diff options
| author | jsing <> | 2020-04-21 17:06:16 +0000 |
|---|---|---|
| committer | jsing <> | 2020-04-21 17:06:16 +0000 |
| commit | c430432c2ef1ea560124b642f581c3e1ddb24f69 (patch) | |
| tree | a6e80309b40425e0e84fb4d06928951cccb718ed /src/lib/libssl/tls13_server.c | |
| parent | 1844f7460b773d8974e63d5f022ffd6843c22fda (diff) | |
| download | openbsd-c430432c2ef1ea560124b642f581c3e1ddb24f69.tar.gz openbsd-c430432c2ef1ea560124b642f581c3e1ddb24f69.tar.bz2 openbsd-c430432c2ef1ea560124b642f581c3e1ddb24f69.zip | |
Handle TLSv1.3 key shares other than X25519 on the server side.
Previously we would only select an X25519 key share from the client,
ignoring any others. Change this so that we will select the first of the
key shares that matches one of our supported groups.
ok beck@ inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/tls13_server.c')
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 1aebf5840c..f3d21a7477 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.29 2020/04/17 17:16:53 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.30 2020/04/21 17:06:16 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| @@ -49,11 +49,6 @@ tls13_server_init(struct tls13_ctx *ctx) | |||
| 49 | if ((s->session = SSL_SESSION_new()) == NULL) | 49 | if ((s->session = SSL_SESSION_new()) == NULL) |
| 50 | return 0; | 50 | return 0; |
| 51 | 51 | ||
| 52 | if ((ctx->hs->key_share = tls13_key_share_new_nid(NID_X25519)) == NULL) | ||
| 53 | return 0; | ||
| 54 | if (!tls13_key_share_generate(ctx->hs->key_share)) | ||
| 55 | return 0; | ||
| 56 | |||
| 57 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | 52 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); |
| 58 | 53 | ||
| 59 | return 1; | 54 | return 1; |
| @@ -284,6 +279,14 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 284 | if (s->method->internal->version < TLS1_3_VERSION) | 279 | if (s->method->internal->version < TLS1_3_VERSION) |
| 285 | return 1; | 280 | return 1; |
| 286 | 281 | ||
| 282 | /* | ||
| 283 | * If no matching key share was provided, we need to send a | ||
| 284 | * HelloRetryRequest, if matching security parameters exist. | ||
| 285 | */ | ||
| 286 | if (ctx->hs->key_share == NULL) | ||
| 287 | ctx->handshake_stage.hs_type |= WITH_HRR; | ||
| 288 | |||
| 289 | /* XXX - check this is the correct point */ | ||
| 287 | tls13_record_layer_allow_ccs(ctx->rl, 1); | 290 | tls13_record_layer_allow_ccs(ctx->rl, 1); |
| 288 | 291 | ||
| 289 | return 1; | 292 | return 1; |
| @@ -524,6 +527,12 @@ err: | |||
| 524 | int | 527 | int |
| 525 | tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) | 528 | tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) |
| 526 | { | 529 | { |
| 530 | if (ctx->hs->key_share == NULL) | ||
| 531 | return 0; | ||
| 532 | |||
| 533 | if (!tls13_key_share_generate(ctx->hs->key_share)) | ||
| 534 | return 0; | ||
| 535 | |||
| 527 | if (!tls13_server_hello_build(ctx, cbb)) | 536 | if (!tls13_server_hello_build(ctx, cbb)) |
| 528 | return 0; | 537 | return 0; |
| 529 | 538 | ||
| @@ -542,11 +551,6 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) | |||
| 542 | SSL *s = ctx->ssl; | 551 | SSL *s = ctx->ssl; |
| 543 | int ret = 0; | 552 | int ret = 0; |
| 544 | 553 | ||
| 545 | /* XXX - handle other key share types. */ | ||
| 546 | if (ctx->hs->key_share == NULL) { | ||
| 547 | /* XXX - alert. */ | ||
| 548 | goto err; | ||
| 549 | } | ||
| 550 | if (!tls13_key_share_derive(ctx->hs->key_share, | 554 | if (!tls13_key_share_derive(ctx->hs->key_share, |
| 551 | &shared_key, &shared_key_len)) | 555 | &shared_key, &shared_key_len)) |
| 552 | goto err; | 556 | goto err; |