Convert SSL_TRANSCRIPT to C++.
Bug: 132
Change-Id: I2d7cb45d56e8dcb223fbc5838922fdbe6f28ded7
Reviewed-on: https://boringssl-review.googlesource.com/18264
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/tls13_enc.cc b/ssl/tls13_enc.cc
index 14dbb9d..1ae4849 100644
--- a/ssl/tls13_enc.cc
+++ b/ssl/tls13_enc.cc
@@ -34,11 +34,11 @@
static int init_key_schedule(SSL_HANDSHAKE *hs, uint16_t version,
int algorithm_prf) {
- if (!SSL_TRANSCRIPT_init_hash(&hs->transcript, version, algorithm_prf)) {
+ if (!hs->transcript.InitHash(version, algorithm_prf)) {
return 0;
}
- hs->hash_len = SSL_TRANSCRIPT_digest_len(&hs->transcript);
+ hs->hash_len = hs->transcript.DigestLen();
/* Initialize the secret to the zero key. */
OPENSSL_memset(hs->secret, 0, hs->hash_len);
@@ -52,7 +52,7 @@
return 0;
}
- SSL_TRANSCRIPT_free_buffer(&hs->transcript);
+ hs->transcript.FreeBuffer();
return 1;
}
@@ -64,9 +64,8 @@
int tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in,
size_t len) {
- return HKDF_extract(hs->secret, &hs->hash_len,
- SSL_TRANSCRIPT_md(&hs->transcript), in, len, hs->secret,
- hs->hash_len);
+ return HKDF_extract(hs->secret, &hs->hash_len, hs->transcript.Digest(), in,
+ len, hs->secret, hs->hash_len);
}
static int hkdf_expand_label(uint8_t *out, const EVP_MD *digest,
@@ -105,12 +104,11 @@
const uint8_t *label, size_t label_len) {
uint8_t context_hash[EVP_MAX_MD_SIZE];
size_t context_hash_len;
- if (!SSL_TRANSCRIPT_get_hash(&hs->transcript, context_hash,
- &context_hash_len)) {
+ if (!hs->transcript.GetHash(context_hash, &context_hash_len)) {
return 0;
}
- return hkdf_expand_label(out, SSL_TRANSCRIPT_md(&hs->transcript), hs->secret,
+ return hkdf_expand_label(out, hs->transcript.Digest(), hs->secret,
hs->hash_len, label, label_len, context_hash,
context_hash_len, len);
}
@@ -313,11 +311,9 @@
uint8_t context_hash[EVP_MAX_MD_SIZE];
size_t context_hash_len;
- if (!SSL_TRANSCRIPT_get_hash(&hs->transcript, context_hash,
- &context_hash_len) ||
- !tls13_verify_data(SSL_TRANSCRIPT_md(&hs->transcript), out, out_len,
- traffic_secret, hs->hash_len, context_hash,
- context_hash_len)) {
+ if (!hs->transcript.GetHash(context_hash, &context_hash_len) ||
+ !tls13_verify_data(hs->transcript.Digest(), out, out_len, traffic_secret,
+ hs->hash_len, context_hash, context_hash_len)) {
return 0;
}
return 1;
@@ -387,8 +383,8 @@
uint8_t context[EVP_MAX_MD_SIZE];
unsigned context_len;
if (!EVP_DigestInit_ex(ctx.get(), digest, NULL) ||
- !EVP_DigestUpdate(ctx.get(), hs->transcript.buffer->data,
- hs->transcript.buffer->length) ||
+ !EVP_DigestUpdate(ctx.get(), hs->transcript.buffer_data(),
+ hs->transcript.buffer_len()) ||
!EVP_DigestUpdate(ctx.get(), msg, len - hash_len - 3) ||
!EVP_DigestFinal_ex(ctx.get(), context, &context_len)) {
return 0;
@@ -407,7 +403,7 @@
int tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session,
CBS *binders) {
- size_t hash_len = SSL_TRANSCRIPT_digest_len(&hs->transcript);
+ size_t hash_len = hs->transcript.DigestLen();
/* Get the full ClientHello, including message header. It must be large enough
* to exclude the binders. */
@@ -423,14 +419,13 @@
uint8_t context[EVP_MAX_MD_SIZE];
unsigned context_len;
if (!EVP_Digest(CBS_data(&message), CBS_len(&message) - CBS_len(binders) - 2,
- context, &context_len, SSL_TRANSCRIPT_md(&hs->transcript),
- NULL)) {
+ context, &context_len, hs->transcript.Digest(), NULL)) {
return 0;
}
uint8_t verify_data[EVP_MAX_MD_SIZE] = {0};
CBS binder;
- if (!tls13_psk_binder(verify_data, SSL_TRANSCRIPT_md(&hs->transcript),
+ if (!tls13_psk_binder(verify_data, hs->transcript.Digest(),
session->master_key, session->master_key_length,
context, context_len, hash_len) ||
/* We only consider the first PSK, so compare against the first binder. */