diff options
| author | jsing <> | 2017-07-24 17:10:31 +0000 |
|---|---|---|
| committer | jsing <> | 2017-07-24 17:10:31 +0000 |
| commit | 0698e049c8b5abfa4b777c0c20e976bfd5620394 (patch) | |
| tree | 8569a0a64e02d438a436db68dfa476dc61e0f26f /src/lib/libssl/t1_lib.c | |
| parent | b6f42f38104bbae83b9a736a436e59bfc4c49dd9 (diff) | |
| download | openbsd-0698e049c8b5abfa4b777c0c20e976bfd5620394.tar.gz openbsd-0698e049c8b5abfa4b777c0c20e976bfd5620394.tar.bz2 openbsd-0698e049c8b5abfa4b777c0c20e976bfd5620394.zip | |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS
and the new extension framework.
Feedback from doug@
ok inoguchi@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 63 |
1 files changed, 5 insertions, 58 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 8d56e74759..bf5e2de80b 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.120 2017/07/23 16:27:44 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.121 2017/07/24 17:10:31 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -720,29 +720,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 720 | return NULL; | 720 | return NULL; |
| 721 | ret += len; | 721 | ret += len; |
| 722 | 722 | ||
| 723 | /* Add RI if renegotiating */ | ||
| 724 | if (s->internal->renegotiate) { | ||
| 725 | int el; | ||
| 726 | |||
| 727 | if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { | ||
| 728 | SSLerror(s, ERR_R_INTERNAL_ERROR); | ||
| 729 | return NULL; | ||
| 730 | } | ||
| 731 | |||
| 732 | if ((size_t)(limit - ret) < 4 + el) | ||
| 733 | return NULL; | ||
| 734 | |||
| 735 | s2n(TLSEXT_TYPE_renegotiate, ret); | ||
| 736 | s2n(el, ret); | ||
| 737 | |||
| 738 | if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { | ||
| 739 | SSLerror(s, ERR_R_INTERNAL_ERROR); | ||
| 740 | return NULL; | ||
| 741 | } | ||
| 742 | |||
| 743 | ret += el; | ||
| 744 | } | ||
| 745 | |||
| 746 | if (using_ecc) { | 723 | if (using_ecc) { |
| 747 | size_t curveslen, formatslen, lenmax; | 724 | size_t curveslen, formatslen, lenmax; |
| 748 | const uint16_t *curves; | 725 | const uint16_t *curves; |
| @@ -1006,28 +983,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 1006 | return NULL; | 983 | return NULL; |
| 1007 | ret += len; | 984 | ret += len; |
| 1008 | 985 | ||
| 1009 | if (S3I(s)->send_connection_binding) { | ||
| 1010 | int el; | ||
| 1011 | |||
| 1012 | if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { | ||
| 1013 | SSLerror(s, ERR_R_INTERNAL_ERROR); | ||
| 1014 | return NULL; | ||
| 1015 | } | ||
| 1016 | |||
| 1017 | if ((size_t)(limit - ret) < 4 + el) | ||
| 1018 | return NULL; | ||
| 1019 | |||
| 1020 | s2n(TLSEXT_TYPE_renegotiate, ret); | ||
| 1021 | s2n(el, ret); | ||
| 1022 | |||
| 1023 | if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { | ||
| 1024 | SSLerror(s, ERR_R_INTERNAL_ERROR); | ||
| 1025 | return NULL; | ||
| 1026 | } | ||
| 1027 | |||
| 1028 | ret += el; | ||
| 1029 | } | ||
| 1030 | |||
| 1031 | if (using_ecc && s->version != DTLS1_VERSION) { | 986 | if (using_ecc && s->version != DTLS1_VERSION) { |
| 1032 | const unsigned char *formats; | 987 | const unsigned char *formats; |
| 1033 | size_t formatslen, lenmax; | 988 | size_t formatslen, lenmax; |
| @@ -1229,12 +1184,12 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1229 | unsigned short len; | 1184 | unsigned short len; |
| 1230 | unsigned char *data = *p; | 1185 | unsigned char *data = *p; |
| 1231 | unsigned char *end = d + n; | 1186 | unsigned char *end = d + n; |
| 1232 | int renegotiate_seen = 0; | ||
| 1233 | int sigalg_seen = 0; | 1187 | int sigalg_seen = 0; |
| 1234 | CBS cbs; | 1188 | CBS cbs; |
| 1235 | 1189 | ||
| 1236 | s->internal->servername_done = 0; | 1190 | s->internal->servername_done = 0; |
| 1237 | s->tlsext_status_type = -1; | 1191 | s->tlsext_status_type = -1; |
| 1192 | S3I(s)->renegotiate_seen = 0; | ||
| 1238 | S3I(s)->next_proto_neg_seen = 0; | 1193 | S3I(s)->next_proto_neg_seen = 0; |
| 1239 | free(S3I(s)->alpn_selected); | 1194 | free(S3I(s)->alpn_selected); |
| 1240 | S3I(s)->alpn_selected = NULL; | 1195 | S3I(s)->alpn_selected = NULL; |
| @@ -1335,10 +1290,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1335 | *al = TLS1_AD_INTERNAL_ERROR; | 1290 | *al = TLS1_AD_INTERNAL_ERROR; |
| 1336 | return 0; | 1291 | return 0; |
| 1337 | } | 1292 | } |
| 1338 | } else if (type == TLSEXT_TYPE_renegotiate) { | ||
| 1339 | if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) | ||
| 1340 | return 0; | ||
| 1341 | renegotiate_seen = 1; | ||
| 1342 | } else if (type == TLSEXT_TYPE_signature_algorithms) { | 1293 | } else if (type == TLSEXT_TYPE_signature_algorithms) { |
| 1343 | int dsize; | 1294 | int dsize; |
| 1344 | if (sigalg_seen || size < 2) { | 1295 | if (sigalg_seen || size < 2) { |
| @@ -1513,7 +1464,7 @@ ri_check: | |||
| 1513 | 1464 | ||
| 1514 | /* Need RI if renegotiating */ | 1465 | /* Need RI if renegotiating */ |
| 1515 | 1466 | ||
| 1516 | if (!renegotiate_seen && s->internal->renegotiate) { | 1467 | if (!S3I(s)->renegotiate_seen && s->internal->renegotiate) { |
| 1517 | *al = SSL_AD_HANDSHAKE_FAILURE; | 1468 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 1518 | SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 1469 | SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); |
| 1519 | return 0; | 1470 | return 0; |
| @@ -1554,9 +1505,9 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) | |||
| 1554 | unsigned char *data = *p; | 1505 | unsigned char *data = *p; |
| 1555 | unsigned char *end = *p + n; | 1506 | unsigned char *end = *p + n; |
| 1556 | int tlsext_servername = 0; | 1507 | int tlsext_servername = 0; |
| 1557 | int renegotiate_seen = 0; | ||
| 1558 | CBS cbs; | 1508 | CBS cbs; |
| 1559 | 1509 | ||
| 1510 | S3I(s)->renegotiate_seen = 0; | ||
| 1560 | S3I(s)->next_proto_neg_seen = 0; | 1511 | S3I(s)->next_proto_neg_seen = 0; |
| 1561 | free(S3I(s)->alpn_selected); | 1512 | free(S3I(s)->alpn_selected); |
| 1562 | S3I(s)->alpn_selected = NULL; | 1513 | S3I(s)->alpn_selected = NULL; |
| @@ -1719,10 +1670,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) | |||
| 1719 | memcpy(S3I(s)->alpn_selected, data + 3, len); | 1670 | memcpy(S3I(s)->alpn_selected, data + 3, len); |
| 1720 | S3I(s)->alpn_selected_len = len; | 1671 | S3I(s)->alpn_selected_len = len; |
| 1721 | 1672 | ||
| 1722 | } else if (type == TLSEXT_TYPE_renegotiate) { | ||
| 1723 | if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) | ||
| 1724 | return 0; | ||
| 1725 | renegotiate_seen = 1; | ||
| 1726 | } | 1673 | } |
| 1727 | #ifndef OPENSSL_NO_SRTP | 1674 | #ifndef OPENSSL_NO_SRTP |
| 1728 | else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { | 1675 | else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { |
| @@ -1769,7 +1716,7 @@ ri_check: | |||
| 1769 | * which doesn't support RI so for the immediate future tolerate RI | 1716 | * which doesn't support RI so for the immediate future tolerate RI |
| 1770 | * absence on initial connect only. | 1717 | * absence on initial connect only. |
| 1771 | */ | 1718 | */ |
| 1772 | if (!renegotiate_seen && | 1719 | if (!S3I(s)->renegotiate_seen && |
| 1773 | !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { | 1720 | !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { |
| 1774 | *al = SSL_AD_HANDSHAKE_FAILURE; | 1721 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 1775 | SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 1722 | SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); |