From ceb4dab60b6d8724db6522bd50acb817a2ae5f69 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 28 Apr 2020 20:30:41 +0000 Subject: Rename tls13_client_synthetic_handshake_message() and move to tls13_lib.c. The server-side will need to use the same function. No functional change. ok inoguchi@ tb@ --- src/lib/libssl/tls13_client.c | 47 ++--------------------------------------- src/lib/libssl/tls13_internal.h | 3 ++- src/lib/libssl/tls13_lib.c | 45 ++++++++++++++++++++++++++++++++++++++- 3 files changed, 48 insertions(+), 47 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 70a33b7131..5bd7681f19 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.52 2020/04/27 20:15:17 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.53 2020/04/28 20:30:40 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -423,49 +423,6 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) return 0; } -static int -tls13_client_synthetic_handshake_message(struct tls13_ctx *ctx) -{ - struct tls13_handshake_msg *hm = NULL; - unsigned char buf[EVP_MAX_MD_SIZE]; - size_t hash_len; - CBB cbb; - CBS cbs; - SSL *s = ctx->ssl; - int ret = 0; - - /* - * Replace ClientHello with synthetic handshake message - see - * RFC 8446 section 4.4.1. - */ - if (!tls1_transcript_hash_init(s)) - goto err; - if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len)) - goto err; - - if ((hm = tls13_handshake_msg_new()) == NULL) - goto err; - if (!tls13_handshake_msg_start(hm, &cbb, TLS13_MT_MESSAGE_HASH)) - goto err; - if (!CBB_add_bytes(&cbb, buf, hash_len)) - goto err; - if (!tls13_handshake_msg_finish(hm)) - goto err; - - tls13_handshake_msg_data(hm, &cbs); - - tls1_transcript_reset(ctx->ssl); - if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs))) - goto err; - - ret = 1; - - err: - tls13_handshake_msg_free(hm); - - return ret; -} - static int tls13_client_engage_record_protection(struct tls13_ctx *ctx) { @@ -559,7 +516,7 @@ tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs) if (!ctx->hs->hrr) return 0; - if (!tls13_client_synthetic_handshake_message(ctx)) + if (!tls13_synthetic_handshake_message(ctx)) return 0; if (!tls13_handshake_msg_record(ctx)) return 0; diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index ee82a44693..d711f1a58d 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.65 2020/04/22 17:05:07 jsing Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.66 2020/04/28 20:30:40 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck * Copyright (c) 2018 Theo Buehler @@ -326,6 +326,7 @@ int tls13_server_finished_sent(struct tls13_ctx *ctx); void tls13_error_clear(struct tls13_error *error); int tls13_cert_add(CBB *cbb, X509 *cert); +int tls13_synthetic_handshake_message(struct tls13_ctx *ctx); int tls13_error_set(struct tls13_error *error, int code, int subcode, const char *file, int line, const char *fmt, ...); diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 044a0c5634..199f43ca16 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.35 2020/04/21 16:55:17 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.36 2020/04/28 20:30:41 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * Copyright (c) 2019 Bob Beck @@ -369,3 +369,46 @@ tls13_cert_add(CBB *cbb, X509 *cert) return 1; } + +int +tls13_synthetic_handshake_message(struct tls13_ctx *ctx) +{ + struct tls13_handshake_msg *hm = NULL; + unsigned char buf[EVP_MAX_MD_SIZE]; + size_t hash_len; + CBB cbb; + CBS cbs; + SSL *s = ctx->ssl; + int ret = 0; + + /* + * Replace ClientHello with synthetic handshake message - see + * RFC 8446 section 4.4.1. + */ + if (!tls1_transcript_hash_init(s)) + goto err; + if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len)) + goto err; + + if ((hm = tls13_handshake_msg_new()) == NULL) + goto err; + if (!tls13_handshake_msg_start(hm, &cbb, TLS13_MT_MESSAGE_HASH)) + goto err; + if (!CBB_add_bytes(&cbb, buf, hash_len)) + goto err; + if (!tls13_handshake_msg_finish(hm)) + goto err; + + tls13_handshake_msg_data(hm, &cbs); + + tls1_transcript_reset(ctx->ssl); + if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs))) + goto err; + + ret = 1; + + err: + tls13_handshake_msg_free(hm); + + return ret; +} -- cgit v1.2.3-55-g6feb