summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/ssl_locl.h5
-rw-r--r--src/lib/libssl/tls13_client.c63
2 files changed, 46 insertions, 22 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index fc2528db16..7f3e8a63a8 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.261 2020/02/05 16:47:34 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.262 2020/02/05 17:30:30 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -457,6 +457,9 @@ typedef struct ssl_handshake_tls13_st {
457 uint16_t max_version; 457 uint16_t max_version;
458 uint16_t version; 458 uint16_t version;
459 459
460 int use_legacy;
461 int hrr;
462
460 /* Version proposed by peer server. */ 463 /* Version proposed by peer server. */
461 uint16_t server_version; 464 uint16_t server_version;
462 465
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 62ed600de3..d9ef85753e 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.41 2020/02/05 17:01:43 jsing Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.42 2020/02/05 17:30:30 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -279,6 +279,7 @@ static int
279tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) 279tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
280{ 280{
281 CBS server_random, session_id; 281 CBS server_random, session_id;
282 uint16_t tlsext_msg_type = SSL_TLSEXT_MSG_SH;
282 uint16_t cipher_suite, legacy_version; 283 uint16_t cipher_suite, legacy_version;
283 uint8_t compression_method; 284 uint8_t compression_method;
284 const SSL_CIPHER *cipher; 285 const SSL_CIPHER *cipher;
@@ -317,13 +318,22 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
317 318
318 if (!CBS_skip(cbs, CBS_len(cbs))) 319 if (!CBS_skip(cbs, CBS_len(cbs)))
319 goto err; 320 goto err;
320 return tls13_use_legacy_client(ctx); 321
322 ctx->hs->use_legacy = 1;
323 return 1;
321 } 324 }
322 325
323 /* From here on in we know we are doing TLSv1.3. */ 326 /* From here on in we know we are doing TLSv1.3. */
324 tls13_record_layer_allow_legacy_alerts(ctx->rl, 0); 327 tls13_record_layer_allow_legacy_alerts(ctx->rl, 0);
325 328
326 if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) { 329 /* See if this is a Hello Retry Request. */
330 if (CBS_mem_equal(&server_random, tls13_hello_retry_request_hash,
331 sizeof(tls13_hello_retry_request_hash))) {
332 tlsext_msg_type = SSL_TLSEXT_MSG_HRR;
333 ctx->hs->hrr = 1;
334 }
335
336 if (!tlsext_client_parse(s, cbs, &alert_desc, tlsext_msg_type)) {
327 ctx->alert = alert_desc; 337 ctx->alert = alert_desc;
328 goto err; 338 goto err;
329 } 339 }
@@ -380,20 +390,17 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
380 goto err; 390 goto err;
381 } 391 }
382 392
383 if (CBS_mem_equal(&server_random, tls13_hello_retry_request_hash,
384 sizeof(tls13_hello_retry_request_hash)))
385 ctx->handshake_stage.hs_type |= WITH_HRR;
386
387 return 1; 393 return 1;
388 394
389 err: 395 err:
390 if (ctx->alert == 0) 396 if (ctx->alert == 0)
391 ctx->alert = TLS1_AD_DECODE_ERROR; 397 ctx->alert = TLS1_AD_DECODE_ERROR;
398
392 return 0; 399 return 0;
393} 400}
394 401
395int 402static int
396tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) 403tls13_client_engage_record_protection(struct tls13_ctx *ctx)
397{ 404{
398 struct tls13_secrets *secrets; 405 struct tls13_secrets *secrets;
399 struct tls13_secret context; 406 struct tls13_secret context;
@@ -404,18 +411,8 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
404 SSL *s = ctx->ssl; 411 SSL *s = ctx->ssl;
405 int ret = 0; 412 int ret = 0;
406 413
407 if (!tls13_server_hello_process(ctx, cbs)) 414 /* Derive the shared key and engage record protection. */
408 goto err;
409
410 /* See if we switched back to the legacy client method. */
411 if (s->method->internal->version < TLS1_3_VERSION)
412 return 1;
413 415
414 /* XXX - handle other key share types. */
415 if (ctx->hs->key_share == NULL) {
416 /* XXX - alert. */
417 goto err;
418 }
419 if (!tls13_key_share_derive(ctx->hs->key_share, &shared_key, 416 if (!tls13_key_share_derive(ctx->hs->key_share, &shared_key,
420 &shared_key_len)) 417 &shared_key_len))
421 goto err; 418 goto err;
@@ -461,7 +458,6 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
461 &secrets->client_handshake_traffic)) 458 &secrets->client_handshake_traffic))
462 goto err; 459 goto err;
463 460
464 ctx->handshake_stage.hs_type |= NEGOTIATED;
465 ret = 1; 461 ret = 1;
466 462
467 err: 463 err:
@@ -471,6 +467,31 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
471} 467}
472 468
473int 469int
470tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
471{
472 /*
473 * We may have received a legacy (pre-TLSv1.3) server hello,
474 * a TLSv1.3 server hello or a TLSv1.3 hello retry request.
475 */
476 if (!tls13_server_hello_process(ctx, cbs))
477 return 0;
478
479 if (ctx->hs->use_legacy)
480 return tls13_use_legacy_client(ctx);
481
482 if (!tls13_client_engage_record_protection(ctx))
483 return 0;
484
485 ctx->handshake_stage.hs_type |= NEGOTIATED;
486 if (ctx->hs->hrr)
487 ctx->handshake_stage.hs_type |= WITH_HRR;
488
489 ctx->hs->hrr = 0;
490
491 return 1;
492}
493
494int
474tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) 495tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
475{ 496{
476 return 0; 497 return 0;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 19:47:10 +0000