summaryrefslogtreecommitdiff
path: root/lib/libssl/tls13_client.c
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2020-04-27 20:15:18 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2020-04-27 20:15:18 +0000
commit10a1e97204b3e5c9ebdd46f1cc4788f5afbe6db9 (patch)
tree150bd4d89cb1985c71e6dae4e04dcdf44a36755a /lib/libssl/tls13_client.c
parent4d34ee7cb6eb38049cce8ceb4a112eafe74120fe (diff)
Shuffle some functions around.
Move functions so that they are in the order that the TLSv1.3 messages are processed. While here, also move tls13_client_end_of_early_data_send() from tls13_client.c to tls13_server.c. No functional change. ok beck@ tb@
Diffstat (limited to 'lib/libssl/tls13_client.c')
-rw-r--r--lib/libssl/tls13_client.c208
1 files changed, 107 insertions, 101 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index dffabf17539..70a33b7131e 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.51 2020/04/22 17:05:07 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.52 2020/04/27 20:15:17 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@@ -25,15 +25,6 @@
#include "tls13_internal.h"
static int
-tls13_connect(struct tls13_ctx *ctx)
-{
- if (ctx->mode != TLS13_HS_CLIENT)
- return TLS13_IO_FAILURE;
-
- return tls13_handshake_perform(ctx);
-}
-
-static int
tls13_client_init(struct tls13_ctx *ctx)
{
const uint16_t *groups;
@@ -80,6 +71,15 @@ tls13_client_init(struct tls13_ctx *ctx)
return 1;
}
+static int
+tls13_connect(struct tls13_ctx *ctx)
+{
+ if (ctx->mode != TLS13_HS_CLIENT)
+ return TLS13_IO_FAILURE;
+
+ return tls13_handshake_perform(ctx);
+}
+
int
tls13_legacy_connect(SSL *ssl)
{
@@ -570,6 +570,33 @@ tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs)
}
int
+tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
+{
+ /*
+ * Ensure that the server supported group is one that we listed in our
+ * supported groups and is not the same as the key share we previously
+ * offered.
+ */
+ if (!tls1_check_curve(ctx->ssl, ctx->hs->server_group))
+ return 0; /* XXX alert */
+ if (ctx->hs->server_group == tls13_key_share_group(ctx->hs->key_share))
+ return 0; /* XXX alert */
+
+ /* Switch to new key share. */
+ tls13_key_share_free(ctx->hs->key_share);
+ if ((ctx->hs->key_share =
+ tls13_key_share_new(ctx->hs->server_group)) == NULL)
+ return 0;
+ if (!tls13_key_share_generate(ctx->hs->key_share))
+ return 0;
+
+ if (!tls13_client_hello_build(ctx, cbb))
+ return 0;
+
+ return 1;
+}
+
+int
tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
{
SSL *s = ctx->ssl;
@@ -608,33 +635,6 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
}
int
-tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
-{
- /*
- * Ensure that the server supported group is one that we listed in our
- * supported groups and is not the same as the key share we previously
- * offered.
- */
- if (!tls1_check_curve(ctx->ssl, ctx->hs->server_group))
- return 0; /* XXX alert */
- if (ctx->hs->server_group == tls13_key_share_group(ctx->hs->key_share))
- return 0; /* XXX alert */
-
- /* Switch to new key share. */
- tls13_key_share_free(ctx->hs->key_share);
- if ((ctx->hs->key_share =
- tls13_key_share_new(ctx->hs->server_group)) == NULL)
- return 0;
- if (!tls13_key_share_generate(ctx->hs->key_share))
- return 0;
-
- if (!tls13_client_hello_build(ctx, cbb))
- return 0;
-
- return 1;
-}
-
-int
tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs)
{
int alert_desc;
@@ -945,70 +945,6 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
}
int
-tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
-{
- struct tls13_secrets *secrets = ctx->hs->secrets;
- struct tls13_secret context = { .data = "", .len = 0 };
- struct tls13_secret finished_key;
- uint8_t transcript_hash[EVP_MAX_MD_SIZE];
- size_t transcript_hash_len;
- uint8_t key[EVP_MAX_MD_SIZE];
- uint8_t *verify_data;
- size_t hmac_len;
- unsigned int hlen;
- HMAC_CTX *hmac_ctx = NULL;
- int ret = 0;
-
- finished_key.data = key;
- finished_key.len = EVP_MD_size(ctx->hash);
-
- if (!tls13_hkdf_expand_label(&finished_key, ctx->hash,
- &secrets->client_handshake_traffic, "finished",
- &context))
- goto err;
-
- if (!tls1_transcript_hash_value(ctx->ssl, transcript_hash,
- sizeof(transcript_hash), &transcript_hash_len))
- goto err;
-
- if ((hmac_ctx = HMAC_CTX_new()) == NULL)
- goto err;
- if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len,
- ctx->hash, NULL))
- goto err;
- if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len))
- goto err;
-
- hmac_len = HMAC_size(hmac_ctx);
- if (!CBB_add_space(cbb, &verify_data, hmac_len))
- goto err;
- if (!HMAC_Final(hmac_ctx, verify_data, &hlen))
- goto err;
- if (hlen != hmac_len)
- goto err;
-
- ret = 1;
-
- err:
- HMAC_CTX_free(hmac_ctx);
-
- return ret;
-}
-
-int
-tls13_client_finished_sent(struct tls13_ctx *ctx)
-{
- struct tls13_secrets *secrets = ctx->hs->secrets;
-
- /*
- * Any records following the client finished message must be encrypted
- * using the client application traffic keys.
- */
- return tls13_record_layer_set_write_traffic_key(ctx->rl,
- &secrets->client_application_traffic);
-}
-
-int
tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
{
SSL *s = ctx->ssl;
@@ -1135,3 +1071,73 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
return ret;
}
+
+int
+tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb)
+{
+ return 0;
+}
+
+int
+tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
+{
+ struct tls13_secrets *secrets = ctx->hs->secrets;
+ struct tls13_secret context = { .data = "", .len = 0 };
+ struct tls13_secret finished_key;
+ uint8_t transcript_hash[EVP_MAX_MD_SIZE];
+ size_t transcript_hash_len;
+ uint8_t key[EVP_MAX_MD_SIZE];
+ uint8_t *verify_data;
+ size_t hmac_len;
+ unsigned int hlen;
+ HMAC_CTX *hmac_ctx = NULL;
+ int ret = 0;
+
+ finished_key.data = key;
+ finished_key.len = EVP_MD_size(ctx->hash);
+
+ if (!tls13_hkdf_expand_label(&finished_key, ctx->hash,
+ &secrets->client_handshake_traffic, "finished",
+ &context))
+ goto err;
+
+ if (!tls1_transcript_hash_value(ctx->ssl, transcript_hash,
+ sizeof(transcript_hash), &transcript_hash_len))
+ goto err;
+
+ if ((hmac_ctx = HMAC_CTX_new()) == NULL)
+ goto err;
+ if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len,
+ ctx->hash, NULL))
+ goto err;
+ if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len))
+ goto err;
+
+ hmac_len = HMAC_size(hmac_ctx);
+ if (!CBB_add_space(cbb, &verify_data, hmac_len))
+ goto err;
+ if (!HMAC_Final(hmac_ctx, verify_data, &hlen))
+ goto err;
+ if (hlen != hmac_len)
+ goto err;
+
+ ret = 1;
+
+ err:
+ HMAC_CTX_free(hmac_ctx);
+
+ return ret;
+}
+
+int
+tls13_client_finished_sent(struct tls13_ctx *ctx)
+{
+ struct tls13_secrets *secrets = ctx->hs->secrets;
+
+ /*
+ * Any records following the client finished message must be encrypted
+ * using the client application traffic keys.
+ */
+ return tls13_record_layer_set_write_traffic_key(ctx->rl,
+ &secrets->client_application_traffic);
+}