Moving transcript and PRF functions to SSL_TRANSCRIPT.
Change-Id: I98903df561bbf8c5739f892d2ad5e89ac0eb8e6f
Reviewed-on: https://boringssl-review.googlesource.com/13369
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
index e9ba86f..3ef0c15 100644
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c
@@ -157,6 +157,14 @@
return ssl_hs_error;
}
+ /* The PRF hash is now known. Set up the key schedule and hash the
+ * ClientHello. */
+ if (!tls13_init_key_schedule(hs) ||
+ !ssl_hash_current_message(hs)) {
+ return ssl_hs_error;
+ }
+
+
/* Decode the ticket if we agree on a PSK key exchange mode. */
uint8_t alert = SSL_AD_DECODE_ERROR;
SSL_SESSION *session = NULL;
@@ -207,7 +215,7 @@
}
} else {
/* Check the PSK binder. */
- if (!tls13_verify_psk_binder(ssl, session, &binders)) {
+ if (!tls13_verify_psk_binder(hs, session, &binders)) {
SSL_SESSION_free(session);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
return ssl_hs_error;
@@ -243,22 +251,13 @@
return ssl_hs_error;
}
- /* The PRF hash is now known. Set up the key schedule and hash the
- * ClientHello. */
- size_t hash_len =
- EVP_MD_size(ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl)));
- if (!tls13_init_key_schedule(hs) ||
- !ssl_hash_current_message(ssl)) {
- return ssl_hs_error;
- }
-
/* Incorporate the PSK into the running secret. */
if (ssl->s3->session_reused) {
if (!tls13_advance_key_schedule(hs, ssl->s3->new_session->master_key,
ssl->s3->new_session->master_key_length)) {
return ssl_hs_error;
}
- } else if (!tls13_advance_key_schedule(hs, kZeroes, hash_len)) {
+ } else if (!tls13_advance_key_schedule(hs, kZeroes, hs->hash_len)) {
return ssl_hs_error;
}
@@ -323,7 +322,7 @@
return ssl_hs_error;
}
- if (!ssl_hash_current_message(ssl)) {
+ if (!ssl_hash_current_message(hs)) {
return ssl_hs_error;
}
@@ -485,7 +484,7 @@
if (!ssl_check_message_type(ssl, SSL3_MT_CERTIFICATE) ||
!tls13_process_certificate(hs, allow_anonymous) ||
- !ssl_hash_current_message(ssl)) {
+ !ssl_hash_current_message(hs)) {
return ssl_hs_error;
}
@@ -504,7 +503,7 @@
if (!ssl_check_message_type(ssl, SSL3_MT_CERTIFICATE_VERIFY) ||
!tls13_process_certificate_verify(hs) ||
- !ssl_hash_current_message(ssl)) {
+ !ssl_hash_current_message(hs)) {
return ssl_hs_error;
}
@@ -513,15 +512,14 @@
}
static enum ssl_hs_wait_t do_process_channel_id(SSL_HANDSHAKE *hs) {
- SSL *const ssl = hs->ssl;
- if (!ssl->s3->tlsext_channel_id_valid) {
+ if (!hs->ssl->s3->tlsext_channel_id_valid) {
hs->tls13_state = state_process_client_finished;
return ssl_hs_ok;
}
- if (!ssl_check_message_type(ssl, SSL3_MT_CHANNEL_ID) ||
- !tls1_verify_channel_id(ssl) ||
- !ssl_hash_current_message(ssl)) {
+ if (!ssl_check_message_type(hs->ssl, SSL3_MT_CHANNEL_ID) ||
+ !tls1_verify_channel_id(hs) ||
+ !ssl_hash_current_message(hs)) {
return ssl_hs_error;
}
@@ -533,7 +531,7 @@
SSL *const ssl = hs->ssl;
if (!ssl_check_message_type(ssl, SSL3_MT_FINISHED) ||
!tls13_process_finished(hs) ||
- !ssl_hash_current_message(ssl) ||
+ !ssl_hash_current_message(hs) ||
/* evp_aead_seal keys have already been switched. */
!tls13_set_traffic_key(ssl, evp_aead_open, hs->client_traffic_secret_0,
hs->hash_len) ||
