summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/tls13_internal.h9
-rw-r--r--src/lib/libssl/tls13_lib.c5
-rw-r--r--src/lib/libssl/tls13_server.c54
3 files changed, 58 insertions, 10 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index f11d96f2ea..e9f629f387 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_internal.h,v 1.49 2020/01/23 07:30:55 beck Exp $ */ 1/* $OpenBSD: tls13_internal.h,v 1.50 2020/01/23 11:57:20 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -38,9 +38,10 @@ __BEGIN_HIDDEN_DECLS
38#define TLS13_IO_WANT_POLLOUT -4 38#define TLS13_IO_WANT_POLLOUT -4
39#define TLS13_IO_USE_LEGACY -5 39#define TLS13_IO_USE_LEGACY -5
40 40
41#define TLS13_ERR_VERIFY_FAILED 16 41#define TLS13_ERR_VERIFY_FAILED 16
42#define TLS13_ERR_HRR_FAILED 17 42#define TLS13_ERR_HRR_FAILED 17
43#define TLS13_ERR_TRAILING_DATA 18 43#define TLS13_ERR_TRAILING_DATA 18
44#define TLS13_ERR_NO_SHARED_CIPHER 19
44 45
45typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg); 46typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
46typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *cbs); 47typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *cbs);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 91dd566864..473163ee76 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.25 2020/01/23 10:40:59 jsing Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.26 2020/01/23 11:57:20 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -376,6 +376,9 @@ tls13_legacy_error(SSL *ssl)
376 case TLS13_ERR_TRAILING_DATA: 376 case TLS13_ERR_TRAILING_DATA:
377 reason = SSL_R_EXTRA_DATA_IN_MESSAGE; 377 reason = SSL_R_EXTRA_DATA_IN_MESSAGE;
378 break; 378 break;
379 case TLS13_ERR_NO_SHARED_CIPHER:
380 reason = SSL_R_NO_SHARED_CIPHER;
381 break;
379 } 382 }
380 383
381 ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file, 384 ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 3c832aec65..b64fec8edc 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.12 2020/01/23 11:47:13 jsing Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.13 2020/01/23 11:57:20 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -181,9 +181,13 @@ static int
181tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) 181tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
182{ 182{
183 CBS cipher_suites, client_random, compression_methods, session_id; 183 CBS cipher_suites, client_random, compression_methods, session_id;
184 STACK_OF(SSL_CIPHER) *ciphers = NULL;
185 const SSL_CIPHER *cipher;
184 uint16_t legacy_version; 186 uint16_t legacy_version;
187 uint8_t compression_method;
188 int alert_desc, comp_null;
185 SSL *s = ctx->ssl; 189 SSL *s = ctx->ssl;
186 int alert; 190 int ret = 0;
187 191
188 if (!CBS_get_u16(cbs, &legacy_version)) 192 if (!CBS_get_u16(cbs, &legacy_version))
189 goto err; 193 goto err;
@@ -202,13 +206,53 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
202 return tls13_use_legacy_server(ctx); 206 return tls13_use_legacy_server(ctx);
203 } 207 }
204 208
205 if (!tlsext_server_parse(s, cbs, &alert, SSL_TLSEXT_MSG_CH)) 209 if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) {
210 ctx->alert = alert_desc;
206 goto err; 211 goto err;
212 }
213
214 /*
215 * If we got this far we have a supported versions extension that offers
216 * TLS 1.3 or later. This requires the legacy version be set to 0x0303.
217 */
218 if (legacy_version != TLS1_2_VERSION) {
219 ctx->alert = SSL_AD_PROTOCOL_VERSION;
220 goto err;
221 }
222
223 /* Parse cipher suites list and select preferred cipher. */
224 if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {
225 ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
226 goto err;
227 }
228 cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));
229 if (cipher == NULL) {
230 tls13_set_errorx(ctx, TLS13_ERR_NO_SHARED_CIPHER, 0,
231 "no shared cipher found", NULL);
232 ctx->alert = SSL_AD_HANDSHAKE_FAILURE;
233 goto err;
234 }
235 S3I(s)->hs.new_cipher = cipher;
236
237 /* Ensure they advertise the NULL compression method. */
238 comp_null = 0;
239 while (CBS_len(&compression_methods) > 0) {
240 if (!CBS_get_u8(&compression_methods, &compression_method))
241 goto err;
242 if (compression_method == 0)
243 comp_null = 1;
244 }
245 if (!comp_null) {
246 ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
247 goto err;
248 }
207 249
208 /* XXX - implement. */ 250 ret = 1;
209 251
210 err: 252 err:
211 return 0; 253 sk_SSL_CIPHER_free(ciphers);
254
255 return ret;
212} 256}
213 257
214int 258int
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:36:35 +0000