diff options
| author | jsing <> | 2020-02-01 12:41:58 +0000 |
|---|---|---|
| committer | jsing <> | 2020-02-01 12:41:58 +0000 |
| commit | f53a9945774df5f6a9efc158887f3685c7255ab2 (patch) | |
| tree | 16d52ca063b093e00d288bcf23f6f9db88380330 /src/lib/libssl/tls13_key_share.c | |
| parent | 16cac1a43ec7f34bc4a6757634666d64fd41c20d (diff) | |
| download | openbsd-f53a9945774df5f6a9efc158887f3685c7255ab2.tar.gz openbsd-f53a9945774df5f6a9efc158887f3685c7255ab2.tar.bz2 openbsd-f53a9945774df5f6a9efc158887f3685c7255ab2.zip | |
Correctly unpack client key shares.
Even if we're not processing/using the peer public key from the key share,
we still need to unpack it in order to parse the TLS extension correctly.
Resolves issues with TLSv1.3 clients talking to TLSv1.2 server.
ok tb@
Diffstat (limited to 'src/lib/libssl/tls13_key_share.c')
| -rw-r--r-- | src/lib/libssl/tls13_key_share.c | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/src/lib/libssl/tls13_key_share.c b/src/lib/libssl/tls13_key_share.c index 9a83b9f9f7..3fe38ecc37 100644 --- a/src/lib/libssl/tls13_key_share.c +++ b/src/lib/libssl/tls13_key_share.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_key_share.c,v 1.1 2020/01/30 17:09:23 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_key_share.c,v 1.2 2020/02/01 12:41:58 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -161,22 +161,14 @@ int | |||
| 161 | tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group, | 161 | tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group, |
| 162 | CBS *cbs) | 162 | CBS *cbs) |
| 163 | { | 163 | { |
| 164 | CBS key_exchange; | ||
| 165 | |||
| 166 | if (ks->group_id != group) | 164 | if (ks->group_id != group) |
| 167 | return 0; | 165 | return 0; |
| 168 | 166 | ||
| 169 | if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) | ||
| 170 | return 0; | ||
| 171 | |||
| 172 | if (ks->nid == NID_X25519) { | 167 | if (ks->nid == NID_X25519) { |
| 173 | if (!tls13_key_share_peer_public_x25519(ks, &key_exchange)) | 168 | if (!tls13_key_share_peer_public_x25519(ks, cbs)) |
| 174 | return 0; | 169 | return 0; |
| 175 | } | 170 | } |
| 176 | 171 | ||
| 177 | if (CBS_len(cbs) != 0) | ||
| 178 | return 0; | ||
| 179 | |||
| 180 | return 1; | 172 | return 1; |
| 181 | } | 173 | } |
| 182 | 174 | ||