diff options
| author | beck <> | 2020-01-22 02:21:05 +0000 |
|---|---|---|
| committer | beck <> | 2020-01-22 02:21:05 +0000 |
| commit | 42995b3308983da3add7404dc736c3fcfaa2b90f (patch) | |
| tree | adb83e2e84639be88bf49e54a37ffa221760b86f | |
| parent | 33e8d2d1da86ec2fec46397361af862802b89333 (diff) | |
| download | openbsd-42995b3308983da3add7404dc736c3fcfaa2b90f.tar.gz openbsd-42995b3308983da3add7404dc736c3fcfaa2b90f.tar.bz2 openbsd-42995b3308983da3add7404dc736c3fcfaa2b90f.zip | |
Add minimal support for hello retry request for RFC conformance.
We currently don't support sending a modified clienthello
ok jsing@ tb@
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 65 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_internal.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_lib.c | 5 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 9 |
4 files changed, 71 insertions, 11 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 4ec29ea956..ed9a69918a 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.22 2020/01/21 12:08:04 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.23 2020/01/22 02:21:05 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -809,3 +809,66 @@ tls13_client_finished_sent(struct tls13_ctx *ctx) | |||
| 809 | return tls13_record_layer_set_write_traffic_key(ctx->rl, | 809 | return tls13_record_layer_set_write_traffic_key(ctx->rl, |
| 810 | &secrets->client_application_traffic); | 810 | &secrets->client_application_traffic); |
| 811 | } | 811 | } |
| 812 | |||
| 813 | |||
| 814 | static int | ||
| 815 | tls13_client_hello_retry_process(struct tls13_ctx *ctx, CBS *cbs) | ||
| 816 | { | ||
| 817 | CBS server_random, session_id; | ||
| 818 | uint16_t cipher_suite, legacy_version; | ||
| 819 | uint8_t compression_method; | ||
| 820 | int alert_desc; | ||
| 821 | SSL *s = ctx->ssl; | ||
| 822 | |||
| 823 | if (!CBS_get_u16(cbs, &legacy_version)) | ||
| 824 | goto err; | ||
| 825 | if (!CBS_get_bytes(cbs, &server_random, SSL3_RANDOM_SIZE)) | ||
| 826 | goto err; | ||
| 827 | if (!CBS_get_u8_length_prefixed(cbs, &session_id)) | ||
| 828 | goto err; | ||
| 829 | if (!CBS_get_u16(cbs, &cipher_suite)) | ||
| 830 | goto err; | ||
| 831 | if (!CBS_get_u8(cbs, &compression_method)) | ||
| 832 | goto err; | ||
| 833 | |||
| 834 | /* | ||
| 835 | * XXX currently this will change state and be hazardous later | ||
| 836 | * if we decide to support sending an updated client hello. | ||
| 837 | * however, since we will not today (and are going to return | ||
| 838 | * illegal parameter as per section 4.1.4) we just ensure | ||
| 839 | * that the extensions parse correctly. | ||
| 840 | */ | ||
| 841 | if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) { | ||
| 842 | ctx->alert = alert_desc; | ||
| 843 | goto err; | ||
| 844 | } | ||
| 845 | |||
| 846 | if (CBS_len(cbs) != 0) | ||
| 847 | goto err; | ||
| 848 | |||
| 849 | /* XXX for now, just say no, we will not change our hello */ | ||
| 850 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; | ||
| 851 | err: | ||
| 852 | if (ctx->alert == 0) | ||
| 853 | ctx->alert = TLS1_AD_DECODE_ERROR; | ||
| 854 | return 0; | ||
| 855 | } | ||
| 856 | |||
| 857 | int | ||
| 858 | tls13_client_hello_retry_recv(struct tls13_ctx *ctx) | ||
| 859 | { | ||
| 860 | int ret = 0; | ||
| 861 | CBS cbs; | ||
| 862 | |||
| 863 | if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) | ||
| 864 | goto err; | ||
| 865 | |||
| 866 | if (!tls13_client_hello_retry_process(ctx, &cbs)) { | ||
| 867 | if (ctx->alert == SSL_AD_ILLEGAL_PARAMETER) | ||
| 868 | tls13_set_errorx(ctx, TLS13_ERR_HRR_FAILED, 0, | ||
| 869 | "Unsatisfiable hello retry request", NULL); | ||
| 870 | goto err; | ||
| 871 | } | ||
| 872 | err: | ||
| 873 | return ret; | ||
| 874 | } | ||
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 7fee37f5dd..167ed1f254 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_internal.h,v 1.40 2020/01/22 01:02:28 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_internal.h,v 1.41 2020/01/22 02:21:05 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| @@ -38,6 +38,7 @@ __BEGIN_HIDDEN_DECLS | |||
| 38 | #define TLS13_IO_USE_LEGACY -4 | 38 | #define TLS13_IO_USE_LEGACY -4 |
| 39 | 39 | ||
| 40 | #define TLS13_ERR_VERIFY_FAILED 16 | 40 | #define TLS13_ERR_VERIFY_FAILED 16 |
| 41 | #define TLS13_ERR_HRR_FAILED 17 | ||
| 41 | 42 | ||
| 42 | typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg); | 43 | typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg); |
| 43 | typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *cbs); | 44 | typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *cbs); |
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index bb749a9b68..e353e9fdad 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_lib.c,v 1.17 2020/01/22 01:02:28 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_lib.c,v 1.18 2020/01/22 02:21:05 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> |
| @@ -353,6 +353,9 @@ tls13_legacy_error(SSL *ssl) | |||
| 353 | case TLS13_ERR_VERIFY_FAILED: | 353 | case TLS13_ERR_VERIFY_FAILED: |
| 354 | reason = SSL_R_CERTIFICATE_VERIFY_FAILED; | 354 | reason = SSL_R_CERTIFICATE_VERIFY_FAILED; |
| 355 | break; | 355 | break; |
| 356 | case TLS13_ERR_HRR_FAILED: | ||
| 357 | reason = SSL_R_NO_CIPHERS_AVAILABLE; | ||
| 358 | break; | ||
| 356 | } | 359 | } |
| 357 | 360 | ||
| 358 | ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file, | 361 | ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file, |
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 541e341936..10d85a62b3 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.3 2019/11/17 14:25:03 tb Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.4 2020/01/22 02:21:05 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -97,13 +97,6 @@ tls13_server_hello_retry_recv(struct tls13_ctx *ctx) | |||
| 97 | } | 97 | } |
| 98 | 98 | ||
| 99 | int | 99 | int |
| 100 | tls13_client_hello_retry_recv(struct tls13_ctx *ctx) | ||
| 101 | { | ||
| 102 | return 0; | ||
| 103 | } | ||
| 104 | |||
| 105 | |||
| 106 | int | ||
| 107 | tls13_client_end_of_early_data_send(struct tls13_ctx *ctx) | 100 | tls13_client_end_of_early_data_send(struct tls13_ctx *ctx) |
| 108 | { | 101 | { |
| 109 | return 0; | 102 | return 0; |