diff options
Diffstat (limited to 'src/lib/libssl/ssl_tlsext.c')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 46f30aa47e..58ba11954d 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.58 2020/01/30 17:09:23 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.59 2020/02/01 12:41:58 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -1274,7 +1274,7 @@ tlsext_keyshare_client_build(SSL *s, CBB *cbb) | |||
| 1274 | int | 1274 | int |
| 1275 | tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) | 1275 | tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) |
| 1276 | { | 1276 | { |
| 1277 | CBS client_shares; | 1277 | CBS client_shares, key_exchange; |
| 1278 | uint16_t group; | 1278 | uint16_t group; |
| 1279 | 1279 | ||
| 1280 | if (!CBS_get_u16_length_prefixed(cbs, &client_shares)) | 1280 | if (!CBS_get_u16_length_prefixed(cbs, &client_shares)) |
| @@ -1285,6 +1285,8 @@ tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) | |||
| 1285 | /* Unpack client share. */ | 1285 | /* Unpack client share. */ |
| 1286 | if (!CBS_get_u16(&client_shares, &group)) | 1286 | if (!CBS_get_u16(&client_shares, &group)) |
| 1287 | goto err; | 1287 | goto err; |
| 1288 | if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange)) | ||
| 1289 | return 0; | ||
| 1288 | 1290 | ||
| 1289 | /* | 1291 | /* |
| 1290 | * XXX support other groups later. | 1292 | * XXX support other groups later. |
| @@ -1295,7 +1297,7 @@ tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) | |||
| 1295 | continue; | 1297 | continue; |
| 1296 | 1298 | ||
| 1297 | if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share, | 1299 | if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share, |
| 1298 | group, &client_shares)) | 1300 | group, &key_exchange)) |
| 1299 | goto err; | 1301 | goto err; |
| 1300 | } | 1302 | } |
| 1301 | 1303 | ||
| @@ -1330,16 +1332,19 @@ tlsext_keyshare_server_build(SSL *s, CBB *cbb) | |||
| 1330 | int | 1332 | int |
| 1331 | tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert) | 1333 | tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert) |
| 1332 | { | 1334 | { |
| 1335 | CBS key_exchange; | ||
| 1333 | uint16_t group; | 1336 | uint16_t group; |
| 1334 | 1337 | ||
| 1335 | /* Unpack server share. */ | 1338 | /* Unpack server share. */ |
| 1336 | if (!CBS_get_u16(cbs, &group)) | 1339 | if (!CBS_get_u16(cbs, &group)) |
| 1337 | goto err; | 1340 | goto err; |
| 1341 | if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) | ||
| 1342 | return 0; | ||
| 1338 | 1343 | ||
| 1339 | /* XXX - Handle other groups and verify that they're valid. */ | 1344 | /* XXX - Handle other groups and verify that they're valid. */ |
| 1340 | 1345 | ||
| 1341 | if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share, | 1346 | if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share, |
| 1342 | group, cbs)) | 1347 | group, &key_exchange)) |
| 1343 | goto err; | 1348 | goto err; |
| 1344 | 1349 | ||
| 1345 | return 1; | 1350 | return 1; |