1 files changed, 2 insertions, 45 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 70a33b7131..5bd7681f19 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.52 2020/04/27 20:15:17 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.53 2020/04/28 20:30:40 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -424,49 +424,6 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
 }
 static int
-tls13_client_synthetic_handshake_message(struct tls13_ctx *ctx)
-{
-        struct tls13_handshake_msg *hm = NULL;
-        unsigned char buf[EVP_MAX_MD_SIZE];
-        size_t hash_len;
-        CBB cbb;
-        CBS cbs;
-        SSL *s = ctx->ssl;
-        int ret = 0;
-        /*
-         * Replace ClientHello with synthetic handshake message - see
-         * RFC 8446 section 4.4.1.
-         */
-        if (!tls1_transcript_hash_init(s))
-                goto err;
-        if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len))
-                goto err;
-        if ((hm = tls13_handshake_msg_new()) == NULL)
-                goto err;
-        if (!tls13_handshake_msg_start(hm, &cbb, TLS13_MT_MESSAGE_HASH))
-                goto err;
-        if (!CBB_add_bytes(&cbb, buf, hash_len))
-                goto err;
-        if (!tls13_handshake_msg_finish(hm))
-                goto err;
-        tls13_handshake_msg_data(hm, &cbs);
-        tls1_transcript_reset(ctx->ssl);
-        if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs)))
-                goto err;
-        ret = 1;
- err:
-        tls13_handshake_msg_free(hm);
-        return ret;
-}
-static int
 tls13_client_engage_record_protection(struct tls13_ctx *ctx)
 {
        struct tls13_secrets *secrets;
@@ -559,7 +516,7 @@ tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs)
        if (!ctx->hs->hrr)
                return 0;
-        if (!tls13_client_synthetic_handshake_message(ctx))
+        if (!tls13_synthetic_handshake_message(ctx))
                return 0;
        if (!tls13_handshake_msg_record(ctx))
                return 0;

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 70a33b7131..5bd7681f19 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.52 2020/04/27 20:15:17 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.53 2020/04/28 20:30:40 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -424,49 +424,6 @@ tls13_server_hello_process(struct tls13_ctx ctx, CBS cbs)
424	}	424	}
425		425
426	static int	426	static int
427	tls13_client_synthetic_handshake_message(struct tls13_ctx *ctx)
428	{
429	struct tls13_handshake_msg *hm = NULL;
430	unsigned char buf[EVP_MAX_MD_SIZE];
431	size_t hash_len;
432	CBB cbb;
433	CBS cbs;
434	SSL *s = ctx->ssl;
435	int ret = 0;
436
437	/*
438	* Replace ClientHello with synthetic handshake message - see
439	* RFC 8446 section 4.4.1.
440	*/
441	if (!tls1_transcript_hash_init(s))
442	goto err;
443	if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len))
444	goto err;
445
446	if ((hm = tls13_handshake_msg_new()) == NULL)
447	goto err;
448	if (!tls13_handshake_msg_start(hm, &cbb, TLS13_MT_MESSAGE_HASH))
449	goto err;
450	if (!CBB_add_bytes(&cbb, buf, hash_len))
451	goto err;
452	if (!tls13_handshake_msg_finish(hm))
453	goto err;
454
455	tls13_handshake_msg_data(hm, &cbs);
456
457	tls1_transcript_reset(ctx->ssl);
458	if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs)))
459	goto err;
460
461	ret = 1;
462
463	err:
464	tls13_handshake_msg_free(hm);
465
466	return ret;
467	}
468
469	static int
470	tls13_client_engage_record_protection(struct tls13_ctx *ctx)	427	tls13_client_engage_record_protection(struct tls13_ctx *ctx)
471	{	428	{
472	struct tls13_secrets *secrets;	429	struct tls13_secrets *secrets;
@@ -559,7 +516,7 @@ tls13_server_hello_retry_request_recv(struct tls13_ctx ctx, CBS cbs)
559	if (!ctx->hs->hrr)	516	if (!ctx->hs->hrr)
560	return 0;	517	return 0;
561		518
562	if (!tls13_client_synthetic_handshake_message(ctx))	519	if (!tls13_synthetic_handshake_message(ctx))
563	return 0;	520	return 0;
564	if (!tls13_handshake_msg_record(ctx))	521	if (!tls13_handshake_msg_record(ctx))
565	return 0;	522	return 0;