Pass a CBB to TLSv1.3 send handlers.

This avoids the need for each send handler to call
tls13_handshake_msg_start() and tls13_handshake_msg_finish().

ok beck@ tb@

4 files changed, 44 insertions, 50 deletions

diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index 4ec5e58f029..1d59f33279f 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.28 2020/01/22 13:10:51 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.29 2020/01/23 02:24:38 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -202,18 +202,12 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb)
 }
 
 int
-tls13_client_hello_send(struct tls13_ctx *ctx)
+tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb)
 {
-	CBB body;
-
 	if (ctx->hs->min_version < TLS1_2_VERSION)
 		tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION);
 
-	if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_CLIENT_HELLO))
-		return 0;
-	if (!tls13_client_hello_build(ctx, &body))
-		return 0;
-	if (!tls13_handshake_msg_finish(ctx->hs_msg))
+	if (!tls13_client_hello_build(ctx, cbb))
 		return 0;
 
 	return 1;
@@ -741,7 +735,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 
 int
-tls13_client_finished_send(struct tls13_ctx *ctx)
+tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	struct tls13_secrets *secrets = ctx->hs->secrets;
 	struct tls13_secret context = { .data = "", .len = 0 };
@@ -754,7 +748,6 @@ tls13_client_finished_send(struct tls13_ctx *ctx)
 	unsigned int hlen;
 	HMAC_CTX *hmac_ctx = NULL;
 	int ret = 0;
-	CBB body;
 
 	finished_key.data = key;
 	finished_key.len = EVP_MD_size(ctx->hash);
@@ -776,17 +769,13 @@ tls13_client_finished_send(struct tls13_ctx *ctx)
 	if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len))
 		goto err;
 
-	if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_FINISHED))
-		goto err;
 	hmac_len = HMAC_size(hmac_ctx);
-	if (!CBB_add_space(&body, &verify_data, hmac_len))
+	if (!CBB_add_space(cbb, &verify_data, hmac_len))
 		goto err;
 	if (!HMAC_Final(hmac_ctx, verify_data, &hlen))
 		goto err;
 	if (hlen != hmac_len)
 		goto err;
-	if (!tls13_handshake_msg_finish(ctx->hs_msg))
-		goto err;
 
 	ret = 1;
 
diff --git a/lib/libssl/tls13_handshake.c b/lib/libssl/tls13_handshake.c
index d4d998248d9..1157d6ecac2 100644
--- a/lib/libssl/tls13_handshake.c
+++ b/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_handshake.c,v 1.40 2020/01/22 13:10:51 jsing Exp $	*/
+/*	$OpenBSD: tls13_handshake.c,v 1.41 2020/01/23 02:24:38 jsing Exp $	*/
 /*
  * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -30,7 +30,7 @@ struct tls13_handshake_action {
 	uint8_t			handshake_complete;
 	uint8_t			preserve_transcript_hash;
 
-	int (*send)(struct tls13_ctx *ctx);
+	int (*send)(struct tls13_ctx *ctx, CBB *cbb);
 	int (*sent)(struct tls13_ctx *ctx);
 	int (*recv)(struct tls13_ctx *ctx, CBS *cbs);
 };
@@ -321,17 +321,22 @@ tls13_handshake_send_action(struct tls13_ctx *ctx,
     struct tls13_handshake_action *action)
 {
 	ssize_t ret;
+	CBB cbb;
 	CBS cbs;
 
 	/* If we have no handshake message, we need to build one. */
 	if (ctx->hs_msg == NULL) {
 		if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)
 			return TLS13_IO_FAILURE;
-
-		/* XXX - provide CBB. */
-		if (!action->send(ctx))
+		if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb,
+		    action->handshake_type))
+			return TLS13_IO_FAILURE;
+		if (!action->send(ctx, &cbb))
 			return TLS13_IO_FAILURE;
-		else if (ctx->alert)
+		if (!tls13_handshake_msg_finish(ctx->hs_msg))
+			return TLS13_IO_FAILURE;
+
+		if (ctx->alert)
 			return tls13_send_alert(ctx->rl, ctx->alert);
 	}
 
diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h
index ba34961e333..d8a74ef67a1 100644
--- a/lib/libssl/tls13_internal.h
+++ b/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.45 2020/01/22 13:10:51 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.46 2020/01/23 02:24:38 jsing Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -257,36 +257,36 @@ int tls13_legacy_shutdown(SSL *ssl);
 
 int tls13_handshake_perform(struct tls13_ctx *ctx);
 
-int tls13_client_hello_send(struct tls13_ctx *ctx);
+int tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_hello_sent(struct tls13_ctx *ctx);
 int tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_hello_retry_send(struct tls13_ctx *ctx);
+int tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx);
+int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_certificate_send(struct tls13_ctx *ctx);
+int tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_certificate_verify_send(struct tls13_ctx *ctx);
+int tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs);
 int tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_finished_send(struct tls13_ctx *ctx);
+int tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_finished_sent(struct tls13_ctx *ctx);
-int tls13_client_key_update_send(struct tls13_ctx *ctx);
+int tls13_client_key_update_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_client_key_update_recv(struct tls13_ctx *ctx, CBS *cbs);
 int tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_hello_send(struct tls13_ctx *ctx);
+int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_hello_retry_send(struct tls13_ctx *ctx);
+int tls13_server_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx);
+int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_certificate_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_certificate_request_send(struct tls13_ctx *ctx);
-int tls13_server_certificate_verify_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb);
+int tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb);
 int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs);
 int tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_finished_send(struct tls13_ctx *ctx);
+int tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb);
 
 void tls13_error_clear(struct tls13_error *error);
 
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index ee7b92b9a3c..88935cf645f 100644
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.7 2020/01/22 15:47:22 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.8 2020/01/23 02:24:38 jsing Exp $ */
 /*
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -220,7 +220,7 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 
 int
-tls13_client_hello_retry_send(struct tls13_ctx *ctx)
+tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	return 0;
 }
@@ -232,7 +232,7 @@ tls13_server_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 
 int
-tls13_client_end_of_early_data_send(struct tls13_ctx *ctx)
+tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	return 0;
 }
@@ -244,7 +244,7 @@ tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 
 int
-tls13_client_certificate_send(struct tls13_ctx *ctx)
+tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	return 0;
 }
@@ -256,7 +256,7 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 
 int
-tls13_client_certificate_verify_send(struct tls13_ctx *ctx)
+tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	return 0;
 }
@@ -276,7 +276,7 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 
 int
-tls13_client_key_update_send(struct tls13_ctx *ctx)
+tls13_client_key_update_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	return 0;
 }
@@ -288,7 +288,7 @@ tls13_client_key_update_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 
 int
-tls13_server_hello_send(struct tls13_ctx *ctx)
+tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	ctx->handshake_stage.hs_type |= NEGOTIATED;
 
@@ -296,37 +296,37 @@ tls13_server_hello_send(struct tls13_ctx *ctx)
 }
 
 int
-tls13_server_hello_retry_send(struct tls13_ctx *ctx)
+tls13_server_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	return 0;
 }
 
 int
-tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx)
+tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	return 0;
 }
 
 int
-tls13_server_certificate_send(struct tls13_ctx *ctx)
+tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	return 0;
 }
 
 int
-tls13_server_certificate_request_send(struct tls13_ctx *ctx)
+tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	return 0;
 }
 
 int
-tls13_server_certificate_verify_send(struct tls13_ctx *ctx)
+tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	return 0;
 }
 
 int
-tls13_server_finished_send(struct tls13_ctx *ctx)
+tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	return 0;
 }