summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/tls13_server.c')
-rw-r--r--src/lib/libssl/tls13_server.c137
1 files changed, 135 insertions, 2 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 90a339dc61..ee7b92b9a3 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.6 2020/01/22 13:10:51 jsing Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.7 2020/01/22 15:47:22 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -16,6 +16,7 @@
16 */ 16 */
17 17
18#include "ssl_locl.h" 18#include "ssl_locl.h"
19#include "ssl_tlsext.h"
19 20
20#include "tls13_handshake.h" 21#include "tls13_handshake.h"
21#include "tls13_internal.h" 22#include "tls13_internal.h"
@@ -40,7 +41,8 @@ tls13_server_init(struct tls13_ctx *ctx)
40 return 0; 41 return 0;
41 } 42 }
42 43
43 /* XXX implement. */ 44 if (!tls1_transcript_init(s))
45 return 0;
44 46
45 return 1; 47 return 1;
46} 48}
@@ -79,10 +81,141 @@ tls13_legacy_accept(SSL *ssl)
79} 81}
80 82
81int 83int
84tls13_use_legacy_server(struct tls13_ctx *ctx)
85{
86 SSL *s = ctx->ssl;
87 CBS cbs;
88
89 s->method = tls_legacy_server_method();
90 s->client_version = s->version = s->method->internal->max_version;
91 s->server = 1;
92
93 if (!ssl3_setup_init_buffer(s))
94 goto err;
95 if (!ssl3_setup_buffers(s))
96 goto err;
97 if (!ssl_init_wbio_buffer(s, 0))
98 goto err;
99
100 if (s->bbio != s->wbio)
101 s->wbio = BIO_push(s->bbio, s->wbio);
102
103 /* Stash any unprocessed data from the last record. */
104 tls13_record_layer_rbuf(ctx->rl, &cbs);
105 if (CBS_len(&cbs) > 0) {
106 if (!CBS_write_bytes(&cbs,
107 S3I(s)->rbuf.buf + SSL3_RT_HEADER_LENGTH,
108 S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH, NULL))
109 goto err;
110
111 S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH;
112 S3I(s)->rbuf.left = CBS_len(&cbs);
113 S3I(s)->rrec.type = SSL3_RT_HANDSHAKE;
114 S3I(s)->rrec.length = CBS_len(&cbs);
115 s->internal->rstate = SSL_ST_READ_BODY;
116 s->internal->packet = S3I(s)->rbuf.buf;
117 s->internal->packet_length = SSL3_RT_HEADER_LENGTH;
118 s->internal->mac_packet = 1;
119 }
120
121 /* Stash the current handshake message. */
122 tls13_handshake_msg_data(ctx->hs_msg, &cbs);
123 if (!CBS_write_bytes(&cbs, s->internal->init_buf->data,
124 s->internal->init_buf->length, NULL))
125 goto err;
126
127 S3I(s)->tmp.reuse_message = 1;
128 S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg);
129 S3I(s)->tmp.message_size = CBS_len(&cbs);
130
131 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
132
133 return 1;
134
135 err:
136 return 0;
137}
138
139static int
140tls13_client_hello_is_legacy(CBS *cbs)
141{
142 CBS extensions_block, extensions, extension_data;
143 uint16_t selected_version = 0;
144 uint16_t type;
145
146 CBS_dup(cbs, &extensions_block);
147
148 if (!CBS_get_u16_length_prefixed(&extensions_block, &extensions))
149 return 1;
150
151 while (CBS_len(&extensions) > 0) {
152 if (!CBS_get_u16(&extensions, &type))
153 return 1;
154 if (!CBS_get_u16_length_prefixed(&extensions, &extension_data))
155 return 1;
156
157 if (type != TLSEXT_TYPE_supported_versions)
158 continue;
159 if (!CBS_get_u16(&extension_data, &selected_version))
160 return 1;
161 if (CBS_len(&extension_data) != 0)
162 return 1;
163 }
164
165 return (selected_version < TLS1_3_VERSION);
166}
167
168static int
169tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
170{
171 CBS cipher_suites, client_random, compression_methods, session_id;
172 uint16_t legacy_version;
173 SSL *s = ctx->ssl;
174 int alert;
175
176 if (!CBS_get_u16(cbs, &legacy_version))
177 goto err;
178 if (!CBS_get_bytes(cbs, &client_random, SSL3_RANDOM_SIZE))
179 goto err;
180 if (!CBS_get_u8_length_prefixed(cbs, &session_id))
181 goto err;
182 if (!CBS_get_u8_length_prefixed(cbs, &cipher_suites))
183 goto err;
184 if (!CBS_get_u8_length_prefixed(cbs, &compression_methods))
185 goto err;
186
187 if (tls13_client_hello_is_legacy(cbs)) {
188 if (!CBS_skip(cbs, CBS_len(cbs)))
189 goto err;
190 return tls13_use_legacy_server(ctx);
191 }
192
193 if (!tlsext_server_parse(s, cbs, &alert, SSL_TLSEXT_MSG_CH))
194 goto err;
195
196 /* XXX - implement. */
197
198 err:
199 return 0;
200}
201
202int
82tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) 203tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
83{ 204{
205 SSL *s = ctx->ssl;
206
207 if (!tls13_client_hello_process(ctx, cbs))
208 goto err;
209
210 /* See if we switched back to the legacy client method. */
211 if (s->method->internal->version < TLS1_3_VERSION)
212 return 1;
213
84 tls13_record_layer_allow_ccs(ctx->rl, 1); 214 tls13_record_layer_allow_ccs(ctx->rl, 1);
85 215
216 return 1;
217
218 err:
86 return 0; 219 return 0;
87} 220}
88 221