summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_tlsext.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_tlsext.c')
-rw-r--r--src/lib/libssl/ssl_tlsext.c36
1 files changed, 35 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index cf54fc4d2c..f6943c83ae 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.74 2020/05/29 17:39:42 jsing Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.75 2020/06/06 01:40:09 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2059,6 +2059,33 @@ tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type)
2059 return 1; 2059 return 1;
2060} 2060}
2061 2061
2062int
2063tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs)
2064{
2065 /*
2066 * RFC 8446 4.1.2. For subsequent CH, early data will be removed,
2067 * cookie may be added, padding may be removed.
2068 */
2069 struct tls13_ctx *ctx = s->internal->tls13;
2070
2071 if (type == TLSEXT_TYPE_early_data || type == TLSEXT_TYPE_cookie ||
2072 type == TLSEXT_TYPE_padding)
2073 return 1;
2074 if (!tls13_clienthello_hash_update_bytes(ctx, (void *)&type,
2075 sizeof(type)))
2076 return 0;
2077 /*
2078 * key_share data may be changed, and pre_shared_key data may
2079 * be changed
2080 */
2081 if (type == TLSEXT_TYPE_pre_shared_key || type == TLSEXT_TYPE_key_share)
2082 return 1;
2083 if (!tls13_clienthello_hash_update(ctx, cbs))
2084 return 0;
2085
2086 return 1;
2087}
2088
2062static int 2089static int
2063tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) 2090tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
2064{ 2091{
@@ -2098,6 +2125,13 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
2098 CBS_len(&extension_data), 2125 CBS_len(&extension_data),
2099 s->internal->tlsext_debug_arg); 2126 s->internal->tlsext_debug_arg);
2100 2127
2128 if (!SSL_IS_DTLS(s) && version >= TLS1_3_VERSION && is_server &&
2129 msg_type == SSL_TLSEXT_MSG_CH) {
2130 if (!tlsext_clienthello_hash_extension(s, type,
2131 &extension_data))
2132 goto err;
2133 }
2134
2101 /* Unknown extensions are ignored. */ 2135 /* Unknown extensions are ignored. */
2102 if ((tlsext = tls_extension_find(type, &idx)) == NULL) 2136 if ((tlsext = tls_extension_find(type, &idx)) == NULL)
2103 continue; 2137 continue;