1 files changed, 86 insertions, 50 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index c74772f683..3502e5a721 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.40 2019/01/31 08:11:55 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.41 2019/02/03 14:09:58 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -25,24 +25,6 @@
 #include "ssl_sigalgs.h"
 #include "ssl_tlsext.h"
-static int
-tlsext_u16_prefixed_builder(CBB *parent, uint8_t *bytes, size_t len)
-{
-        CBB child;
-        if (!CBB_add_u16_length_prefixed(parent, &child))
-                return 0;
-        if (!CBB_add_bytes(&child, bytes, len))
-                return 0;
-        if (!CBB_flush(parent))
-                return 0;
-        return 1;
-}
 /*
 * Supported Application-Layer Protocol Negotiation - RFC 7301
 */
@@ -58,10 +40,19 @@ tlsext_alpn_client_needs(SSL *s)
 int
 tlsext_alpn_client_build(SSL *s, CBB *cbb)
 {
+        CBB protolist;
+        if (!CBB_add_u16_length_prefixed(cbb, &protolist))
+                return 0;
-        return (tlsext_u16_prefixed_builder(cbb,
+        if (!CBB_add_bytes(&protolist, s->internal->alpn_client_proto_list,
-                s->internal->alpn_client_proto_list,
+            s->internal->alpn_client_proto_list_len))
-                s->internal->alpn_client_proto_list_len));
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
 }
 int
@@ -1233,10 +1224,16 @@ tlsext_keyshare_client_needs(SSL *s)
 }
 int
-tlsext_keyshare_x25519_generate(SSL *s, CBB *keyshare)
+tlsext_keyshare_client_build(SSL *s, CBB *cbb)
 {
        uint8_t *public_key = NULL, *private_key = NULL;
-        CBB key_exchange;
+        CBB client_shares, key_exchange;
+        /* Generate and provide key shares. */
+        if (!CBB_add_u16_length_prefixed(cbb, &client_shares))
+                return 0;
+        /* XXX - other groups. */
        /* Generate X25519 key pair. */
        if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
@@ -1246,13 +1243,16 @@ tlsext_keyshare_x25519_generate(SSL *s, CBB *keyshare)
        X25519_keypair(public_key, private_key);
        /* Add the group and serialize the public key. */
-        if (!CBB_add_u16(keyshare, tls1_ec_nid2curve_id(NID_X25519)))
+        if (!CBB_add_u16(&client_shares, tls1_ec_nid2curve_id(NID_X25519)))
                goto err;
-        if (!CBB_add_u16_length_prefixed(keyshare, &key_exchange))
+        if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange))
                goto err;
        if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH))
                goto err;
+        if (!CBB_flush(cbb))
+                goto err;
        S3I(s)->hs_tls13.x25519_public = public_key;
        S3I(s)->hs_tls13.x25519_private = private_key;
@@ -1266,22 +1266,6 @@ tlsext_keyshare_x25519_generate(SSL *s, CBB *keyshare)
 }
 int
-tlsext_keyshare_client_build(SSL *s, CBB *cbb)
-{
-        CBB client_shares;
-        /* Generate and provide key shares. */
-        if (!CBB_add_u16_length_prefixed(cbb, &client_shares))
-                return 0;
-        if (!tlsext_keyshare_x25519_generate(s, &client_shares) ||
-            !CBB_flush(cbb))
-                return 0;
-        return (1);
-}
-int
 tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert)
 {
        CBS client_shares;
@@ -1343,15 +1327,43 @@ tlsext_keyshare_server_needs(SSL *s)
 int
 tlsext_keyshare_server_build(SSL *s, CBB *cbb)
 {
+        uint8_t *public_key = NULL, *private_key = NULL;
+        CBB key_exchange;
+        /* XXX deduplicate with client code */
        /* X25519 */
        if (S3I(s)->hs_tls13.x25519_peer_public == NULL)
                return 0;
-        if (!tlsext_keyshare_x25519_generate(s, cbb) ||
+        /* Generate X25519 key pair. */
-            !CBB_flush(cbb))
+        if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
-                return 0;
+                goto err;
+        if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL)
+                goto err;
+        X25519_keypair(public_key, private_key);
+        /* Add the group and serialize the public key. */
+        if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519)))
+                goto err;
+        if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
+                goto err;
+        if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH))
+                goto err;
+        if (!CBB_flush(cbb))
+                goto err;
+        S3I(s)->hs_tls13.x25519_public = public_key;
+        S3I(s)->hs_tls13.x25519_private = private_key;
        return 1;
+ err:
+        freezero(public_key, X25519_KEY_LENGTH);
+        freezero(private_key, X25519_KEY_LENGTH);
+        return 0;
 }
 int
@@ -1528,8 +1540,19 @@ tlsext_cookie_client_needs(SSL *s)
 int
 tlsext_cookie_client_build(SSL *s, CBB *cbb)
 {
-        return (tlsext_u16_prefixed_builder(cbb,
+        CBB cookie;
-            S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len));
+        if (!CBB_add_u16_length_prefixed(cbb, &cookie))
+                return 0;
+        if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie,
+            S3I(s)->hs_tls13.cookie_len))
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
 }
 int
@@ -1581,8 +1604,21 @@ tlsext_cookie_server_needs(SSL *s)
 int
 tlsext_cookie_server_build(SSL *s, CBB *cbb)
 {
-        return (tlsext_u16_prefixed_builder(cbb,
+        CBB cookie;
-            S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len));
+        /* XXX deduplicate with client code */
+        if (!CBB_add_u16_length_prefixed(cbb, &cookie))
+                return 0;
+        if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie,
+            S3I(s)->hs_tls13.cookie_len))
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
 }
 int
@@ -1840,7 +1876,7 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server)
        if (is_server)
                return &tlsext->server;
-        return &tlsext->client;
+        return &tlsext->client; 
 }
 static int

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index c74772f683..3502e5a721 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.40 2019/01/31 08:11:55 tb Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.41 2019/02/03 14:09:58 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -25,24 +25,6 @@
25	#include "ssl_sigalgs.h"	25	#include "ssl_sigalgs.h"
26	#include "ssl_tlsext.h"	26	#include "ssl_tlsext.h"
27		27
28
29	static int
30	tlsext_u16_prefixed_builder(CBB parent, uint8_t bytes, size_t len)
31	{
32	CBB child;
33
34	if (!CBB_add_u16_length_prefixed(parent, &child))
35	return 0;
36
37	if (!CBB_add_bytes(&child, bytes, len))
38	return 0;
39
40	if (!CBB_flush(parent))
41	return 0;
42
43	return 1;
44	}
45
46	/*	28	/*
47	* Supported Application-Layer Protocol Negotiation - RFC 7301	29	* Supported Application-Layer Protocol Negotiation - RFC 7301
48	*/	30	*/
@@ -58,10 +40,19 @@ tlsext_alpn_client_needs(SSL *s)
58	int	40	int
59	tlsext_alpn_client_build(SSL s, CBB cbb)	41	tlsext_alpn_client_build(SSL s, CBB cbb)
60	{	42	{
		43	CBB protolist;
		44
		45	if (!CBB_add_u16_length_prefixed(cbb, &protolist))
		46	return 0;
61		47
62	return (tlsext_u16_prefixed_builder(cbb,	48	if (!CBB_add_bytes(&protolist, s->internal->alpn_client_proto_list,
63	s->internal->alpn_client_proto_list,	49	s->internal->alpn_client_proto_list_len))
64	s->internal->alpn_client_proto_list_len));	50	return 0;
		51
		52	if (!CBB_flush(cbb))
		53	return 0;
		54
		55	return 1;
65	}	56	}
66		57
67	int	58	int
@@ -1233,10 +1224,16 @@ tlsext_keyshare_client_needs(SSL *s)
1233	}	1224	}
1234		1225
1235	int	1226	int
1236	tlsext_keyshare_x25519_generate(SSL s, CBB keyshare)	1227	tlsext_keyshare_client_build(SSL s, CBB cbb)
1237	{	1228	{
1238	uint8_t public_key = NULL, private_key = NULL;	1229	uint8_t public_key = NULL, private_key = NULL;
1239	CBB key_exchange;	1230	CBB client_shares, key_exchange;
		1231
		1232	/* Generate and provide key shares. */
		1233	if (!CBB_add_u16_length_prefixed(cbb, &client_shares))
		1234	return 0;
		1235
		1236	/* XXX - other groups. */
1240		1237
1241	/* Generate X25519 key pair. */	1238	/* Generate X25519 key pair. */
1242	if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)	1239	if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
@@ -1246,13 +1243,16 @@ tlsext_keyshare_x25519_generate(SSL s, CBB keyshare)
1246	X25519_keypair(public_key, private_key);	1243	X25519_keypair(public_key, private_key);
1247		1244
1248	/* Add the group and serialize the public key. */	1245	/* Add the group and serialize the public key. */
1249	if (!CBB_add_u16(keyshare, tls1_ec_nid2curve_id(NID_X25519)))	1246	if (!CBB_add_u16(&client_shares, tls1_ec_nid2curve_id(NID_X25519)))
1250	goto err;	1247	goto err;
1251	if (!CBB_add_u16_length_prefixed(keyshare, &key_exchange))	1248	if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange))
1252	goto err;	1249	goto err;
1253	if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH))	1250	if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH))
1254	goto err;	1251	goto err;
1255		1252
		1253	if (!CBB_flush(cbb))
		1254	goto err;
		1255
1256	S3I(s)->hs_tls13.x25519_public = public_key;	1256	S3I(s)->hs_tls13.x25519_public = public_key;
1257	S3I(s)->hs_tls13.x25519_private = private_key;	1257	S3I(s)->hs_tls13.x25519_private = private_key;
1258		1258
@@ -1266,22 +1266,6 @@ tlsext_keyshare_x25519_generate(SSL s, CBB keyshare)
1266	}	1266	}
1267		1267
1268	int	1268	int
1269	tlsext_keyshare_client_build(SSL s, CBB cbb)
1270	{
1271	CBB client_shares;
1272
1273	/* Generate and provide key shares. */
1274	if (!CBB_add_u16_length_prefixed(cbb, &client_shares))
1275	return 0;
1276
1277	if (!tlsext_keyshare_x25519_generate(s, &client_shares) \|\|
1278	!CBB_flush(cbb))
1279	return 0;
1280
1281	return (1);
1282	}
1283
1284	int
1285	tlsext_keyshare_server_parse(SSL s, CBS cbs, int *alert)	1269	tlsext_keyshare_server_parse(SSL s, CBS cbs, int *alert)
1286	{	1270	{
1287	CBS client_shares;	1271	CBS client_shares;
@@ -1343,15 +1327,43 @@ tlsext_keyshare_server_needs(SSL *s)
1343	int	1327	int
1344	tlsext_keyshare_server_build(SSL s, CBB cbb)	1328	tlsext_keyshare_server_build(SSL s, CBB cbb)
1345	{	1329	{
		1330	uint8_t public_key = NULL, private_key = NULL;
		1331	CBB key_exchange;
		1332
		1333	/* XXX deduplicate with client code */
		1334
1346	/* X25519 */	1335	/* X25519 */
1347	if (S3I(s)->hs_tls13.x25519_peer_public == NULL)	1336	if (S3I(s)->hs_tls13.x25519_peer_public == NULL)
1348	return 0;	1337	return 0;
1349		1338
1350	if (!tlsext_keyshare_x25519_generate(s, cbb) \|\|	1339	/* Generate X25519 key pair. */
1351	!CBB_flush(cbb))	1340	if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
1352	return 0;	1341	goto err;
		1342	if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL)
		1343	goto err;
		1344	X25519_keypair(public_key, private_key);
		1345
		1346	/* Add the group and serialize the public key. */
		1347	if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519)))
		1348	goto err;
		1349	if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
		1350	goto err;
		1351	if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH))
		1352	goto err;
		1353
		1354	if (!CBB_flush(cbb))
		1355	goto err;
		1356
		1357	S3I(s)->hs_tls13.x25519_public = public_key;
		1358	S3I(s)->hs_tls13.x25519_private = private_key;
1353		1359
1354	return 1;	1360	return 1;
		1361
		1362	err:
		1363	freezero(public_key, X25519_KEY_LENGTH);
		1364	freezero(private_key, X25519_KEY_LENGTH);
		1365
		1366	return 0;
1355	}	1367	}
1356		1368
1357	int	1369	int
@@ -1528,8 +1540,19 @@ tlsext_cookie_client_needs(SSL *s)
1528	int	1540	int
1529	tlsext_cookie_client_build(SSL s, CBB cbb)	1541	tlsext_cookie_client_build(SSL s, CBB cbb)
1530	{	1542	{
1531	return (tlsext_u16_prefixed_builder(cbb,	1543	CBB cookie;
1532	S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len));	1544
		1545	if (!CBB_add_u16_length_prefixed(cbb, &cookie))
		1546	return 0;
		1547
		1548	if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie,
		1549	S3I(s)->hs_tls13.cookie_len))
		1550	return 0;
		1551
		1552	if (!CBB_flush(cbb))
		1553	return 0;
		1554
		1555	return 1;
1533	}	1556	}
1534		1557
1535	int	1558	int
@@ -1581,8 +1604,21 @@ tlsext_cookie_server_needs(SSL *s)
1581	int	1604	int
1582	tlsext_cookie_server_build(SSL s, CBB cbb)	1605	tlsext_cookie_server_build(SSL s, CBB cbb)
1583	{	1606	{
1584	return (tlsext_u16_prefixed_builder(cbb,	1607	CBB cookie;
1585	S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len));	1608
		1609	/* XXX deduplicate with client code */
		1610
		1611	if (!CBB_add_u16_length_prefixed(cbb, &cookie))
		1612	return 0;
		1613
		1614	if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie,
		1615	S3I(s)->hs_tls13.cookie_len))
		1616	return 0;
		1617
		1618	if (!CBB_flush(cbb))
		1619	return 0;
		1620
		1621	return 1;
1586	}	1622	}
1587		1623
1588	int	1624	int
@@ -1840,7 +1876,7 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server)
1840	if (is_server)	1876	if (is_server)
1841	return &tlsext->server;	1877	return &tlsext->server;
1842		1878
1843	return &tlsext->client;	1879	return &tlsext->client;
1844	}	1880	}
1845		1881
1846	static int	1882	static int