summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_tlsext.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_tlsext.c')
-rw-r--r--src/lib/libssl/ssl_tlsext.c34
1 files changed, 32 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index a0e2f7320b..cb2b2cadc7 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.63 2020/04/21 17:06:16 jsing Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.64 2020/05/09 10:51:55 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -222,6 +222,31 @@ tlsext_supportedgroups_server_parse(SSL *s, CBS *cbs, int *alert)
222 uint16_t *groups; 222 uint16_t *groups;
223 int i; 223 int i;
224 224
225 if (SSI(s)->tlsext_supportedgroups != NULL) {
226 /*
227 * We should only end up here in the case of a TLSv1.3
228 * HelloRetryRequest... and the client cannot change
229 * supported groups.
230 */
231 /* XXX - we should know this is a HRR. */
232 if (groups_len != SSI(s)->tlsext_supportedgroups_length) {
233 *alert = SSL_AD_ILLEGAL_PARAMETER;
234 return 0;
235 }
236 for (i = 0; i < groups_len; i++) {
237 uint16_t group;
238
239 if (!CBS_get_u16(&grouplist, &group))
240 goto err;
241 if (SSI(s)->tlsext_supportedgroups[i] != group) {
242 *alert = SSL_AD_ILLEGAL_PARAMETER;
243 return 0;
244 }
245 }
246
247 return 1;
248 }
249
225 if (SSI(s)->tlsext_supportedgroups != NULL) 250 if (SSI(s)->tlsext_supportedgroups != NULL)
226 goto err; 251 goto err;
227 252
@@ -672,7 +697,7 @@ tlsext_sni_server_parse(SSL *s, CBS *cbs, int *alert)
672 return 0; 697 return 0;
673 } 698 }
674 699
675 if (s->internal->hit) { 700 if (s->internal->hit || S3I(s)->hs_tls13.hrr) {
676 if (s->session->tlsext_hostname == NULL) { 701 if (s->session->tlsext_hostname == NULL) {
677 *alert = TLS1_AD_UNRECOGNIZED_NAME; 702 *alert = TLS1_AD_UNRECOGNIZED_NAME;
678 return 0; 703 return 0;
@@ -1333,6 +1358,11 @@ tlsext_keyshare_server_needs(SSL *s)
1333int 1358int
1334tlsext_keyshare_server_build(SSL *s, CBB *cbb) 1359tlsext_keyshare_server_build(SSL *s, CBB *cbb)
1335{ 1360{
1361 /* In the case of a HRR, we only send the server selected group. */
1362 /* XXX - we should know this is a HRR. */
1363 if (S3I(s)->hs_tls13.server_group != 0)
1364 return CBB_add_u16(cbb, S3I(s)->hs_tls13.server_group);
1365
1336 if (S3I(s)->hs_tls13.key_share == NULL) 1366 if (S3I(s)->hs_tls13.key_share == NULL)
1337 return 0; 1367 return 0;
1338 1368