diff options
Diffstat (limited to 'src/lib/libssl/ssl_tlsext.c')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 105 |
1 files changed, 47 insertions, 58 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 91b74b5d3f..f91b790f99 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.49 2019/05/29 17:28:37 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.50 2019/11/15 15:14:02 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -1223,17 +1223,11 @@ tlsext_keyshare_client_needs(SSL *s) | |||
| 1223 | TLS1_3_VERSION); | 1223 | TLS1_3_VERSION); |
| 1224 | } | 1224 | } |
| 1225 | 1225 | ||
| 1226 | int | 1226 | static int |
| 1227 | tlsext_keyshare_client_build(SSL *s, CBB *cbb) | 1227 | tlsext_keyshare_x25519_internal(SSL *s, CBB *cbb) |
| 1228 | { | 1228 | { |
| 1229 | uint8_t *public_key = NULL, *private_key = NULL; | 1229 | uint8_t *public_key = NULL, *private_key = NULL; |
| 1230 | CBB client_shares, key_exchange; | 1230 | CBB key_exchange; |
| 1231 | |||
| 1232 | /* Generate and provide key shares. */ | ||
| 1233 | if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) | ||
| 1234 | return 0; | ||
| 1235 | |||
| 1236 | /* XXX - other groups. */ | ||
| 1237 | 1231 | ||
| 1238 | /* Generate X25519 key pair. */ | 1232 | /* Generate X25519 key pair. */ |
| 1239 | if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) | 1233 | if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) |
| @@ -1243,16 +1237,13 @@ tlsext_keyshare_client_build(SSL *s, CBB *cbb) | |||
| 1243 | X25519_keypair(public_key, private_key); | 1237 | X25519_keypair(public_key, private_key); |
| 1244 | 1238 | ||
| 1245 | /* Add the group and serialize the public key. */ | 1239 | /* Add the group and serialize the public key. */ |
| 1246 | if (!CBB_add_u16(&client_shares, tls1_ec_nid2curve_id(NID_X25519))) | 1240 | if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519))) |
| 1247 | goto err; | 1241 | goto err; |
| 1248 | if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) | 1242 | if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) |
| 1249 | goto err; | 1243 | goto err; |
| 1250 | if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) | 1244 | if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) |
| 1251 | goto err; | 1245 | goto err; |
| 1252 | 1246 | ||
| 1253 | if (!CBB_flush(cbb)) | ||
| 1254 | goto err; | ||
| 1255 | |||
| 1256 | S3I(s)->hs_tls13.x25519_public = public_key; | 1247 | S3I(s)->hs_tls13.x25519_public = public_key; |
| 1257 | S3I(s)->hs_tls13.x25519_private = private_key; | 1248 | S3I(s)->hs_tls13.x25519_private = private_key; |
| 1258 | 1249 | ||
| @@ -1266,6 +1257,32 @@ tlsext_keyshare_client_build(SSL *s, CBB *cbb) | |||
| 1266 | } | 1257 | } |
| 1267 | 1258 | ||
| 1268 | int | 1259 | int |
| 1260 | tlsext_keyshare_client_build(SSL *s, CBB *cbb) | ||
| 1261 | { | ||
| 1262 | CBB client_shares; | ||
| 1263 | |||
| 1264 | /* Generate and provide key shares. */ | ||
| 1265 | if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) | ||
| 1266 | return 0; | ||
| 1267 | |||
| 1268 | /* XXX - other groups. */ | ||
| 1269 | |||
| 1270 | if (!tlsext_keyshare_x25519_internal(s, &client_shares)) | ||
| 1271 | return 0; | ||
| 1272 | |||
| 1273 | if (!CBB_flush(cbb)) | ||
| 1274 | goto err; | ||
| 1275 | |||
| 1276 | return 1; | ||
| 1277 | |||
| 1278 | err: | ||
| 1279 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); | ||
| 1280 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); | ||
| 1281 | |||
| 1282 | return 0; | ||
| 1283 | } | ||
| 1284 | |||
| 1285 | int | ||
| 1269 | tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) | 1286 | tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) |
| 1270 | { | 1287 | { |
| 1271 | CBS client_shares; | 1288 | CBS client_shares; |
| @@ -1324,41 +1341,21 @@ tlsext_keyshare_server_needs(SSL *s) | |||
| 1324 | int | 1341 | int |
| 1325 | tlsext_keyshare_server_build(SSL *s, CBB *cbb) | 1342 | tlsext_keyshare_server_build(SSL *s, CBB *cbb) |
| 1326 | { | 1343 | { |
| 1327 | uint8_t *public_key = NULL, *private_key = NULL; | ||
| 1328 | CBB key_exchange; | ||
| 1329 | |||
| 1330 | /* XXX deduplicate with client code */ | ||
| 1331 | |||
| 1332 | /* X25519 */ | 1344 | /* X25519 */ |
| 1333 | if (S3I(s)->hs_tls13.x25519_peer_public == NULL) | 1345 | if (S3I(s)->hs_tls13.x25519_peer_public == NULL) |
| 1334 | return 0; | 1346 | return 0; |
| 1335 | 1347 | ||
| 1336 | /* Generate X25519 key pair. */ | 1348 | if (!tlsext_keyshare_x25519_internal(s, cbb)) |
| 1337 | if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) | 1349 | return 0; |
| 1338 | goto err; | ||
| 1339 | if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) | ||
| 1340 | goto err; | ||
| 1341 | X25519_keypair(public_key, private_key); | ||
| 1342 | |||
| 1343 | /* Add the group and serialize the public key. */ | ||
| 1344 | if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519))) | ||
| 1345 | goto err; | ||
| 1346 | if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) | ||
| 1347 | goto err; | ||
| 1348 | if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) | ||
| 1349 | goto err; | ||
| 1350 | 1350 | ||
| 1351 | if (!CBB_flush(cbb)) | 1351 | if (!CBB_flush(cbb)) |
| 1352 | goto err; | 1352 | goto err; |
| 1353 | 1353 | ||
| 1354 | S3I(s)->hs_tls13.x25519_public = public_key; | ||
| 1355 | S3I(s)->hs_tls13.x25519_private = private_key; | ||
| 1356 | |||
| 1357 | return 1; | 1354 | return 1; |
| 1358 | 1355 | ||
| 1359 | err: | 1356 | err: |
| 1360 | freezero(public_key, X25519_KEY_LENGTH); | 1357 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); |
| 1361 | freezero(private_key, X25519_KEY_LENGTH); | 1358 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); |
| 1362 | 1359 | ||
| 1363 | return 0; | 1360 | return 0; |
| 1364 | } | 1361 | } |
| @@ -1534,8 +1531,8 @@ tlsext_cookie_client_needs(SSL *s) | |||
| 1534 | S3I(s)->hs_tls13.cookie != NULL); | 1531 | S3I(s)->hs_tls13.cookie != NULL); |
| 1535 | } | 1532 | } |
| 1536 | 1533 | ||
| 1537 | int | 1534 | static int |
| 1538 | tlsext_cookie_client_build(SSL *s, CBB *cbb) | 1535 | tlsext_cookie_build_internal(SSL *s, CBB *cbb) |
| 1539 | { | 1536 | { |
| 1540 | CBB cookie; | 1537 | CBB cookie; |
| 1541 | 1538 | ||
| @@ -1553,6 +1550,12 @@ tlsext_cookie_client_build(SSL *s, CBB *cbb) | |||
| 1553 | } | 1550 | } |
| 1554 | 1551 | ||
| 1555 | int | 1552 | int |
| 1553 | tlsext_cookie_client_build(SSL *s, CBB *cbb) | ||
| 1554 | { | ||
| 1555 | return tlsext_cookie_build_internal(s, cbb); | ||
| 1556 | } | ||
| 1557 | |||
| 1558 | int | ||
| 1556 | tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert) | 1559 | tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert) |
| 1557 | { | 1560 | { |
| 1558 | CBS cookie; | 1561 | CBS cookie; |
| @@ -1599,25 +1602,11 @@ tlsext_cookie_server_needs(SSL *s) | |||
| 1599 | } | 1602 | } |
| 1600 | 1603 | ||
| 1601 | int | 1604 | int |
| 1602 | tlsext_cookie_server_build(SSL *s, CBB *cbb) | 1605 | tlsext_cookie_server_build(SSL *s, CBB *cbb) { |
| 1603 | { | 1606 | return tlsext_cookie_build_internal(s, cbb); |
| 1604 | CBB cookie; | ||
| 1605 | |||
| 1606 | /* XXX deduplicate with client code */ | ||
| 1607 | |||
| 1608 | if (!CBB_add_u16_length_prefixed(cbb, &cookie)) | ||
| 1609 | return 0; | ||
| 1610 | |||
| 1611 | if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie, | ||
| 1612 | S3I(s)->hs_tls13.cookie_len)) | ||
| 1613 | return 0; | ||
| 1614 | |||
| 1615 | if (!CBB_flush(cbb)) | ||
| 1616 | return 0; | ||
| 1617 | |||
| 1618 | return 1; | ||
| 1619 | } | 1607 | } |
| 1620 | 1608 | ||
| 1609 | |||
| 1621 | int | 1610 | int |
| 1622 | tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert) | 1611 | tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert) |
| 1623 | { | 1612 | { |