Implement client hello processing in the TLSv1.3 server.

ok beck@
author: jsing <> 2020-01-23 11:57:20 +0000
committer: jsing <> 2020-01-23 11:57:20 +0000
commit: 7136a54d43d7b515b6d9043faeb359a87cf1ab0f (patch)
tree: 5d81cf3f798d58bb9e33709e67b0b6ddd814a696 /src
parent: 19a3c1d96385a70d4641d597c708f03c347280ae (diff)
download: openbsd-7136a54d43d7b515b6d9043faeb359a87cf1ab0f.tar.gz
openbsd-7136a54d43d7b515b6d9043faeb359a87cf1ab0f.tar.bz2
openbsd-7136a54d43d7b515b6d9043faeb359a87cf1ab0f.zip
3 files changed, 58 insertions, 10 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index f11d96f2ea..e9f629f387 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.49 2020/01/23 07:30:55 beck Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.50 2020/01/23 11:57:20 jsing Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -38,9 +38,10 @@ __BEGIN_HIDDEN_DECLS
 #define TLS13_IO_WANT_POLLOUT   -4
 #define TLS13_IO_USE_LEGACY     -5
-#define TLS13_ERR_VERIFY_FAILED 16
+#define TLS13_ERR_VERIFY_FAILED         16
-#define TLS13_ERR_HRR_FAILED    17
+#define TLS13_ERR_HRR_FAILED            17
-#define TLS13_ERR_TRAILING_DATA 18
+#define TLS13_ERR_TRAILING_DATA         18
+#define TLS13_ERR_NO_SHARED_CIPHER      19
 typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
 typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *cbs);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 91dd566864..473163ee76 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.25 2020/01/23 10:40:59 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.26 2020/01/23 11:57:20 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -376,6 +376,9 @@ tls13_legacy_error(SSL *ssl)
        case TLS13_ERR_TRAILING_DATA:
                reason = SSL_R_EXTRA_DATA_IN_MESSAGE;
                break;
+        case TLS13_ERR_NO_SHARED_CIPHER:
+                reason = SSL_R_NO_SHARED_CIPHER;
+                break;
        }
        ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 3c832aec65..b64fec8edc 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.12 2020/01/23 11:47:13 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.13 2020/01/23 11:57:20 jsing Exp $ */
 /*
 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -181,9 +181,13 @@ static int
 tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
 {
        CBS cipher_suites, client_random, compression_methods, session_id;
+        STACK_OF(SSL_CIPHER) *ciphers = NULL;
+        const SSL_CIPHER *cipher;
        uint16_t legacy_version;
+        uint8_t compression_method;
+        int alert_desc, comp_null;
        SSL *s = ctx->ssl;
-        int alert;
+        int ret = 0;
        if (!CBS_get_u16(cbs, &legacy_version))
                goto err;
@@ -202,13 +206,53 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
                return tls13_use_legacy_server(ctx);
        }
-        if (!tlsext_server_parse(s, cbs, &alert, SSL_TLSEXT_MSG_CH))
+        if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) {
+                ctx->alert = alert_desc;
                goto err;
+        }
+        /*
+         * If we got this far we have a supported versions extension that offers
+         * TLS 1.3 or later. This requires the legacy version be set to 0x0303.
+         */
+        if (legacy_version != TLS1_2_VERSION) {
+                ctx->alert = SSL_AD_PROTOCOL_VERSION;
+                goto err;
+        }
+        /* Parse cipher suites list and select preferred cipher. */
+        if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {
+                ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
+                goto err;
+        }
+        cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));
+        if (cipher == NULL) {
+                tls13_set_errorx(ctx, TLS13_ERR_NO_SHARED_CIPHER, 0,
+                    "no shared cipher found", NULL);
+                ctx->alert = SSL_AD_HANDSHAKE_FAILURE;
+                goto err;
+        }
+        S3I(s)->hs.new_cipher = cipher;
+        /* Ensure they advertise the NULL compression method. */
+        comp_null = 0;
+        while (CBS_len(&compression_methods) > 0) {
+                if (!CBS_get_u8(&compression_methods, &compression_method))
+                        goto err;
+                if (compression_method == 0)
+                        comp_null = 1;
+        }
+        if (!comp_null) {
+                ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
+                goto err;
+        }
-        /* XXX - implement. */
+        ret = 1;
 err:
-        return 0;
+        sk_SSL_CIPHER_free(ciphers);
+        return ret;
 }
 int
author	jsing <>	2020-01-23 11:57:20 +0000
committer	jsing <>	2020-01-23 11:57:20 +0000
commit	7136a54d43d7b515b6d9043faeb359a87cf1ab0f (patch)
tree	5d81cf3f798d58bb9e33709e67b0b6ddd814a696 /src
parent	19a3c1d96385a70d4641d597c708f03c347280ae (diff)
download	openbsd-7136a54d43d7b515b6d9043faeb359a87cf1ab0f.tar.gz openbsd-7136a54d43d7b515b6d9043faeb359a87cf1ab0f.tar.bz2 openbsd-7136a54d43d7b515b6d9043faeb359a87cf1ab0f.zip