Add support for certificate status requests in TLS 1.3 client

ok jsing@, tb@, inoguchi@
author: beck <> 2020-05-09 15:05:50 +0000
committer: beck <> 2020-05-09 15:05:50 +0000
commit: d8d05819bc6b554eb44da0193703d6c98b4261e0 (patch)
tree: fb8b2a349e65dbf5e714a450a02a712fb9017664 /src/lib/libssl/tls13_lib.c
parent: 34e6d9a25c5b927d958c8283776ec93b9c531ef5 (diff)
download: openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.tar.gz
openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.tar.bz2
openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.zip
1 files changed, 29 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 199f43ca16..37f300ae43 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.36 2020/04/28 20:30:41 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.37 2020/05/09 15:05:50 beck Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -163,6 +163,33 @@ tls13_legacy_handshake_message_sent_cb(void *arg)
 }
 static int
+tls13_legacy_ocsp_status_recv_cb(void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *s = ctx->ssl;
+        int ret;
+        if (s->ctx->internal->tlsext_status_cb == NULL ||
+            s->internal->tlsext_ocsp_resplen == 0)
+                return 1;
+        ret = s->ctx->internal->tlsext_status_cb(s,
+            s->ctx->internal->tlsext_status_arg);
+        if (ret < 0) {
+                ctx->alert = SSL_AD_INTERNAL_ERROR;
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        if (ret == 0) {
+                ctx->alert = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+                SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
+                return 0;
+        }
+        return 1;
+}
+static int
 tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx)
 {
        struct tls13_secrets *secrets = ctx->hs->secrets;
@@ -322,6 +349,7 @@ tls13_ctx_new(int mode)
        ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
        ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
+        ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
        return ctx;
author	beck <>	2020-05-09 15:05:50 +0000
committer	beck <>	2020-05-09 15:05:50 +0000
commit	d8d05819bc6b554eb44da0193703d6c98b4261e0 (patch)
tree	fb8b2a349e65dbf5e714a450a02a712fb9017664 /src/lib/libssl/tls13_lib.c
parent	34e6d9a25c5b927d958c8283776ec93b9c531ef5 (diff)
download	openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.tar.gz openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.tar.bz2 openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.zip

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 199f43ca16..37f300ae43 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_lib.c,v 1.36 2020/04/28 20:30:41 jsing Exp $ */	1	/* $OpenBSD: tls13_lib.c,v 1.37 2020/05/09 15:05:50 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -163,6 +163,33 @@ tls13_legacy_handshake_message_sent_cb(void *arg)
163	}	163	}
164		164
165	static int	165	static int
		166	tls13_legacy_ocsp_status_recv_cb(void *arg)
		167	{
		168	struct tls13_ctx *ctx = arg;
		169	SSL *s = ctx->ssl;
		170	int ret;
		171
		172	if (s->ctx->internal->tlsext_status_cb == NULL \|\|
		173	s->internal->tlsext_ocsp_resplen == 0)
		174	return 1;
		175
		176	ret = s->ctx->internal->tlsext_status_cb(s,
		177	s->ctx->internal->tlsext_status_arg);
		178	if (ret < 0) {
		179	ctx->alert = SSL_AD_INTERNAL_ERROR;
		180	SSLerror(s, ERR_R_MALLOC_FAILURE);
		181	return 0;
		182	}
		183	if (ret == 0) {
		184	ctx->alert = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
		185	SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
		186	return 0;
		187	}
		188
		189	return 1;
		190	}
		191
		192	static int
166	tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx)	193	tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx)
167	{	194	{
168	struct tls13_secrets *secrets = ctx->hs->secrets;	195	struct tls13_secrets *secrets = ctx->hs->secrets;
@@ -322,6 +349,7 @@ tls13_ctx_new(int mode)
322		349
323	ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;	350	ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
324	ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;	351	ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
		352	ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
325		353
326	return ctx;	354	return ctx;
327		355