summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/x509/x509_verify.c4
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c7
-rw-r--r--src/lib/libcrypto/x509/x509_vpm.c4
-rw-r--r--src/lib/libssl/d1_both.c15
-rw-r--r--src/lib/libssl/ssl_both.c4
-rw-r--r--src/lib/libssl/ssl_lib.c15
-rw-r--r--src/lib/libssl/tls13_internal.h16
-rw-r--r--src/lib/libssl/tls13_key_schedule.c24
-rw-r--r--src/lib/libssl/tls13_legacy.c6
-rw-r--r--src/lib/libssl/tls13_lib.c74
-rw-r--r--src/lib/libssl/tls13_record_layer.c5
-rw-r--r--src/lib/libssl/tls13_server.c26
12 files changed, 172 insertions, 28 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index 0c32cd04b7..be70ff8372 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_verify.c,v 1.13 2020/09/26 15:44:06 jsing Exp $ */ 1/* $OpenBSD: x509_verify.c,v 1.13.4.1 2021/02/03 07:06:13 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -81,7 +81,7 @@ x509_verify_chain_dup(struct x509_verify_chain *chain)
81{ 81{
82 struct x509_verify_chain *new_chain; 82 struct x509_verify_chain *new_chain;
83 83
84 if ((new_chain = x509_verify_chain_new()) == NULL) 84 if ((new_chain = calloc(1, sizeof(*chain))) == NULL)
85 goto err; 85 goto err;
86 if ((new_chain->certs = X509_chain_up_ref(chain->certs)) == NULL) 86 if ((new_chain->certs = X509_chain_up_ref(chain->certs)) == NULL)
87 goto err; 87 goto err;
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index fe1431ce49..931adb84bc 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vfy.c,v 1.81 2020/09/26 02:06:28 deraadt Exp $ */ 1/* $OpenBSD: x509_vfy.c,v 1.81.4.1 2021/02/03 07:06:13 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1794,6 +1794,11 @@ x509_vfy_check_policy(X509_STORE_CTX *ctx)
1794 1794
1795 if (ctx->parent) 1795 if (ctx->parent)
1796 return 1; 1796 return 1;
1797
1798 /* X509_policy_check always allocates a new tree. */
1799 X509_policy_tree_free(ctx->tree);
1800 ctx->tree = NULL;
1801
1797 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, 1802 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1798 ctx->param->policies, ctx->param->flags); 1803 ctx->param->policies, ctx->param->flags);
1799 if (ret == 0) { 1804 if (ret == 0) {
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index 448ee20984..d4715228dc 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vpm.c,v 1.22 2020/09/14 08:10:04 beck Exp $ */ 1/* $OpenBSD: x509_vpm.c,v 1.22.4.1 2021/02/03 07:06:13 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004. 3 * project 2004.
4 */ 4 */
@@ -177,7 +177,7 @@ x509_verify_param_zero(X509_VERIFY_PARAM *param)
177 param->trust = 0; 177 param->trust = 0;
178 /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/ 178 /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
179 param->inh_flags = 0; 179 param->inh_flags = 0;
180 param->flags = 0; 180 param->flags = X509_V_FLAG_LEGACY_VERIFY;
181 param->depth = -1; 181 param->depth = -1;
182 if (param->policies) { 182 if (param->policies) {
183 sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); 183 sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 3d2516ce41..92d86da679 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.60 2020/09/26 14:43:17 jsing Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.60.4.1 2021/02/03 07:06:13 tb Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1060,18 +1060,18 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1060 frag->msg_header.frag_len); 1060 frag->msg_header.frag_len);
1061 1061
1062 /* save current state */ 1062 /* save current state */
1063 saved_state.enc_write_ctx = s->internal->enc_write_ctx;
1064 saved_state.write_hash = s->internal->write_hash;
1065 saved_state.session = s->session; 1063 saved_state.session = s->session;
1066 saved_state.epoch = D1I(s)->w_epoch; 1064 saved_state.epoch = D1I(s)->w_epoch;
1067 1065
1068 D1I(s)->retransmitting = 1; 1066 D1I(s)->retransmitting = 1;
1069 1067
1070 /* restore state in which the message was originally sent */ 1068 /* restore state in which the message was originally sent */
1071 s->internal->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1072 s->internal->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1073 s->session = frag->msg_header.saved_retransmit_state.session; 1069 s->session = frag->msg_header.saved_retransmit_state.session;
1074 D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch; 1070 D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1071 if (!tls12_record_layer_set_write_cipher_hash(s->internal->rl,
1072 frag->msg_header.saved_retransmit_state.enc_write_ctx,
1073 frag->msg_header.saved_retransmit_state.write_hash, 0))
1074 return 0;
1075 1075
1076 if (frag->msg_header.saved_retransmit_state.epoch == 1076 if (frag->msg_header.saved_retransmit_state.epoch ==
1077 saved_state.epoch - 1) { 1077 saved_state.epoch - 1) {
@@ -1085,10 +1085,11 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1085 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); 1085 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1086 1086
1087 /* restore current state */ 1087 /* restore current state */
1088 s->internal->enc_write_ctx = saved_state.enc_write_ctx;
1089 s->internal->write_hash = saved_state.write_hash;
1090 s->session = saved_state.session; 1088 s->session = saved_state.session;
1091 D1I(s)->w_epoch = saved_state.epoch; 1089 D1I(s)->w_epoch = saved_state.epoch;
1090 if (!tls12_record_layer_set_write_cipher_hash(s->internal->rl,
1091 s->internal->enc_write_ctx, s->internal->write_hash, 0))
1092 return 0;
1092 1093
1093 if (frag->msg_header.saved_retransmit_state.epoch == 1094 if (frag->msg_header.saved_retransmit_state.epoch ==
1094 saved_state.epoch - 1) { 1095 saved_state.epoch - 1) {
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 5da450b5ce..5b64044e22 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.20 2020/09/24 18:12:00 jsing Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.20.4.1 2021/02/03 07:06:13 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -408,6 +408,8 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk)
408 SSLerror(s, ERR_R_X509_LIB); 408 SSLerror(s, ERR_R_X509_LIB);
409 goto err; 409 goto err;
410 } 410 }
411 X509_VERIFY_PARAM_set_flags(X509_STORE_CTX_get0_param(xs_ctx),
412 X509_V_FLAG_LEGACY_VERIFY);
411 X509_verify_cert(xs_ctx); 413 X509_verify_cert(xs_ctx);
412 ERR_clear_error(); 414 ERR_clear_error();
413 chain = xs_ctx->chain; 415 chain = xs_ctx->chain;
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 6e375e1c09..1cf64d1301 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.234 2020/09/24 18:12:00 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.234.4.1 2021/02/03 07:06:13 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1710,8 +1710,17 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1710 const char *label, size_t llen, const unsigned char *p, size_t plen, 1710 const char *label, size_t llen, const unsigned char *p, size_t plen,
1711 int use_context) 1711 int use_context)
1712{ 1712{
1713 return (tls1_export_keying_material(s, out, olen, 1713 if (s->internal->tls13 != NULL && s->version == TLS1_3_VERSION) {
1714 label, llen, p, plen, use_context)); 1714 if (!use_context) {
1715 p = NULL;
1716 plen = 0;
1717 }
1718 return tls13_exporter(s->internal->tls13, label, llen, p, plen,
1719 out, olen);
1720 }
1721
1722 return (tls1_export_keying_material(s, out, olen, label, llen, p, plen,
1723 use_context));
1715} 1724}
1716 1725
1717static unsigned long 1726static unsigned long
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 03a1a6b4b1..bdb554cbc2 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_internal.h,v 1.86 2020/07/30 16:23:17 tb Exp $ */ 1/* $OpenBSD: tls13_internal.h,v 1.86.4.1 2021/02/03 07:06:14 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -148,6 +148,16 @@ void tls13_secrets_destroy(struct tls13_secrets *secrets);
148int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, 148int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
149 const struct tls13_secret *secret, const char *label, 149 const struct tls13_secret *secret, const char *label,
150 const struct tls13_secret *context); 150 const struct tls13_secret *context);
151int tls13_hkdf_expand_label_with_length(struct tls13_secret *out,
152 const EVP_MD *digest, const struct tls13_secret *secret,
153 const uint8_t *label, size_t label_len, const struct tls13_secret *context);
154
155int tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest,
156 const struct tls13_secret *secret, const char *label,
157 const struct tls13_secret *context);
158int tls13_derive_secret_with_label_length(struct tls13_secret *out,
159 const EVP_MD *digest, const struct tls13_secret *secret,
160 const uint8_t *label, size_t label_len, const struct tls13_secret *context);
151 161
152int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk, 162int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk,
153 size_t psk_len, const struct tls13_secret *context); 163 size_t psk_len, const struct tls13_secret *context);
@@ -412,6 +422,10 @@ int tls13_error_setx(struct tls13_error *error, int code, int subcode,
412 tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \ 422 tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \
413 (fmt), __VA_ARGS__) 423 (fmt), __VA_ARGS__)
414 424
425int tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len,
426 const uint8_t *context_value, size_t context_value_len, uint8_t *out,
427 size_t out_len);
428
415extern const uint8_t tls13_downgrade_12[8]; 429extern const uint8_t tls13_downgrade_12[8];
416extern const uint8_t tls13_downgrade_11[8]; 430extern const uint8_t tls13_downgrade_11[8];
417extern const uint8_t tls13_hello_retry_request_hash[32]; 431extern const uint8_t tls13_hello_retry_request_hash[32];
diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c
index 91f59e46f9..d112351530 100644
--- a/src/lib/libssl/tls13_key_schedule.c
+++ b/src/lib/libssl/tls13_key_schedule.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_key_schedule.c,v 1.8 2019/11/17 21:01:08 beck Exp $ */ 1/* $OpenBSD: tls13_key_schedule.c,v 1.8.6.1 2021/02/03 07:06:14 tb Exp $ */
2/* Copyright (c) 2018, Bob Beck <beck@openbsd.org> 2/* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
3 * 3 *
4 * Permission to use, copy, modify, and/or distribute this software for any 4 * Permission to use, copy, modify, and/or distribute this software for any
@@ -174,6 +174,15 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
174 const struct tls13_secret *secret, const char *label, 174 const struct tls13_secret *secret, const char *label,
175 const struct tls13_secret *context) 175 const struct tls13_secret *context)
176{ 176{
177 return tls13_hkdf_expand_label_with_length(out, digest, secret, label,
178 strlen(label), context);
179}
180
181int
182tls13_hkdf_expand_label_with_length(struct tls13_secret *out,
183 const EVP_MD *digest, const struct tls13_secret *secret,
184 const uint8_t *label, size_t label_len, const struct tls13_secret *context)
185{
177 const char tls13_plabel[] = "tls13 "; 186 const char tls13_plabel[] = "tls13 ";
178 uint8_t *hkdf_label; 187 uint8_t *hkdf_label;
179 size_t hkdf_label_len; 188 size_t hkdf_label_len;
@@ -188,7 +197,7 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
188 goto err; 197 goto err;
189 if (!CBB_add_bytes(&child, tls13_plabel, strlen(tls13_plabel))) 198 if (!CBB_add_bytes(&child, tls13_plabel, strlen(tls13_plabel)))
190 goto err; 199 goto err;
191 if (!CBB_add_bytes(&child, label, strlen(label))) 200 if (!CBB_add_bytes(&child, label, label_len))
192 goto err; 201 goto err;
193 if (!CBB_add_u8_length_prefixed(&cbb, &child)) 202 if (!CBB_add_u8_length_prefixed(&cbb, &child))
194 goto err; 203 goto err;
@@ -207,7 +216,7 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
207 return(0); 216 return(0);
208} 217}
209 218
210static int 219int
211tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, 220tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest,
212 const struct tls13_secret *secret, const char *label, 221 const struct tls13_secret *secret, const char *label,
213 const struct tls13_secret *context) 222 const struct tls13_secret *context)
@@ -216,6 +225,15 @@ tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest,
216} 225}
217 226
218int 227int
228tls13_derive_secret_with_label_length(struct tls13_secret *out,
229 const EVP_MD *digest, const struct tls13_secret *secret, const uint8_t *label,
230 size_t label_len, const struct tls13_secret *context)
231{
232 return tls13_hkdf_expand_label_with_length(out, digest, secret, label,
233 label_len, context);
234}
235
236int
219tls13_derive_early_secrets(struct tls13_secrets *secrets, 237tls13_derive_early_secrets(struct tls13_secrets *secrets,
220 uint8_t *psk, size_t psk_len, const struct tls13_secret *context) 238 uint8_t *psk, size_t psk_len, const struct tls13_secret *context)
221{ 239{
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 317a1cb0f5..468f4edfc4 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_legacy.c,v 1.13 2020/09/13 15:04:35 jsing Exp $ */ 1/* $OpenBSD: tls13_legacy.c,v 1.13.4.1 2021/02/03 07:06:14 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -40,8 +40,6 @@ tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len)
40 if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) { 40 if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) {
41 if (BIO_should_read(ssl->rbio)) 41 if (BIO_should_read(ssl->rbio))
42 return TLS13_IO_WANT_POLLIN; 42 return TLS13_IO_WANT_POLLIN;
43 if (BIO_should_write(ssl->rbio))
44 return TLS13_IO_WANT_POLLOUT;
45 if (n == 0) 43 if (n == 0)
46 return TLS13_IO_EOF; 44 return TLS13_IO_EOF;
47 45
@@ -79,8 +77,6 @@ tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len)
79 errno = 0; 77 errno = 0;
80 78
81 if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) { 79 if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) {
82 if (BIO_should_read(ssl->wbio))
83 return TLS13_IO_WANT_POLLIN;
84 if (BIO_should_write(ssl->wbio)) 80 if (BIO_should_write(ssl->wbio))
85 return TLS13_IO_WANT_POLLOUT; 81 return TLS13_IO_WANT_POLLOUT;
86 82
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 590426ad8a..af3de58f93 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.54 2020/09/11 15:03:36 jsing Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.54.4.1 2021/02/03 07:06:14 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -579,3 +579,75 @@ tls13_clienthello_hash_validate(struct tls13_ctx *ctx)
579 return 1; 579 return 1;
580} 580}
581 581
582int
583tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len,
584 const uint8_t *context_value, size_t context_value_len, uint8_t *out,
585 size_t out_len)
586{
587 struct tls13_secret context, export_out, export_secret;
588 struct tls13_secrets *secrets = ctx->hs->secrets;
589 EVP_MD_CTX *md_ctx = NULL;
590 unsigned int md_out_len;
591 int md_len;
592 int ret = 0;
593
594 /*
595 * RFC 8446 Section 7.5.
596 */
597
598 memset(&context, 0, sizeof(context));
599 memset(&export_secret, 0, sizeof(export_secret));
600
601 export_out.data = out;
602 export_out.len = out_len;
603
604 if (!ctx->handshake_completed)
605 return 0;
606
607 md_len = EVP_MD_size(secrets->digest);
608 if (md_len <= 0 || md_len > EVP_MAX_MD_SIZE)
609 goto err;
610
611 if ((export_secret.data = calloc(1, md_len)) == NULL)
612 goto err;
613 export_secret.len = md_len;
614
615 if ((context.data = calloc(1, md_len)) == NULL)
616 goto err;
617 context.len = md_len;
618
619 /* In TLSv1.3 no context is equivalent to an empty context. */
620 if (context_value == NULL) {
621 context_value = "";
622 context_value_len = 0;
623 }
624
625 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
626 goto err;
627 if (!EVP_DigestInit_ex(md_ctx, secrets->digest, NULL))
628 goto err;
629 if (!EVP_DigestUpdate(md_ctx, context_value, context_value_len))
630 goto err;
631 if (!EVP_DigestFinal_ex(md_ctx, context.data, &md_out_len))
632 goto err;
633 if (md_len != md_out_len)
634 goto err;
635
636 if (!tls13_derive_secret_with_label_length(&export_secret,
637 secrets->digest, &secrets->exporter_master, label, label_len,
638 &secrets->empty_hash))
639 goto err;
640
641 if (!tls13_hkdf_expand_label(&export_out, secrets->digest,
642 &export_secret, "exporter", &context))
643 goto err;
644
645 ret = 1;
646
647 err:
648 EVP_MD_CTX_free(md_ctx);
649 freezero(context.data, context.len);
650 freezero(export_secret.data, export_secret.len);
651
652 return ret;
653}
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 1d75d9e5a4..6e1548ea14 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_record_layer.c,v 1.53 2020/09/11 15:03:36 jsing Exp $ */ 1/* $OpenBSD: tls13_record_layer.c,v 1.53.4.1 2021/02/03 07:06:14 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -135,6 +135,9 @@ tls13_record_layer_free(struct tls13_record_layer *rl)
135 if (rl == NULL) 135 if (rl == NULL)
136 return; 136 return;
137 137
138 freezero(rl->alert_data, rl->alert_len);
139 freezero(rl->phh_data, rl->phh_len);
140
138 tls13_record_layer_rbuf_free(rl); 141 tls13_record_layer_rbuf_free(rl);
139 142
140 tls13_record_layer_rrec_free(rl); 143 tls13_record_layer_rrec_free(rl);
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index a5c03b610c..f9b557d2ac 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.61 2020/07/03 04:12:51 tb Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.61.4.1 2021/02/03 07:06:14 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -611,6 +611,7 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
611 SSL *s = ctx->ssl; 611 SSL *s = ctx->ssl;
612 CBB cert_request_context, cert_list; 612 CBB cert_request_context, cert_list;
613 const struct ssl_sigalg *sigalg; 613 const struct ssl_sigalg *sigalg;
614 X509_STORE_CTX *xsc = NULL;
614 STACK_OF(X509) *chain; 615 STACK_OF(X509) *chain;
615 CERT_PKEY *cpk; 616 CERT_PKEY *cpk;
616 X509 *cert; 617 X509 *cert;
@@ -633,6 +634,18 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
633 if ((chain = cpk->chain) == NULL) 634 if ((chain = cpk->chain) == NULL)
634 chain = s->ctx->extra_certs; 635 chain = s->ctx->extra_certs;
635 636
637 if (chain == NULL && !(s->internal->mode & SSL_MODE_NO_AUTO_CHAIN)) {
638 if ((xsc = X509_STORE_CTX_new()) == NULL)
639 goto err;
640 if (!X509_STORE_CTX_init(xsc, s->ctx->cert_store, cpk->x509, NULL))
641 goto err;
642 X509_VERIFY_PARAM_set_flags(X509_STORE_CTX_get0_param(xsc),
643 X509_V_FLAG_LEGACY_VERIFY);
644 X509_verify_cert(xsc);
645 ERR_clear_error();
646 chain = xsc->chain;
647 }
648
636 if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context)) 649 if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context))
637 goto err; 650 goto err;
638 if (!CBB_add_u24_length_prefixed(cbb, &cert_list)) 651 if (!CBB_add_u24_length_prefixed(cbb, &cert_list))
@@ -643,6 +656,15 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
643 656
644 for (i = 0; i < sk_X509_num(chain); i++) { 657 for (i = 0; i < sk_X509_num(chain); i++) {
645 cert = sk_X509_value(chain, i); 658 cert = sk_X509_value(chain, i);
659
660 /*
661 * In the case of auto chain, the leaf certificate will be at
662 * the top of the chain - skip over it as we've already added
663 * it earlier.
664 */
665 if (i == 0 && cert == cpk->x509)
666 continue;
667
646 /* 668 /*
647 * XXX we don't send extensions with chain certs to avoid sending 669 * XXX we don't send extensions with chain certs to avoid sending
648 * a leaf ocsp stape with the chain certs. This needs to get 670 * a leaf ocsp stape with the chain certs. This needs to get
@@ -658,6 +680,8 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
658 ret = 1; 680 ret = 1;
659 681
660 err: 682 err:
683 X509_STORE_CTX_free(xsc);
684
661 return ret; 685 return ret;
662} 686}
663 687
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 15:39:02 +0000