Remove the hello retry request processing code that was previously added.

This got added to the wrong functions (server side, not client) - swap the now unimplemented send/recv functions between client and server. ok tb@
author: jsing <> 2020-02-05 17:01:43 +0000
committer: jsing <> 2020-02-05 17:01:43 +0000
commit: 30522d799b56c01cbca3fedc09dfe8c5f5692a43 (patch)
tree: 4f7169e40092c950d0d4ff50d2211874dbf67734 /src
parent: df4de2faa5919a5456f33026b035b781d8c926eb (diff)
download: openbsd-30522d799b56c01cbca3fedc09dfe8c5f5692a43.tar.gz
openbsd-30522d799b56c01cbca3fedc09dfe8c5f5692a43.tar.bz2
openbsd-30522d799b56c01cbca3fedc09dfe8c5f5692a43.zip
2 files changed, 16 insertions, 65 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 78f46bd859..62ed600de3 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.40 2020/02/04 18:00:30 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.41 2020/02/05 17:01:43 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -471,6 +471,18 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 int
+tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
+{
+        return 0;
+}
+int
+tls13_server_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs)
+{
+        return 0;
+}
+int
 tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs)
 {
        int alert_desc;
@@ -485,6 +497,7 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs)
 err:
        if (ctx->alert == 0)
                ctx->alert = TLS1_AD_DECODE_ERROR;
        return 0;
 }
@@ -843,62 +856,6 @@ tls13_client_finished_sent(struct tls13_ctx *ctx)
            &secrets->client_application_traffic);
 }
-static int
-tls13_client_hello_retry_process(struct tls13_ctx *ctx, CBS *cbs)
-{
-        CBS server_random, session_id;
-        uint16_t cipher_suite, legacy_version;
-        uint8_t compression_method;
-        int alert_desc;
-        SSL *s = ctx->ssl;
-        if (!CBS_get_u16(cbs, &legacy_version))
-                goto err;
-        if (!CBS_get_bytes(cbs, &server_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!CBS_get_u8_length_prefixed(cbs, &session_id))
-                goto err;
-        if (!CBS_get_u16(cbs, &cipher_suite))
-                goto err;
-        if (!CBS_get_u8(cbs, &compression_method))
-                goto err;
-        /*
-         * XXX currently this will change state and be hazardous later
-         * if we decide to support sending an updated client hello.
-         * however, since we will not today (and are going to return
-         * illegal parameter as per section 4.1.4) we just ensure
-         * that the extensions parse correctly.
-         */
-        if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) {
-                ctx->alert = alert_desc;
-                goto err;
-        }
-        /* XXX for now, just say no, we will not change our hello */
-        ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
- err:
-        if (ctx->alert == 0)
-                ctx->alert = TLS1_AD_DECODE_ERROR;
-        return 0;
-}
-int
-tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        int ret = 0;
-        if (!tls13_client_hello_retry_process(ctx, cbs)) {
-                if (ctx->alert == SSL_AD_ILLEGAL_PARAMETER)
-                        tls13_set_errorx(ctx, TLS13_ERR_HRR_FAILED, 0,
-                            "Unsatisfiable hello retry request", NULL);
-                goto err;
-        }
-err:
-        return ret;
-}
 int
 tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
 {
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 660508a121..0f708cb4ef 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.23 2020/02/04 18:00:30 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.24 2020/02/05 17:01:43 jsing Exp $ */
 /*
 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -295,13 +295,7 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
 }
 int
-tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
+tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        return 0;
-}
-int
-tls13_server_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs)
 {
        return 0;
 }
author	jsing <>	2020-02-05 17:01:43 +0000
committer	jsing <>	2020-02-05 17:01:43 +0000
commit	30522d799b56c01cbca3fedc09dfe8c5f5692a43 (patch)
tree	4f7169e40092c950d0d4ff50d2211874dbf67734 /src
parent	df4de2faa5919a5456f33026b035b781d8c926eb (diff)
download	openbsd-30522d799b56c01cbca3fedc09dfe8c5f5692a43.tar.gz openbsd-30522d799b56c01cbca3fedc09dfe8c5f5692a43.tar.bz2 openbsd-30522d799b56c01cbca3fedc09dfe8c5f5692a43.zip

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 78f46bd859..62ed600de3 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.40 2020/02/04 18:00:30 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.41 2020/02/05 17:01:43 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -471,6 +471,18 @@ tls13_server_hello_recv(struct tls13_ctx ctx, CBS cbs)
471	}	471	}
472		472
473	int	473	int
		474	tls13_client_hello_retry_send(struct tls13_ctx ctx, CBB cbb)
		475	{
		476	return 0;
		477	}
		478
		479	int
		480	tls13_server_hello_retry_recv(struct tls13_ctx ctx, CBS cbs)
		481	{
		482	return 0;
		483	}
		484
		485	int
474	tls13_server_encrypted_extensions_recv(struct tls13_ctx ctx, CBS cbs)	486	tls13_server_encrypted_extensions_recv(struct tls13_ctx ctx, CBS cbs)
475	{	487	{
476	int alert_desc;	488	int alert_desc;
@@ -485,6 +497,7 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx ctx, CBS cbs)
485	err:	497	err:
486	if (ctx->alert == 0)	498	if (ctx->alert == 0)
487	ctx->alert = TLS1_AD_DECODE_ERROR;	499	ctx->alert = TLS1_AD_DECODE_ERROR;
		500
488	return 0;	501	return 0;
489	}	502	}
490		503
@@ -843,62 +856,6 @@ tls13_client_finished_sent(struct tls13_ctx *ctx)
843	&secrets->client_application_traffic);	856	&secrets->client_application_traffic);
844	}	857	}
845		858
846
847	static int
848	tls13_client_hello_retry_process(struct tls13_ctx ctx, CBS cbs)
849	{
850	CBS server_random, session_id;
851	uint16_t cipher_suite, legacy_version;
852	uint8_t compression_method;
853	int alert_desc;
854	SSL *s = ctx->ssl;
855
856	if (!CBS_get_u16(cbs, &legacy_version))
857	goto err;
858	if (!CBS_get_bytes(cbs, &server_random, SSL3_RANDOM_SIZE))
859	goto err;
860	if (!CBS_get_u8_length_prefixed(cbs, &session_id))
861	goto err;
862	if (!CBS_get_u16(cbs, &cipher_suite))
863	goto err;
864	if (!CBS_get_u8(cbs, &compression_method))
865	goto err;
866
867	/*
868	* XXX currently this will change state and be hazardous later
869	* if we decide to support sending an updated client hello.
870	* however, since we will not today (and are going to return
871	* illegal parameter as per section 4.1.4) we just ensure
872	* that the extensions parse correctly.
873	*/
874	if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) {
875	ctx->alert = alert_desc;
876	goto err;
877	}
878
879	/* XXX for now, just say no, we will not change our hello */
880	ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
881	err:
882	if (ctx->alert == 0)
883	ctx->alert = TLS1_AD_DECODE_ERROR;
884	return 0;
885	}
886
887	int
888	tls13_client_hello_retry_recv(struct tls13_ctx ctx, CBS cbs)
889	{
890	int ret = 0;
891
892	if (!tls13_client_hello_retry_process(ctx, cbs)) {
893	if (ctx->alert == SSL_AD_ILLEGAL_PARAMETER)
894	tls13_set_errorx(ctx, TLS13_ERR_HRR_FAILED, 0,
895	"Unsatisfiable hello retry request", NULL);
896	goto err;
897	}
898	err:
899	return ret;
900	}
901
902	int	859	int
903	tls13_client_certificate_send(struct tls13_ctx ctx, CBB cbb)	860	tls13_client_certificate_send(struct tls13_ctx ctx, CBB cbb)
904	{	861	{


diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 660508a121..0f708cb4ef 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.23 2020/02/04 18:00:30 jsing Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.24 2020/02/05 17:01:43 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -295,13 +295,7 @@ tls13_client_hello_recv(struct tls13_ctx ctx, CBS cbs)
295	}	295	}
296		296
297	int	297	int
298	tls13_client_hello_retry_send(struct tls13_ctx ctx, CBB cbb)	298	tls13_client_hello_retry_recv(struct tls13_ctx ctx, CBS cbs)
299	{
300	return 0;
301	}
302
303	int
304	tls13_server_hello_retry_recv(struct tls13_ctx ctx, CBS cbs)
305	{	299	{
306	return 0;	300	return 0;
307	}	301	}