summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2022-01-11 18:28:41 +0000
committerjsing <>2022-01-11 18:28:41 +0000
commit7af437db632fa247609a08c8b60d48ae34bf3d68 (patch)
treeb1b5872add715360561434ded72edd4aac2d3950
parentc48aae5cc38995b3b04baaf61334783d01a7772e (diff)
downloadopenbsd-7af437db632fa247609a08c8b60d48ae34bf3d68.tar.gz
openbsd-7af437db632fa247609a08c8b60d48ae34bf3d68.tar.bz2
openbsd-7af437db632fa247609a08c8b60d48ae34bf3d68.zip
Plumb decode errors through key share parsing code.
Distinguish between decode errors and other errors, so that we can send a SSL_AD_DECODE_ERROR alert when appropriate. Fixes a tlsfuzzer failure, due to it expecting a decode error alert and not receiving one. Prompted by anton@ ok tb@
Diffstat
-rw-r--r--src/lib/libssl/ssl_clnt.c39
-rw-r--r--src/lib/libssl/ssl_kex.c22
-rw-r--r--src/lib/libssl/ssl_locl.h8
-rw-r--r--src/lib/libssl/ssl_srvr.c29
-rw-r--r--src/lib/libssl/ssl_tlsext.c14
-rw-r--r--src/lib/libssl/tls_internal.h6
-rw-r--r--src/lib/libssl/tls_key_share.c36
7 files changed, 106 insertions, 48 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 19d83653c9..981161290f 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.134 2022/01/09 15:55:37 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.135 2022/01/11 18:28:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1214,7 +1214,7 @@ ssl3_get_server_certificate(SSL *s)
1214static int 1214static int
1215ssl3_get_server_kex_dhe(SSL *s, CBS *cbs) 1215ssl3_get_server_kex_dhe(SSL *s, CBS *cbs)
1216{ 1216{
1217 int invalid_params, invalid_key; 1217 int decode_error, invalid_params, invalid_key;
1218 int nid = NID_dhKeyAgreement; 1218 int nid = NID_dhKeyAgreement;
1219 1219
1220 tls_key_share_free(S3I(s)->hs.key_share); 1220 tls_key_share_free(S3I(s)->hs.key_share);
@@ -1222,29 +1222,35 @@ ssl3_get_server_kex_dhe(SSL *s, CBS *cbs)
1222 goto err; 1222 goto err;
1223 1223
1224 if (!tls_key_share_peer_params(S3I(s)->hs.key_share, cbs, 1224 if (!tls_key_share_peer_params(S3I(s)->hs.key_share, cbs,
1225 &invalid_params)) 1225 &decode_error, &invalid_params)) {
1226 goto decode_err; 1226 if (decode_error) {
1227 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1228 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1229 }
1230 goto err;
1231 }
1227 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs, 1232 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs,
1228 &invalid_key)) 1233 &decode_error, &invalid_key)) {
1229 goto decode_err; 1234 if (decode_error) {
1235 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1236 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1237 }
1238 goto err;
1239 }
1230 1240
1231 if (invalid_params) { 1241 if (invalid_params) {
1232 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1233 SSLerror(s, SSL_R_BAD_DH_P_LENGTH); 1242 SSLerror(s, SSL_R_BAD_DH_P_LENGTH);
1243 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1234 goto err; 1244 goto err;
1235 } 1245 }
1236 if (invalid_key) { 1246 if (invalid_key) {
1237 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1238 SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); 1247 SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH);
1248 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1239 goto err; 1249 goto err;
1240 } 1250 }
1241 1251
1242 return 1; 1252 return 1;
1243 1253
1244 decode_err:
1245 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1246 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1247
1248 err: 1254 err:
1249 return 0; 1255 return 0;
1250} 1256}
@@ -1254,6 +1260,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs)
1254{ 1260{
1255 uint8_t curve_type; 1261 uint8_t curve_type;
1256 uint16_t curve_id; 1262 uint16_t curve_id;
1263 int decode_error;
1257 CBS public; 1264 CBS public;
1258 1265
1259 if (!CBS_get_u8(cbs, &curve_type)) 1266 if (!CBS_get_u8(cbs, &curve_type))
@@ -1285,14 +1292,18 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs)
1285 if ((S3I(s)->hs.key_share = tls_key_share_new(curve_id)) == NULL) 1292 if ((S3I(s)->hs.key_share = tls_key_share_new(curve_id)) == NULL)
1286 goto err; 1293 goto err;
1287 1294
1288 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public, NULL)) 1295 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public,
1296 &decode_error, NULL)) {
1297 if (decode_error)
1298 goto decode_err;
1289 goto err; 1299 goto err;
1300 }
1290 1301
1291 return 1; 1302 return 1;
1292 1303
1293 decode_err: 1304 decode_err:
1294 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1295 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1305 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1306 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1296 err: 1307 err:
1297 return 0; 1308 return 0;
1298} 1309}
diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c
index 78b528b168..cd6713b8b2 100644
--- a/src/lib/libssl/ssl_kex.c
+++ b/src/lib/libssl/ssl_kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_kex.c,v 1.8 2021/12/04 14:03:22 jsing Exp $ */ 1/* $OpenBSD: ssl_kex.c,v 1.9 2022/01/11 18:28:41 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -156,18 +156,24 @@ ssl_kex_public_dhe(DH *dh, CBB *cbb)
156} 156}
157 157
158int 158int
159ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *invalid_params) 159ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *decode_error,
160 int *invalid_params)
160{ 161{
161 BIGNUM *p = NULL, *g = NULL; 162 BIGNUM *p = NULL, *g = NULL;
162 CBS dh_p, dh_g; 163 CBS dh_p, dh_g;
163 int ret = 0; 164 int ret = 0;
164 165
166 *decode_error = 0;
165 *invalid_params = 0; 167 *invalid_params = 0;
166 168
167 if (!CBS_get_u16_length_prefixed(cbs, &dh_p)) 169 if (!CBS_get_u16_length_prefixed(cbs, &dh_p)) {
170 *decode_error = 1;
168 goto err; 171 goto err;
169 if (!CBS_get_u16_length_prefixed(cbs, &dh_g)) 172 }
173 if (!CBS_get_u16_length_prefixed(cbs, &dh_g)) {
174 *decode_error = 1;
170 goto err; 175 goto err;
176 }
171 177
172 if ((p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL)) == NULL) 178 if ((p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL)) == NULL)
173 goto err; 179 goto err;
@@ -194,17 +200,21 @@ ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *invalid_params)
194} 200}
195 201
196int 202int
197ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *invalid_key) 203ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error,
204 int *invalid_key)
198{ 205{
199 BIGNUM *pub_key = NULL; 206 BIGNUM *pub_key = NULL;
200 int check_flags; 207 int check_flags;
201 CBS dh_y; 208 CBS dh_y;
202 int ret = 0; 209 int ret = 0;
203 210
211 *decode_error = 0;
204 *invalid_key = 0; 212 *invalid_key = 0;
205 213
206 if (!CBS_get_u16_length_prefixed(cbs, &dh_y)) 214 if (!CBS_get_u16_length_prefixed(cbs, &dh_y)) {
215 *decode_error = 1;
207 goto err; 216 goto err;
217 }
208 218
209 if ((pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y), 219 if ((pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y),
210 NULL)) == NULL) 220 NULL)) == NULL)
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index fcb369405c..0eca4e673d 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.380 2022/01/09 15:53:52 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.381 2022/01/11 18:28:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1424,8 +1424,10 @@ int ssl_kex_generate_dhe(DH *dh, DH *dh_params);
1424int ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_len); 1424int ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_len);
1425int ssl_kex_params_dhe(DH *dh, CBB *cbb); 1425int ssl_kex_params_dhe(DH *dh, CBB *cbb);
1426int ssl_kex_public_dhe(DH *dh, CBB *cbb); 1426int ssl_kex_public_dhe(DH *dh, CBB *cbb);
1427int ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *invalid_params); 1427int ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *decode_error,
1428int ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *invalid_key); 1428 int *invalid_params);
1429int ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error,
1430 int *invalid_key);
1429int ssl_kex_derive_dhe(DH *dh, DH *dh_peer, 1431int ssl_kex_derive_dhe(DH *dh, DH *dh_peer,
1430 uint8_t **shared_key, size_t *shared_key_len); 1432 uint8_t **shared_key, size_t *shared_key_len);
1431 1433
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 0979750e22..dd622c2831 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.137 2022/01/09 15:40:13 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.138 2022/01/11 18:28:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1701,21 +1701,26 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
1701{ 1701{
1702 uint8_t *key = NULL; 1702 uint8_t *key = NULL;
1703 size_t key_len = 0; 1703 size_t key_len = 0;
1704 int invalid_key; 1704 int decode_error, invalid_key;
1705 int ret = 0; 1705 int ret = 0;
1706 1706
1707 if (S3I(s)->hs.key_share == NULL) { 1707 if (S3I(s)->hs.key_share == NULL) {
1708 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1709 SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); 1708 SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
1709 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1710 goto err; 1710 goto err;
1711 } 1711 }
1712 1712
1713 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs, 1713 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs,
1714 &invalid_key)) 1714 &decode_error, &invalid_key)) {
1715 if (decode_error) {
1716 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1717 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1718 }
1715 goto err; 1719 goto err;
1720 }
1716 if (invalid_key) { 1721 if (invalid_key) {
1717 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1718 SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); 1722 SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH);
1723 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1719 goto err; 1724 goto err;
1720 } 1725 }
1721 1726
@@ -1738,6 +1743,7 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs)
1738{ 1743{
1739 uint8_t *key = NULL; 1744 uint8_t *key = NULL;
1740 size_t key_len = 0; 1745 size_t key_len = 0;
1746 int decode_error;
1741 CBS public; 1747 CBS public;
1742 int ret = 0; 1748 int ret = 0;
1743 1749
@@ -1747,10 +1753,19 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs)
1747 goto err; 1753 goto err;
1748 } 1754 }
1749 1755
1750 if (!CBS_get_u8_length_prefixed(cbs, &public)) 1756 if (!CBS_get_u8_length_prefixed(cbs, &public)) {
1757 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1758 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1751 goto err; 1759 goto err;
1752 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public, NULL)) 1760 }
1761 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public,
1762 &decode_error, NULL)) {
1763 if (decode_error) {
1764 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1765 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1766 }
1753 goto err; 1767 goto err;
1768 }
1754 1769
1755 if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len)) 1770 if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len))
1756 goto err; 1771 goto err;
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 7538efdc8c..69f8ddbc40 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.107 2022/01/11 18:24:03 jsing Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.108 2022/01/11 18:28:41 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1478,6 +1478,7 @@ int
1478tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1478tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1479{ 1479{
1480 CBS client_shares, key_exchange; 1480 CBS client_shares, key_exchange;
1481 int decode_error;
1481 uint16_t group; 1482 uint16_t group;
1482 1483
1483 if (!CBS_get_u16_length_prefixed(cbs, &client_shares)) 1484 if (!CBS_get_u16_length_prefixed(cbs, &client_shares))
@@ -1515,8 +1516,11 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1515 return 0; 1516 return 0;
1516 } 1517 }
1517 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, 1518 if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
1518 &key_exchange, NULL)) 1519 &key_exchange, &decode_error, NULL)) {
1520 if (!decode_error)
1521 *alert = SSL_AD_INTERNAL_ERROR;
1519 return 0; 1522 return 0;
1523 }
1520 } 1524 }
1521 1525
1522 return 1; 1526 return 1;
@@ -1561,6 +1565,7 @@ int
1561tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1565tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1562{ 1566{
1563 CBS key_exchange; 1567 CBS key_exchange;
1568 int decode_error;
1564 uint16_t group; 1569 uint16_t group;
1565 1570
1566 /* Unpack server share. */ 1571 /* Unpack server share. */
@@ -1588,8 +1593,11 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1588 return 0; 1593 return 0;
1589 } 1594 }
1590 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, 1595 if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
1591 &key_exchange, NULL)) 1596 &key_exchange, &decode_error, NULL)) {
1597 if (!decode_error)
1598 *alert = SSL_AD_INTERNAL_ERROR;
1592 return 0; 1599 return 0;
1600 }
1593 1601
1594 return 1; 1602 return 1;
1595} 1603}
diff --git a/src/lib/libssl/tls_internal.h b/src/lib/libssl/tls_internal.h
index f7f939215a..a009635a05 100644
--- a/src/lib/libssl/tls_internal.h
+++ b/src/lib/libssl/tls_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_internal.h,v 1.4 2022/01/07 15:46:30 jsing Exp $ */ 1/* $OpenBSD: tls_internal.h,v 1.5 2022/01/11 18:28:41 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019, 2021 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019, 2021 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -72,9 +72,9 @@ int tls_key_share_generate(struct tls_key_share *ks);
72int tls_key_share_params(struct tls_key_share *ks, CBB *cbb); 72int tls_key_share_params(struct tls_key_share *ks, CBB *cbb);
73int tls_key_share_public(struct tls_key_share *ks, CBB *cbb); 73int tls_key_share_public(struct tls_key_share *ks, CBB *cbb);
74int tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs, 74int tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs,
75 int *invalid_params); 75 int *decode_error, int *invalid_params);
76int tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, 76int tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs,
77 int *invalid_key); 77 int *decode_error, int *invalid_key);
78int tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key, 78int tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key,
79 size_t *shared_key_len); 79 size_t *shared_key_len);
80 80
diff --git a/src/lib/libssl/tls_key_share.c b/src/lib/libssl/tls_key_share.c
index eb30a0ea69..e5e6c304b6 100644
--- a/src/lib/libssl/tls_key_share.c
+++ b/src/lib/libssl/tls_key_share.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_key_share.c,v 1.3 2022/01/07 15:46:30 jsing Exp $ */ 1/* $OpenBSD: tls_key_share.c,v 1.4 2022/01/11 18:28:41 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -301,14 +301,15 @@ tls_key_share_public(struct tls_key_share *ks, CBB *cbb)
301 301
302static int 302static int
303tls_key_share_peer_params_dhe(struct tls_key_share *ks, CBS *cbs, 303tls_key_share_peer_params_dhe(struct tls_key_share *ks, CBS *cbs,
304 int *invalid_params) 304 int *decode_error, int *invalid_params)
305{ 305{
306 if (ks->dhe != NULL || ks->dhe_peer != NULL) 306 if (ks->dhe != NULL || ks->dhe_peer != NULL)
307 return 0; 307 return 0;
308 308
309 if ((ks->dhe_peer = DH_new()) == NULL) 309 if ((ks->dhe_peer = DH_new()) == NULL)
310 return 0; 310 return 0;
311 if (!ssl_kex_peer_params_dhe(ks->dhe_peer, cbs, invalid_params)) 311 if (!ssl_kex_peer_params_dhe(ks->dhe_peer, cbs, decode_error,
312 invalid_params))
312 return 0; 313 return 0;
313 if ((ks->dhe = DHparams_dup(ks->dhe_peer)) == NULL) 314 if ((ks->dhe = DHparams_dup(ks->dhe_peer)) == NULL)
314 return 0; 315 return 0;
@@ -318,22 +319,24 @@ tls_key_share_peer_params_dhe(struct tls_key_share *ks, CBS *cbs,
318 319
319int 320int
320tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs, 321tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs,
321 int *invalid_params) 322 int *decode_error, int *invalid_params)
322{ 323{
323 if (ks->nid != NID_dhKeyAgreement) 324 if (ks->nid != NID_dhKeyAgreement)
324 return 0; 325 return 0;
325 326
326 return tls_key_share_peer_params_dhe(ks, cbs, invalid_params); 327 return tls_key_share_peer_params_dhe(ks, cbs, decode_error,
328 invalid_params);
327} 329}
328 330
329static int 331static int
330tls_key_share_peer_public_dhe(struct tls_key_share *ks, CBS *cbs, 332tls_key_share_peer_public_dhe(struct tls_key_share *ks, CBS *cbs,
331 int *invalid_key) 333 int *decode_error, int *invalid_key)
332{ 334{
333 if (ks->dhe_peer == NULL) 335 if (ks->dhe_peer == NULL)
334 return 0; 336 return 0;
335 337
336 return ssl_kex_peer_public_dhe(ks->dhe_peer, cbs, invalid_key); 338 return ssl_kex_peer_public_dhe(ks->dhe_peer, cbs, decode_error,
339 invalid_key);
337} 340}
338 341
339static int 342static int
@@ -362,30 +365,39 @@ tls_key_share_peer_public_ecdhe_ecp(struct tls_key_share *ks, CBS *cbs)
362} 365}
363 366
364static int 367static int
365tls_key_share_peer_public_x25519(struct tls_key_share *ks, CBS *cbs) 368tls_key_share_peer_public_x25519(struct tls_key_share *ks, CBS *cbs,
369 int *decode_error)
366{ 370{
367 size_t out_len; 371 size_t out_len;
368 372
373 *decode_error = 0;
374
369 if (ks->x25519_peer_public != NULL) 375 if (ks->x25519_peer_public != NULL)
370 return 0; 376 return 0;
371 377
372 if (CBS_len(cbs) != X25519_KEY_LENGTH) 378 if (CBS_len(cbs) != X25519_KEY_LENGTH) {
379 *decode_error = 1;
373 return 0; 380 return 0;
381 }
374 382
375 return CBS_stow(cbs, &ks->x25519_peer_public, &out_len); 383 return CBS_stow(cbs, &ks->x25519_peer_public, &out_len);
376} 384}
377 385
378int 386int
379tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, int *invalid_key) 387tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, int *decode_error,
388 int *invalid_key)
380{ 389{
390 *decode_error = 0;
391
381 if (invalid_key != NULL) 392 if (invalid_key != NULL)
382 *invalid_key = 0; 393 *invalid_key = 0;
383 394
384 if (ks->nid == NID_dhKeyAgreement) 395 if (ks->nid == NID_dhKeyAgreement)
385 return tls_key_share_peer_public_dhe(ks, cbs, invalid_key); 396 return tls_key_share_peer_public_dhe(ks, cbs, decode_error,
397 invalid_key);
386 398
387 if (ks->nid == NID_X25519) 399 if (ks->nid == NID_X25519)
388 return tls_key_share_peer_public_x25519(ks, cbs); 400 return tls_key_share_peer_public_x25519(ks, cbs, decode_error);
389 401
390 return tls_key_share_peer_public_ecdhe_ecp(ks, cbs); 402 return tls_key_share_peer_public_ecdhe_ecp(ks, cbs);
391} 403}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:18:43 +0000