summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/ssl_tlsext.c64
1 files changed, 16 insertions, 48 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index a7c8f2d61d..6063991306 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.120 2022/07/17 14:41:27 jsing Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.121 2022/07/17 14:54:10 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1950,32 +1950,23 @@ tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1950} 1950}
1951 1951
1952/* 1952/*
1953 * QUIC transport parameters extension. 1953 * QUIC transport parameters extension - RFC 9001 section 8.2.
1954 */ 1954 */
1955 1955
1956int 1956int
1957tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type) 1957tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)
1958{ 1958{
1959 return (s->internal->quic_transport_params_len > 0 && 1959 return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;
1960 s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
1961} 1960}
1962 1961
1963int 1962int
1964tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type, 1963tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
1965 CBB *cbb) 1964 CBB *cbb)
1966{ 1965{
1967 CBB contents; 1966 if (!CBB_add_bytes(cbb, s->internal->quic_transport_params,
1968
1969 if (!CBB_add_u16_length_prefixed(cbb, &contents))
1970 return 0;
1971
1972 if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
1973 s->internal->quic_transport_params_len)) 1967 s->internal->quic_transport_params_len))
1974 return 0; 1968 return 0;
1975 1969
1976 if (!CBB_flush(cbb))
1977 return 0;
1978
1979 return 1; 1970 return 1;
1980} 1971}
1981 1972
@@ -1983,20 +1974,16 @@ int
1983tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type, 1974tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
1984 CBS *cbs, int *alert) 1975 CBS *cbs, int *alert)
1985{ 1976{
1986 CBS transport_data; 1977 if (!SSL_is_quic(s)) {
1987
1988 /* QUIC requires TLS 1.3. */
1989 if (ssl_effective_tls_version(s) < TLS1_3_VERSION) {
1990 *alert = SSL_AD_UNSUPPORTED_EXTENSION; 1978 *alert = SSL_AD_UNSUPPORTED_EXTENSION;
1991 return 0; 1979 return 0;
1992 } 1980 }
1993 1981
1994 if (!CBS_get_u16_length_prefixed(cbs, &transport_data)) 1982 if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params,
1995 return 0;
1996
1997 if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
1998 &s->s3->peer_quic_transport_params_len)) 1983 &s->s3->peer_quic_transport_params_len))
1999 return 0; 1984 return 0;
1985 if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len))
1986 return 0;
2000 1987
2001 return 1; 1988 return 1;
2002} 1989}
@@ -2004,25 +1991,17 @@ tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
2004int 1991int
2005tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type) 1992tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)
2006{ 1993{
2007 return s->internal->quic_transport_params_len > 0; 1994 return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;
2008} 1995}
2009 1996
2010int 1997int
2011tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type, 1998tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
2012 CBB *cbb) 1999 CBB *cbb)
2013{ 2000{
2014 CBB contents; 2001 if (!CBB_add_bytes(cbb, s->internal->quic_transport_params,
2015
2016 if (!CBB_add_u16_length_prefixed(cbb, &contents))
2017 return 0;
2018
2019 if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
2020 s->internal->quic_transport_params_len)) 2002 s->internal->quic_transport_params_len))
2021 return 0; 2003 return 0;
2022 2004
2023 if (!CBB_flush(cbb))
2024 return 0;
2025
2026 return 1; 2005 return 1;
2027} 2006}
2028 2007
@@ -2030,27 +2009,16 @@ int
2030tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type, 2009tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
2031 CBS *cbs, int *alert) 2010 CBS *cbs, int *alert)
2032{ 2011{
2033 CBS transport_data; 2012 if (!SSL_is_quic(s)) {
2034 2013 *alert = SSL_AD_UNSUPPORTED_EXTENSION;
2035 /*
2036 * Ignore this extension if we don't have configured quic transport data
2037 * or if we are not TLS 1.3.
2038 */
2039 if (s->internal->quic_transport_params_len == 0 ||
2040 ssl_effective_tls_version(s) < TLS1_3_VERSION) {
2041 if (!CBS_skip(cbs, CBS_len(cbs))) {
2042 *alert = SSL_AD_INTERNAL_ERROR;
2043 return 0;
2044 }
2045 return 1;
2046 }
2047
2048 if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
2049 return 0; 2014 return 0;
2015 }
2050 2016
2051 if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params, 2017 if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params,
2052 &s->s3->peer_quic_transport_params_len)) 2018 &s->s3->peer_quic_transport_params_len))
2053 return 0; 2019 return 0;
2020 if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len))
2021 return 0;
2054 2022
2055 return 1; 2023 return 1;
2056} 2024}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 14:30:59 +0000