diff options
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/tls13_client.c | 21 | ||||
-rw-r--r-- | lib/libssl/tls13_handshake.c | 17 | ||||
-rw-r--r-- | lib/libssl/tls13_internal.h | 30 | ||||
-rw-r--r-- | lib/libssl/tls13_server.c | 26 |
4 files changed, 44 insertions, 50 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index 4ec5e58f029..1d59f33279f 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.28 2020/01/22 13:10:51 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.29 2020/01/23 02:24:38 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -202,18 +202,12 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) } int -tls13_client_hello_send(struct tls13_ctx *ctx) +tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb) { - CBB body; - if (ctx->hs->min_version < TLS1_2_VERSION) tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION); - if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_CLIENT_HELLO)) - return 0; - if (!tls13_client_hello_build(ctx, &body)) - return 0; - if (!tls13_handshake_msg_finish(ctx->hs_msg)) + if (!tls13_client_hello_build(ctx, cbb)) return 0; return 1; @@ -741,7 +735,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) } int -tls13_client_finished_send(struct tls13_ctx *ctx) +tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) { struct tls13_secrets *secrets = ctx->hs->secrets; struct tls13_secret context = { .data = "", .len = 0 }; @@ -754,7 +748,6 @@ tls13_client_finished_send(struct tls13_ctx *ctx) unsigned int hlen; HMAC_CTX *hmac_ctx = NULL; int ret = 0; - CBB body; finished_key.data = key; finished_key.len = EVP_MD_size(ctx->hash); @@ -776,17 +769,13 @@ tls13_client_finished_send(struct tls13_ctx *ctx) if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) goto err; - if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_FINISHED)) - goto err; hmac_len = HMAC_size(hmac_ctx); - if (!CBB_add_space(&body, &verify_data, hmac_len)) + if (!CBB_add_space(cbb, &verify_data, hmac_len)) goto err; if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) goto err; if (hlen != hmac_len) goto err; - if (!tls13_handshake_msg_finish(ctx->hs_msg)) - goto err; ret = 1; diff --git a/lib/libssl/tls13_handshake.c b/lib/libssl/tls13_handshake.c index d4d998248d9..1157d6ecac2 100644 --- a/lib/libssl/tls13_handshake.c +++ b/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.40 2020/01/22 13:10:51 jsing Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.41 2020/01/23 02:24:38 jsing Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> @@ -30,7 +30,7 @@ struct tls13_handshake_action { uint8_t handshake_complete; uint8_t preserve_transcript_hash; - int (*send)(struct tls13_ctx *ctx); + int (*send)(struct tls13_ctx *ctx, CBB *cbb); int (*sent)(struct tls13_ctx *ctx); int (*recv)(struct tls13_ctx *ctx, CBS *cbs); }; @@ -321,17 +321,22 @@ tls13_handshake_send_action(struct tls13_ctx *ctx, struct tls13_handshake_action *action) { ssize_t ret; + CBB cbb; CBS cbs; /* If we have no handshake message, we need to build one. */ if (ctx->hs_msg == NULL) { if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL) return TLS13_IO_FAILURE; - - /* XXX - provide CBB. */ - if (!action->send(ctx)) + if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb, + action->handshake_type)) + return TLS13_IO_FAILURE; + if (!action->send(ctx, &cbb)) return TLS13_IO_FAILURE; - else if (ctx->alert) + if (!tls13_handshake_msg_finish(ctx->hs_msg)) + return TLS13_IO_FAILURE; + + if (ctx->alert) return tls13_send_alert(ctx->rl, ctx->alert); } diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h index ba34961e333..d8a74ef67a1 100644 --- a/lib/libssl/tls13_internal.h +++ b/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.45 2020/01/22 13:10:51 jsing Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.46 2020/01/23 02:24:38 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck <beck@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> @@ -257,36 +257,36 @@ int tls13_legacy_shutdown(SSL *ssl); int tls13_handshake_perform(struct tls13_ctx *ctx); -int tls13_client_hello_send(struct tls13_ctx *ctx); +int tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_client_hello_sent(struct tls13_ctx *ctx); int tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_client_hello_retry_send(struct tls13_ctx *ctx); +int tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx); +int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_client_certificate_send(struct tls13_ctx *ctx); +int tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_client_certificate_verify_send(struct tls13_ctx *ctx); +int tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs); int tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_client_finished_send(struct tls13_ctx *ctx); +int tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_client_finished_sent(struct tls13_ctx *ctx); -int tls13_client_key_update_send(struct tls13_ctx *ctx); +int tls13_client_key_update_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_client_key_update_recv(struct tls13_ctx *ctx, CBS *cbs); int tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_hello_send(struct tls13_ctx *ctx); +int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_server_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_hello_retry_send(struct tls13_ctx *ctx); +int tls13_server_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx); +int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_certificate_send(struct tls13_ctx *ctx); +int tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_certificate_request_send(struct tls13_ctx *ctx); -int tls13_server_certificate_verify_send(struct tls13_ctx *ctx); +int tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb); +int tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs); int tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs); -int tls13_server_finished_send(struct tls13_ctx *ctx); +int tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb); void tls13_error_clear(struct tls13_error *error); diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index ee7b92b9a3c..88935cf645f 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.7 2020/01/22 15:47:22 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.8 2020/01/23 02:24:38 jsing Exp $ */ /* * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> * @@ -220,7 +220,7 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) } int -tls13_client_hello_retry_send(struct tls13_ctx *ctx) +tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } @@ -232,7 +232,7 @@ tls13_server_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs) } int -tls13_client_end_of_early_data_send(struct tls13_ctx *ctx) +tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } @@ -244,7 +244,7 @@ tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs) } int -tls13_client_certificate_send(struct tls13_ctx *ctx) +tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } @@ -256,7 +256,7 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) } int -tls13_client_certificate_verify_send(struct tls13_ctx *ctx) +tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } @@ -276,7 +276,7 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) } int -tls13_client_key_update_send(struct tls13_ctx *ctx) +tls13_client_key_update_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } @@ -288,7 +288,7 @@ tls13_client_key_update_recv(struct tls13_ctx *ctx, CBS *cbs) } int -tls13_server_hello_send(struct tls13_ctx *ctx) +tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) { ctx->handshake_stage.hs_type |= NEGOTIATED; @@ -296,37 +296,37 @@ tls13_server_hello_send(struct tls13_ctx *ctx) } int -tls13_server_hello_retry_send(struct tls13_ctx *ctx) +tls13_server_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } int -tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx) +tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } int -tls13_server_certificate_send(struct tls13_ctx *ctx) +tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } int -tls13_server_certificate_request_send(struct tls13_ctx *ctx) +tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } int -tls13_server_certificate_verify_send(struct tls13_ctx *ctx) +tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } int -tls13_server_finished_send(struct tls13_ctx *ctx) +tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) { return 0; } |