summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_transcript.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_transcript.c')
-rw-r--r--src/lib/libssl/ssl_transcript.c41
1 files changed, 14 insertions, 27 deletions
diff --git a/src/lib/libssl/ssl_transcript.c b/src/lib/libssl/ssl_transcript.c
index d0af8e6942..e4a041f67d 100644
--- a/src/lib/libssl/ssl_transcript.c
+++ b/src/lib/libssl/ssl_transcript.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_transcript.c,v 1.7 2022/03/17 17:22:16 jsing Exp $ */ 1/* $OpenBSD: ssl_transcript.c,v 1.8 2022/07/22 19:54:46 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -18,6 +18,7 @@
18#include <openssl/ssl.h> 18#include <openssl/ssl.h>
19 19
20#include "ssl_locl.h" 20#include "ssl_locl.h"
21#include "tls_internal.h"
21 22
22int 23int
23tls1_transcript_hash_init(SSL *s) 24tls1_transcript_hash_init(SSL *s)
@@ -118,7 +119,7 @@ tls1_transcript_init(SSL *s)
118 if (s->s3->handshake_transcript != NULL) 119 if (s->s3->handshake_transcript != NULL)
119 return 0; 120 return 0;
120 121
121 if ((s->s3->handshake_transcript = BUF_MEM_new()) == NULL) 122 if ((s->s3->handshake_transcript = tls_buffer_new(0)) == NULL)
122 return 0; 123 return 0;
123 124
124 tls1_transcript_reset(s); 125 tls1_transcript_reset(s);
@@ -129,21 +130,14 @@ tls1_transcript_init(SSL *s)
129void 130void
130tls1_transcript_free(SSL *s) 131tls1_transcript_free(SSL *s)
131{ 132{
132 BUF_MEM_free(s->s3->handshake_transcript); 133 tls_buffer_free(s->s3->handshake_transcript);
133 s->s3->handshake_transcript = NULL; 134 s->s3->handshake_transcript = NULL;
134} 135}
135 136
136void 137void
137tls1_transcript_reset(SSL *s) 138tls1_transcript_reset(SSL *s)
138{ 139{
139 /* 140 tls_buffer_clear(s->s3->handshake_transcript);
140 * We should check the return value of BUF_MEM_grow_clean(), however
141 * due to yet another bad API design, when called with a length of zero
142 * it is impossible to tell if it succeeded (returning a length of zero)
143 * or if it failed (and returned zero)... our implementation never
144 * fails with a length of zero, so we trust all is okay...
145 */
146 (void)BUF_MEM_grow_clean(s->s3->handshake_transcript, 0);
147 141
148 tls1_transcript_unfreeze(s); 142 tls1_transcript_unfreeze(s);
149} 143}
@@ -151,36 +145,29 @@ tls1_transcript_reset(SSL *s)
151int 145int
152tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len) 146tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len)
153{ 147{
154 size_t olen, nlen;
155
156 if (s->s3->handshake_transcript == NULL) 148 if (s->s3->handshake_transcript == NULL)
157 return 1; 149 return 1;
158 150
159 if (s->s3->flags & TLS1_FLAGS_FREEZE_TRANSCRIPT) 151 if (s->s3->flags & TLS1_FLAGS_FREEZE_TRANSCRIPT)
160 return 1; 152 return 1;
161 153
162 olen = s->s3->handshake_transcript->length; 154 return tls_buffer_append(s->s3->handshake_transcript, buf, len);
163 nlen = olen + len;
164
165 if (nlen < olen)
166 return 0;
167
168 if (BUF_MEM_grow(s->s3->handshake_transcript, nlen) == 0)
169 return 0;
170
171 memcpy(s->s3->handshake_transcript->data + olen, buf, len);
172
173 return 1;
174} 155}
175 156
176int 157int
177tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len) 158tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len)
178{ 159{
160 CBS cbs;
161
179 if (s->s3->handshake_transcript == NULL) 162 if (s->s3->handshake_transcript == NULL)
180 return 0; 163 return 0;
181 164
182 *data = s->s3->handshake_transcript->data; 165 if (!tls_buffer_data(s->s3->handshake_transcript, &cbs))
183 *len = s->s3->handshake_transcript->length; 166 return 0;
167
168 /* XXX - change to caller providing a CBS argument. */
169 *data = CBS_data(&cbs);
170 *len = CBS_len(&cbs);
184 171
185 return 1; 172 return 1;
186} 173}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-09 17:33:22 +0000