summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/ssl_tlsext.c245
1 files changed, 190 insertions, 55 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 7b8164352a..f278aca9df 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.138 2024/03/25 03:23:59 jsing Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.139 2024/03/25 04:02:29 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -34,6 +34,22 @@
34 34
35#define TLSEXT_TYPE_alpn TLSEXT_TYPE_application_layer_protocol_negotiation 35#define TLSEXT_TYPE_alpn TLSEXT_TYPE_application_layer_protocol_negotiation
36 36
37struct tlsext_data {
38 CBS alpn;
39};
40
41static struct tlsext_data *
42tlsext_data_new(void)
43{
44 return calloc(1, sizeof(struct tlsext_data));
45}
46
47static void
48tlsext_data_free(struct tlsext_data *td)
49{
50 freezero(td, sizeof(*td));
51}
52
37/* 53/*
38 * Supported Application-Layer Protocol Negotiation - RFC 7301 54 * Supported Application-Layer Protocol Negotiation - RFC 7301
39 */ 55 */
@@ -86,19 +102,33 @@ tlsext_alpn_check_format(CBS *cbs)
86} 102}
87 103
88static int 104static int
89tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) 105tlsext_alpn_server_parse(SSL *s, struct tlsext_data *td, uint16_t msg_types,
106 CBS *cbs, int *alert)
90{ 107{
91 CBS alpn, selected_cbs; 108 CBS alpn;
92 const unsigned char *selected;
93 unsigned char selected_len;
94 int r;
95 109
96 if (!CBS_get_u16_length_prefixed(cbs, &alpn)) 110 if (!CBS_get_u16_length_prefixed(cbs, &alpn))
97 return 0; 111 return 0;
98
99 if (!tlsext_alpn_check_format(&alpn)) 112 if (!tlsext_alpn_check_format(&alpn))
100 return 0; 113 return 0;
101 114
115 CBS_dup(&alpn, &td->alpn);
116
117 return 1;
118}
119
120static int
121tlsext_alpn_server_process(SSL *s, struct tlsext_data *td, uint16_t msg_type,
122 int *alert)
123{
124 CBS selected_cbs;
125 const unsigned char *selected;
126 unsigned char selected_len;
127 int r;
128
129 if (CBS_data(&td->alpn) == NULL)
130 return 0;
131
102 if (s->ctx->alpn_select_cb == NULL) 132 if (s->ctx->alpn_select_cb == NULL)
103 return 1; 133 return 1;
104 134
@@ -109,7 +139,7 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)
109 * 3. TLSv1.2 and earlier: ensure that SNI has already been processed. 139 * 3. TLSv1.2 and earlier: ensure that SNI has already been processed.
110 */ 140 */
111 r = s->ctx->alpn_select_cb(s, &selected, &selected_len, 141 r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
112 CBS_data(&alpn), CBS_len(&alpn), 142 CBS_data(&td->alpn), CBS_len(&td->alpn),
113 s->ctx->alpn_select_cb_arg); 143 s->ctx->alpn_select_cb_arg);
114 144
115 if (r == SSL_TLSEXT_ERR_OK) { 145 if (r == SSL_TLSEXT_ERR_OK) {
@@ -162,7 +192,8 @@ tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
162} 192}
163 193
164static int 194static int
165tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 195tlsext_alpn_client_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
196 CBS *cbs, int *alert)
166{ 197{
167 CBS list, proto; 198 CBS list, proto;
168 199
@@ -182,7 +213,18 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
182 if (CBS_len(&proto) == 0) 213 if (CBS_len(&proto) == 0)
183 return 0; 214 return 0;
184 215
185 if (!CBS_stow(&proto, &s->s3->alpn_selected, &s->s3->alpn_selected_len)) 216 CBS_dup(&proto, &td->alpn);
217
218 return 1;
219}
220
221static int
222tlsext_alpn_client_process(SSL *s, struct tlsext_data *td, uint16_t msg_type,
223 int *alert)
224{
225 if (CBS_data(&td->alpn) == NULL)
226 return 0;
227 if (!CBS_stow(&td->alpn, &s->s3->alpn_selected, &s->s3->alpn_selected_len))
186 return 0; 228 return 0;
187 229
188 return 1; 230 return 1;
@@ -229,8 +271,8 @@ tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
229} 271}
230 272
231static int 273static int
232tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, 274tlsext_supportedgroups_server_parse(SSL *s, struct tlsext_data *td,
233 int *alert) 275 uint16_t msg_type, CBS *cbs, int *alert)
234{ 276{
235 CBS grouplist; 277 CBS grouplist;
236 uint16_t *groups; 278 uint16_t *groups;
@@ -302,8 +344,8 @@ tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
302} 344}
303 345
304static int 346static int
305tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, 347tlsext_supportedgroups_client_parse(SSL *s, struct tlsext_data *td,
306 int *alert) 348 uint16_t msg_type, CBS *cbs, int *alert)
307{ 349{
308 /* 350 /*
309 * Servers should not send this extension per the RFC. 351 * Servers should not send this extension per the RFC.
@@ -351,7 +393,8 @@ tlsext_ecpf_build(SSL *s, uint16_t msg_type, CBB *cbb)
351} 393}
352 394
353static int 395static int
354tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 396tlsext_ecpf_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type, CBS *cbs,
397 int *alert)
355{ 398{
356 CBS ecpf; 399 CBS ecpf;
357 400
@@ -391,9 +434,10 @@ tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
391} 434}
392 435
393static int 436static int
394tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 437tlsext_ecpf_server_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
438 CBS *cbs, int *alert)
395{ 439{
396 return tlsext_ecpf_parse(s, msg_type, cbs, alert); 440 return tlsext_ecpf_parse(s, td, msg_type, cbs, alert);
397} 441}
398 442
399static int 443static int
@@ -409,9 +453,10 @@ tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
409} 453}
410 454
411static int 455static int
412tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 456tlsext_ecpf_client_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
457 CBS *cbs, int *alert)
413{ 458{
414 return tlsext_ecpf_parse(s, msg_type, cbs, alert); 459 return tlsext_ecpf_parse(s, td, msg_type, cbs, alert);
415} 460}
416 461
417/* 462/*
@@ -440,7 +485,8 @@ tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
440} 485}
441 486
442static int 487static int
443tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 488tlsext_ri_server_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
489 CBS *cbs, int *alert)
444{ 490{
445 CBS reneg; 491 CBS reneg;
446 492
@@ -489,7 +535,8 @@ tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
489} 535}
490 536
491static int 537static int
492tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 538tlsext_ri_client_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
539 CBS *cbs, int *alert)
493{ 540{
494 CBS reneg, prev_client, prev_server; 541 CBS reneg, prev_client, prev_server;
495 542
@@ -572,7 +619,8 @@ tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
572} 619}
573 620
574static int 621static int
575tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 622tlsext_sigalgs_server_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
623 CBS *cbs, int *alert)
576{ 624{
577 CBS sigalgs; 625 CBS sigalgs;
578 626
@@ -609,7 +657,8 @@ tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
609} 657}
610 658
611static int 659static int
612tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 660tlsext_sigalgs_client_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
661 CBS *cbs, int *alert)
613{ 662{
614 CBS sigalgs; 663 CBS sigalgs;
615 664
@@ -736,7 +785,8 @@ tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip)
736} 785}
737 786
738static int 787static int
739tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 788tlsext_sni_server_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
789 CBS *cbs, int *alert)
740{ 790{
741 CBS server_name_list, host_name; 791 CBS server_name_list, host_name;
742 uint8_t name_type; 792 uint8_t name_type;
@@ -832,7 +882,8 @@ tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
832} 882}
833 883
834static int 884static int
835tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 885tlsext_sni_client_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
886 CBS *cbs, int *alert)
836{ 887{
837 if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) { 888 if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) {
838 *alert = SSL_AD_UNRECOGNIZED_NAME; 889 *alert = SSL_AD_UNRECOGNIZED_NAME;
@@ -920,7 +971,8 @@ tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
920} 971}
921 972
922static int 973static int
923tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 974tlsext_ocsp_server_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
975 CBS *cbs, int *alert)
924{ 976{
925 int alert_desc = SSL_AD_DECODE_ERROR; 977 int alert_desc = SSL_AD_DECODE_ERROR;
926 CBS respid_list, respid, exts; 978 CBS respid_list, respid, exts;
@@ -1028,7 +1080,8 @@ tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
1028} 1080}
1029 1081
1030static int 1082static int
1031tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1083tlsext_ocsp_client_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
1084 CBS *cbs, int *alert)
1032{ 1085{
1033 uint8_t status_type; 1086 uint8_t status_type;
1034 CBS response; 1087 CBS response;
@@ -1148,8 +1201,8 @@ tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
1148} 1201}
1149 1202
1150static int 1203static int
1151tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, 1204tlsext_sessionticket_server_parse(SSL *s, struct tlsext_data *td,
1152 int *alert) 1205 uint16_t msg_type, CBS *cbs, int *alert)
1153{ 1206{
1154 if (s->tls_session_ticket_ext_cb) { 1207 if (s->tls_session_ticket_ext_cb) {
1155 if (!s->tls_session_ticket_ext_cb(s, CBS_data(cbs), 1208 if (!s->tls_session_ticket_ext_cb(s, CBS_data(cbs),
@@ -1185,8 +1238,8 @@ tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
1185} 1238}
1186 1239
1187static int 1240static int
1188tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, 1241tlsext_sessionticket_client_parse(SSL *s, struct tlsext_data *td,
1189 int *alert) 1242 uint16_t msg_type, CBS *cbs, int *alert)
1190{ 1243{
1191 if (s->tls_session_ticket_ext_cb) { 1244 if (s->tls_session_ticket_ext_cb) {
1192 if (!s->tls_session_ticket_ext_cb(s, CBS_data(cbs), 1245 if (!s->tls_session_ticket_ext_cb(s, CBS_data(cbs),
@@ -1257,7 +1310,8 @@ tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
1257} 1310}
1258 1311
1259static int 1312static int
1260tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1313tlsext_srtp_server_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
1314 CBS *cbs, int *alert)
1261{ 1315{
1262 const SRTP_PROTECTION_PROFILE *cprof, *sprof; 1316 const SRTP_PROTECTION_PROFILE *cprof, *sprof;
1263 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL, *srvr; 1317 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL, *srvr;
@@ -1362,7 +1416,8 @@ tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
1362} 1416}
1363 1417
1364static int 1418static int
1365tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1419tlsext_srtp_client_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
1420 CBS *cbs, int *alert)
1366{ 1421{
1367 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; 1422 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
1368 const SRTP_PROTECTION_PROFILE *prof; 1423 const SRTP_PROTECTION_PROFILE *prof;
@@ -1443,7 +1498,8 @@ tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
1443} 1498}
1444 1499
1445static int 1500static int
1446tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1501tlsext_keyshare_server_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
1502 CBS *cbs, int *alert)
1447{ 1503{
1448 CBS client_shares, key_exchange; 1504 CBS client_shares, key_exchange;
1449 int decode_error; 1505 int decode_error;
@@ -1530,7 +1586,8 @@ tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
1530} 1586}
1531 1587
1532static int 1588static int
1533tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1589tlsext_keyshare_client_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
1590 CBS *cbs, int *alert)
1534{ 1591{
1535 CBS key_exchange; 1592 CBS key_exchange;
1536 int decode_error; 1593 int decode_error;
@@ -1605,7 +1662,8 @@ tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
1605} 1662}
1606 1663
1607static int 1664static int
1608tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1665tlsext_versions_server_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
1666 CBS *cbs, int *alert)
1609{ 1667{
1610 CBS versions; 1668 CBS versions;
1611 uint16_t version; 1669 uint16_t version;
@@ -1652,7 +1710,8 @@ tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
1652} 1710}
1653 1711
1654static int 1712static int
1655tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1713tlsext_versions_client_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
1714 CBS *cbs, int *alert)
1656{ 1715{
1657 uint16_t selected_version; 1716 uint16_t selected_version;
1658 1717
@@ -1702,7 +1761,8 @@ tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
1702} 1761}
1703 1762
1704static int 1763static int
1705tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1764tlsext_cookie_server_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
1765 CBS *cbs, int *alert)
1706{ 1766{
1707 CBS cookie; 1767 CBS cookie;
1708 1768
@@ -1759,7 +1819,8 @@ tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
1759} 1819}
1760 1820
1761static int 1821static int
1762tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1822tlsext_cookie_client_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
1823 CBS *cbs, int *alert)
1763{ 1824{
1764 CBS cookie; 1825 CBS cookie;
1765 1826
@@ -1814,8 +1875,8 @@ tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
1814} 1875}
1815 1876
1816static int 1877static int
1817tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, 1878tlsext_psk_kex_modes_server_parse(SSL *s, struct tlsext_data *td,
1818 int *alert) 1879 uint16_t msg_type, CBS *cbs, int *alert)
1819{ 1880{
1820 CBS ke_modes; 1881 CBS ke_modes;
1821 uint8_t ke_mode; 1882 uint8_t ke_mode;
@@ -1848,8 +1909,8 @@ tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
1848} 1909}
1849 1910
1850static int 1911static int
1851tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, 1912tlsext_psk_kex_modes_client_parse(SSL *s, struct tlsext_data *td,
1852 int *alert) 1913 uint16_t msg_type, CBS *cbs, int *alert)
1853{ 1914{
1854 return 0; 1915 return 0;
1855} 1916}
@@ -1871,7 +1932,8 @@ tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
1871} 1932}
1872 1933
1873static int 1934static int
1874tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1935tlsext_psk_client_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
1936 CBS *cbs, int *alert)
1875{ 1937{
1876 return CBS_skip(cbs, CBS_len(cbs)); 1938 return CBS_skip(cbs, CBS_len(cbs));
1877} 1939}
@@ -1889,7 +1951,8 @@ tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
1889} 1951}
1890 1952
1891static int 1953static int
1892tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 1954tlsext_psk_server_parse(SSL *s, struct tlsext_data *td, uint16_t msg_type,
1955 CBS *cbs, int *alert)
1893{ 1956{
1894 return CBS_skip(cbs, CBS_len(cbs)); 1957 return CBS_skip(cbs, CBS_len(cbs));
1895} 1958}
@@ -1916,8 +1979,8 @@ tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
1916} 1979}
1917 1980
1918static int 1981static int
1919tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type, 1982tlsext_quic_transport_parameters_client_parse(SSL *s, struct tlsext_data *td,
1920 CBS *cbs, int *alert) 1983 uint16_t msg_type, CBS *cbs, int *alert)
1921{ 1984{
1922 if (!SSL_is_quic(s)) { 1985 if (!SSL_is_quic(s)) {
1923 *alert = SSL_AD_UNSUPPORTED_EXTENSION; 1986 *alert = SSL_AD_UNSUPPORTED_EXTENSION;
@@ -1951,8 +2014,8 @@ tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
1951} 2014}
1952 2015
1953static int 2016static int
1954tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type, 2017tlsext_quic_transport_parameters_server_parse(SSL *s, struct tlsext_data *td,
1955 CBS *cbs, int *alert) 2018 uint16_t msg_type, CBS *cbs, int *alert)
1956{ 2019{
1957 if (!SSL_is_quic(s)) { 2020 if (!SSL_is_quic(s)) {
1958 *alert = SSL_AD_UNSUPPORTED_EXTENSION; 2021 *alert = SSL_AD_UNSUPPORTED_EXTENSION;
@@ -1971,7 +2034,10 @@ tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
1971struct tls_extension_funcs { 2034struct tls_extension_funcs {
1972 int (*needs)(SSL *s, uint16_t msg_type); 2035 int (*needs)(SSL *s, uint16_t msg_type);
1973 int (*build)(SSL *s, uint16_t msg_type, CBB *cbb); 2036 int (*build)(SSL *s, uint16_t msg_type, CBB *cbb);
1974 int (*parse)(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); 2037 int (*parse)(SSL *s, struct tlsext_data *td, uint16_t msg_type,
2038 CBS *cbs, int *alert);
2039 int (*process)(SSL *s, struct tlsext_data *td, uint16_t msg_type,
2040 int *alert);
1975}; 2041};
1976 2042
1977struct tls_extension { 2043struct tls_extension {
@@ -1981,6 +2047,9 @@ struct tls_extension {
1981 struct tls_extension_funcs server; 2047 struct tls_extension_funcs server;
1982}; 2048};
1983 2049
2050/*
2051 * TLS extensions (in processing order).
2052 */
1984static const struct tls_extension tls_extensions[] = { 2053static const struct tls_extension tls_extensions[] = {
1985 { 2054 {
1986 .type = TLSEXT_TYPE_supported_versions, 2055 .type = TLSEXT_TYPE_supported_versions,
@@ -2118,11 +2187,13 @@ static const struct tls_extension tls_extensions[] = {
2118 .needs = tlsext_alpn_client_needs, 2187 .needs = tlsext_alpn_client_needs,
2119 .build = tlsext_alpn_client_build, 2188 .build = tlsext_alpn_client_build,
2120 .parse = tlsext_alpn_client_parse, 2189 .parse = tlsext_alpn_client_parse,
2190 .process = tlsext_alpn_client_process,
2121 }, 2191 },
2122 .server = { 2192 .server = {
2123 .needs = tlsext_alpn_server_needs, 2193 .needs = tlsext_alpn_server_needs,
2124 .build = tlsext_alpn_server_build, 2194 .build = tlsext_alpn_server_build,
2125 .parse = tlsext_alpn_server_parse, 2195 .parse = tlsext_alpn_server_parse,
2196 .process = tlsext_alpn_server_process,
2126 }, 2197 },
2127 }, 2198 },
2128 { 2199 {
@@ -2382,7 +2453,7 @@ tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs)
2382 return 0; 2453 return 0;
2383 /* 2454 /*
2384 * key_share data may be changed, and pre_shared_key data may 2455 * key_share data may be changed, and pre_shared_key data may
2385 * be changed 2456 * be changed.
2386 */ 2457 */
2387 if (type == TLSEXT_TYPE_pre_shared_key || type == TLSEXT_TYPE_key_share) 2458 if (type == TLSEXT_TYPE_pre_shared_key || type == TLSEXT_TYPE_key_share)
2388 return 1; 2459 return 1;
@@ -2393,7 +2464,8 @@ tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs)
2393} 2464}
2394 2465
2395static int 2466static int
2396tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) 2467tlsext_parse(SSL *s, struct tlsext_data *td, int is_server, uint16_t msg_type,
2468 CBS *cbs, int *alert)
2397{ 2469{
2398 const struct tls_extension_funcs *ext; 2470 const struct tls_extension_funcs *ext;
2399 const struct tls_extension *tlsext; 2471 const struct tls_extension *tlsext;
@@ -2452,7 +2524,7 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert)
2452 s->s3->hs.extensions_seen |= (1 << idx); 2524 s->s3->hs.extensions_seen |= (1 << idx);
2453 2525
2454 ext = tlsext_funcs(tlsext, is_server); 2526 ext = tlsext_funcs(tlsext, is_server);
2455 if (!ext->parse(s, msg_type, &extension_data, &alert_desc)) 2527 if (!ext->parse(s, td, msg_type, &extension_data, &alert_desc))
2456 goto err; 2528 goto err;
2457 2529
2458 if (CBS_len(&extension_data) != 0) 2530 if (CBS_len(&extension_data) != 0)
@@ -2467,6 +2539,37 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert)
2467 return 0; 2539 return 0;
2468} 2540}
2469 2541
2542static int
2543tlsext_process(SSL *s, struct tlsext_data *td, int is_server, uint16_t msg_type,
2544 int *alert)
2545{
2546 const struct tls_extension_funcs *ext;
2547 const struct tls_extension *tlsext;
2548 int alert_desc;
2549 size_t idx;
2550
2551 alert_desc = SSL_AD_DECODE_ERROR;
2552
2553 /* Run processing for present TLS extensions, in a defined order. */
2554 for (idx = 0; idx < N_TLS_EXTENSIONS; idx++) {
2555 tlsext = &tls_extensions[idx];
2556 if ((s->s3->hs.extensions_seen & (1 << idx)) == 0)
2557 continue;
2558 ext = tlsext_funcs(tlsext, is_server);
2559 if (ext->process == NULL)
2560 continue;
2561 if (!ext->process(s, td, msg_type, &alert_desc))
2562 goto err;
2563 }
2564
2565 return 1;
2566
2567 err:
2568 *alert = alert_desc;
2569
2570 return 0;
2571}
2572
2470static void 2573static void
2471tlsext_server_reset_state(SSL *s) 2574tlsext_server_reset_state(SSL *s)
2472{ 2575{
@@ -2487,11 +2590,27 @@ tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
2487int 2590int
2488tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 2591tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
2489{ 2592{
2593 struct tlsext_data *td;
2594 int ret = 0;
2595
2596 if ((td = tlsext_data_new()) == NULL)
2597 goto err;
2598
2490 /* XXX - this should be done by the caller... */ 2599 /* XXX - this should be done by the caller... */
2491 if (msg_type == SSL_TLSEXT_MSG_CH) 2600 if (msg_type == SSL_TLSEXT_MSG_CH)
2492 tlsext_server_reset_state(s); 2601 tlsext_server_reset_state(s);
2493 2602
2494 return tlsext_parse(s, 1, msg_type, cbs, alert); 2603 if (!tlsext_parse(s, td, 1, msg_type, cbs, alert))
2604 goto err;
2605 if (!tlsext_process(s, td, 1, msg_type, alert))
2606 goto err;
2607
2608 ret = 1;
2609
2610 err:
2611 tlsext_data_free(td);
2612
2613 return ret;
2495} 2614}
2496 2615
2497static void 2616static void
@@ -2512,9 +2631,25 @@ tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
2512int 2631int
2513tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) 2632tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
2514{ 2633{
2634 struct tlsext_data *td;
2635 int ret = 0;
2636
2637 if ((td = tlsext_data_new()) == NULL)
2638 goto err;
2639
2515 /* XXX - this should be done by the caller... */ 2640 /* XXX - this should be done by the caller... */
2516 if (msg_type == SSL_TLSEXT_MSG_SH) 2641 if (msg_type == SSL_TLSEXT_MSG_SH)
2517 tlsext_client_reset_state(s); 2642 tlsext_client_reset_state(s);
2518 2643
2519 return tlsext_parse(s, 0, msg_type, cbs, alert); 2644 if (!tlsext_parse(s, td, 0, msg_type, cbs, alert))
2645 goto err;
2646 if (!tlsext_process(s, td, 0, msg_type, alert))
2647 goto err;
2648
2649 ret = 1;
2650
2651 err:
2652 tlsext_data_free(td);
2653
2654 return ret;
2520} 2655}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 07:44:08 +0000