summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/tls13_server.c')
-rw-r--r--src/lib/libssl/tls13_server.c20
1 files changed, 7 insertions, 13 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 63b7d92093..604dab4cba 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.109 2024/07/22 14:47:15 jsing Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.112 2025/12/04 21:03:42 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -327,7 +327,7 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
327} 327}
328 328
329static int 329static int
330tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr) 330tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb)
331{ 331{
332 uint16_t tlsext_msg_type = SSL_TLSEXT_MSG_SH; 332 uint16_t tlsext_msg_type = SSL_TLSEXT_MSG_SH;
333 const uint8_t *server_random; 333 const uint8_t *server_random;
@@ -338,7 +338,7 @@ tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr)
338 cipher = SSL_CIPHER_get_value(ctx->hs->cipher); 338 cipher = SSL_CIPHER_get_value(ctx->hs->cipher);
339 server_random = s->s3->server_random; 339 server_random = s->s3->server_random;
340 340
341 if (hrr) { 341 if (ctx->hs->tls13.hrr) {
342 server_random = tls13_hello_retry_request_hash; 342 server_random = tls13_hello_retry_request_hash;
343 tlsext_msg_type = SSL_TLSEXT_MSG_HRR; 343 tlsext_msg_type = SSL_TLSEXT_MSG_HRR;
344 } 344 }
@@ -437,8 +437,6 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx)
437int 437int
438tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb) 438tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb)
439{ 439{
440 int nid;
441
442 ctx->hs->tls13.hrr = 1; 440 ctx->hs->tls13.hrr = 1;
443 441
444 if (!tls13_synthetic_handshake_message(ctx)) 442 if (!tls13_synthetic_handshake_message(ctx))
@@ -446,12 +444,10 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb)
446 444
447 if (ctx->hs->key_share != NULL) 445 if (ctx->hs->key_share != NULL)
448 return 0; 446 return 0;
449 if (!tls1_get_supported_group(ctx->ssl, &nid)) 447 if (ctx->hs->tls13.server_group == 0)
450 return 0;
451 if (!tls1_ec_nid2group_id(nid, &ctx->hs->tls13.server_group))
452 return 0; 448 return 0;
453 449
454 if (!tls13_server_hello_build(ctx, cbb, 1)) 450 if (!tls13_server_hello_build(ctx, cbb))
455 return 0; 451 return 0;
456 452
457 return 1; 453 return 1;
@@ -506,14 +502,12 @@ tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb)
506{ 502{
507 if (ctx->hs->key_share == NULL) 503 if (ctx->hs->key_share == NULL)
508 return 0; 504 return 0;
509 if (!tls_key_share_generate(ctx->hs->key_share)) 505 if (!tls_key_share_server_generate(ctx->hs->key_share))
510 return 0; 506 return 0;
511 if (!tls13_servername_process(ctx)) 507 if (!tls13_servername_process(ctx))
512 return 0; 508 return 0;
513 509
514 ctx->hs->tls13.server_group = 0; 510 if (!tls13_server_hello_build(ctx, cbb))
515
516 if (!tls13_server_hello_build(ctx, cbb, 0))
517 return 0; 511 return 0;
518 512
519 return 1; 513 return 1;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-13 22:17:53 +0000