summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/tls13_client.c47
-rw-r--r--src/lib/libssl/tls13_internal.h3
-rw-r--r--src/lib/libssl/tls13_lib.c45
3 files changed, 48 insertions, 47 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 70a33b7131..5bd7681f19 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.52 2020/04/27 20:15:17 jsing Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.53 2020/04/28 20:30:40 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -424,49 +424,6 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
424} 424}
425 425
426static int 426static int
427tls13_client_synthetic_handshake_message(struct tls13_ctx *ctx)
428{
429 struct tls13_handshake_msg *hm = NULL;
430 unsigned char buf[EVP_MAX_MD_SIZE];
431 size_t hash_len;
432 CBB cbb;
433 CBS cbs;
434 SSL *s = ctx->ssl;
435 int ret = 0;
436
437 /*
438 * Replace ClientHello with synthetic handshake message - see
439 * RFC 8446 section 4.4.1.
440 */
441 if (!tls1_transcript_hash_init(s))
442 goto err;
443 if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len))
444 goto err;
445
446 if ((hm = tls13_handshake_msg_new()) == NULL)
447 goto err;
448 if (!tls13_handshake_msg_start(hm, &cbb, TLS13_MT_MESSAGE_HASH))
449 goto err;
450 if (!CBB_add_bytes(&cbb, buf, hash_len))
451 goto err;
452 if (!tls13_handshake_msg_finish(hm))
453 goto err;
454
455 tls13_handshake_msg_data(hm, &cbs);
456
457 tls1_transcript_reset(ctx->ssl);
458 if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs)))
459 goto err;
460
461 ret = 1;
462
463 err:
464 tls13_handshake_msg_free(hm);
465
466 return ret;
467}
468
469static int
470tls13_client_engage_record_protection(struct tls13_ctx *ctx) 427tls13_client_engage_record_protection(struct tls13_ctx *ctx)
471{ 428{
472 struct tls13_secrets *secrets; 429 struct tls13_secrets *secrets;
@@ -559,7 +516,7 @@ tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs)
559 if (!ctx->hs->hrr) 516 if (!ctx->hs->hrr)
560 return 0; 517 return 0;
561 518
562 if (!tls13_client_synthetic_handshake_message(ctx)) 519 if (!tls13_synthetic_handshake_message(ctx))
563 return 0; 520 return 0;
564 if (!tls13_handshake_msg_record(ctx)) 521 if (!tls13_handshake_msg_record(ctx))
565 return 0; 522 return 0;
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index ee82a44693..d711f1a58d 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_internal.h,v 1.65 2020/04/22 17:05:07 jsing Exp $ */ 1/* $OpenBSD: tls13_internal.h,v 1.66 2020/04/28 20:30:40 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -326,6 +326,7 @@ int tls13_server_finished_sent(struct tls13_ctx *ctx);
326void tls13_error_clear(struct tls13_error *error); 326void tls13_error_clear(struct tls13_error *error);
327 327
328int tls13_cert_add(CBB *cbb, X509 *cert); 328int tls13_cert_add(CBB *cbb, X509 *cert);
329int tls13_synthetic_handshake_message(struct tls13_ctx *ctx);
329 330
330int tls13_error_set(struct tls13_error *error, int code, int subcode, 331int tls13_error_set(struct tls13_error *error, int code, int subcode,
331 const char *file, int line, const char *fmt, ...); 332 const char *file, int line, const char *fmt, ...);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 044a0c5634..199f43ca16 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.35 2020/04/21 16:55:17 jsing Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.36 2020/04/28 20:30:41 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -369,3 +369,46 @@ tls13_cert_add(CBB *cbb, X509 *cert)
369 369
370 return 1; 370 return 1;
371} 371}
372
373int
374tls13_synthetic_handshake_message(struct tls13_ctx *ctx)
375{
376 struct tls13_handshake_msg *hm = NULL;
377 unsigned char buf[EVP_MAX_MD_SIZE];
378 size_t hash_len;
379 CBB cbb;
380 CBS cbs;
381 SSL *s = ctx->ssl;
382 int ret = 0;
383
384 /*
385 * Replace ClientHello with synthetic handshake message - see
386 * RFC 8446 section 4.4.1.
387 */
388 if (!tls1_transcript_hash_init(s))
389 goto err;
390 if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len))
391 goto err;
392
393 if ((hm = tls13_handshake_msg_new()) == NULL)
394 goto err;
395 if (!tls13_handshake_msg_start(hm, &cbb, TLS13_MT_MESSAGE_HASH))
396 goto err;
397 if (!CBB_add_bytes(&cbb, buf, hash_len))
398 goto err;
399 if (!tls13_handshake_msg_finish(hm))
400 goto err;
401
402 tls13_handshake_msg_data(hm, &cbs);
403
404 tls1_transcript_reset(ctx->ssl);
405 if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs)))
406 goto err;
407
408 ret = 1;
409
410 err:
411 tls13_handshake_msg_free(hm);
412
413 return ret;
414}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-02 22:59:29 +0000