diff options
| author | jsing <> | 2019-02-03 14:09:58 +0000 |
|---|---|---|
| committer | jsing <> | 2019-02-03 14:09:58 +0000 |
| commit | 2628a0db113efc11dcfaa55fc2038605270e991c (patch) | |
| tree | 8760243204de29f6aed0397d1a6fe1539af924cb /src/lib | |
| parent | 9007509db696d631ec557b9f8edca899c1f91c06 (diff) | |
| download | openbsd-2628a0db113efc11dcfaa55fc2038605270e991c.tar.gz openbsd-2628a0db113efc11dcfaa55fc2038605270e991c.tar.bz2 openbsd-2628a0db113efc11dcfaa55fc2038605270e991c.zip | |
Revert r1.38 as it introduces use of a stack value post function return.
The deduplication is also not quite right - this will be revisited in due
course.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 136 |
1 files changed, 86 insertions, 50 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index c74772f683..3502e5a721 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.40 2019/01/31 08:11:55 tb Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.41 2019/02/03 14:09:58 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -25,24 +25,6 @@ | |||
| 25 | #include "ssl_sigalgs.h" | 25 | #include "ssl_sigalgs.h" |
| 26 | #include "ssl_tlsext.h" | 26 | #include "ssl_tlsext.h" |
| 27 | 27 | ||
| 28 | |||
| 29 | static int | ||
| 30 | tlsext_u16_prefixed_builder(CBB *parent, uint8_t *bytes, size_t len) | ||
| 31 | { | ||
| 32 | CBB child; | ||
| 33 | |||
| 34 | if (!CBB_add_u16_length_prefixed(parent, &child)) | ||
| 35 | return 0; | ||
| 36 | |||
| 37 | if (!CBB_add_bytes(&child, bytes, len)) | ||
| 38 | return 0; | ||
| 39 | |||
| 40 | if (!CBB_flush(parent)) | ||
| 41 | return 0; | ||
| 42 | |||
| 43 | return 1; | ||
| 44 | } | ||
| 45 | |||
| 46 | /* | 28 | /* |
| 47 | * Supported Application-Layer Protocol Negotiation - RFC 7301 | 29 | * Supported Application-Layer Protocol Negotiation - RFC 7301 |
| 48 | */ | 30 | */ |
| @@ -58,10 +40,19 @@ tlsext_alpn_client_needs(SSL *s) | |||
| 58 | int | 40 | int |
| 59 | tlsext_alpn_client_build(SSL *s, CBB *cbb) | 41 | tlsext_alpn_client_build(SSL *s, CBB *cbb) |
| 60 | { | 42 | { |
| 43 | CBB protolist; | ||
| 44 | |||
| 45 | if (!CBB_add_u16_length_prefixed(cbb, &protolist)) | ||
| 46 | return 0; | ||
| 61 | 47 | ||
| 62 | return (tlsext_u16_prefixed_builder(cbb, | 48 | if (!CBB_add_bytes(&protolist, s->internal->alpn_client_proto_list, |
| 63 | s->internal->alpn_client_proto_list, | 49 | s->internal->alpn_client_proto_list_len)) |
| 64 | s->internal->alpn_client_proto_list_len)); | 50 | return 0; |
| 51 | |||
| 52 | if (!CBB_flush(cbb)) | ||
| 53 | return 0; | ||
| 54 | |||
| 55 | return 1; | ||
| 65 | } | 56 | } |
| 66 | 57 | ||
| 67 | int | 58 | int |
| @@ -1233,10 +1224,16 @@ tlsext_keyshare_client_needs(SSL *s) | |||
| 1233 | } | 1224 | } |
| 1234 | 1225 | ||
| 1235 | int | 1226 | int |
| 1236 | tlsext_keyshare_x25519_generate(SSL *s, CBB *keyshare) | 1227 | tlsext_keyshare_client_build(SSL *s, CBB *cbb) |
| 1237 | { | 1228 | { |
| 1238 | uint8_t *public_key = NULL, *private_key = NULL; | 1229 | uint8_t *public_key = NULL, *private_key = NULL; |
| 1239 | CBB key_exchange; | 1230 | CBB client_shares, key_exchange; |
| 1231 | |||
| 1232 | /* Generate and provide key shares. */ | ||
| 1233 | if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) | ||
| 1234 | return 0; | ||
| 1235 | |||
| 1236 | /* XXX - other groups. */ | ||
| 1240 | 1237 | ||
| 1241 | /* Generate X25519 key pair. */ | 1238 | /* Generate X25519 key pair. */ |
| 1242 | if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) | 1239 | if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) |
| @@ -1246,13 +1243,16 @@ tlsext_keyshare_x25519_generate(SSL *s, CBB *keyshare) | |||
| 1246 | X25519_keypair(public_key, private_key); | 1243 | X25519_keypair(public_key, private_key); |
| 1247 | 1244 | ||
| 1248 | /* Add the group and serialize the public key. */ | 1245 | /* Add the group and serialize the public key. */ |
| 1249 | if (!CBB_add_u16(keyshare, tls1_ec_nid2curve_id(NID_X25519))) | 1246 | if (!CBB_add_u16(&client_shares, tls1_ec_nid2curve_id(NID_X25519))) |
| 1250 | goto err; | 1247 | goto err; |
| 1251 | if (!CBB_add_u16_length_prefixed(keyshare, &key_exchange)) | 1248 | if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) |
| 1252 | goto err; | 1249 | goto err; |
| 1253 | if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) | 1250 | if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) |
| 1254 | goto err; | 1251 | goto err; |
| 1255 | 1252 | ||
| 1253 | if (!CBB_flush(cbb)) | ||
| 1254 | goto err; | ||
| 1255 | |||
| 1256 | S3I(s)->hs_tls13.x25519_public = public_key; | 1256 | S3I(s)->hs_tls13.x25519_public = public_key; |
| 1257 | S3I(s)->hs_tls13.x25519_private = private_key; | 1257 | S3I(s)->hs_tls13.x25519_private = private_key; |
| 1258 | 1258 | ||
| @@ -1266,22 +1266,6 @@ tlsext_keyshare_x25519_generate(SSL *s, CBB *keyshare) | |||
| 1266 | } | 1266 | } |
| 1267 | 1267 | ||
| 1268 | int | 1268 | int |
| 1269 | tlsext_keyshare_client_build(SSL *s, CBB *cbb) | ||
| 1270 | { | ||
| 1271 | CBB client_shares; | ||
| 1272 | |||
| 1273 | /* Generate and provide key shares. */ | ||
| 1274 | if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) | ||
| 1275 | return 0; | ||
| 1276 | |||
| 1277 | if (!tlsext_keyshare_x25519_generate(s, &client_shares) || | ||
| 1278 | !CBB_flush(cbb)) | ||
| 1279 | return 0; | ||
| 1280 | |||
| 1281 | return (1); | ||
| 1282 | } | ||
| 1283 | |||
| 1284 | int | ||
| 1285 | tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) | 1269 | tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) |
| 1286 | { | 1270 | { |
| 1287 | CBS client_shares; | 1271 | CBS client_shares; |
| @@ -1343,15 +1327,43 @@ tlsext_keyshare_server_needs(SSL *s) | |||
| 1343 | int | 1327 | int |
| 1344 | tlsext_keyshare_server_build(SSL *s, CBB *cbb) | 1328 | tlsext_keyshare_server_build(SSL *s, CBB *cbb) |
| 1345 | { | 1329 | { |
| 1330 | uint8_t *public_key = NULL, *private_key = NULL; | ||
| 1331 | CBB key_exchange; | ||
| 1332 | |||
| 1333 | /* XXX deduplicate with client code */ | ||
| 1334 | |||
| 1346 | /* X25519 */ | 1335 | /* X25519 */ |
| 1347 | if (S3I(s)->hs_tls13.x25519_peer_public == NULL) | 1336 | if (S3I(s)->hs_tls13.x25519_peer_public == NULL) |
| 1348 | return 0; | 1337 | return 0; |
| 1349 | 1338 | ||
| 1350 | if (!tlsext_keyshare_x25519_generate(s, cbb) || | 1339 | /* Generate X25519 key pair. */ |
| 1351 | !CBB_flush(cbb)) | 1340 | if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) |
| 1352 | return 0; | 1341 | goto err; |
| 1342 | if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) | ||
| 1343 | goto err; | ||
| 1344 | X25519_keypair(public_key, private_key); | ||
| 1345 | |||
| 1346 | /* Add the group and serialize the public key. */ | ||
| 1347 | if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519))) | ||
| 1348 | goto err; | ||
| 1349 | if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) | ||
| 1350 | goto err; | ||
| 1351 | if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) | ||
| 1352 | goto err; | ||
| 1353 | |||
| 1354 | if (!CBB_flush(cbb)) | ||
| 1355 | goto err; | ||
| 1356 | |||
| 1357 | S3I(s)->hs_tls13.x25519_public = public_key; | ||
| 1358 | S3I(s)->hs_tls13.x25519_private = private_key; | ||
| 1353 | 1359 | ||
| 1354 | return 1; | 1360 | return 1; |
| 1361 | |||
| 1362 | err: | ||
| 1363 | freezero(public_key, X25519_KEY_LENGTH); | ||
| 1364 | freezero(private_key, X25519_KEY_LENGTH); | ||
| 1365 | |||
| 1366 | return 0; | ||
| 1355 | } | 1367 | } |
| 1356 | 1368 | ||
| 1357 | int | 1369 | int |
| @@ -1528,8 +1540,19 @@ tlsext_cookie_client_needs(SSL *s) | |||
| 1528 | int | 1540 | int |
| 1529 | tlsext_cookie_client_build(SSL *s, CBB *cbb) | 1541 | tlsext_cookie_client_build(SSL *s, CBB *cbb) |
| 1530 | { | 1542 | { |
| 1531 | return (tlsext_u16_prefixed_builder(cbb, | 1543 | CBB cookie; |
| 1532 | S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len)); | 1544 | |
| 1545 | if (!CBB_add_u16_length_prefixed(cbb, &cookie)) | ||
| 1546 | return 0; | ||
| 1547 | |||
| 1548 | if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie, | ||
| 1549 | S3I(s)->hs_tls13.cookie_len)) | ||
| 1550 | return 0; | ||
| 1551 | |||
| 1552 | if (!CBB_flush(cbb)) | ||
| 1553 | return 0; | ||
| 1554 | |||
| 1555 | return 1; | ||
| 1533 | } | 1556 | } |
| 1534 | 1557 | ||
| 1535 | int | 1558 | int |
| @@ -1581,8 +1604,21 @@ tlsext_cookie_server_needs(SSL *s) | |||
| 1581 | int | 1604 | int |
| 1582 | tlsext_cookie_server_build(SSL *s, CBB *cbb) | 1605 | tlsext_cookie_server_build(SSL *s, CBB *cbb) |
| 1583 | { | 1606 | { |
| 1584 | return (tlsext_u16_prefixed_builder(cbb, | 1607 | CBB cookie; |
| 1585 | S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len)); | 1608 | |
| 1609 | /* XXX deduplicate with client code */ | ||
| 1610 | |||
| 1611 | if (!CBB_add_u16_length_prefixed(cbb, &cookie)) | ||
| 1612 | return 0; | ||
| 1613 | |||
| 1614 | if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie, | ||
| 1615 | S3I(s)->hs_tls13.cookie_len)) | ||
| 1616 | return 0; | ||
| 1617 | |||
| 1618 | if (!CBB_flush(cbb)) | ||
| 1619 | return 0; | ||
| 1620 | |||
| 1621 | return 1; | ||
| 1586 | } | 1622 | } |
| 1587 | 1623 | ||
| 1588 | int | 1624 | int |
| @@ -1840,7 +1876,7 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server) | |||
| 1840 | if (is_server) | 1876 | if (is_server) |
| 1841 | return &tlsext->server; | 1877 | return &tlsext->server; |
| 1842 | 1878 | ||
| 1843 | return &tlsext->client; | 1879 | return &tlsext->client; |
| 1844 | } | 1880 | } |
| 1845 | 1881 | ||
| 1846 | static int | 1882 | static int |