summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/ssl_tlsext.c76
1 files changed, 31 insertions, 45 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index c301b804d2..d802a6e135 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.124 2022/07/20 14:15:50 tb Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.125 2022/07/20 15:16:06 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -245,7 +245,9 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
245 int *alert) 245 int *alert)
246{ 246{
247 CBS grouplist; 247 CBS grouplist;
248 uint16_t *groups;
248 size_t groups_len; 249 size_t groups_len;
250 int i;
249 251
250 if (!CBS_get_u16_length_prefixed(cbs, &grouplist)) 252 if (!CBS_get_u16_length_prefixed(cbs, &grouplist))
251 goto err; 253 goto err;
@@ -257,62 +259,46 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
257 goto err; 259 goto err;
258 groups_len /= 2; 260 groups_len /= 2;
259 261
260 if (!s->internal->hit) { 262 if (s->internal->hit)
261 uint16_t *groups; 263 return 1;
262 int i;
263
264 if (s->s3->hs.tls13.hrr) {
265 if (s->session->tlsext_supportedgroups == NULL) {
266 *alert = SSL_AD_HANDSHAKE_FAILURE;
267 return 0;
268 }
269 /*
270 * In the case of TLSv1.3 the client cannot change
271 * the supported groups.
272 */
273 if (groups_len != s->session->tlsext_supportedgroups_length) {
274 *alert = SSL_AD_ILLEGAL_PARAMETER;
275 return 0;
276 }
277 for (i = 0; i < groups_len; i++) {
278 uint16_t group;
279
280 if (!CBS_get_u16(&grouplist, &group))
281 goto err;
282 if (s->session->tlsext_supportedgroups[i] != group) {
283 *alert = SSL_AD_ILLEGAL_PARAMETER;
284 return 0;
285 }
286 }
287 264
288 return 1; 265 if (s->s3->hs.tls13.hrr) {
266 if (s->session->tlsext_supportedgroups == NULL) {
267 *alert = SSL_AD_HANDSHAKE_FAILURE;
268 return 0;
289 } 269 }
290 270
291 if (s->session->tlsext_supportedgroups != NULL) 271 /*
292 goto err; 272 * The ClientHello extension hashing ensures that the client
273 * did not change its list of supported groups.
274 */
293 275
294 if ((groups = reallocarray(NULL, groups_len, 276 return 1;
295 sizeof(uint16_t))) == NULL) { 277 }
296 *alert = SSL_AD_INTERNAL_ERROR;
297 return 0;
298 }
299 278
300 for (i = 0; i < groups_len; i++) { 279 if (s->session->tlsext_supportedgroups != NULL)
301 if (!CBS_get_u16(&grouplist, &groups[i])) { 280 goto err;
302 free(groups);
303 goto err;
304 }
305 }
306 281
307 if (CBS_len(&grouplist) != 0) { 282 if ((groups = reallocarray(NULL, groups_len, sizeof(uint16_t))) == NULL) {
283 *alert = SSL_AD_INTERNAL_ERROR;
284 return 0;
285 }
286
287 for (i = 0; i < groups_len; i++) {
288 if (!CBS_get_u16(&grouplist, &groups[i])) {
308 free(groups); 289 free(groups);
309 goto err; 290 goto err;
310 } 291 }
292 }
311 293
312 s->session->tlsext_supportedgroups = groups; 294 if (CBS_len(&grouplist) != 0) {
313 s->session->tlsext_supportedgroups_length = groups_len; 295 free(groups);
296 goto err;
314 } 297 }
315 298
299 s->session->tlsext_supportedgroups = groups;
300 s->session->tlsext_supportedgroups_length = groups_len;
301
316 return 1; 302 return 1;
317 303
318 err: 304 err:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 22:55:23 +0000