diff options
| author | tb <> | 2022-07-20 15:16:06 +0000 |
|---|---|---|
| committer | tb <> | 2022-07-20 15:16:06 +0000 |
| commit | 3ee05e46168e73e4e329e7fd818d2a3ff08ec6dd (patch) | |
| tree | 144cd3426aa539bd2ae5bf6ec107126c1d5ed6ad /src | |
| parent | 72933d45e6e36b8ba55d051910e8c68bb6042600 (diff) | |
| download | openbsd-3ee05e46168e73e4e329e7fd818d2a3ff08ec6dd.tar.gz openbsd-3ee05e46168e73e4e329e7fd818d2a3ff08ec6dd.tar.bz2 openbsd-3ee05e46168e73e4e329e7fd818d2a3ff08ec6dd.zip | |
Simplify tlsext_supported_groups_server_parse
Add an early return in the s->internal->hit case so that we can unindent
a lot of this code. In the HRR case, we do not need to check that the list
of supported groups is unmodified from the first CH. The CH extension
hashing already does that for us.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 76 |
1 files changed, 31 insertions, 45 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index c301b804d2..d802a6e135 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.124 2022/07/20 14:15:50 tb Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.125 2022/07/20 15:16:06 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -245,7 +245,9 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, | |||
| 245 | int *alert) | 245 | int *alert) |
| 246 | { | 246 | { |
| 247 | CBS grouplist; | 247 | CBS grouplist; |
| 248 | uint16_t *groups; | ||
| 248 | size_t groups_len; | 249 | size_t groups_len; |
| 250 | int i; | ||
| 249 | 251 | ||
| 250 | if (!CBS_get_u16_length_prefixed(cbs, &grouplist)) | 252 | if (!CBS_get_u16_length_prefixed(cbs, &grouplist)) |
| 251 | goto err; | 253 | goto err; |
| @@ -257,62 +259,46 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, | |||
| 257 | goto err; | 259 | goto err; |
| 258 | groups_len /= 2; | 260 | groups_len /= 2; |
| 259 | 261 | ||
| 260 | if (!s->internal->hit) { | 262 | if (s->internal->hit) |
| 261 | uint16_t *groups; | 263 | return 1; |
| 262 | int i; | ||
| 263 | |||
| 264 | if (s->s3->hs.tls13.hrr) { | ||
| 265 | if (s->session->tlsext_supportedgroups == NULL) { | ||
| 266 | *alert = SSL_AD_HANDSHAKE_FAILURE; | ||
| 267 | return 0; | ||
| 268 | } | ||
| 269 | /* | ||
| 270 | * In the case of TLSv1.3 the client cannot change | ||
| 271 | * the supported groups. | ||
| 272 | */ | ||
| 273 | if (groups_len != s->session->tlsext_supportedgroups_length) { | ||
| 274 | *alert = SSL_AD_ILLEGAL_PARAMETER; | ||
| 275 | return 0; | ||
| 276 | } | ||
| 277 | for (i = 0; i < groups_len; i++) { | ||
| 278 | uint16_t group; | ||
| 279 | |||
| 280 | if (!CBS_get_u16(&grouplist, &group)) | ||
| 281 | goto err; | ||
| 282 | if (s->session->tlsext_supportedgroups[i] != group) { | ||
| 283 | *alert = SSL_AD_ILLEGAL_PARAMETER; | ||
| 284 | return 0; | ||
| 285 | } | ||
| 286 | } | ||
| 287 | 264 | ||
| 288 | return 1; | 265 | if (s->s3->hs.tls13.hrr) { |
| 266 | if (s->session->tlsext_supportedgroups == NULL) { | ||
| 267 | *alert = SSL_AD_HANDSHAKE_FAILURE; | ||
| 268 | return 0; | ||
| 289 | } | 269 | } |
| 290 | 270 | ||
| 291 | if (s->session->tlsext_supportedgroups != NULL) | 271 | /* |
| 292 | goto err; | 272 | * The ClientHello extension hashing ensures that the client |
| 273 | * did not change its list of supported groups. | ||
| 274 | */ | ||
| 293 | 275 | ||
| 294 | if ((groups = reallocarray(NULL, groups_len, | 276 | return 1; |
| 295 | sizeof(uint16_t))) == NULL) { | 277 | } |
| 296 | *alert = SSL_AD_INTERNAL_ERROR; | ||
| 297 | return 0; | ||
| 298 | } | ||
| 299 | 278 | ||
| 300 | for (i = 0; i < groups_len; i++) { | 279 | if (s->session->tlsext_supportedgroups != NULL) |
| 301 | if (!CBS_get_u16(&grouplist, &groups[i])) { | 280 | goto err; |
| 302 | free(groups); | ||
| 303 | goto err; | ||
| 304 | } | ||
| 305 | } | ||
| 306 | 281 | ||
| 307 | if (CBS_len(&grouplist) != 0) { | 282 | if ((groups = reallocarray(NULL, groups_len, sizeof(uint16_t))) == NULL) { |
| 283 | *alert = SSL_AD_INTERNAL_ERROR; | ||
| 284 | return 0; | ||
| 285 | } | ||
| 286 | |||
| 287 | for (i = 0; i < groups_len; i++) { | ||
| 288 | if (!CBS_get_u16(&grouplist, &groups[i])) { | ||
| 308 | free(groups); | 289 | free(groups); |
| 309 | goto err; | 290 | goto err; |
| 310 | } | 291 | } |
| 292 | } | ||
| 311 | 293 | ||
| 312 | s->session->tlsext_supportedgroups = groups; | 294 | if (CBS_len(&grouplist) != 0) { |
| 313 | s->session->tlsext_supportedgroups_length = groups_len; | 295 | free(groups); |
| 296 | goto err; | ||
| 314 | } | 297 | } |
| 315 | 298 | ||
| 299 | s->session->tlsext_supportedgroups = groups; | ||
| 300 | s->session->tlsext_supportedgroups_length = groups_len; | ||
| 301 | |||
| 316 | return 1; | 302 | return 1; |
| 317 | 303 | ||
| 318 | err: | 304 | err: |