summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_client.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
-rw-r--r--src/lib/libssl/tls13_client.c81
1 files changed, 26 insertions, 55 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 3648d09b22..4ec5e58f02 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.27 2020/01/22 11:26:47 beck Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.28 2020/01/22 13:10:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -288,17 +288,17 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
288 if (!CBS_get_u8(cbs, &compression_method)) 288 if (!CBS_get_u8(cbs, &compression_method))
289 goto err; 289 goto err;
290 290
291 if (tls13_server_hello_is_legacy(cbs)) 291 if (tls13_server_hello_is_legacy(cbs)) {
292 if (!CBS_skip(cbs, CBS_len(cbs)))
293 goto err;
292 return tls13_use_legacy_client(ctx); 294 return tls13_use_legacy_client(ctx);
295 }
293 296
294 if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) { 297 if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) {
295 ctx->alert = alert_desc; 298 ctx->alert = alert_desc;
296 goto err; 299 goto err;
297 } 300 }
298 301
299 if (CBS_len(cbs) != 0)
300 goto err;
301
302 /* 302 /*
303 * See if a supported versions extension was returned. If it was then 303 * See if a supported versions extension was returned. If it was then
304 * the legacy version must be set to 0x0303 (RFC 8446 section 4.1.3). 304 * the legacy version must be set to 0x0303 (RFC 8446 section 4.1.3).
@@ -359,7 +359,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
359} 359}
360 360
361int 361int
362tls13_server_hello_recv(struct tls13_ctx *ctx) 362tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
363{ 363{
364 struct tls13_secrets *secrets; 364 struct tls13_secrets *secrets;
365 struct tls13_secret context; 365 struct tls13_secret context;
@@ -368,12 +368,8 @@ tls13_server_hello_recv(struct tls13_ctx *ctx)
368 size_t hash_len; 368 size_t hash_len;
369 SSL *s = ctx->ssl; 369 SSL *s = ctx->ssl;
370 int ret = 0; 370 int ret = 0;
371 CBS cbs;
372
373 if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
374 goto err;
375 371
376 if (!tls13_server_hello_process(ctx, &cbs)) 372 if (!tls13_server_hello_process(ctx, cbs))
377 goto err; 373 goto err;
378 374
379 /* See if we switched back to the legacy client method. */ 375 /* See if we switched back to the legacy client method. */
@@ -440,22 +436,15 @@ tls13_server_hello_recv(struct tls13_ctx *ctx)
440} 436}
441 437
442int 438int
443tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx) 439tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs)
444{ 440{
445 CBS cbs;
446 int alert_desc; 441 int alert_desc;
447 442
448 if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) 443 if (!tlsext_client_parse(ctx->ssl, cbs, &alert_desc, SSL_TLSEXT_MSG_EE)) {
449 goto err;
450
451 if (!tlsext_client_parse(ctx->ssl, &cbs, &alert_desc, SSL_TLSEXT_MSG_EE)) {
452 ctx->alert = alert_desc; 444 ctx->alert = alert_desc;
453 goto err; 445 goto err;
454 } 446 }
455 447
456 if (CBS_len(&cbs) != 0)
457 goto err;
458
459 return 1; 448 return 1;
460 449
461 err: 450 err:
@@ -465,7 +454,7 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx)
465} 454}
466 455
467int 456int
468tls13_server_certificate_request_recv(struct tls13_ctx *ctx) 457tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs)
469{ 458{
470 /* 459 /*
471 * Thanks to poor state design in the RFC, this function can be called 460 * Thanks to poor state design in the RFC, this function can be called
@@ -475,7 +464,7 @@ tls13_server_certificate_request_recv(struct tls13_ctx *ctx)
475 */ 464 */
476 if (tls13_handshake_msg_type(ctx->hs_msg) == TLS13_MT_CERTIFICATE) { 465 if (tls13_handshake_msg_type(ctx->hs_msg) == TLS13_MT_CERTIFICATE) {
477 ctx->handshake_stage.hs_type |= WITHOUT_CR; 466 ctx->handshake_stage.hs_type |= WITHOUT_CR;
478 return tls13_server_certificate_recv(ctx); 467 return tls13_server_certificate_recv(ctx, cbs);
479 } 468 }
480 469
481 /* XXX - unimplemented. */ 470 /* XXX - unimplemented. */
@@ -484,9 +473,9 @@ tls13_server_certificate_request_recv(struct tls13_ctx *ctx)
484} 473}
485 474
486int 475int
487tls13_server_certificate_recv(struct tls13_ctx *ctx) 476tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
488{ 477{
489 CBS cbs, cert_request_context, cert_list, cert_data, cert_exts; 478 CBS cert_request_context, cert_list, cert_data, cert_exts;
490 struct stack_st_X509 *certs = NULL; 479 struct stack_st_X509 *certs = NULL;
491 SSL *s = ctx->ssl; 480 SSL *s = ctx->ssl;
492 X509 *cert = NULL; 481 X509 *cert = NULL;
@@ -498,16 +487,11 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx)
498 if ((certs = sk_X509_new_null()) == NULL) 487 if ((certs = sk_X509_new_null()) == NULL)
499 goto err; 488 goto err;
500 489
501 if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) 490 if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context))
502 goto err;
503
504 if (!CBS_get_u8_length_prefixed(&cbs, &cert_request_context))
505 goto err; 491 goto err;
506 if (CBS_len(&cert_request_context) != 0) 492 if (CBS_len(&cert_request_context) != 0)
507 goto err; 493 goto err;
508 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list)) 494 if (!CBS_get_u24_length_prefixed(cbs, &cert_list))
509 goto err;
510 if (CBS_len(&cbs) != 0)
511 goto err; 495 goto err;
512 496
513 while (CBS_len(&cert_list) > 0) { 497 while (CBS_len(&cert_list) > 0) {
@@ -595,7 +579,7 @@ static uint8_t cert_verify_pad[64] = {
595static uint8_t server_cert_verify_context[] = "TLS 1.3, server CertificateVerify"; 579static uint8_t server_cert_verify_context[] = "TLS 1.3, server CertificateVerify";
596 580
597int 581int
598tls13_server_certificate_verify_recv(struct tls13_ctx *ctx) 582tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
599{ 583{
600 const struct ssl_sigalg *sigalg; 584 const struct ssl_sigalg *sigalg;
601 uint16_t signature_scheme; 585 uint16_t signature_scheme;
@@ -605,20 +589,15 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx)
605 EVP_PKEY_CTX *pctx; 589 EVP_PKEY_CTX *pctx;
606 EVP_PKEY *pkey; 590 EVP_PKEY *pkey;
607 X509 *cert; 591 X509 *cert;
608 CBS cbs, signature; 592 CBS signature;
609 CBB cbb; 593 CBB cbb;
610 int ret = 0; 594 int ret = 0;
611 595
612 memset(&cbb, 0, sizeof(cbb)); 596 memset(&cbb, 0, sizeof(cbb));
613 597
614 if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) 598 if (!CBS_get_u16(cbs, &signature_scheme))
615 goto err;
616
617 if (!CBS_get_u16(&cbs, &signature_scheme))
618 goto err;
619 if (!CBS_get_u16_length_prefixed(&cbs, &signature))
620 goto err; 599 goto err;
621 if (CBS_len(&cbs) != 0) 600 if (!CBS_get_u16_length_prefixed(cbs, &signature))
622 goto err; 601 goto err;
623 602
624 if ((sigalg = ssl_sigalg(signature_scheme, tls13_sigalgs, 603 if ((sigalg = ssl_sigalg(signature_scheme, tls13_sigalgs,
@@ -680,7 +659,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx)
680} 659}
681 660
682int 661int
683tls13_server_finished_recv(struct tls13_ctx *ctx) 662tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
684{ 663{
685 struct tls13_secrets *secrets = ctx->hs->secrets; 664 struct tls13_secrets *secrets = ctx->hs->secrets;
686 struct tls13_secret context = { .data = "", .len = 0 }; 665 struct tls13_secret context = { .data = "", .len = 0 };
@@ -693,10 +672,6 @@ tls13_server_finished_recv(struct tls13_ctx *ctx)
693 HMAC_CTX *hmac_ctx = NULL; 672 HMAC_CTX *hmac_ctx = NULL;
694 unsigned int hlen; 673 unsigned int hlen;
695 int ret = 0; 674 int ret = 0;
696 CBS cbs;
697
698 if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
699 goto err;
700 675
701 /* 676 /*
702 * Verify server finished. 677 * Verify server finished.
@@ -725,11 +700,14 @@ tls13_server_finished_recv(struct tls13_ctx *ctx)
725 if (hlen != verify_data_len) 700 if (hlen != verify_data_len)
726 goto err; 701 goto err;
727 702
728 if (!CBS_mem_equal(&cbs, verify_data, verify_data_len)) { 703 if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) {
729 ctx->alert = TLS1_AD_DECRYPTION_FAILED; 704 ctx->alert = TLS1_AD_DECRYPTION_FAILED;
730 goto err; 705 goto err;
731 } 706 }
732 707
708 if (!CBS_skip(cbs, verify_data_len))
709 goto err;
710
733 /* 711 /*
734 * Derive application traffic keys. 712 * Derive application traffic keys.
735 */ 713 */
@@ -864,9 +842,6 @@ tls13_client_hello_retry_process(struct tls13_ctx *ctx, CBS *cbs)
864 goto err; 842 goto err;
865 } 843 }
866 844
867 if (CBS_len(cbs) != 0)
868 goto err;
869
870 /* XXX for now, just say no, we will not change our hello */ 845 /* XXX for now, just say no, we will not change our hello */
871 ctx->alert = SSL_AD_ILLEGAL_PARAMETER; 846 ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
872 err: 847 err:
@@ -876,15 +851,11 @@ tls13_client_hello_retry_process(struct tls13_ctx *ctx, CBS *cbs)
876} 851}
877 852
878int 853int
879tls13_client_hello_retry_recv(struct tls13_ctx *ctx) 854tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs)
880{ 855{
881 int ret = 0; 856 int ret = 0;
882 CBS cbs;
883
884 if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
885 goto err;
886 857
887 if (!tls13_client_hello_retry_process(ctx, &cbs)) { 858 if (!tls13_client_hello_retry_process(ctx, cbs)) {
888 if (ctx->alert == SSL_AD_ILLEGAL_PARAMETER) 859 if (ctx->alert == SSL_AD_ILLEGAL_PARAMETER)
889 tls13_set_errorx(ctx, TLS13_ERR_HRR_FAILED, 0, 860 tls13_set_errorx(ctx, TLS13_ERR_HRR_FAILED, 0,
890 "Unsatisfiable hello retry request", NULL); 861 "Unsatisfiable hello retry request", NULL);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 23:28:25 +0000