30	uint8_t handshake_complete;
31	uint8_t preserve_transcript_hash;	31	uint8_t preserve_transcript_hash;
32		32
33	int (send)(struct tls13_ctx ctx);	33	int (send)(struct tls13_ctx ctx, CBB *cbb);
34	int (sent)(struct tls13_ctx ctx);	34	int (sent)(struct tls13_ctx ctx);
35	int (recv)(struct tls13_ctx ctx, CBS *cbs);	35	int (recv)(struct tls13_ctx ctx, CBS *cbs);
36	};	36	};
@@ -321,17 +321,22 @@ tls13_handshake_send_action(struct tls13_ctx *ctx,
321	struct tls13_handshake_action *action)	321	struct tls13_handshake_action *action)
322	{	322	{
323	ssize_t ret;	323	ssize_t ret;
		324	CBB cbb;
324	CBS cbs;	325	CBS cbs;
325		326
326	/* If we have no handshake message, we need to build one. */	327	/* If we have no handshake message, we need to build one. */
327	if (ctx->hs_msg == NULL) {	328	if (ctx->hs_msg == NULL) {
328	if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)	329	if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)
329	return TLS13_IO_FAILURE;	330	return TLS13_IO_FAILURE;
330		331	if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb,
331	/* XXX - provide CBB. */	332	action->handshake_type))
332	if (!action->send(ctx))	333	return TLS13_IO_FAILURE;
		334	if (!action->send(ctx, &cbb))
333	return TLS13_IO_FAILURE;	335	return TLS13_IO_FAILURE;
334	else if (ctx->alert)	336	if (!tls13_handshake_msg_finish(ctx->hs_msg))
		337	return TLS13_IO_FAILURE;
		338
		339	if (ctx->alert)
335	return tls13_send_alert(ctx->rl, ctx->alert);	340	return tls13_send_alert(ctx->rl, ctx->alert);
336	}	341	}
337		342


diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index ba34961e33..d8a74ef67a 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_internal.h,v 1.45 2020/01/22 13:10:51 jsing Exp $ */	1	/* $OpenBSD: tls13_internal.h,v 1.46 2020/01/23 02:24:38 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -257,36 +257,36 @@ int tls13_legacy_shutdown(SSL *ssl);
257		257
258	int tls13_handshake_perform(struct tls13_ctx *ctx);	258	int tls13_handshake_perform(struct tls13_ctx *ctx);
259		259
260	int tls13_client_hello_send(struct tls13_ctx *ctx);	260	int tls13_client_hello_send(struct tls13_ctx ctx, CBB cbb);
261	int tls13_client_hello_sent(struct tls13_ctx *ctx);	261	int tls13_client_hello_sent(struct tls13_ctx *ctx);
262	int tls13_client_hello_recv(struct tls13_ctx ctx, CBS cbs);	262	int tls13_client_hello_recv(struct tls13_ctx ctx, CBS cbs);
263	int tls13_client_hello_retry_send(struct tls13_ctx *ctx);	263	int tls13_client_hello_retry_send(struct tls13_ctx ctx, CBB cbb);
264	int tls13_client_hello_retry_recv(struct tls13_ctx ctx, CBS cbs);	264	int tls13_client_hello_retry_recv(struct tls13_ctx ctx, CBS cbs);
265	int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx);	265	int tls13_client_end_of_early_data_send(struct tls13_ctx ctx, CBB cbb);
266	int tls13_client_end_of_early_data_recv(struct tls13_ctx ctx, CBS cbs);	266	int tls13_client_end_of_early_data_recv(struct tls13_ctx ctx, CBS cbs);
267	int tls13_client_certificate_send(struct tls13_ctx *ctx);	267	int tls13_client_certificate_send(struct tls13_ctx ctx, CBB cbb);
268	int tls13_client_certificate_recv(struct tls13_ctx ctx, CBS cbs);	268	int tls13_client_certificate_recv(struct tls13_ctx ctx, CBS cbs);
269	int tls13_client_certificate_verify_send(struct tls13_ctx *ctx);	269	int tls13_client_certificate_verify_send(struct tls13_ctx ctx, CBB cbb);
270	int tls13_client_certificate_verify_recv(struct tls13_ctx ctx, CBS cbs);	270	int tls13_client_certificate_verify_recv(struct tls13_ctx ctx, CBS cbs);
271	int tls13_client_finished_recv(struct tls13_ctx ctx, CBS cbs);	271	int tls13_client_finished_recv(struct tls13_ctx ctx, CBS cbs);
272	int tls13_client_finished_send(struct tls13_ctx *ctx);	272	int tls13_client_finished_send(struct tls13_ctx ctx, CBB cbb);
273	int tls13_client_finished_sent(struct tls13_ctx *ctx);	273	int tls13_client_finished_sent(struct tls13_ctx *ctx);
274	int tls13_client_key_update_send(struct tls13_ctx *ctx);	274	int tls13_client_key_update_send(struct tls13_ctx ctx, CBB cbb);
275	int tls13_client_key_update_recv(struct tls13_ctx ctx, CBS cbs);	275	int tls13_client_key_update_recv(struct tls13_ctx ctx, CBS cbs);
276	int tls13_server_hello_recv(struct tls13_ctx ctx, CBS cbs);	276	int tls13_server_hello_recv(struct tls13_ctx ctx, CBS cbs);
277	int tls13_server_hello_send(struct tls13_ctx *ctx);	277	int tls13_server_hello_send(struct tls13_ctx ctx, CBB cbb);
278	int tls13_server_hello_retry_recv(struct tls13_ctx ctx, CBS cbs);	278	int tls13_server_hello_retry_recv(struct tls13_ctx ctx, CBS cbs);
279	int tls13_server_hello_retry_send(struct tls13_ctx *ctx);	279	int tls13_server_hello_retry_send(struct tls13_ctx ctx, CBB cbb);
280	int tls13_server_encrypted_extensions_recv(struct tls13_ctx ctx, CBS cbs);	280	int tls13_server_encrypted_extensions_recv(struct tls13_ctx ctx, CBS cbs);
281	int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx);	281	int tls13_server_encrypted_extensions_send(struct tls13_ctx ctx, CBB cbb);
282	int tls13_server_certificate_recv(struct tls13_ctx ctx, CBS cbs);	282	int tls13_server_certificate_recv(struct tls13_ctx ctx, CBS cbs);
283	int tls13_server_certificate_send(struct tls13_ctx *ctx);	283	int tls13_server_certificate_send(struct tls13_ctx ctx, CBB cbb);
284	int tls13_server_certificate_request_recv(struct tls13_ctx ctx, CBS cbs);	284	int tls13_server_certificate_request_recv(struct tls13_ctx ctx, CBS cbs);
285	int tls13_server_certificate_request_send(struct tls13_ctx *ctx);	285	int tls13_server_certificate_request_send(struct tls13_ctx ctx, CBB cbb);
286	int tls13_server_certificate_verify_send(struct tls13_ctx *ctx);	286	int tls13_server_certificate_verify_send(struct tls13_ctx ctx, CBB cbb);
287	int tls13_server_certificate_verify_recv(struct tls13_ctx ctx, CBS cbs);	287	int tls13_server_certificate_verify_recv(struct tls13_ctx ctx, CBS cbs);
288	int tls13_server_finished_recv(struct tls13_ctx ctx, CBS cbs);	288	int tls13_server_finished_recv(struct tls13_ctx ctx, CBS cbs);
289	int tls13_server_finished_send(struct tls13_ctx *ctx);	289	int tls13_server_finished_send(struct tls13_ctx ctx, CBB cbb);
290		290
291	void tls13_error_clear(struct tls13_error *error);	291	void tls13_error_clear(struct tls13_error *error);
292		292


diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index ee7b92b9a3..88935cf645 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.7 2020/01/22 15:47:22 jsing Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.8 2020/01/23 02:24:38 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -220,7 +220,7 @@ tls13_client_hello_recv(struct tls13_ctx ctx, CBS cbs)
220	}	220	}
221		221
222	int	222	int
223	tls13_client_hello_retry_send(struct tls13_ctx *ctx)	223	tls13_client_hello_retry_send(struct tls13_ctx ctx, CBB cbb)
224	{	224	{
225	return 0;	225	return 0;
226	}	226	}
@@ -232,7 +232,7 @@ tls13_server_hello_retry_recv(struct tls13_ctx ctx, CBS cbs)
232	}	232	}
233		233
234	int	234	int
235	tls13_client_end_of_early_data_send(struct tls13_ctx *ctx)	235	tls13_client_end_of_early_data_send(struct tls13_ctx ctx, CBB cbb)
236	{	236	{
237	return 0;	237	return 0;
238	}	238	}
@@ -244,7 +244,7 @@ tls13_client_end_of_early_data_recv(struct tls13_ctx ctx, CBS cbs)
244	}	244	}
245		245
246	int	246	int
247	tls13_client_certificate_send(struct tls13_ctx *ctx)	247	tls13_client_certificate_send(struct tls13_ctx ctx, CBB cbb)
248	{	248	{
249	return 0;	249	return 0;
250	}	250	}
@@ -256,7 +256,7 @@ tls13_client_certificate_recv(struct tls13_ctx ctx, CBS cbs)
256	}	256	}
257		257
258	int	258	int
259	tls13_client_certificate_verify_send(struct tls13_ctx *ctx)	259	tls13_client_certificate_verify_send(struct tls13_ctx ctx, CBB cbb)
260	{	260	{
261	return 0;	261	return 0;
262	}	262	}
@@ -276,7 +276,7 @@ tls13_client_finished_recv(struct tls13_ctx ctx, CBS cbs)
276	}	276	}
277		277
278	int	278	int
279	tls13_client_key_update_send(struct tls13_ctx *ctx)	279	tls13_client_key_update_send(struct tls13_ctx ctx, CBB cbb)
280	{	280	{
281	return 0;	281	return 0;
282	}	282	}
@@ -288,7 +288,7 @@ tls13_client_key_update_recv(struct tls13_ctx ctx, CBS cbs)
288	}	288	}
289		289
290	int	290	int
291	tls13_server_hello_send(struct tls13_ctx *ctx)	291	tls13_server_hello_send(struct tls13_ctx ctx, CBB cbb)
292	{	292	{
293	ctx->handshake_stage.hs_type \|= NEGOTIATED;	293	ctx->handshake_stage.hs_type \|= NEGOTIATED;
294		294
@@ -296,37 +296,37 @@ tls13_server_hello_send(struct tls13_ctx *ctx)
296	}	296	}
297		297
298	int	298	int
299	tls13_server_hello_retry_send(struct tls13_ctx *ctx)	299	tls13_server_hello_retry_send(struct tls13_ctx ctx, CBB cbb)
300	{	300	{
301	return 0;	301	return 0;
302	}	302	}
303		303
304	int	304	int
305	tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx)	305	tls13_server_encrypted_extensions_send(struct tls13_ctx ctx, CBB cbb)
306	{	306	{
307	return 0;	307	return 0;
308	}	308	}
309		309
310	int	310	int
311	tls13_server_certificate_send(struct tls13_ctx *ctx)	311	tls13_server_certificate_send(struct tls13_ctx ctx, CBB cbb)
312	{	312	{
313	return 0;	313	return 0;
314	}	314	}
315		315
316	int	316	int
317	tls13_server_certificate_request_send(struct tls13_ctx *ctx)	317	tls13_server_certificate_request_send(struct tls13_ctx ctx, CBB cbb)
318	{	318	{
319	return 0;	319	return 0;
320	}	320	}
321		321
322	int	322	int
323	tls13_server_certificate_verify_send(struct tls13_ctx *ctx)	323	tls13_server_certificate_verify_send(struct tls13_ctx ctx, CBB cbb)
324	{	324	{
325	return 0;	325	return 0;
326	}	326	}
327		327
328	int	328	int
329	tls13_server_finished_send(struct tls13_ctx *ctx)	329	tls13_server_finished_send(struct tls13_ctx ctx, CBB cbb)
330	{	330	{
331	return 0;	331	return 0;
332	}	332	}