From ceb4dab60b6d8724db6522bd50acb817a2ae5f69 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 28 Apr 2020 20:30:41 +0000 Subject: Rename tls13_client_synthetic_handshake_message() and move to tls13_lib.c. The server-side will need to use the same function. No functional change. ok inoguchi@ tb@ --- src/lib/libssl/tls13_lib.c | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/tls13_lib.c') diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 044a0c5634..199f43ca16 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.35 2020/04/21 16:55:17 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.36 2020/04/28 20:30:41 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * Copyright (c) 2019 Bob Beck @@ -369,3 +369,46 @@ tls13_cert_add(CBB *cbb, X509 *cert) return 1; } + +int +tls13_synthetic_handshake_message(struct tls13_ctx *ctx) +{ + struct tls13_handshake_msg *hm = NULL; + unsigned char buf[EVP_MAX_MD_SIZE]; + size_t hash_len; + CBB cbb; + CBS cbs; + SSL *s = ctx->ssl; + int ret = 0; + + /* + * Replace ClientHello with synthetic handshake message - see + * RFC 8446 section 4.4.1. + */ + if (!tls1_transcript_hash_init(s)) + goto err; + if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len)) + goto err; + + if ((hm = tls13_handshake_msg_new()) == NULL) + goto err; + if (!tls13_handshake_msg_start(hm, &cbb, TLS13_MT_MESSAGE_HASH)) + goto err; + if (!CBB_add_bytes(&cbb, buf, hash_len)) + goto err; + if (!tls13_handshake_msg_finish(hm)) + goto err; + + tls13_handshake_msg_data(hm, &cbs); + + tls1_transcript_reset(ctx->ssl); + if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs))) + goto err; + + ret = 1; + + err: + tls13_handshake_msg_free(hm); + + return ret; +} -- cgit v1.2.3-55-g6feb