summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/tls13_server.c')
-rw-r--r--src/lib/libssl/tls13_server.c51
1 files changed, 5 insertions, 46 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 628e824313..8ed2a6ea11 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.16 2020/01/24 08:21:24 jsing Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.17 2020/01/26 02:45:27 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -476,32 +476,6 @@ tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb)
476 return 0; 476 return 0;
477} 477}
478 478
479static int
480tls13_cert_add(CBB *cbb, X509 *cert)
481{
482 CBB cert_data, cert_exts;
483 uint8_t *data;
484 int cert_len;
485
486 if ((cert_len = i2d_X509(cert, NULL)) < 0)
487 return 0;
488
489 if (!CBB_add_u24_length_prefixed(cbb, &cert_data))
490 return 0;
491 if (!CBB_add_space(&cert_data, &data, cert_len))
492 return 0;
493 if (i2d_X509(cert, &data) != cert_len)
494 return 0;
495
496 if (!CBB_add_u16_length_prefixed(cbb, &cert_exts))
497 return 0;
498
499 if (!CBB_flush(cbb))
500 return 0;
501
502 return 1;
503}
504
505int 479int
506tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) 480tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
507{ 481{
@@ -564,22 +538,6 @@ tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb)
564 return 0; 538 return 0;
565} 539}
566 540
567/*
568 * Certificate Verify padding - RFC 8446 section 4.4.3.
569 */
570static uint8_t cert_verify_pad[64] = {
571 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
572 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
573 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
574 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
575 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
576 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
577 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
578 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
579};
580
581static uint8_t server_cert_verify_context[] = "TLS 1.3, server CertificateVerify";
582
583int 541int
584tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) 542tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
585{ 543{
@@ -607,10 +565,11 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
607 565
608 if (!CBB_init(&sig_cbb, 0)) 566 if (!CBB_init(&sig_cbb, 0))
609 goto err; 567 goto err;
610 if (!CBB_add_bytes(&sig_cbb, cert_verify_pad, sizeof(cert_verify_pad))) 568 if (!CBB_add_bytes(&sig_cbb, tls13_cert_verify_pad,
569 sizeof(tls13_cert_verify_pad)))
611 goto err; 570 goto err;
612 if (!CBB_add_bytes(&sig_cbb, server_cert_verify_context, 571 if (!CBB_add_bytes(&sig_cbb, tls13_cert_server_verify_context,
613 strlen(server_cert_verify_context))) 572 strlen(tls13_cert_server_verify_context)))
614 goto err; 573 goto err;
615 if (!CBB_add_u8(&sig_cbb, 0)) 574 if (!CBB_add_u8(&sig_cbb, 0))
616 goto err; 575 goto err;