diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2019-02-10 13:04:30 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2019-02-10 13:04:30 +0000 |
| commit | 23768eb133340febfabae4f1e3e4d2bd25e76cd0 (patch) | |
| tree | fc81b308ce1deb27f85f716d8f92f6055ba27cde /lib/libssl/tls13_handshake.c | |
| parent | 7af316f7825de31f0357528105464a33dac61443 (diff) | |
Preserve the transcript hash at specific stages of the TLSv1.3 handshake.
There are various points where we need the hash of all messages prior to
the current message. Support this by having the handshake code preserve
the transcript hash prior to recording the current message, which avoids
the need to sprinkle this throughout multiple handlers.
ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl/tls13_handshake.c')
| -rw-r--r-- | lib/libssl/tls13_handshake.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/libssl/tls13_handshake.c b/lib/libssl/tls13_handshake.c index 68d6a9d4444..8d5b0e35167 100644 --- a/lib/libssl/tls13_handshake.c +++ b/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.24 2019/02/07 15:54:18 jsing Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.25 2019/02/10 13:04:29 jsing Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> @@ -33,6 +33,7 @@ struct tls13_handshake_action { uint8_t handshake_type; uint8_t sender; uint8_t handshake_complete; + uint8_t preserve_transcript_hash; int (*send)(struct tls13_ctx *ctx); int (*recv)(struct tls13_ctx *ctx); @@ -133,6 +134,7 @@ struct tls13_handshake_action state_machine[] = { .record_type = TLS13_HANDSHAKE, .handshake_type = TLS13_MT_CERTIFICATE_VERIFY, .sender = TLS13_HS_SERVER, + .preserve_transcript_hash = 1, .send = tls13_server_certificate_verify_send, .recv = tls13_server_certificate_verify_recv, }, @@ -140,6 +142,7 @@ struct tls13_handshake_action state_machine[] = { .record_type = TLS13_HANDSHAKE, .handshake_type = TLS13_MT_FINISHED, .sender = TLS13_HS_SERVER, + .preserve_transcript_hash = 1, .send = tls13_server_finished_send, .recv = tls13_server_finished_recv, }, @@ -361,6 +364,13 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx, if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) <= 0) return ret; + if (action->preserve_transcript_hash) { + if (!tls1_transcript_hash_value(ctx->ssl, + ctx->hs->transcript_hash, sizeof(ctx->hs->transcript_hash), + &ctx->hs->transcript_hash_len)) + return TLS13_IO_FAILURE; + } + tls13_handshake_msg_data(ctx->hs_msg, &cbs); if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs))) return TLS13_IO_FAILURE; |