diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2019-02-09 15:26:16 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2019-02-09 15:26:16 +0000 |
commit | a5d39962238a0507ff44de648cb1ffbf95e5e1ca (patch) | |
tree | 6b73c0b86d2bf39b74981f478891f4861e4792eb /lib | |
parent | 0349a391b9770d165b316852144531a0e541d9f3 (diff) |
Rename tls1_handshake_hash*() to tls1_transcript_hash*().
While handshake hash is correct (in as far as it is a hash of handshake
messages), using tls1_transcript_hash*() aligns them with the naming of the
tls1_transcript*() functions. Additionally, the TLSv1.3 specification uses
Transcript-Hash and "transcript hash", which this matches.
ok inoguchi@ tb@
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libssl/s3_lib.c | 6 | ||||
-rw-r--r-- | lib/libssl/ssl_clnt.c | 8 | ||||
-rw-r--r-- | lib/libssl/ssl_locl.h | 10 | ||||
-rw-r--r-- | lib/libssl/ssl_srvr.c | 6 | ||||
-rw-r--r-- | lib/libssl/t1_enc.c | 4 | ||||
-rw-r--r-- | lib/libssl/t1_hash.c | 18 | ||||
-rw-r--r-- | lib/libssl/tls13_client.c | 6 |
7 files changed, 29 insertions, 29 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index b7d87268abc..de928bd70e1 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.183 2019/01/24 15:50:47 beck Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.184 2019/02/09 15:26:15 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1574,7 +1574,7 @@ ssl3_free(SSL *s) sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); tls1_transcript_free(s); - tls1_handshake_hash_free(s); + tls1_transcript_hash_free(s); free(S3I(s)->alpn_selected); @@ -1622,7 +1622,7 @@ ssl3_clear(SSL *s) wlen = S3I(s)->wbuf.len; tls1_transcript_free(s); - tls1_handshake_hash_free(s); + tls1_transcript_hash_free(s); free(S3I(s)->alpn_selected); S3I(s)->alpn_selected = NULL; diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index e9e900b6432..abdcc9791a5 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.55 2019/01/23 18:39:28 beck Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.56 2019/02/09 15:26:15 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -979,7 +979,7 @@ ssl3_get_server_hello(SSL *s) } S3I(s)->hs.new_cipher = cipher; - if (!tls1_handshake_hash_init(s)) + if (!tls1_transcript_hash_init(s)) goto err; /* @@ -2446,7 +2446,7 @@ ssl3_send_client_verify_rsa(SSL *s, CBB *cert_verify) unsigned int signature_len = 0; int ret = 0; - if (!tls1_handshake_hash_value(s, data, sizeof(data), NULL)) + if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL)) goto err; pkey = s->cert->key->privatekey; @@ -2481,7 +2481,7 @@ ssl3_send_client_verify_ec(SSL *s, CBB *cert_verify) unsigned int signature_len = 0; int ret = 0; - if (!tls1_handshake_hash_value(s, data, sizeof(data), NULL)) + if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL)) goto err; pkey = s->cert->key->privatekey; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 90aca266258..a26b91976e4 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.233 2019/01/24 02:56:41 beck Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.234 2019/02/09 15:26:15 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1262,11 +1262,11 @@ int dtls1_enc(SSL *s, int snd); int ssl_init_wbio_buffer(SSL *s, int push); void ssl_free_wbio_buffer(SSL *s); -int tls1_handshake_hash_init(SSL *s); -int tls1_handshake_hash_update(SSL *s, const unsigned char *buf, size_t len); -int tls1_handshake_hash_value(SSL *s, const unsigned char *out, size_t len, +int tls1_transcript_hash_init(SSL *s); +int tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len); +int tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, size_t *outlen); -void tls1_handshake_hash_free(SSL *s); +void tls1_transcript_hash_free(SSL *s); int tls1_transcript_init(SSL *s); void tls1_transcript_free(SSL *s); diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index afc7c94de89..6872fa3523a 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.63 2019/01/18 00:54:42 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.64 2019/02/09 15:26:15 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -575,7 +575,7 @@ ssl3_accept(SSL *s) * We need to get hashes here so if there is * a client cert, it can be verified. */ - if (!tls1_handshake_hash_value(s, + if (!tls1_transcript_hash_value(s, S3I(s)->tmp.cert_verify_md, sizeof(S3I(s)->tmp.cert_verify_md), NULL)) { @@ -1104,7 +1104,7 @@ ssl3_get_client_hello(SSL *s) S3I(s)->hs.new_cipher = s->session->cipher; } - if (!tls1_handshake_hash_init(s)) + if (!tls1_transcript_hash_init(s)) goto err; alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 33158e160ea..79a5bdd2b37 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.116 2018/11/08 22:28:52 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.117 2019/02/09 15:26:15 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -919,7 +919,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int str_len, unsigned char *out) if (str_len < 0) return 0; - if (!tls1_handshake_hash_value(s, buf, sizeof(buf), &hash_len)) + if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len)) return 0; if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length, diff --git a/lib/libssl/t1_hash.c b/lib/libssl/t1_hash.c index 50e0ad3ca06..12d66d4def9 100644 --- a/lib/libssl/t1_hash.c +++ b/lib/libssl/t1_hash.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_hash.c,v 1.5 2018/11/21 15:13:29 jsing Exp $ */ +/* $OpenBSD: t1_hash.c,v 1.6 2019/02/09 15:26:15 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> * @@ -20,13 +20,13 @@ #include <openssl/ssl.h> int -tls1_handshake_hash_init(SSL *s) +tls1_transcript_hash_init(SSL *s) { const unsigned char *data; const EVP_MD *md; size_t len; - tls1_handshake_hash_free(s); + tls1_transcript_hash_free(s); if (!ssl_get_handshake_evp_md(s, &md)) { SSLerrorx(ERR_R_INTERNAL_ERROR); @@ -46,7 +46,7 @@ tls1_handshake_hash_init(SSL *s) SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH); goto err; } - if (!tls1_handshake_hash_update(s, data, len)) { + if (!tls1_transcript_hash_update(s, data, len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -54,13 +54,13 @@ tls1_handshake_hash_init(SSL *s) return 1; err: - tls1_handshake_hash_free(s); + tls1_transcript_hash_free(s); return 0; } int -tls1_handshake_hash_update(SSL *s, const unsigned char *buf, size_t len) +tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len) { if (S3I(s)->handshake_hash == NULL) return 1; @@ -69,7 +69,7 @@ tls1_handshake_hash_update(SSL *s, const unsigned char *buf, size_t len) } int -tls1_handshake_hash_value(SSL *s, const unsigned char *out, size_t len, +tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, size_t *outlen) { EVP_MD_CTX *mdctx = NULL; @@ -103,7 +103,7 @@ tls1_handshake_hash_value(SSL *s, const unsigned char *out, size_t len, } void -tls1_handshake_hash_free(SSL *s) +tls1_transcript_hash_free(SSL *s) { EVP_MD_CTX_free(S3I(s)->handshake_hash); S3I(s)->handshake_hash = NULL; @@ -191,7 +191,7 @@ tls1_transcript_freeze(SSL *s) int tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len) { - if (!tls1_handshake_hash_update(s, buf, len)) + if (!tls1_transcript_hash_update(s, buf, len)) return 0; if (!tls1_transcript_append(s, buf, len)) diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index df9b91b2029..6578438c786 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.4 2019/02/09 15:20:05 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.5 2019/02/09 15:26:15 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -288,9 +288,9 @@ tls13_server_hello_recv(struct tls13_ctx *ctx) S3I(ctx->ssl)->hs_tls13.secrets = secrets; /* XXX - pass in hash. */ - if (!tls1_handshake_hash_init(s)) + if (!tls1_transcript_hash_init(s)) goto err; - if (!tls1_handshake_hash_value(s, buf, sizeof(buf), &hash_len)) + if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len)) goto err; context.data = buf; context.len = hash_len; |