diff options
Diffstat (limited to 'src/lib/libssl/tls13_server.c')
-rw-r--r-- | src/lib/libssl/tls13_server.c | 51 |
1 files changed, 5 insertions, 46 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 628e824313..8ed2a6ea11 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls13_server.c,v 1.16 2020/01/24 08:21:24 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.17 2020/01/26 02:45:27 beck Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
@@ -476,32 +476,6 @@ tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb) | |||
476 | return 0; | 476 | return 0; |
477 | } | 477 | } |
478 | 478 | ||
479 | static int | ||
480 | tls13_cert_add(CBB *cbb, X509 *cert) | ||
481 | { | ||
482 | CBB cert_data, cert_exts; | ||
483 | uint8_t *data; | ||
484 | int cert_len; | ||
485 | |||
486 | if ((cert_len = i2d_X509(cert, NULL)) < 0) | ||
487 | return 0; | ||
488 | |||
489 | if (!CBB_add_u24_length_prefixed(cbb, &cert_data)) | ||
490 | return 0; | ||
491 | if (!CBB_add_space(&cert_data, &data, cert_len)) | ||
492 | return 0; | ||
493 | if (i2d_X509(cert, &data) != cert_len) | ||
494 | return 0; | ||
495 | |||
496 | if (!CBB_add_u16_length_prefixed(cbb, &cert_exts)) | ||
497 | return 0; | ||
498 | |||
499 | if (!CBB_flush(cbb)) | ||
500 | return 0; | ||
501 | |||
502 | return 1; | ||
503 | } | ||
504 | |||
505 | int | 479 | int |
506 | tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) | 480 | tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) |
507 | { | 481 | { |
@@ -564,22 +538,6 @@ tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb) | |||
564 | return 0; | 538 | return 0; |
565 | } | 539 | } |
566 | 540 | ||
567 | /* | ||
568 | * Certificate Verify padding - RFC 8446 section 4.4.3. | ||
569 | */ | ||
570 | static uint8_t cert_verify_pad[64] = { | ||
571 | 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, | ||
572 | 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, | ||
573 | 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, | ||
574 | 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, | ||
575 | 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, | ||
576 | 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, | ||
577 | 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, | ||
578 | 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, | ||
579 | }; | ||
580 | |||
581 | static uint8_t server_cert_verify_context[] = "TLS 1.3, server CertificateVerify"; | ||
582 | |||
583 | int | 541 | int |
584 | tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) | 542 | tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) |
585 | { | 543 | { |
@@ -607,10 +565,11 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) | |||
607 | 565 | ||
608 | if (!CBB_init(&sig_cbb, 0)) | 566 | if (!CBB_init(&sig_cbb, 0)) |
609 | goto err; | 567 | goto err; |
610 | if (!CBB_add_bytes(&sig_cbb, cert_verify_pad, sizeof(cert_verify_pad))) | 568 | if (!CBB_add_bytes(&sig_cbb, tls13_cert_verify_pad, |
569 | sizeof(tls13_cert_verify_pad))) | ||
611 | goto err; | 570 | goto err; |
612 | if (!CBB_add_bytes(&sig_cbb, server_cert_verify_context, | 571 | if (!CBB_add_bytes(&sig_cbb, tls13_cert_server_verify_context, |
613 | strlen(server_cert_verify_context))) | 572 | strlen(tls13_cert_server_verify_context))) |
614 | goto err; | 573 | goto err; |
615 | if (!CBB_add_u8(&sig_cbb, 0)) | 574 | if (!CBB_add_u8(&sig_cbb, 0)) |
616 | goto err; | 575 | goto err; |