diff options
| author |   jsing <jsing@openbsd.org> | 2021-03-29 16:46:09 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2021-03-29 16:46:09 +0000 |
| commit | 268dad53d6e6176ac2f0893130b94dd69e18f3ef (patch) | |
| tree | a65b7a541b765dc697a54c9e507a2c946601a81b /lib/libssl/ssl_both.c | |
| parent | Add regress coverage for TLSv1.2 record number increment. (diff) | |
| download | wireguard-openbsd-268dad53d6e6176ac2f0893130b94dd69e18f3ef.tar.xz wireguard-openbsd-268dad53d6e6176ac2f0893130b94dd69e18f3ef.zip | |
Move finished and peer finished to the handshake struct.
This moves the finish_md and peer_finish_md from the 'tmp' struct to the
handshake struct, renaming to finished and peer_finished in the process.
This also allows the remaining S3I(s) references to be removed from the
TLSv1.3 client and server.
ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl/ssl_both.c')
| -rw-r--r-- | lib/libssl/ssl_both.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c index 789ab012131..4851231a8f3 100644 --- a/lib/libssl/ssl_both.c +++ b/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.26 2021/03/27 17:56:28 tb Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.27 2021/03/29 16:46:09 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -176,25 +176,25 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); if (tls1_final_finish_mac(s, sender, slen, - S3I(s)->tmp.finish_md) != md_len) + S3I(s)->hs.finished) != md_len) return (0); - S3I(s)->tmp.finish_md_len = md_len; + S3I(s)->hs.finished_len = md_len; /* Copy finished so we can use it for renegotiation checks. */ if (!s->server) { memcpy(S3I(s)->previous_client_finished, - S3I(s)->tmp.finish_md, md_len); + S3I(s)->hs.finished, md_len); S3I(s)->previous_client_finished_len = md_len; } else { memcpy(S3I(s)->previous_server_finished, - S3I(s)->tmp.finish_md, md_len); + S3I(s)->hs.finished, md_len); S3I(s)->previous_server_finished_len = md_len; } if (!ssl3_handshake_msg_start(s, &cbb, &finished, SSL3_MT_FINISHED)) goto err; - if (!CBB_add_bytes(&finished, S3I(s)->tmp.finish_md, md_len)) + if (!CBB_add_bytes(&finished, S3I(s)->hs.finished, md_len)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; @@ -235,9 +235,9 @@ ssl3_take_mac(SSL *s) slen = TLS_MD_CLIENT_FINISH_CONST_SIZE; } - S3I(s)->tmp.peer_finish_md_len = + S3I(s)->hs.peer_finished_len = tls1_final_finish_mac(s, sender, slen, - S3I(s)->tmp.peer_finish_md); + S3I(s)->hs.peer_finished); } int @@ -270,14 +270,14 @@ ssl3_get_finished(SSL *s, int a, int b) CBS_init(&cbs, s->internal->init_msg, n); - if (S3I(s)->tmp.peer_finish_md_len != md_len || + if (S3I(s)->hs.peer_finished_len != md_len || CBS_len(&cbs) != md_len) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); goto fatal_err; } - if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) { + if (!CBS_mem_equal(&cbs, S3I(s)->hs.peer_finished, CBS_len(&cbs))) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_DIGEST_CHECK_FAILED); goto fatal_err; @@ -287,11 +287,11 @@ ssl3_get_finished(SSL *s, int a, int b) OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); if (s->server) { memcpy(S3I(s)->previous_client_finished, - S3I(s)->tmp.peer_finish_md, md_len); + S3I(s)->hs.peer_finished, md_len); S3I(s)->previous_client_finished_len = md_len; } else { memcpy(S3I(s)->previous_server_finished, - S3I(s)->tmp.peer_finish_md, md_len); + S3I(s)->hs.peer_finished, md_len); S3I(s)->previous_server_finished_len = md_len; } |