summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/ssl_tlsext.c51
1 files changed, 43 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index b8f4414365..da34a79f7d 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.27 2019/01/18 00:54:42 jsing Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.28 2019/01/18 03:39:27 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1201,6 +1201,7 @@ struct tls_extension_funcs {
1201 1201
1202struct tls_extension { 1202struct tls_extension {
1203 uint16_t type; 1203 uint16_t type;
1204 uint16_t messages;
1204 struct tls_extension_funcs client; 1205 struct tls_extension_funcs client;
1205 struct tls_extension_funcs server; 1206 struct tls_extension_funcs server;
1206}; 1207};
@@ -1208,6 +1209,7 @@ struct tls_extension {
1208static struct tls_extension tls_extensions[] = { 1209static struct tls_extension tls_extensions[] = {
1209 { 1210 {
1210 .type = TLSEXT_TYPE_server_name, 1211 .type = TLSEXT_TYPE_server_name,
1212 .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,
1211 .client = { 1213 .client = {
1212 .needs = tlsext_sni_client_needs, 1214 .needs = tlsext_sni_client_needs,
1213 .build = tlsext_sni_client_build, 1215 .build = tlsext_sni_client_build,
@@ -1221,6 +1223,7 @@ static struct tls_extension tls_extensions[] = {
1221 }, 1223 },
1222 { 1224 {
1223 .type = TLSEXT_TYPE_renegotiate, 1225 .type = TLSEXT_TYPE_renegotiate,
1226 .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
1224 .client = { 1227 .client = {
1225 .needs = tlsext_ri_client_needs, 1228 .needs = tlsext_ri_client_needs,
1226 .build = tlsext_ri_client_build, 1229 .build = tlsext_ri_client_build,
@@ -1234,6 +1237,8 @@ static struct tls_extension tls_extensions[] = {
1234 }, 1237 },
1235 { 1238 {
1236 .type = TLSEXT_TYPE_status_request, 1239 .type = TLSEXT_TYPE_status_request,
1240 .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_CR |
1241 SSL_TLSEXT_MSG_CT,
1237 .client = { 1242 .client = {
1238 .needs = tlsext_ocsp_client_needs, 1243 .needs = tlsext_ocsp_client_needs,
1239 .build = tlsext_ocsp_client_build, 1244 .build = tlsext_ocsp_client_build,
@@ -1247,6 +1252,7 @@ static struct tls_extension tls_extensions[] = {
1247 }, 1252 },
1248 { 1253 {
1249 .type = TLSEXT_TYPE_ec_point_formats, 1254 .type = TLSEXT_TYPE_ec_point_formats,
1255 .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
1250 .client = { 1256 .client = {
1251 .needs = tlsext_ecpf_client_needs, 1257 .needs = tlsext_ecpf_client_needs,
1252 .build = tlsext_ecpf_client_build, 1258 .build = tlsext_ecpf_client_build,
@@ -1260,6 +1266,7 @@ static struct tls_extension tls_extensions[] = {
1260 }, 1266 },
1261 { 1267 {
1262 .type = TLSEXT_TYPE_supported_groups, 1268 .type = TLSEXT_TYPE_supported_groups,
1269 .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,
1263 .client = { 1270 .client = {
1264 .needs = tlsext_supportedgroups_client_needs, 1271 .needs = tlsext_supportedgroups_client_needs,
1265 .build = tlsext_supportedgroups_client_build, 1272 .build = tlsext_supportedgroups_client_build,
@@ -1273,6 +1280,7 @@ static struct tls_extension tls_extensions[] = {
1273 }, 1280 },
1274 { 1281 {
1275 .type = TLSEXT_TYPE_session_ticket, 1282 .type = TLSEXT_TYPE_session_ticket,
1283 .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
1276 .client = { 1284 .client = {
1277 .needs = tlsext_sessionticket_client_needs, 1285 .needs = tlsext_sessionticket_client_needs,
1278 .build = tlsext_sessionticket_client_build, 1286 .build = tlsext_sessionticket_client_build,
@@ -1286,6 +1294,7 @@ static struct tls_extension tls_extensions[] = {
1286 }, 1294 },
1287 { 1295 {
1288 .type = TLSEXT_TYPE_signature_algorithms, 1296 .type = TLSEXT_TYPE_signature_algorithms,
1297 .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_CR,
1289 .client = { 1298 .client = {
1290 .needs = tlsext_sigalgs_client_needs, 1299 .needs = tlsext_sigalgs_client_needs,
1291 .build = tlsext_sigalgs_client_build, 1300 .build = tlsext_sigalgs_client_build,
@@ -1299,6 +1308,7 @@ static struct tls_extension tls_extensions[] = {
1299 }, 1308 },
1300 { 1309 {
1301 .type = TLSEXT_TYPE_application_layer_protocol_negotiation, 1310 .type = TLSEXT_TYPE_application_layer_protocol_negotiation,
1311 .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,
1302 .client = { 1312 .client = {
1303 .needs = tlsext_alpn_client_needs, 1313 .needs = tlsext_alpn_client_needs,
1304 .build = tlsext_alpn_client_build, 1314 .build = tlsext_alpn_client_build,
@@ -1313,6 +1323,7 @@ static struct tls_extension tls_extensions[] = {
1313#ifndef OPENSSL_NO_SRTP 1323#ifndef OPENSSL_NO_SRTP
1314 { 1324 {
1315 .type = TLSEXT_TYPE_use_srtp, 1325 .type = TLSEXT_TYPE_use_srtp,
1326 .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,
1316 .client = { 1327 .client = {
1317 .needs = tlsext_srtp_client_needs, 1328 .needs = tlsext_srtp_client_needs,
1318 .build = tlsext_srtp_client_build, 1329 .build = tlsext_srtp_client_build,
@@ -1357,13 +1368,19 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server)
1357} 1368}
1358 1369
1359static int 1370static int
1360tlsext_build(SSL *s, CBB *cbb, int is_server) 1371tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type)
1361{ 1372{
1362 struct tls_extension_funcs *ext; 1373 struct tls_extension_funcs *ext;
1363 struct tls_extension *tlsext; 1374 struct tls_extension *tlsext;
1364 CBB extensions, extension_data; 1375 CBB extensions, extension_data;
1365 int extensions_present = 0; 1376 int extensions_present = 0;
1366 size_t i; 1377 size_t i;
1378 uint16_t version;
1379
1380 if (is_server)
1381 version = s->version;
1382 else
1383 version = TLS1_get_client_version(s);
1367 1384
1368 if (!CBB_add_u16_length_prefixed(cbb, &extensions)) 1385 if (!CBB_add_u16_length_prefixed(cbb, &extensions))
1369 return 0; 1386 return 0;
@@ -1372,6 +1389,11 @@ tlsext_build(SSL *s, CBB *cbb, int is_server)
1372 tlsext = &tls_extensions[i]; 1389 tlsext = &tls_extensions[i];
1373 ext = tlsext_funcs(tlsext, is_server); 1390 ext = tlsext_funcs(tlsext, is_server);
1374 1391
1392 /* RFC 8446 Section 4.2 */
1393 if (version >= TLS1_3_VERSION &&
1394 !(tlsext->messages & msg_type))
1395 continue;
1396
1375 if (!ext->needs(s)) 1397 if (!ext->needs(s))
1376 continue; 1398 continue;
1377 1399
@@ -1396,7 +1418,7 @@ tlsext_build(SSL *s, CBB *cbb, int is_server)
1396} 1418}
1397 1419
1398static int 1420static int
1399tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server) 1421tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
1400{ 1422{
1401 struct tls_extension_funcs *ext; 1423 struct tls_extension_funcs *ext;
1402 struct tls_extension *tlsext; 1424 struct tls_extension *tlsext;
@@ -1404,6 +1426,12 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server)
1404 uint32_t extensions_seen = 0; 1426 uint32_t extensions_seen = 0;
1405 uint16_t type; 1427 uint16_t type;
1406 size_t idx; 1428 size_t idx;
1429 uint16_t version;
1430
1431 if (is_server)
1432 version = s->version;
1433 else
1434 version = TLS1_get_client_version(s);
1407 1435
1408 /* An empty extensions block is valid. */ 1436 /* An empty extensions block is valid. */
1409 if (CBS_len(cbs) == 0) 1437 if (CBS_len(cbs) == 0)
@@ -1430,6 +1458,13 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server)
1430 if ((tlsext = tls_extension_find(type, &idx)) == NULL) 1458 if ((tlsext = tls_extension_find(type, &idx)) == NULL)
1431 continue; 1459 continue;
1432 1460
1461 /* RFC 8446 Section 4.2 */
1462 if (version >= TLS1_3_VERSION &&
1463 !(tlsext->messages & msg_type)) {
1464 *alert = SSL_AD_ILLEGAL_PARAMETER;
1465 return 0;
1466 }
1467
1433 /* Check for duplicate known extensions. */ 1468 /* Check for duplicate known extensions. */
1434 if ((extensions_seen & (1 << idx)) != 0) 1469 if ((extensions_seen & (1 << idx)) != 0)
1435 return 0; 1470 return 0;
@@ -1460,7 +1495,7 @@ tlsext_client_reset_state(SSL *s)
1460int 1495int
1461tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type) 1496tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type)
1462{ 1497{
1463 return tlsext_build(s, cbb, 0); 1498 return tlsext_build(s, cbb, 0, msg_type);
1464} 1499}
1465 1500
1466int 1501int
@@ -1469,13 +1504,13 @@ tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type)
1469 /* XXX - this possibly should be done by the caller... */ 1504 /* XXX - this possibly should be done by the caller... */
1470 tlsext_client_reset_state(s); 1505 tlsext_client_reset_state(s);
1471 1506
1472 return tlsext_parse(s, cbs, alert, 0); 1507 return tlsext_parse(s, cbs, alert, 0, msg_type);
1473} 1508}
1474 1509
1475static void 1510static void
1476tlsext_server_reset_state(SSL *s) 1511tlsext_server_reset_state(SSL *s)
1477{ 1512{
1478 S3I(s)->renegotiate_seen = 0; 1513 S3I(s)->renegotiate_seen = 0;
1479 free(S3I(s)->alpn_selected); 1514 free(S3I(s)->alpn_selected);
1480 S3I(s)->alpn_selected = NULL; 1515 S3I(s)->alpn_selected = NULL;
1481} 1516}
@@ -1483,7 +1518,7 @@ tlsext_server_reset_state(SSL *s)
1483int 1518int
1484tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type) 1519tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type)
1485{ 1520{
1486 return tlsext_build(s, cbb, 1); 1521 return tlsext_build(s, cbb, 1, msg_type);
1487} 1522}
1488 1523
1489int 1524int
@@ -1492,5 +1527,5 @@ tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type)
1492 /* XXX - this possibly should be done by the caller... */ 1527 /* XXX - this possibly should be done by the caller... */
1493 tlsext_server_reset_state(s); 1528 tlsext_server_reset_state(s);
1494 1529
1495 return tlsext_parse(s, cbs, alert, 1); 1530 return tlsext_parse(s, cbs, alert, 1, msg_type);
1496} 1531}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-29 20:22:40 +0000