1 files changed, 49 insertions, 5 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 3c832aec65..b64fec8edc 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.12 2020/01/23 11:47:13 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.13 2020/01/23 11:57:20 jsing Exp $ */
 /*
 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -181,9 +181,13 @@ static int
 tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
 {
        CBS cipher_suites, client_random, compression_methods, session_id;
+        STACK_OF(SSL_CIPHER) *ciphers = NULL;
+        const SSL_CIPHER *cipher;
        uint16_t legacy_version;
+        uint8_t compression_method;
+        int alert_desc, comp_null;
        SSL *s = ctx->ssl;
-        int alert;
+        int ret = 0;
        if (!CBS_get_u16(cbs, &legacy_version))
                goto err;
@@ -202,13 +206,53 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
                return tls13_use_legacy_server(ctx);
        }
-        if (!tlsext_server_parse(s, cbs, &alert, SSL_TLSEXT_MSG_CH))
+        if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) {
+                ctx->alert = alert_desc;
                goto err;
+        }
+        /*
+         * If we got this far we have a supported versions extension that offers
+         * TLS 1.3 or later. This requires the legacy version be set to 0x0303.
+         */
+        if (legacy_version != TLS1_2_VERSION) {
+                ctx->alert = SSL_AD_PROTOCOL_VERSION;
+                goto err;
+        }
+        /* Parse cipher suites list and select preferred cipher. */
+        if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {
+                ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
+                goto err;
+        }
+        cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));
+        if (cipher == NULL) {
+                tls13_set_errorx(ctx, TLS13_ERR_NO_SHARED_CIPHER, 0,
+                    "no shared cipher found", NULL);
+                ctx->alert = SSL_AD_HANDSHAKE_FAILURE;
+                goto err;
+        }
+        S3I(s)->hs.new_cipher = cipher;
+        /* Ensure they advertise the NULL compression method. */
+        comp_null = 0;
+        while (CBS_len(&compression_methods) > 0) {
+                if (!CBS_get_u8(&compression_methods, &compression_method))
+                        goto err;
+                if (compression_method == 0)
+                        comp_null = 1;
+        }
+        if (!comp_null) {
+                ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
+                goto err;
+        }
-        /* XXX - implement. */
+        ret = 1;
 err:
-        return 0;
+        sk_SSL_CIPHER_free(ciphers);
+        return ret;
 }
 int

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 3c832aec65..b64fec8edc 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.12 2020/01/23 11:47:13 jsing Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.13 2020/01/23 11:57:20 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -181,9 +181,13 @@ static int
181	tls13_client_hello_process(struct tls13_ctx ctx, CBS cbs)	181	tls13_client_hello_process(struct tls13_ctx ctx, CBS cbs)
182	{	182	{
183	CBS cipher_suites, client_random, compression_methods, session_id;	183	CBS cipher_suites, client_random, compression_methods, session_id;
		184	STACK_OF(SSL_CIPHER) *ciphers = NULL;
		185	const SSL_CIPHER *cipher;
184	uint16_t legacy_version;	186	uint16_t legacy_version;
		187	uint8_t compression_method;
		188	int alert_desc, comp_null;
185	SSL *s = ctx->ssl;	189	SSL *s = ctx->ssl;
186	int alert;	190	int ret = 0;
187		191
188	if (!CBS_get_u16(cbs, &legacy_version))	192	if (!CBS_get_u16(cbs, &legacy_version))
189	goto err;	193	goto err;
@@ -202,13 +206,53 @@ tls13_client_hello_process(struct tls13_ctx ctx, CBS cbs)
202	return tls13_use_legacy_server(ctx);	206	return tls13_use_legacy_server(ctx);
203	}	207	}
204		208
205	if (!tlsext_server_parse(s, cbs, &alert, SSL_TLSEXT_MSG_CH))	209	if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) {
		210	ctx->alert = alert_desc;
206	goto err;	211	goto err;
		212	}
		213
		214	/*
		215	* If we got this far we have a supported versions extension that offers
		216	* TLS 1.3 or later. This requires the legacy version be set to 0x0303.
		217	*/
		218	if (legacy_version != TLS1_2_VERSION) {
		219	ctx->alert = SSL_AD_PROTOCOL_VERSION;
		220	goto err;
		221	}
		222
		223	/* Parse cipher suites list and select preferred cipher. */
		224	if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {
		225	ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
		226	goto err;
		227	}
		228	cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));
		229	if (cipher == NULL) {
		230	tls13_set_errorx(ctx, TLS13_ERR_NO_SHARED_CIPHER, 0,
		231	"no shared cipher found", NULL);
		232	ctx->alert = SSL_AD_HANDSHAKE_FAILURE;
		233	goto err;
		234	}
		235	S3I(s)->hs.new_cipher = cipher;
		236
		237	/* Ensure they advertise the NULL compression method. */
		238	comp_null = 0;
		239	while (CBS_len(&compression_methods) > 0) {
		240	if (!CBS_get_u8(&compression_methods, &compression_method))
		241	goto err;
		242	if (compression_method == 0)
		243	comp_null = 1;
		244	}
		245	if (!comp_null) {
		246	ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
		247	goto err;
		248	}
207		249
208	/* XXX - implement. */	250	ret = 1;
209		251
210	err:	252	err:
211	return 0;	253	sk_SSL_CIPHER_free(ciphers);
		254
		255	return ret;
212	}	256	}
213		257
214	int	258	int