diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_tlsext.c | 35 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_tlsext.h | 15 |
2 files changed, 38 insertions, 12 deletions
diff --git a/src/lib/libssl/tls13_tlsext.c b/src/lib/libssl/tls13_tlsext.c index 4d44301bca..394933674d 100644 --- a/src/lib/libssl/tls13_tlsext.c +++ b/src/lib/libssl/tls13_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_tlsext.c,v 1.1 2019/01/17 00:56:57 beck Exp $ */ | 1 | /* $OpenBSD: tls13_tlsext.c,v 1.2 2019/01/17 02:55:48 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -21,7 +21,7 @@ | |||
| 21 | #include "ssl_locl.h" | 21 | #include "ssl_locl.h" |
| 22 | 22 | ||
| 23 | #include "bytestring.h" | 23 | #include "bytestring.h" |
| 24 | #include "ssl_tlsext.h" | 24 | #include "tls13_tlsext.h" |
| 25 | #include "ssl_sigalgs.h" | 25 | #include "ssl_sigalgs.h" |
| 26 | 26 | ||
| 27 | /* | 27 | /* |
| @@ -1202,6 +1202,7 @@ struct tls_extension_funcs { | |||
| 1202 | 1202 | ||
| 1203 | struct tls_extension { | 1203 | struct tls_extension { |
| 1204 | uint16_t type; | 1204 | uint16_t type; |
| 1205 | uint16_t messages; | ||
| 1205 | struct tls_extension_funcs clienthello; | 1206 | struct tls_extension_funcs clienthello; |
| 1206 | struct tls_extension_funcs serverhello; | 1207 | struct tls_extension_funcs serverhello; |
| 1207 | }; | 1208 | }; |
| @@ -1209,6 +1210,7 @@ struct tls_extension { | |||
| 1209 | static struct tls_extension tls_extensions[] = { | 1210 | static struct tls_extension tls_extensions[] = { |
| 1210 | { | 1211 | { |
| 1211 | .type = TLSEXT_TYPE_server_name, | 1212 | .type = TLSEXT_TYPE_server_name, |
| 1213 | .messages = TLS13_TLSEXT_MSG_CH | TLS13_TLSEXT_MSG_EE, | ||
| 1212 | .clienthello = { | 1214 | .clienthello = { |
| 1213 | .needs = tls13_tlsext_sni_clienthello_needs, | 1215 | .needs = tls13_tlsext_sni_clienthello_needs, |
| 1214 | .build = tls13_tlsext_sni_clienthello_build, | 1216 | .build = tls13_tlsext_sni_clienthello_build, |
| @@ -1222,6 +1224,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1222 | }, | 1224 | }, |
| 1223 | { | 1225 | { |
| 1224 | .type = TLSEXT_TYPE_renegotiate, | 1226 | .type = TLSEXT_TYPE_renegotiate, |
| 1227 | .messages = TLS13_TLSEXT_MSG_CH | TLS13_TLSEXT_MSG_SH, | ||
| 1225 | .clienthello = { | 1228 | .clienthello = { |
| 1226 | .needs = tls13_tlsext_ri_clienthello_needs, | 1229 | .needs = tls13_tlsext_ri_clienthello_needs, |
| 1227 | .build = tls13_tlsext_ri_clienthello_build, | 1230 | .build = tls13_tlsext_ri_clienthello_build, |
| @@ -1235,6 +1238,8 @@ static struct tls_extension tls_extensions[] = { | |||
| 1235 | }, | 1238 | }, |
| 1236 | { | 1239 | { |
| 1237 | .type = TLSEXT_TYPE_status_request, | 1240 | .type = TLSEXT_TYPE_status_request, |
| 1241 | .messages = TLS13_TLSEXT_MSG_CH | TLS13_TLSEXT_MSG_CR | | ||
| 1242 | TLS13_TLSEXT_MSG_CT, | ||
| 1238 | .clienthello = { | 1243 | .clienthello = { |
| 1239 | .needs = tls13_tlsext_ocsp_clienthello_needs, | 1244 | .needs = tls13_tlsext_ocsp_clienthello_needs, |
| 1240 | .build = tls13_tlsext_ocsp_clienthello_build, | 1245 | .build = tls13_tlsext_ocsp_clienthello_build, |
| @@ -1248,6 +1253,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1248 | }, | 1253 | }, |
| 1249 | { | 1254 | { |
| 1250 | .type = TLSEXT_TYPE_ec_point_formats, | 1255 | .type = TLSEXT_TYPE_ec_point_formats, |
| 1256 | .messages = TLS13_TLSEXT_MSG_CH | TLS13_TLSEXT_MSG_SH, | ||
| 1251 | .clienthello = { | 1257 | .clienthello = { |
| 1252 | .needs = tls13_tlsext_ecpf_clienthello_needs, | 1258 | .needs = tls13_tlsext_ecpf_clienthello_needs, |
| 1253 | .build = tls13_tlsext_ecpf_clienthello_build, | 1259 | .build = tls13_tlsext_ecpf_clienthello_build, |
| @@ -1261,6 +1267,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1261 | }, | 1267 | }, |
| 1262 | { | 1268 | { |
| 1263 | .type = TLSEXT_TYPE_supported_groups, | 1269 | .type = TLSEXT_TYPE_supported_groups, |
| 1270 | .messages = TLS13_TLSEXT_MSG_CH | TLS13_TLSEXT_MSG_EE, | ||
| 1264 | .clienthello = { | 1271 | .clienthello = { |
| 1265 | .needs = tls13_tlsext_supportedgroups_clienthello_needs, | 1272 | .needs = tls13_tlsext_supportedgroups_clienthello_needs, |
| 1266 | .build = tls13_tlsext_supportedgroups_clienthello_build, | 1273 | .build = tls13_tlsext_supportedgroups_clienthello_build, |
| @@ -1274,6 +1281,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1274 | }, | 1281 | }, |
| 1275 | { | 1282 | { |
| 1276 | .type = TLSEXT_TYPE_session_ticket, | 1283 | .type = TLSEXT_TYPE_session_ticket, |
| 1284 | .messages = TLS13_TLSEXT_MSG_CH | TLS13_TLSEXT_MSG_SH, | ||
| 1277 | .clienthello = { | 1285 | .clienthello = { |
| 1278 | .needs = tls13_tlsext_sessionticket_clienthello_needs, | 1286 | .needs = tls13_tlsext_sessionticket_clienthello_needs, |
| 1279 | .build = tls13_tlsext_sessionticket_clienthello_build, | 1287 | .build = tls13_tlsext_sessionticket_clienthello_build, |
| @@ -1287,6 +1295,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1287 | }, | 1295 | }, |
| 1288 | { | 1296 | { |
| 1289 | .type = TLSEXT_TYPE_signature_algorithms, | 1297 | .type = TLSEXT_TYPE_signature_algorithms, |
| 1298 | .messages = TLS13_TLSEXT_MSG_CH | TLS13_TLSEXT_MSG_CR, | ||
| 1290 | .clienthello = { | 1299 | .clienthello = { |
| 1291 | .needs = tls13_tlsext_sigalgs_clienthello_needs, | 1300 | .needs = tls13_tlsext_sigalgs_clienthello_needs, |
| 1292 | .build = tls13_tlsext_sigalgs_clienthello_build, | 1301 | .build = tls13_tlsext_sigalgs_clienthello_build, |
| @@ -1300,6 +1309,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1300 | }, | 1309 | }, |
| 1301 | { | 1310 | { |
| 1302 | .type = TLSEXT_TYPE_application_layer_protocol_negotiation, | 1311 | .type = TLSEXT_TYPE_application_layer_protocol_negotiation, |
| 1312 | .messages = TLS13_TLSEXT_MSG_CH | TLS13_TLSEXT_MSG_EE, | ||
| 1303 | .clienthello = { | 1313 | .clienthello = { |
| 1304 | .needs = tls13_tlsext_alpn_clienthello_needs, | 1314 | .needs = tls13_tlsext_alpn_clienthello_needs, |
| 1305 | .build = tls13_tlsext_alpn_clienthello_build, | 1315 | .build = tls13_tlsext_alpn_clienthello_build, |
| @@ -1314,6 +1324,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1314 | #ifndef OPENSSL_NO_SRTP | 1324 | #ifndef OPENSSL_NO_SRTP |
| 1315 | { | 1325 | { |
| 1316 | .type = TLSEXT_TYPE_use_srtp, | 1326 | .type = TLSEXT_TYPE_use_srtp, |
| 1327 | .messages = TLS13_TLSEXT_MSG_CH | TLS13_TLSEXT_MSG_SH, | ||
| 1317 | .clienthello = { | 1328 | .clienthello = { |
| 1318 | .needs = tls13_tlsext_srtp_clienthello_needs, | 1329 | .needs = tls13_tlsext_srtp_clienthello_needs, |
| 1319 | .build = tls13_tlsext_srtp_clienthello_build, | 1330 | .build = tls13_tlsext_srtp_clienthello_build, |
| @@ -1354,7 +1365,7 @@ tls13_tlsext_funcs(struct tls_extension *tlsext, int is_serverhello) | |||
| 1354 | if (is_serverhello) | 1365 | if (is_serverhello) |
| 1355 | return &tlsext->serverhello; | 1366 | return &tlsext->serverhello; |
| 1356 | 1367 | ||
| 1357 | return &tlsext->clienthello; | 1368 | return &tlsext->clienthello; |
| 1358 | } | 1369 | } |
| 1359 | 1370 | ||
| 1360 | static int | 1371 | static int |
| @@ -1397,7 +1408,7 @@ tls13_tlsext_build(SSL *s, CBB *cbb, int is_serverhello) | |||
| 1397 | } | 1408 | } |
| 1398 | 1409 | ||
| 1399 | static int | 1410 | static int |
| 1400 | tls13_tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_serverhello) | 1411 | tls13_tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_serverhello, uint16_t msg) |
| 1401 | { | 1412 | { |
| 1402 | struct tls_extension_funcs *ext; | 1413 | struct tls_extension_funcs *ext; |
| 1403 | struct tls_extension *tlsext; | 1414 | struct tls_extension *tlsext; |
| @@ -1431,6 +1442,12 @@ tls13_tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_serverhello) | |||
| 1431 | if ((tlsext = tls_extension_find(type, &idx)) == NULL) | 1442 | if ((tlsext = tls_extension_find(type, &idx)) == NULL) |
| 1432 | continue; | 1443 | continue; |
| 1433 | 1444 | ||
| 1445 | /* RFC 8446 Section 4.2 */ | ||
| 1446 | if (!(tlsext->messages & msg)) { | ||
| 1447 | *alert = SSL_AD_ILLEGAL_PARAMETER; | ||
| 1448 | return 0; | ||
| 1449 | } | ||
| 1450 | |||
| 1434 | /* Check for duplicate known extensions. */ | 1451 | /* Check for duplicate known extensions. */ |
| 1435 | if ((extensions_seen & (1 << idx)) != 0) | 1452 | if ((extensions_seen & (1 << idx)) != 0) |
| 1436 | return 0; | 1453 | return 0; |
| @@ -1465,18 +1482,18 @@ tls13_tlsext_clienthello_build(SSL *s, CBB *cbb) | |||
| 1465 | } | 1482 | } |
| 1466 | 1483 | ||
| 1467 | int | 1484 | int |
| 1468 | tls13_tlsext_clienthello_parse(SSL *s, CBS *cbs, int *alert) | 1485 | tls13_tlsext_clienthello_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg) |
| 1469 | { | 1486 | { |
| 1470 | /* XXX - this possibly should be done by the caller... */ | 1487 | /* XXX - this possibly should be done by the caller... */ |
| 1471 | tls13_tlsext_clienthello_reset_state(s); | 1488 | tls13_tlsext_clienthello_reset_state(s); |
| 1472 | 1489 | ||
| 1473 | return tls13_tlsext_parse(s, cbs, alert, 0); | 1490 | return tls13_tlsext_parse(s, cbs, alert, 0, msg); |
| 1474 | } | 1491 | } |
| 1475 | 1492 | ||
| 1476 | static void | 1493 | static void |
| 1477 | tls13_tlsext_serverhello_reset_state(SSL *s) | 1494 | tls13_tlsext_serverhello_reset_state(SSL *s) |
| 1478 | { | 1495 | { |
| 1479 | S3I(s)->renegotiate_seen = 0; | 1496 | S3I(s)->renegotiate_seen = 0; |
| 1480 | free(S3I(s)->alpn_selected); | 1497 | free(S3I(s)->alpn_selected); |
| 1481 | S3I(s)->alpn_selected = NULL; | 1498 | S3I(s)->alpn_selected = NULL; |
| 1482 | } | 1499 | } |
| @@ -1488,10 +1505,10 @@ tls13_tlsext_serverhello_build(SSL *s, CBB *cbb) | |||
| 1488 | } | 1505 | } |
| 1489 | 1506 | ||
| 1490 | int | 1507 | int |
| 1491 | tls13_tlsext_serverhello_parse(SSL *s, CBS *cbs, int *alert) | 1508 | tls13_tlsext_serverhello_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg) |
| 1492 | { | 1509 | { |
| 1493 | /* XXX - this possibly should be done by the caller... */ | 1510 | /* XXX - this possibly should be done by the caller... */ |
| 1494 | tls13_tlsext_serverhello_reset_state(s); | 1511 | tls13_tlsext_serverhello_reset_state(s); |
| 1495 | 1512 | ||
| 1496 | return tls13_tlsext_parse(s, cbs, alert, 1); | 1513 | return tls13_tlsext_parse(s, cbs, alert, 1, msg); |
| 1497 | } | 1514 | } |
diff --git a/src/lib/libssl/tls13_tlsext.h b/src/lib/libssl/tls13_tlsext.h index f7b45629c8..0c81445489 100644 --- a/src/lib/libssl/tls13_tlsext.h +++ b/src/lib/libssl/tls13_tlsext.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_tlsext.h,v 1.1 2019/01/17 00:56:57 beck Exp $ */ | 1 | /* $OpenBSD: tls13_tlsext.h,v 1.2 2019/01/17 02:55:48 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -19,6 +19,15 @@ | |||
| 19 | #ifndef HEADER_SSL_TLS13_TLSEXT_H | 19 | #ifndef HEADER_SSL_TLS13_TLSEXT_H |
| 20 | #define HEADER_SSL_TLS13_TLSEXT_H | 20 | #define HEADER_SSL_TLS13_TLSEXT_H |
| 21 | 21 | ||
| 22 | /* RFC 8446 Section 4.2 */ | ||
| 23 | #define TLS13_TLSEXT_MSG_CH 0x0001 /* ClientHello */ | ||
| 24 | #define TLS13_TLSEXT_MSG_SH 0x0002 /* ServerHello */ | ||
| 25 | #define TLS13_TLSEXT_MSG_EE 0x0004 /* EncryptedExtension */ | ||
| 26 | #define TLS13_TLSEXT_MSG_CT 0x0008 /* Certificate */ | ||
| 27 | #define TLS13_TLSEXT_MSG_CR 0x0010 /* CertificateRequest */ | ||
| 28 | #define TLS13_TLSEXT_MSG_NST 0x0020 /* NewSessionTicket */ | ||
| 29 | #define TLS13_TLSEXT_MSG_HRR 0x0030 /* HelloRetryRequest */ | ||
| 30 | |||
| 22 | __BEGIN_HIDDEN_DECLS | 31 | __BEGIN_HIDDEN_DECLS |
| 23 | 32 | ||
| 24 | int tls13_tlsext_alpn_clienthello_needs(SSL *s); | 33 | int tls13_tlsext_alpn_clienthello_needs(SSL *s); |
| @@ -87,10 +96,10 @@ int tls13_tlsext_srtp_serverhello_parse(SSL *s, CBS *cbs, int *alert); | |||
| 87 | #endif | 96 | #endif |
| 88 | 97 | ||
| 89 | int tls13_tlsext_clienthello_build(SSL *s, CBB *cbb); | 98 | int tls13_tlsext_clienthello_build(SSL *s, CBB *cbb); |
| 90 | int tls13_tlsext_clienthello_parse(SSL *s, CBS *cbs, int *alert); | 99 | int tls13_tlsext_clienthello_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg); |
| 91 | 100 | ||
| 92 | int tls13_tlsext_serverhello_build(SSL *s, CBB *cbb); | 101 | int tls13_tlsext_serverhello_build(SSL *s, CBB *cbb); |
| 93 | int tls13_tlsext_serverhello_parse(SSL *s, CBS *cbs, int *alert); | 102 | int tls13_tlsext_serverhello_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg); |
| 94 | 103 | ||
| 95 | __END_HIDDEN_DECLS | 104 | __END_HIDDEN_DECLS |
| 96 | 105 | ||