Correct handling of QUIC transport parameters extension.

Remove duplicate U16 length prefix, since tlsext_build() already adds this for us. Condition on SSL_is_quic() rather than TLS version - RFC 9001 is clear that this extension is only permitted on QUIC transport and an fatal unsupported extension alert is required if used elsewhere. Additionally, at the point where extensions are parsed, we do not necessarily know what TLS version has been negotiated. ok beck@ tb@
author: jsing <> 2022-07-17 14:54:10 +0000
committer: jsing <> 2022-07-17 14:54:10 +0000
commit: 6d3643d599537b4bfb4a790e77fa7ae556d70b27 (patch)
tree: 53dcf33dd8ef947de47eead8aeda660e8431f3a0 /src
parent: 3100db9e08c1bf8ebeaea72f76c09b995e5a3159 (diff)
download: openbsd-6d3643d599537b4bfb4a790e77fa7ae556d70b27.tar.gz
openbsd-6d3643d599537b4bfb4a790e77fa7ae556d70b27.tar.bz2
openbsd-6d3643d599537b4bfb4a790e77fa7ae556d70b27.zip
1 files changed, 16 insertions, 48 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index a7c8f2d61d..6063991306 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.120 2022/07/17 14:41:27 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.121 2022/07/17 14:54:10 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1950,32 +1950,23 @@ tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 }
 /*
- * QUIC transport parameters extension.
+ * QUIC transport parameters extension - RFC 9001 section 8.2.
 */
 int
 tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)
 {
-        return (s->internal->quic_transport_params_len > 0 &&
+        return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;
-            s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
 }
 int
 tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
    CBB *cbb)
 {
-        CBB contents;
+        if (!CBB_add_bytes(cbb, s->internal->quic_transport_params,
-        if (!CBB_add_u16_length_prefixed(cbb, &contents))
-                return 0;
-        if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
            s->internal->quic_transport_params_len))
                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
        return 1;
 }
@@ -1983,20 +1974,16 @@ int
 tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
    CBS *cbs, int *alert)
 {
-        CBS transport_data;
+        if (!SSL_is_quic(s)) {
-        /* QUIC requires TLS 1.3. */
-        if (ssl_effective_tls_version(s) < TLS1_3_VERSION) {
                *alert = SSL_AD_UNSUPPORTED_EXTENSION;
                return 0;
        }
-        if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
+        if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params,
-                return 0;
-        if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
            &s->s3->peer_quic_transport_params_len))
                return 0;
+        if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len))
+                return 0;
        return 1;
 }
@@ -2004,25 +1991,17 @@ tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
 int
 tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)
 {
-        return s->internal->quic_transport_params_len > 0;
+        return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;
 }
 int
 tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
    CBB *cbb)
 {
-        CBB contents;
+        if (!CBB_add_bytes(cbb, s->internal->quic_transport_params,
-        if (!CBB_add_u16_length_prefixed(cbb, &contents))
-                return 0;
-        if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
            s->internal->quic_transport_params_len))
                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
        return 1;
 }
@@ -2030,27 +2009,16 @@ int
 tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
    CBS *cbs, int *alert)
 {
-        CBS transport_data;
+        if (!SSL_is_quic(s)) {
+                *alert = SSL_AD_UNSUPPORTED_EXTENSION;
-        /*
-         * Ignore this extension if we don't have configured quic transport data
-         * or if we are not TLS 1.3.
-         */
-        if (s->internal->quic_transport_params_len == 0 ||
-            ssl_effective_tls_version(s) < TLS1_3_VERSION) {
-                if (!CBS_skip(cbs, CBS_len(cbs))) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-                return 1;
-        }
-        if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
                return 0;
+        }
-        if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
+        if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params,
            &s->s3->peer_quic_transport_params_len))
                return 0;
+        if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len))
+                return 0;
        return 1;
 }
author	jsing <>	2022-07-17 14:54:10 +0000
committer	jsing <>	2022-07-17 14:54:10 +0000
commit	6d3643d599537b4bfb4a790e77fa7ae556d70b27 (patch)
tree	53dcf33dd8ef947de47eead8aeda660e8431f3a0 /src
parent	3100db9e08c1bf8ebeaea72f76c09b995e5a3159 (diff)
download	openbsd-6d3643d599537b4bfb4a790e77fa7ae556d70b27.tar.gz openbsd-6d3643d599537b4bfb4a790e77fa7ae556d70b27.tar.bz2 openbsd-6d3643d599537b4bfb4a790e77fa7ae556d70b27.zip

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index a7c8f2d61d..6063991306 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.120 2022/07/17 14:41:27 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.121 2022/07/17 14:54:10 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1950,32 +1950,23 @@ tlsext_psk_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert)
1950	}	1950	}
1951		1951
1952	/*	1952	/*
1953	* QUIC transport parameters extension.	1953	* QUIC transport parameters extension - RFC 9001 section 8.2.
1954	*/	1954	*/
1955		1955
1956	int	1956	int
1957	tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)	1957	tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)
1958	{	1958	{
1959	return (s->internal->quic_transport_params_len > 0 &&	1959	return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;
1960	s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
1961	}	1960	}
1962		1961
1963	int	1962	int
1964	tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,	1963	tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
1965	CBB *cbb)	1964	CBB *cbb)
1966	{	1965	{
1967	CBB contents;	1966	if (!CBB_add_bytes(cbb, s->internal->quic_transport_params,
1968
1969	if (!CBB_add_u16_length_prefixed(cbb, &contents))
1970	return 0;
1971
1972	if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
1973	s->internal->quic_transport_params_len))	1967	s->internal->quic_transport_params_len))
1974	return 0;	1968	return 0;
1975		1969
1976	if (!CBB_flush(cbb))
1977	return 0;
1978
1979	return 1;	1970	return 1;
1980	}	1971	}
1981		1972
@@ -1983,20 +1974,16 @@ int
1983	tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,	1974	tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
1984	CBS cbs, int alert)	1975	CBS cbs, int alert)
1985	{	1976	{
1986	CBS transport_data;	1977	if (!SSL_is_quic(s)) {
1987
1988	/* QUIC requires TLS 1.3. */
1989	if (ssl_effective_tls_version(s) < TLS1_3_VERSION) {
1990	*alert = SSL_AD_UNSUPPORTED_EXTENSION;	1978	*alert = SSL_AD_UNSUPPORTED_EXTENSION;
1991	return 0;	1979	return 0;
1992	}	1980	}
1993		1981
1994	if (!CBS_get_u16_length_prefixed(cbs, &transport_data))	1982	if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params,
1995	return 0;
1996
1997	if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
1998	&s->s3->peer_quic_transport_params_len))	1983	&s->s3->peer_quic_transport_params_len))
1999	return 0;	1984	return 0;
		1985	if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len))
		1986	return 0;
2000		1987
2001	return 1;	1988	return 1;
2002	}	1989	}
@@ -2004,25 +1991,17 @@ tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
2004	int	1991	int
2005	tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)	1992	tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)
2006	{	1993	{
2007	return s->internal->quic_transport_params_len > 0;	1994	return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;
2008	}	1995	}
2009		1996
2010	int	1997	int
2011	tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,	1998	tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
2012	CBB *cbb)	1999	CBB *cbb)
2013	{	2000	{
2014	CBB contents;	2001	if (!CBB_add_bytes(cbb, s->internal->quic_transport_params,
2015
2016	if (!CBB_add_u16_length_prefixed(cbb, &contents))
2017	return 0;
2018
2019	if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
2020	s->internal->quic_transport_params_len))	2002	s->internal->quic_transport_params_len))
2021	return 0;	2003	return 0;
2022		2004
2023	if (!CBB_flush(cbb))
2024	return 0;
2025
2026	return 1;	2005	return 1;
2027	}	2006	}
2028		2007
@@ -2030,27 +2009,16 @@ int
2030	tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,	2009	tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
2031	CBS cbs, int alert)	2010	CBS cbs, int alert)
2032	{	2011	{
2033	CBS transport_data;	2012	if (!SSL_is_quic(s)) {
2034		2013	*alert = SSL_AD_UNSUPPORTED_EXTENSION;
2035	/*
2036	* Ignore this extension if we don't have configured quic transport data
2037	* or if we are not TLS 1.3.
2038	*/
2039	if (s->internal->quic_transport_params_len == 0 \|\|
2040	ssl_effective_tls_version(s) < TLS1_3_VERSION) {
2041	if (!CBS_skip(cbs, CBS_len(cbs))) {
2042	*alert = SSL_AD_INTERNAL_ERROR;
2043	return 0;
2044	}
2045	return 1;
2046	}
2047
2048	if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
2049	return 0;	2014	return 0;
		2015	}
2050		2016
2051	if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,	2017	if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params,
2052	&s->s3->peer_quic_transport_params_len))	2018	&s->s3->peer_quic_transport_params_len))
2053	return 0;	2019	return 0;
		2020	if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len))
		2021	return 0;
2054		2022
2055	return 1;	2023	return 1;
2056	}	2024	}