diff options
Diffstat (limited to 'src/lib/libssl/ssl_tlsext.c')
-rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index cf54fc4d2c..f6943c83ae 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_tlsext.c,v 1.74 2020/05/29 17:39:42 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.75 2020/06/06 01:40:09 beck Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
@@ -2059,6 +2059,33 @@ tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type) | |||
2059 | return 1; | 2059 | return 1; |
2060 | } | 2060 | } |
2061 | 2061 | ||
2062 | int | ||
2063 | tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs) | ||
2064 | { | ||
2065 | /* | ||
2066 | * RFC 8446 4.1.2. For subsequent CH, early data will be removed, | ||
2067 | * cookie may be added, padding may be removed. | ||
2068 | */ | ||
2069 | struct tls13_ctx *ctx = s->internal->tls13; | ||
2070 | |||
2071 | if (type == TLSEXT_TYPE_early_data || type == TLSEXT_TYPE_cookie || | ||
2072 | type == TLSEXT_TYPE_padding) | ||
2073 | return 1; | ||
2074 | if (!tls13_clienthello_hash_update_bytes(ctx, (void *)&type, | ||
2075 | sizeof(type))) | ||
2076 | return 0; | ||
2077 | /* | ||
2078 | * key_share data may be changed, and pre_shared_key data may | ||
2079 | * be changed | ||
2080 | */ | ||
2081 | if (type == TLSEXT_TYPE_pre_shared_key || type == TLSEXT_TYPE_key_share) | ||
2082 | return 1; | ||
2083 | if (!tls13_clienthello_hash_update(ctx, cbs)) | ||
2084 | return 0; | ||
2085 | |||
2086 | return 1; | ||
2087 | } | ||
2088 | |||
2062 | static int | 2089 | static int |
2063 | tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) | 2090 | tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) |
2064 | { | 2091 | { |
@@ -2098,6 +2125,13 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) | |||
2098 | CBS_len(&extension_data), | 2125 | CBS_len(&extension_data), |
2099 | s->internal->tlsext_debug_arg); | 2126 | s->internal->tlsext_debug_arg); |
2100 | 2127 | ||
2128 | if (!SSL_IS_DTLS(s) && version >= TLS1_3_VERSION && is_server && | ||
2129 | msg_type == SSL_TLSEXT_MSG_CH) { | ||
2130 | if (!tlsext_clienthello_hash_extension(s, type, | ||
2131 | &extension_data)) | ||
2132 | goto err; | ||
2133 | } | ||
2134 | |||
2101 | /* Unknown extensions are ignored. */ | 2135 | /* Unknown extensions are ignored. */ |
2102 | if ((tlsext = tls_extension_find(type, &idx)) == NULL) | 2136 | if ((tlsext = tls_extension_find(type, &idx)) == NULL) |
2103 | continue; | 2137 | continue; |