revert previous, accidentally contained another diff in addition

to the one I intended to commit
author: beck <> 2019-01-23 18:24:40 +0000
committer: beck <> 2019-01-23 18:24:40 +0000
commit: 03a77eef903481d4308502d32fca33a961c4bb3a (patch)
tree: c7932fb2fd1ea2ff0c3a210ddd7adf1eb94d4186 /src
parent: 811354ae1302b7cd68c86866b02f4ab4cf11322b (diff)
download: openbsd-03a77eef903481d4308502d32fca33a961c4bb3a.tar.gz
openbsd-03a77eef903481d4308502d32fca33a961c4bb3a.tar.bz2
openbsd-03a77eef903481d4308502d32fca33a961c4bb3a.zip
10 files changed, 61 insertions, 408 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 53aab7c1e5..496bf7394c 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.179 2019/01/23 16:46:04 beck Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.180 2019/01/23 18:24:40 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1569,7 +1569,6 @@ ssl3_free(SSL *s)
        freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH);
        freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH);
        freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH);
-        freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len);
        sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
@@ -1606,11 +1605,6 @@ ssl3_clear(SSL *s)
        freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH);
        freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH);
        freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH);
-        freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len);
-        S3I(s)->hs_tls13.cookie = NULL;
-        S3I(s)->hs_tls13.cookie_len = 0;
-        S3I(s)->hs.extensions_seen = 0;
        rp = S3I(s)->rbuf.buf;
        wp = S3I(s)->wbuf.buf;
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index ee26a200b1..26755d7c03 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.53 2019/01/23 16:46:04 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.54 2019/01/23 18:24:40 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1680,8 +1680,7 @@ ssl3_get_certificate_request(SSL *s)
                        SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
                        goto err;
                }
-                if (!tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs,
+                if (!tls1_process_sigalgs(s, &sigalgs)) {
-                    tls12_sigalgs_len)) {
                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
                        SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
                        goto err;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index e4b1341db5..7fd155648c 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.229 2019/01/23 16:46:04 beck Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.230 2019/01/23 18:24:40 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -429,9 +429,6 @@ typedef struct ssl_handshake_st {
        /* key_block is the record-layer key block for TLS 1.2 and earlier. */
        int key_block_len;
        unsigned char *key_block;
-        /* Extensions seen in this handshake. */
-        uint32_t extensions_seen;
 } SSL_HANDSHAKE;
 typedef struct ssl_handshake_tls13_st {
@@ -448,9 +445,6 @@ typedef struct ssl_handshake_tls13_st {
        uint8_t *x25519_peer_public;
        struct tls13_secrets *secrets;
-        uint8_t *cookie;
-        size_t cookie_len;
 } SSL_HANDSHAKE_TLS13;
 typedef struct ssl_ctx_internal_st {
@@ -1319,7 +1313,7 @@ int tls1_process_ticket(SSL *s, const unsigned char *session_id,
    int session_id_len, CBS *ext_block, SSL_SESSION **ret);
 long ssl_get_algorithm2(SSL *s);
-int tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *, size_t);
+int tls1_process_sigalgs(SSL *s, CBS *cbs);
 int tls1_check_ec_server_key(SSL *s);
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 23f65f5070..182ea1edaa 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,6 +1,6 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.12 2019/01/23 16:46:04 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.13 2019/01/23 18:24:40 beck Exp $ */
 /*
- * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@@ -163,30 +163,13 @@ const struct ssl_sigalg sigalgs[] = {
        },
 };
-/* Sigalgs for tls 1.3, in preference order, */
-uint16_t tls13_sigalgs[] = {
-        SIGALG_RSA_PSS_RSAE_SHA512,
-        SIGALG_RSA_PKCS1_SHA512,
-        SIGALG_ECDSA_SECP512R1_SHA512,
-        SIGALG_RSA_PSS_RSAE_SHA384,
-        SIGALG_RSA_PKCS1_SHA384,
-        SIGALG_ECDSA_SECP384R1_SHA384,
-        SIGALG_RSA_PSS_RSAE_SHA256,
-        SIGALG_RSA_PKCS1_SHA256,
-        SIGALG_ECDSA_SECP256R1_SHA256,
-};
-size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0]));
 /* Sigalgs for tls 1.2, in preference order, */
 uint16_t tls12_sigalgs[] = {
-        SIGALG_RSA_PSS_RSAE_SHA512,
        SIGALG_RSA_PKCS1_SHA512,
        SIGALG_ECDSA_SECP512R1_SHA512,
        SIGALG_GOSTR12_512_STREEBOG_512,
-        SIGALG_RSA_PSS_RSAE_SHA384,
        SIGALG_RSA_PKCS1_SHA384,
        SIGALG_ECDSA_SECP384R1_SHA384,
-        SIGALG_RSA_PSS_RSAE_SHA256,
        SIGALG_RSA_PKCS1_SHA256,
        SIGALG_ECDSA_SECP256R1_SHA256,
        SIGALG_GOSTR12_256_STREEBOG_256,
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
index 8ea4df9e31..a45700389b 100644
--- a/src/lib/libssl/ssl_sigalgs.h
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.9 2019/01/23 16:46:04 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.10 2019/01/23 18:24:40 beck Exp $ */
 /*
 * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
 *
@@ -71,8 +71,6 @@ struct ssl_sigalg{
 extern uint16_t tls12_sigalgs[];
 extern size_t tls12_sigalgs_len;
-extern uint16_t tls13_sigalgs[];
-extern size_t tls13_sigalgs_len;
 const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
 const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len);
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 06105f976d..d5c30c4e73 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.32 2019/01/23 16:46:04 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.33 2019/01/23 18:24:40 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -536,26 +536,9 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb)
        if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
                return 0;
-        switch (TLS1_get_client_version(s)) {
+        if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len))
-        case TLS1_2_VERSION:
-                if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len))
-                        return 0;
-                break;
-        case TLS1_3_VERSION: 
-                if  (S3I(s)->hs_tls13.min_version < TLS1_3_VERSION) {
-                        if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs,
-                            tls12_sigalgs_len))
-                                return 0;
-                } else {
-                        if (!ssl_sigalgs_build(&sigalgs, tls13_sigalgs,
-                            tls13_sigalgs_len))
-                                return 0;               }
-                break;
-        default:
-                /* Should not happen */
                return 0;
-        }
        if (!CBB_flush(cbb))
                return 0;
@@ -570,17 +553,7 @@ tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert)
        if (!CBS_get_u16_length_prefixed(cbs, &sigalgs))
                return 0;
-        switch (s->version) {
+        return tls1_process_sigalgs(s, &sigalgs);
-        case TLS1_3_VERSION:
-                return tls1_process_sigalgs(s, &sigalgs, tls13_sigalgs,
-                    tls13_sigalgs_len);
-        case TLS1_2_VERSION:
-                return tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs,
-                    tls12_sigalgs_len);
-        default:
-                /* Fail if we get a version > what we recognize */
-                return 0;
-        }
 }
 int
@@ -1270,7 +1243,7 @@ tlsext_keyshare_client_build(SSL *s, CBB *cbb)
        return 1;
- err:
+err:
        freezero(public_key, X25519_KEY_LENGTH);
        freezero(private_key, X25519_KEY_LENGTH);
@@ -1280,100 +1253,24 @@ tlsext_keyshare_client_build(SSL *s, CBB *cbb)
 int
 tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert)
 {
-        CBS client_shares;
+        /* XXX we accept this but currently ignore it */
-        CBS key_exchange;
+        if (!CBS_skip(cbs, CBS_len(cbs))) {
-        uint16_t group;
+                *alert = TLS1_AD_INTERNAL_ERROR;
-        size_t out_len;
+                return 0;
-        int ret = 0;
-        if (!CBS_get_u16_length_prefixed(cbs, &client_shares))
-                goto err;
-        if (CBS_len(cbs) != 0)
-                goto err;
-        while (CBS_len(&client_shares) > 0) {
-                /* Unpack client share. */
-                if (!CBS_get_u16(&client_shares, &group))
-                        goto err;
-                if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange))
-                        goto err;
-                /*
-                 * Skip this client share if not X25519
-                 * XXX support other groups later.
-                 */
-                if (ret || group != tls1_ec_nid2curve_id(NID_X25519))
-                        continue;
-                if (CBS_len(&key_exchange) != X25519_KEY_LENGTH)
-                        goto err;
-                if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public,
-                    &out_len))
-                        goto err;
-                ret = 1;
        }
-        return ret;
+        return 1;
- err:
-        *alert = SSL_AD_DECODE_ERROR;
-        return 0;
 }
 int
 tlsext_keyshare_server_needs(SSL *s)
 {
-        size_t idx;
+        return (!SSL_IS_DTLS(s) && s->version >= TLS1_3_VERSION);
-        if (SSL_IS_DTLS(s) || s->version < TLS1_3_VERSION)
-                return 0;
-        if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL)
-                return 0;
-        return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
 }
 int
 tlsext_keyshare_server_build(SSL *s, CBB *cbb)
 {
-        uint8_t *public_key = NULL, *private_key = NULL;
-        CBB key_exchange;
-        /* X25519 */
-        if (S3I(s)->hs_tls13.x25519_peer_public == NULL)
-                return 0;
-        /* Generate X25519 key pair. */
-        if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        X25519_keypair(public_key, private_key);
-        /* Add the group and serialize the public key. */
-        if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519)))
-                goto err;
-        if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
-                goto err;
-        if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH))
-                goto err;
-        if (!CBB_flush(cbb))
-                goto err;
-        S3I(s)->hs_tls13.x25519_public = public_key;
-        S3I(s)->hs_tls13.x25519_private = private_key;
-        return 1;
- err:
-        freezero(public_key, X25519_KEY_LENGTH);
-        freezero(private_key, X25519_KEY_LENGTH);
        return 0;
 }
@@ -1394,10 +1291,6 @@ tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert)
        if (!CBS_get_u16_length_prefixed(cbs, &key_exchange))
                goto err;
-        if (CBS_len(cbs) != 0)
-                goto err;
        if (CBS_len(&key_exchange) != X25519_KEY_LENGTH)
                goto err;
        if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public,
@@ -1420,9 +1313,8 @@ tlsext_versions_client_needs(SSL *s)
        /* XXX once this gets initialized when we get tls13_client.c */
        if (S3I(s)->hs_tls13.max_version == 0)
                return 0;
-        if (SSL_IS_DTLS(s))
+        return (!SSL_IS_DTLS(s) && S3I(s)->hs_tls13.max_version >=
-                return 0;
+            TLS1_3_VERSION);
-        return (S3I(s)->hs_tls13.max_version >= TLS1_3_VERSION);
 }
 int
@@ -1456,41 +1348,13 @@ tlsext_versions_client_build(SSL *s, CBB *cbb)
 int
 tlsext_versions_server_parse(SSL *s, CBS *cbs, int *alert)
 {
-        CBS versions;
+        /* XXX we accept this but currently ignore it */
-        uint16_t version;
+        if (!CBS_skip(cbs, CBS_len(cbs))) {
-        uint16_t max, min;
+                *alert = TLS1_AD_INTERNAL_ERROR;
-        uint16_t matched_version = 0;
+                return 0;
-        max = S3I(s)->hs_tls13.max_version;
-        min = S3I(s)->hs_tls13.min_version;
-        if (!CBS_get_u8_length_prefixed(cbs, &versions))
-                goto err;
-        if (CBS_len(cbs) != 0)
-                goto err;
-        if (CBS_len(&versions) < 2)
-                goto err;
-        while(CBS_len(&versions) > 0) {
-                if (!CBS_get_u16(&versions, &version))
-                        goto err;
-                /*
-                 * XXX What is below implements client preference, and
-                 * ignores any server preference entirely.
-                 */
-                if (matched_version == 0 && version >= min && version <= max)
-                        matched_version = version;
        }
-        if (matched_version != 0)
-                s->version = matched_version;
        return 1;
- err:
-        *alert = SSL_AD_DECODE_ERROR;
-        return 0;
 }
 int
@@ -1502,11 +1366,7 @@ tlsext_versions_server_needs(SSL *s)
 int
 tlsext_versions_server_build(SSL *s, CBB *cbb)
 {
-        if (!CBB_add_u16(cbb, TLS1_3_VERSION))
+        return 0;
-                return 0;
-        /* XXX set 1.2 in legacy version?  */
-        return 1;
 }
 int
@@ -1519,161 +1379,12 @@ tlsext_versions_client_parse(SSL *s, CBS *cbs, int *alert)
                return 0;
        }
-        if (CBS_len(cbs) != 0) {
-                *alert = SSL_AD_DECODE_ERROR;
-                return 0;
-        }
-        if (selected_version < TLS1_3_VERSION) {
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-        }
        /* XXX test between min and max once initialization code goes in */
        S3I(s)->hs_tls13.server_version = selected_version;
        return 1;
 }
-/*
- * Cookie - RFC 8446 section 4.2.2.
- */
-int
-tlsext_cookie_client_needs(SSL *s)
-{
-        /* XXX once this gets initialized when we get tls13_client.c */
-        if (S3I(s)->hs_tls13.max_version == 0)
-                return 0;
-        if (SSL_IS_DTLS(s))
-                return 0;
-        if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION)
-                return 0;
-        return ((S3I(s)->hs_tls13.cookie_len > 0) &&
-            (S3I(s)->hs_tls13.cookie != NULL));
-}
-int
-tlsext_cookie_client_build(SSL *s, CBB *cbb)
-{
-        CBB cookie;
-        if (!CBB_add_u16_length_prefixed(cbb, &cookie))
-                return 0;
-        if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie,
-            S3I(s)->hs_tls13.cookie_len))
-                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
-        return 1;
-}
-int
-tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert)
-{
-        CBS cookie;
-        if (!CBS_get_u16_length_prefixed(cbs, &cookie))
-                goto err;
-        if (CBS_len(cbs) != 0)
-                goto err;
-        if (CBS_len(&cookie) != S3I(s)->hs_tls13.cookie_len)
-                goto err;
-        /*
-         * Check provided cookie value against what server previously
-         * sent - client *MUST* send the same cookie with new CR after
-         * a cookie is sent by the server with an HRR
-         */
-        if (memcmp(CBS_data(&cookie), S3I(s)->hs_tls13.cookie,
-            S3I(s)->hs_tls13.cookie_len) != 0) {
-                /* XXX special cookie mismatch alert? */
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-        }
-        return 1;
- err:
-        *alert = SSL_AD_DECODE_ERROR;
-        return 0;
-}
-int
-tlsext_cookie_server_needs(SSL *s)
-{
-        /* XXX once this gets initialized when we get tls13_client.c */
-        if (S3I(s)->hs_tls13.max_version == 0)
-                return 0;
-        if (SSL_IS_DTLS(s))
-                return 0;
-        if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION)
-                return 0;
-        /*
-         * Server needs to set cookie value in tls13 handshake
-         * in order to send one, should only be sent with HRR.
-         */
-        return ((S3I(s)->hs_tls13.cookie_len > 0) &&
-            (S3I(s)->hs_tls13.cookie != NULL));
-}
-int
-tlsext_cookie_server_build(SSL *s, CBB *cbb)
-{
-        CBB cookie;
-        if (!CBB_add_u16_length_prefixed(cbb, &cookie))
-                return 0;
-        if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie,
-            S3I(s)->hs_tls13.cookie_len))
-                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
-        return 1;
-}
-int
-tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert)
-{
-        CBS cookie;
-        /*
-         * XXX This currently assumes we will not get a second
-         * HRR from a server with a cookie to process after accepting
-         * one from the server in the same handshake
-         */
-        if ((S3I(s)->hs_tls13.cookie != NULL) ||
-            S3I(s)->hs_tls13.cookie_len != 0) {
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-        }
-        if (!CBS_get_u16_length_prefixed(cbs, &cookie))
-                goto err;
-        if (CBS_len(cbs) != 0)
-                goto err;
-        if ((S3I(s)->hs_tls13.cookie = malloc(CBS_len(&cookie))) == NULL)
-                goto err;
-        memcpy(S3I(s)->hs_tls13.cookie, CBS_data(&cookie), CBS_len(&cookie));
-        S3I(s)->hs_tls13.cookie_len = CBS_len(&cookie);
-        return 1;
- err:
-        *alert = SSL_AD_DECODE_ERROR;
-        return 0;
-}
 struct tls_extension_funcs {
        int (*needs)(SSL *s);
        int (*build)(SSL *s, CBB *cbb);
@@ -1831,20 +1542,6 @@ static struct tls_extension tls_extensions[] = {
                        .parse = tlsext_alpn_client_parse,
                },
        },
-        {
-                .type = TLSEXT_TYPE_cookie,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_HRR,
-                .client = {
-                        .needs = tlsext_cookie_client_needs,
-                        .build = tlsext_cookie_client_build,
-                        .parse = tlsext_cookie_server_parse,
-                },
-                .server = {
-                        .needs = tlsext_cookie_server_needs,
-                        .build = tlsext_cookie_server_build,
-                        .parse = tlsext_cookie_client_parse,
-                },
-        },
 #ifndef OPENSSL_NO_SRTP
        {
                .type = TLSEXT_TYPE_use_srtp,
@@ -1868,7 +1565,7 @@ static struct tls_extension tls_extensions[] = {
 /* Ensure that extensions fit in a uint32_t bitmask. */
 CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8));
-struct tls_extension *
+static struct tls_extension *
 tls_extension_find(uint16_t type, size_t *tls_extensions_idx)
 {
        size_t i;
@@ -1948,12 +1645,11 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
        struct tls_extension_funcs *ext;
        struct tls_extension *tlsext;
        CBS extensions, extension_data;
+        uint32_t extensions_seen = 0;
        uint16_t type;
        size_t idx;
        uint16_t version;
-        S3I(s)->hs.extensions_seen = 0;
        if (is_server)
                version = s->version;
        else
@@ -1992,9 +1688,9 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
                }
                /* Check for duplicate known extensions. */
-                if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0)
+                if ((extensions_seen & (1 << idx)) != 0)
                        return 0;
-                S3I(s)->hs.extensions_seen |= (1 << idx);
+                extensions_seen |= (1 << idx);
                ext = tlsext_funcs(tlsext, is_server);
                if (!ext->parse(s, &extension_data, alert))
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index 8472a8058b..e82be579d0 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.18 2019/01/23 16:46:04 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.19 2019/01/23 18:24:40 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -101,13 +101,6 @@ int tlsext_keyshare_server_needs(SSL *s);
 int tlsext_keyshare_server_build(SSL *s, CBB *cbb);
 int tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_cookie_client_needs(SSL *s);
-int tlsext_cookie_client_build(SSL *s, CBB *cbb);
-int tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_cookie_server_needs(SSL *s);
-int tlsext_cookie_server_build(SSL *s, CBB *cbb);
-int tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert);
 #ifndef OPENSSL_NO_SRTP
 int tlsext_srtp_client_needs(SSL *s);
 int tlsext_srtp_client_build(SSL *s, CBB *cbb);
@@ -123,7 +116,6 @@ int tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type);
 int tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type);
 int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type);
-struct tls_extension *tls_extension_find(uint16_t, size_t *);
 __END_HIDDEN_DECLS
 #endif
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 567b3e48e0..cde022939d 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.151 2019/01/23 16:46:04 beck Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.152 2019/01/23 18:24:40 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1002,12 +1002,11 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 /* Set preferred digest for each key type */
 int
-tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *sigalgs, size_t sigalgs_len)
+tls1_process_sigalgs(SSL *s, CBS *cbs)
 {
        CERT *c = s->cert;
        /* Extension ignored for inappropriate versions */
-        /* XXX get rid of this? */
        if (!SSL_USE_SIGALGS(s))
                return 1;
@@ -1024,8 +1023,9 @@ tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *sigalgs, size_t sigalgs_len)
                if (!CBS_get_u16(cbs, &sig_alg))
                        return 0;
-                if ((sigalg = ssl_sigalg(sig_alg, sigalgs, sigalgs_len)) !=
+                if ((sigalg = ssl_sigalg(sig_alg, tls12_sigalgs,
-                    NULL && c->pkeys[sigalg->pkey_idx].sigalg == NULL) {
+                    tls12_sigalgs_len)) != NULL &&
+                    c->pkeys[sigalg->pkey_idx].sigalg == NULL) {
                        c->pkeys[sigalg->pkey_idx].sigalg = sigalg;
                        if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN)
                                c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg;
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
index 25a8790e61..cb45dc583c 100644
--- a/src/regress/lib/libssl/client/clienttest.c
+++ b/src/regress/lib/libssl/client/clienttest.c
@@ -141,15 +141,15 @@ static unsigned char cipher_list_tls12_chacha[] = {
 };
 static unsigned char client_hello_tls12[] = {
-        0x16, 0x03, 0x01, 0x00, 0xc5, 0x01, 0x00, 0x00,
+        0x16, 0x03, 0x01, 0x00, 0xbf, 0x01, 0x00, 0x00,
-        0xc1, 0x03, 0x03, 0xc9, 0xf9, 0x1f, 0x05, 0xaf,
+        0xbb, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x61, 0xd7, 0xe7, 0x84, 0xd1, 0x1c, 0x6f, 0x79,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x32, 0x04, 0x8e, 0x5c, 0xe3, 0x18, 0x5a, 0x85,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0xee, 0x44, 0xe1, 0xca, 0x32, 0xce, 0x07, 0xd3,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0xdb, 0x0f, 0x91, 0x00, 0x00, 0x5c, 0xc0, 0x30,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0xcc, 0xa9,
-        0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
+        0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c,
-        0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
+        0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,
-        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
+        0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85,
        0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
        0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
        0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
@@ -158,15 +158,14 @@ static unsigned char client_hello_tls12[] = {
        0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
        0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04,
        0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
-        0x00, 0xff, 0x01, 0x00, 0x00, 0x3c, 0x00, 0x0b,
+        0x00, 0xff, 0x01, 0x00, 0x00, 0x36, 0x00, 0x0b,
        0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08,
        0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
-        0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x22,
+        0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x1c,
-        0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
+        0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef,
-        0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03,
+        0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03,
-        0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee,
+        0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03,
-        0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01,
+        0x02, 0x01, 0x02, 0x03,
-        0x02, 0x03,
 };
 struct client_hello_test {
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 3387b86f3f..5689a1c29e 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.23 2019/01/23 16:46:04 beck Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.24 2019/01/23 18:24:40 beck Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1505,11 +1505,10 @@ test_tlsext_ri_server(void)
 */
 static unsigned char tlsext_sigalgs_client[] = {
-        0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
+        0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef,
-        0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03,
+        0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03,
-        0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee,
+        0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03,
-        0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01,
+        0x02, 0x01, 0x02, 0x03,
-        0x02, 0x03,
 };
 static int
@@ -2733,14 +2732,13 @@ test_tlsext_srtp_server(void)
 #endif /* OPENSSL_NO_SRTP */
 unsigned char tlsext_clienthello_default[] = {
-        0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
+        0x00, 0x36, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
        0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d,
        0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
-        0x00, 0x0d, 0x00, 0x22, 0x00, 0x20, 0x08, 0x06,
+        0x00, 0x0d, 0x00, 0x1c, 0x00, 0x1a, 0x06, 0x01,
-        0x06, 0x01, 0x06, 0x03, 0xef, 0xef, 0x08, 0x05,
+        0x06, 0x03, 0xef, 0xef, 0x05, 0x01, 0x05, 0x03,
-        0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01,
+        0x04, 0x01, 0x04, 0x03, 0xee, 0xee, 0xed, 0xed,
-        0x04, 0x03, 0xee, 0xee, 0xed, 0xed, 0x03, 0x01,
+        0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03,
-        0x03, 0x03, 0x02, 0x01, 0x02, 0x03,
 };
 unsigned char tlsext_clienthello_disabled[] = {};
author	beck <>	2019-01-23 18:24:40 +0000
committer	beck <>	2019-01-23 18:24:40 +0000
commit	03a77eef903481d4308502d32fca33a961c4bb3a (patch)
tree	c7932fb2fd1ea2ff0c3a210ddd7adf1eb94d4186 /src
parent	811354ae1302b7cd68c86866b02f4ab4cf11322b (diff)
download	openbsd-03a77eef903481d4308502d32fca33a961c4bb3a.tar.gz openbsd-03a77eef903481d4308502d32fca33a961c4bb3a.tar.bz2 openbsd-03a77eef903481d4308502d32fca33a961c4bb3a.zip