diff options
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
-rw-r--r-- | src/lib/libssl/tls13_client.c | 21 |
1 files changed, 5 insertions, 16 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 4ec5e58f02..1d59f33279 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls13_client.c,v 1.28 2020/01/22 13:10:51 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.29 2020/01/23 02:24:38 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -202,18 +202,12 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) | |||
202 | } | 202 | } |
203 | 203 | ||
204 | int | 204 | int |
205 | tls13_client_hello_send(struct tls13_ctx *ctx) | 205 | tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb) |
206 | { | 206 | { |
207 | CBB body; | ||
208 | |||
209 | if (ctx->hs->min_version < TLS1_2_VERSION) | 207 | if (ctx->hs->min_version < TLS1_2_VERSION) |
210 | tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION); | 208 | tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION); |
211 | 209 | ||
212 | if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_CLIENT_HELLO)) | 210 | if (!tls13_client_hello_build(ctx, cbb)) |
213 | return 0; | ||
214 | if (!tls13_client_hello_build(ctx, &body)) | ||
215 | return 0; | ||
216 | if (!tls13_handshake_msg_finish(ctx->hs_msg)) | ||
217 | return 0; | 211 | return 0; |
218 | 212 | ||
219 | return 1; | 213 | return 1; |
@@ -741,7 +735,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
741 | } | 735 | } |
742 | 736 | ||
743 | int | 737 | int |
744 | tls13_client_finished_send(struct tls13_ctx *ctx) | 738 | tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) |
745 | { | 739 | { |
746 | struct tls13_secrets *secrets = ctx->hs->secrets; | 740 | struct tls13_secrets *secrets = ctx->hs->secrets; |
747 | struct tls13_secret context = { .data = "", .len = 0 }; | 741 | struct tls13_secret context = { .data = "", .len = 0 }; |
@@ -754,7 +748,6 @@ tls13_client_finished_send(struct tls13_ctx *ctx) | |||
754 | unsigned int hlen; | 748 | unsigned int hlen; |
755 | HMAC_CTX *hmac_ctx = NULL; | 749 | HMAC_CTX *hmac_ctx = NULL; |
756 | int ret = 0; | 750 | int ret = 0; |
757 | CBB body; | ||
758 | 751 | ||
759 | finished_key.data = key; | 752 | finished_key.data = key; |
760 | finished_key.len = EVP_MD_size(ctx->hash); | 753 | finished_key.len = EVP_MD_size(ctx->hash); |
@@ -776,17 +769,13 @@ tls13_client_finished_send(struct tls13_ctx *ctx) | |||
776 | if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) | 769 | if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) |
777 | goto err; | 770 | goto err; |
778 | 771 | ||
779 | if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_FINISHED)) | ||
780 | goto err; | ||
781 | hmac_len = HMAC_size(hmac_ctx); | 772 | hmac_len = HMAC_size(hmac_ctx); |
782 | if (!CBB_add_space(&body, &verify_data, hmac_len)) | 773 | if (!CBB_add_space(cbb, &verify_data, hmac_len)) |
783 | goto err; | 774 | goto err; |
784 | if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) | 775 | if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) |
785 | goto err; | 776 | goto err; |
786 | if (hlen != hmac_len) | 777 | if (hlen != hmac_len) |
787 | goto err; | 778 | goto err; |
788 | if (!tls13_handshake_msg_finish(ctx->hs_msg)) | ||
789 | goto err; | ||
790 | 779 | ||
791 | ret = 1; | 780 | ret = 1; |
792 | 781 | ||