diff options
| author | Daiki Ueno <dueno@redhat.com> | 2018-10-05 10:41:23 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2018-11-11 07:03:43 +0100 |
| commit | 787aad1b016d82ebc4a1eda53d30de48f2841311 (patch) | |
| tree | f599e94880a77631a6e45ae49fe98e52a341f068 | |
| parent | 53d28c0461465e800821f81a092e3d7e43f60fbc (diff) | |
| download | gnutls-787aad1b016d82ebc4a1eda53d30de48f2841311.tar.gz | |
handshake: record transcript hash for ClientHello
This is necessary to compute client_early_traffic_secret and
early_exporter_master_secret in TLS 1.3.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
| -rw-r--r-- | lib/gnutls_int.h | 1 | ||||
| -rw-r--r-- | lib/handshake.c | 7 |
2 files changed, 8 insertions, 0 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 3eece0278f..6fc3672f34 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1072,6 +1072,7 @@ typedef struct { int handshake_hash_buffer_prev_len; /* keeps the length of handshake_hash_buffer, excluding * the last received message */ + unsigned handshake_hash_buffer_client_hello_len; /* if non-zero it is the length of data until the client hello message */ unsigned handshake_hash_buffer_client_kx_len;/* if non-zero it is the length of data until the * the client key exchange message */ unsigned handshake_hash_buffer_server_finished_len;/* if non-zero it is the length of data until the diff --git a/lib/handshake.c b/lib/handshake.c index a20c7a302a..a760e6d465 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -80,6 +80,7 @@ handshake_hash_buffer_reset(gnutls_session_t session) { _gnutls_buffers_log("BUF[HSK]: Emptied buffer\n"); + session->internals.handshake_hash_buffer_client_hello_len = 0; session->internals.handshake_hash_buffer_client_kx_len = 0; session->internals.handshake_hash_buffer_server_finished_len = 0; session->internals.handshake_hash_buffer_client_finished_len = 0; @@ -1408,6 +1409,9 @@ handshake_hash_add_recvd(gnutls_session_t session, /* save the size until client KX. That is because the TLS * session hash is calculated up to this message. */ + if (recv_type == GNUTLS_HANDSHAKE_CLIENT_HELLO) + session->internals.handshake_hash_buffer_client_hello_len = + session->internals.handshake_hash_buffer.length; if (recv_type == GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE) session->internals.handshake_hash_buffer_client_kx_len = session->internals.handshake_hash_buffer.length; @@ -1459,6 +1463,9 @@ handshake_hash_add_sent(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); + if (type == GNUTLS_HANDSHAKE_CLIENT_HELLO) + session->internals.handshake_hash_buffer_client_hello_len = + session->internals.handshake_hash_buffer.length; if (type == GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE) session->internals.handshake_hash_buffer_client_kx_len = session->internals.handshake_hash_buffer.length; |