summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/tls13_handshake.c32
1 files changed, 23 insertions, 9 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index 518073f4a1..2c5b72a912 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_handshake.c,v 1.42 2020/01/24 04:43:09 jsing Exp $ */ 1/* $OpenBSD: tls13_handshake.c,v 1.43 2020/01/24 06:45:09 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
4 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -25,10 +25,11 @@
25/* Based on RFC 8446 and inspired by s2n's TLS 1.2 state machine. */ 25/* Based on RFC 8446 and inspired by s2n's TLS 1.2 state machine. */
26 26
27struct tls13_handshake_action { 27struct tls13_handshake_action {
28 uint8_t handshake_type; 28 uint8_t handshake_type;
29 uint8_t sender; 29 uint8_t sender;
30 uint8_t handshake_complete; 30 uint8_t handshake_complete;
31 uint8_t preserve_transcript_hash; 31 uint8_t send_preserve_transcript_hash;
32 uint8_t recv_preserve_transcript_hash;
32 33
33 int (*send)(struct tls13_ctx *ctx, CBB *cbb); 34 int (*send)(struct tls13_ctx *ctx, CBB *cbb);
34 int (*sent)(struct tls13_ctx *ctx); 35 int (*sent)(struct tls13_ctx *ctx);
@@ -71,12 +72,14 @@ struct tls13_handshake_action state_machine[] = {
71 [CLIENT_CERTIFICATE] = { 72 [CLIENT_CERTIFICATE] = {
72 .handshake_type = TLS13_MT_CERTIFICATE, 73 .handshake_type = TLS13_MT_CERTIFICATE,
73 .sender = TLS13_HS_CLIENT, 74 .sender = TLS13_HS_CLIENT,
75 .send_preserve_transcript_hash = 1,
74 .send = tls13_client_certificate_send, 76 .send = tls13_client_certificate_send,
75 .recv = tls13_client_certificate_recv, 77 .recv = tls13_client_certificate_recv,
76 }, 78 },
77 [CLIENT_CERTIFICATE_VERIFY] = { 79 [CLIENT_CERTIFICATE_VERIFY] = {
78 .handshake_type = TLS13_MT_CERTIFICATE_VERIFY, 80 .handshake_type = TLS13_MT_CERTIFICATE_VERIFY,
79 .sender = TLS13_HS_CLIENT, 81 .sender = TLS13_HS_CLIENT,
82 .recv_preserve_transcript_hash = 1,
80 .send = tls13_client_certificate_verify_send, 83 .send = tls13_client_certificate_verify_send,
81 .recv = tls13_client_certificate_verify_recv, 84 .recv = tls13_client_certificate_verify_recv,
82 }, 85 },
@@ -115,6 +118,7 @@ struct tls13_handshake_action state_machine[] = {
115 [SERVER_CERTIFICATE] = { 118 [SERVER_CERTIFICATE] = {
116 .handshake_type = TLS13_MT_CERTIFICATE, 119 .handshake_type = TLS13_MT_CERTIFICATE,
117 .sender = TLS13_HS_SERVER, 120 .sender = TLS13_HS_SERVER,
121 .send_preserve_transcript_hash = 1,
118 .send = tls13_server_certificate_send, 122 .send = tls13_server_certificate_send,
119 .recv = tls13_server_certificate_recv, 123 .recv = tls13_server_certificate_recv,
120 }, 124 },
@@ -127,14 +131,15 @@ struct tls13_handshake_action state_machine[] = {
127 [SERVER_CERTIFICATE_VERIFY] = { 131 [SERVER_CERTIFICATE_VERIFY] = {
128 .handshake_type = TLS13_MT_CERTIFICATE_VERIFY, 132 .handshake_type = TLS13_MT_CERTIFICATE_VERIFY,
129 .sender = TLS13_HS_SERVER, 133 .sender = TLS13_HS_SERVER,
130 .preserve_transcript_hash = 1, 134 .recv_preserve_transcript_hash = 1,
131 .send = tls13_server_certificate_verify_send, 135 .send = tls13_server_certificate_verify_send,
132 .recv = tls13_server_certificate_verify_recv, 136 .recv = tls13_server_certificate_verify_recv,
133 }, 137 },
134 [SERVER_FINISHED] = { 138 [SERVER_FINISHED] = {
135 .handshake_type = TLS13_MT_FINISHED, 139 .handshake_type = TLS13_MT_FINISHED,
136 .sender = TLS13_HS_SERVER, 140 .sender = TLS13_HS_SERVER,
137 .preserve_transcript_hash = 1, 141 .recv_preserve_transcript_hash = 1,
142 .send_preserve_transcript_hash = 1,
138 .send = tls13_server_finished_send, 143 .send = tls13_server_finished_send,
139 .recv = tls13_server_finished_recv, 144 .recv = tls13_server_finished_recv,
140 }, 145 },
@@ -293,7 +298,9 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
293 ctx->handshake_completed = 1; 298 ctx->handshake_completed = 1;
294 tls13_record_layer_handshake_completed(ctx->rl); 299 tls13_record_layer_handshake_completed(ctx->rl);
295 return TLS13_IO_SUCCESS; 300 return TLS13_IO_SUCCESS;
296 } else if (ctx->alert) 301 }
302
303 if (ctx->alert)
297 return tls13_send_alert(ctx->rl, ctx->alert); 304 return tls13_send_alert(ctx->rl, ctx->alert);
298 305
299 if (action->sender == ctx->mode) { 306 if (action->sender == ctx->mode) {
@@ -348,6 +355,13 @@ tls13_handshake_send_action(struct tls13_ctx *ctx,
348 if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs))) 355 if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs)))
349 return TLS13_IO_FAILURE; 356 return TLS13_IO_FAILURE;
350 357
358 if (action->send_preserve_transcript_hash) {
359 if (!tls1_transcript_hash_value(ctx->ssl,
360 ctx->hs->transcript_hash, sizeof(ctx->hs->transcript_hash),
361 &ctx->hs->transcript_hash_len))
362 return TLS13_IO_FAILURE;
363 }
364
351 tls13_handshake_msg_free(ctx->hs_msg); 365 tls13_handshake_msg_free(ctx->hs_msg);
352 ctx->hs_msg = NULL; 366 ctx->hs_msg = NULL;
353 367
@@ -373,7 +387,7 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,
373 if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) <= 0) 387 if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) <= 0)
374 return ret; 388 return ret;
375 389
376 if (action->preserve_transcript_hash) { 390 if (action->recv_preserve_transcript_hash) {
377 if (!tls1_transcript_hash_value(ctx->ssl, 391 if (!tls1_transcript_hash_value(ctx->ssl,
378 ctx->hs->transcript_hash, sizeof(ctx->hs->transcript_hash), 392 ctx->hs->transcript_hash, sizeof(ctx->hs->transcript_hash),
379 &ctx->hs->transcript_hash_len)) 393 &ctx->hs->transcript_hash_len))
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 18:07:14 +0000