diff options
| author | beck <> | 2020-01-22 02:21:05 +0000 |
|---|---|---|
| committer | beck <> | 2020-01-22 02:21:05 +0000 |
| commit | 42995b3308983da3add7404dc736c3fcfaa2b90f (patch) | |
| tree | adb83e2e84639be88bf49e54a37ffa221760b86f /src/lib/libssl/tls13_client.c | |
| parent | 33e8d2d1da86ec2fec46397361af862802b89333 (diff) | |
| download | openbsd-42995b3308983da3add7404dc736c3fcfaa2b90f.tar.gz openbsd-42995b3308983da3add7404dc736c3fcfaa2b90f.tar.bz2 openbsd-42995b3308983da3add7404dc736c3fcfaa2b90f.zip | |
Add minimal support for hello retry request for RFC conformance.
We currently don't support sending a modified clienthello
ok jsing@ tb@
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 65 |
1 files changed, 64 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 4ec29ea956..ed9a69918a 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.22 2020/01/21 12:08:04 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.23 2020/01/22 02:21:05 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -809,3 +809,66 @@ tls13_client_finished_sent(struct tls13_ctx *ctx) | |||
| 809 | return tls13_record_layer_set_write_traffic_key(ctx->rl, | 809 | return tls13_record_layer_set_write_traffic_key(ctx->rl, |
| 810 | &secrets->client_application_traffic); | 810 | &secrets->client_application_traffic); |
| 811 | } | 811 | } |
| 812 | |||
| 813 | |||
| 814 | static int | ||
| 815 | tls13_client_hello_retry_process(struct tls13_ctx *ctx, CBS *cbs) | ||
| 816 | { | ||
| 817 | CBS server_random, session_id; | ||
| 818 | uint16_t cipher_suite, legacy_version; | ||
| 819 | uint8_t compression_method; | ||
| 820 | int alert_desc; | ||
| 821 | SSL *s = ctx->ssl; | ||
| 822 | |||
| 823 | if (!CBS_get_u16(cbs, &legacy_version)) | ||
| 824 | goto err; | ||
| 825 | if (!CBS_get_bytes(cbs, &server_random, SSL3_RANDOM_SIZE)) | ||
| 826 | goto err; | ||
| 827 | if (!CBS_get_u8_length_prefixed(cbs, &session_id)) | ||
| 828 | goto err; | ||
| 829 | if (!CBS_get_u16(cbs, &cipher_suite)) | ||
| 830 | goto err; | ||
| 831 | if (!CBS_get_u8(cbs, &compression_method)) | ||
| 832 | goto err; | ||
| 833 | |||
| 834 | /* | ||
| 835 | * XXX currently this will change state and be hazardous later | ||
| 836 | * if we decide to support sending an updated client hello. | ||
| 837 | * however, since we will not today (and are going to return | ||
| 838 | * illegal parameter as per section 4.1.4) we just ensure | ||
| 839 | * that the extensions parse correctly. | ||
| 840 | */ | ||
| 841 | if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) { | ||
| 842 | ctx->alert = alert_desc; | ||
| 843 | goto err; | ||
| 844 | } | ||
| 845 | |||
| 846 | if (CBS_len(cbs) != 0) | ||
| 847 | goto err; | ||
| 848 | |||
| 849 | /* XXX for now, just say no, we will not change our hello */ | ||
| 850 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; | ||
| 851 | err: | ||
| 852 | if (ctx->alert == 0) | ||
| 853 | ctx->alert = TLS1_AD_DECODE_ERROR; | ||
| 854 | return 0; | ||
| 855 | } | ||
| 856 | |||
| 857 | int | ||
| 858 | tls13_client_hello_retry_recv(struct tls13_ctx *ctx) | ||
| 859 | { | ||
| 860 | int ret = 0; | ||
| 861 | CBS cbs; | ||
| 862 | |||
| 863 | if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) | ||
| 864 | goto err; | ||
| 865 | |||
| 866 | if (!tls13_client_hello_retry_process(ctx, &cbs)) { | ||
| 867 | if (ctx->alert == SSL_AD_ILLEGAL_PARAMETER) | ||
| 868 | tls13_set_errorx(ctx, TLS13_ERR_HRR_FAILED, 0, | ||
| 869 | "Unsatisfiable hello retry request", NULL); | ||
| 870 | goto err; | ||
| 871 | } | ||
| 872 | err: | ||
| 873 | return ret; | ||
| 874 | } | ||