Add code to build and send a server hello for tls 1.3

ok jsing@
author: beck <> 2020-01-23 06:59:11 +0000
committer: beck <> 2020-01-23 06:59:11 +0000
commit: 0695f4268a1370f797c63f74b412ac9ec6b59664 (patch)
tree: ecd4d66521d2789680a4e0dc486f4e5a2dccb485 /src
parent: ce58a73e385a43fba173bf57a0f14ff0b9b1ecf7 (diff)
download: openbsd-0695f4268a1370f797c63f74b412ac9ec6b59664.tar.gz
openbsd-0695f4268a1370f797c63f74b412ac9ec6b59664.tar.bz2
openbsd-0695f4268a1370f797c63f74b412ac9ec6b59664.zip
1 files changed, 40 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 88935cf645..6171010772 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.8 2020/01/23 02:24:38 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.9 2020/01/23 06:59:11 beck Exp $ */
 /*
 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -44,6 +44,8 @@ tls13_server_init(struct tls13_ctx *ctx)
        if (!tls1_transcript_init(s))
                return 0;
+        arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
        return 1;
 }
@@ -287,12 +289,47 @@ tls13_client_key_update_recv(struct tls13_ctx *ctx, CBS *cbs)
        return 0;
 }
+static int
+tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb)
+{
+        CBB session_id;
+        SSL *s = ctx->ssl;
+        uint16_t cipher;
+        cipher = SSL_CIPHER_get_value(S3I(s)->hs.new_cipher);
+        if (!CBB_add_u16(cbb, TLS1_2_VERSION))
+                goto err;
+        if (!CBB_add_bytes(cbb, s->s3->server_random, SSL3_RANDOM_SIZE))
+                goto err;
+        if (!CBB_add_u8_length_prefixed(cbb, &session_id))
+                goto err;
+        if (!CBB_add_bytes(&session_id, ctx->hs->legacy_session_id,
+            ctx->hs->legacy_session_id_len))
+                goto err;
+        if (!CBB_add_u16(cbb, cipher))
+                goto err;
+        if (!CBB_add_u8(cbb, 0))
+                goto err;
+        if (!tlsext_server_build(s, cbb, SSL_TLSEXT_MSG_SH))
+                goto err;
+        if (!CBB_flush(cbb))
+                goto err;
+        return 1;
+err:
+        return 0;
+}
 int
 tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb)
 {
-        ctx->handshake_stage.hs_type |= NEGOTIATED;
+        if (!tls13_server_hello_build(ctx, cbb))
+                return 0;
-        return 0;
+        ctx->handshake_stage.hs_type |= NEGOTIATED;
+        return 1;
 }
 int
author	beck <>	2020-01-23 06:59:11 +0000
committer	beck <>	2020-01-23 06:59:11 +0000
commit	0695f4268a1370f797c63f74b412ac9ec6b59664 (patch)
tree	ecd4d66521d2789680a4e0dc486f4e5a2dccb485 /src
parent	ce58a73e385a43fba173bf57a0f14ff0b9b1ecf7 (diff)
download	openbsd-0695f4268a1370f797c63f74b412ac9ec6b59664.tar.gz openbsd-0695f4268a1370f797c63f74b412ac9ec6b59664.tar.bz2 openbsd-0695f4268a1370f797c63f74b412ac9ec6b59664.zip

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 88935cf645..6171010772 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.8 2020/01/23 02:24:38 jsing Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.9 2020/01/23 06:59:11 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -44,6 +44,8 @@ tls13_server_init(struct tls13_ctx *ctx)
44	if (!tls1_transcript_init(s))	44	if (!tls1_transcript_init(s))
45	return 0;	45	return 0;
46		46
		47	arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
		48
47	return 1;	49	return 1;
48	}	50	}
49		51
@@ -287,12 +289,47 @@ tls13_client_key_update_recv(struct tls13_ctx ctx, CBS cbs)
287	return 0;	289	return 0;
288	}	290	}
289		291
		292	static int
		293	tls13_server_hello_build(struct tls13_ctx ctx, CBB cbb)
		294	{
		295	CBB session_id;
		296	SSL *s = ctx->ssl;
		297	uint16_t cipher;
		298
		299	cipher = SSL_CIPHER_get_value(S3I(s)->hs.new_cipher);
		300
		301	if (!CBB_add_u16(cbb, TLS1_2_VERSION))
		302	goto err;
		303	if (!CBB_add_bytes(cbb, s->s3->server_random, SSL3_RANDOM_SIZE))
		304	goto err;
		305	if (!CBB_add_u8_length_prefixed(cbb, &session_id))
		306	goto err;
		307	if (!CBB_add_bytes(&session_id, ctx->hs->legacy_session_id,
		308	ctx->hs->legacy_session_id_len))
		309	goto err;
		310	if (!CBB_add_u16(cbb, cipher))
		311	goto err;
		312	if (!CBB_add_u8(cbb, 0))
		313	goto err;
		314	if (!tlsext_server_build(s, cbb, SSL_TLSEXT_MSG_SH))
		315	goto err;
		316
		317	if (!CBB_flush(cbb))
		318	goto err;
		319
		320	return 1;
		321	err:
		322	return 0;
		323	}
		324
290	int	325	int
291	tls13_server_hello_send(struct tls13_ctx ctx, CBB cbb)	326	tls13_server_hello_send(struct tls13_ctx ctx, CBB cbb)
292	{	327	{
293	ctx->handshake_stage.hs_type \|= NEGOTIATED;	328	if (!tls13_server_hello_build(ctx, cbb))
		329	return 0;
294		330
295	return 0;	331	ctx->handshake_stage.hs_type \|= NEGOTIATED;
		332	return 1;
296	}	333	}
297		334
298	int	335	int