diff options
| author | Matt Caswell <matt@openssl.org> | 2017-09-11 15:43:56 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-01-24 18:02:35 +0000 |
| commit | 43054d3d734a8fa8a3d2da20c206a47d4060b7bd (patch) | |
| tree | 8b38e327d08c5a42560ca70eec3df53a82f429f3 /ssl/statem/statem_lib.c | |
| parent | 14262ca950b8a75014e5495a2b93e1baa62d33a9 (diff) | |
| download | openssl-new-43054d3d734a8fa8a3d2da20c206a47d4060b7bd.tar.gz | |
Add support for sending TLSv1.3 cookies
This just adds the various extension functions. More changes will be
required to actually use them.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4435)
Diffstat (limited to 'ssl/statem/statem_lib.c')
| -rw-r--r-- | ssl/statem/statem_lib.c | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 02d75e79ac..38b86c9ef2 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -2033,19 +2033,25 @@ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, #endif /* Replace ClientHello1 in the transcript hash with a synthetic message */ -int create_synthetic_message_hash(SSL *s) +int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, + size_t hashlen, const unsigned char *hrr, + size_t hrrlen) { - unsigned char hashval[EVP_MAX_MD_SIZE]; - size_t hashlen = 0; + unsigned char hashvaltmp[EVP_MAX_MD_SIZE]; unsigned char msghdr[SSL3_HM_HEADER_LENGTH]; memset(msghdr, 0, sizeof(msghdr)); - /* Get the hash of the initial ClientHello */ - if (!ssl3_digest_cached_records(s, 0) - || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) { - /* SSLfatal() already called */ - return 0; + if (hashval == NULL) { + hashval = hashvaltmp; + hashlen = 0; + /* Get the hash of the initial ClientHello */ + if (!ssl3_digest_cached_records(s, 0) + || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp), + &hashlen)) { + /* SSLfatal() already called */ + return 0; + } } /* Reinitialise the transcript hash */ @@ -2063,6 +2069,20 @@ int create_synthetic_message_hash(SSL *s) return 0; } + /* + * Now re-inject the HRR and current message if appropriate (we just deleted + * it when we reinitialised the transcript hash above). Only necessary after + * receiving a ClientHello2 with a cookie. + */ + if (hrr != NULL + && (!ssl3_finish_mac(s, hrr, hrrlen) + || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, + s->s3->tmp.message_size + + SSL3_HM_HEADER_LENGTH))) { + /* SSLfatal() already called */ + return 0; + } + return 1; } |