diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 105 |
1 files changed, 58 insertions, 47 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index f91b790f99..fdaf251be4 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.50 2019/11/15 15:14:02 beck Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.51 2019/11/16 15:36:53 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -1223,11 +1223,17 @@ tlsext_keyshare_client_needs(SSL *s) | |||
| 1223 | TLS1_3_VERSION); | 1223 | TLS1_3_VERSION); |
| 1224 | } | 1224 | } |
| 1225 | 1225 | ||
| 1226 | static int | 1226 | int |
| 1227 | tlsext_keyshare_x25519_internal(SSL *s, CBB *cbb) | 1227 | tlsext_keyshare_client_build(SSL *s, CBB *cbb) |
| 1228 | { | 1228 | { |
| 1229 | uint8_t *public_key = NULL, *private_key = NULL; | 1229 | uint8_t *public_key = NULL, *private_key = NULL; |
| 1230 | CBB key_exchange; | 1230 | CBB client_shares, key_exchange; |
| 1231 | |||
| 1232 | /* Generate and provide key shares. */ | ||
| 1233 | if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) | ||
| 1234 | return 0; | ||
| 1235 | |||
| 1236 | /* XXX - other groups. */ | ||
| 1231 | 1237 | ||
| 1232 | /* Generate X25519 key pair. */ | 1238 | /* Generate X25519 key pair. */ |
| 1233 | if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) | 1239 | if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) |
| @@ -1237,13 +1243,16 @@ tlsext_keyshare_x25519_internal(SSL *s, CBB *cbb) | |||
| 1237 | X25519_keypair(public_key, private_key); | 1243 | X25519_keypair(public_key, private_key); |
| 1238 | 1244 | ||
| 1239 | /* Add the group and serialize the public key. */ | 1245 | /* Add the group and serialize the public key. */ |
| 1240 | if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519))) | 1246 | if (!CBB_add_u16(&client_shares, tls1_ec_nid2curve_id(NID_X25519))) |
| 1241 | goto err; | 1247 | goto err; |
| 1242 | if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) | 1248 | if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) |
| 1243 | goto err; | 1249 | goto err; |
| 1244 | if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) | 1250 | if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) |
| 1245 | goto err; | 1251 | goto err; |
| 1246 | 1252 | ||
| 1253 | if (!CBB_flush(cbb)) | ||
| 1254 | goto err; | ||
| 1255 | |||
| 1247 | S3I(s)->hs_tls13.x25519_public = public_key; | 1256 | S3I(s)->hs_tls13.x25519_public = public_key; |
| 1248 | S3I(s)->hs_tls13.x25519_private = private_key; | 1257 | S3I(s)->hs_tls13.x25519_private = private_key; |
| 1249 | 1258 | ||
| @@ -1257,32 +1266,6 @@ tlsext_keyshare_x25519_internal(SSL *s, CBB *cbb) | |||
| 1257 | } | 1266 | } |
| 1258 | 1267 | ||
| 1259 | int | 1268 | int |
| 1260 | tlsext_keyshare_client_build(SSL *s, CBB *cbb) | ||
| 1261 | { | ||
| 1262 | CBB client_shares; | ||
| 1263 | |||
| 1264 | /* Generate and provide key shares. */ | ||
| 1265 | if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) | ||
| 1266 | return 0; | ||
| 1267 | |||
| 1268 | /* XXX - other groups. */ | ||
| 1269 | |||
| 1270 | if (!tlsext_keyshare_x25519_internal(s, &client_shares)) | ||
| 1271 | return 0; | ||
| 1272 | |||
| 1273 | if (!CBB_flush(cbb)) | ||
| 1274 | goto err; | ||
| 1275 | |||
| 1276 | return 1; | ||
| 1277 | |||
| 1278 | err: | ||
| 1279 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); | ||
| 1280 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); | ||
| 1281 | |||
| 1282 | return 0; | ||
| 1283 | } | ||
| 1284 | |||
| 1285 | int | ||
| 1286 | tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) | 1269 | tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) |
| 1287 | { | 1270 | { |
| 1288 | CBS client_shares; | 1271 | CBS client_shares; |
| @@ -1341,21 +1324,41 @@ tlsext_keyshare_server_needs(SSL *s) | |||
| 1341 | int | 1324 | int |
| 1342 | tlsext_keyshare_server_build(SSL *s, CBB *cbb) | 1325 | tlsext_keyshare_server_build(SSL *s, CBB *cbb) |
| 1343 | { | 1326 | { |
| 1327 | uint8_t *public_key = NULL, *private_key = NULL; | ||
| 1328 | CBB key_exchange; | ||
| 1329 | |||
| 1330 | /* XXX deduplicate with client code */ | ||
| 1331 | |||
| 1344 | /* X25519 */ | 1332 | /* X25519 */ |
| 1345 | if (S3I(s)->hs_tls13.x25519_peer_public == NULL) | 1333 | if (S3I(s)->hs_tls13.x25519_peer_public == NULL) |
| 1346 | return 0; | 1334 | return 0; |
| 1347 | 1335 | ||
| 1348 | if (!tlsext_keyshare_x25519_internal(s, cbb)) | 1336 | /* Generate X25519 key pair. */ |
| 1349 | return 0; | 1337 | if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) |
| 1338 | goto err; | ||
| 1339 | if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) | ||
| 1340 | goto err; | ||
| 1341 | X25519_keypair(public_key, private_key); | ||
| 1342 | |||
| 1343 | /* Add the group and serialize the public key. */ | ||
| 1344 | if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519))) | ||
| 1345 | goto err; | ||
| 1346 | if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) | ||
| 1347 | goto err; | ||
| 1348 | if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) | ||
| 1349 | goto err; | ||
| 1350 | 1350 | ||
| 1351 | if (!CBB_flush(cbb)) | 1351 | if (!CBB_flush(cbb)) |
| 1352 | goto err; | 1352 | goto err; |
| 1353 | 1353 | ||
| 1354 | S3I(s)->hs_tls13.x25519_public = public_key; | ||
| 1355 | S3I(s)->hs_tls13.x25519_private = private_key; | ||
| 1356 | |||
| 1354 | return 1; | 1357 | return 1; |
| 1355 | 1358 | ||
| 1356 | err: | 1359 | err: |
| 1357 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); | 1360 | freezero(public_key, X25519_KEY_LENGTH); |
| 1358 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); | 1361 | freezero(private_key, X25519_KEY_LENGTH); |
| 1359 | 1362 | ||
| 1360 | return 0; | 1363 | return 0; |
| 1361 | } | 1364 | } |
| @@ -1531,8 +1534,8 @@ tlsext_cookie_client_needs(SSL *s) | |||
| 1531 | S3I(s)->hs_tls13.cookie != NULL); | 1534 | S3I(s)->hs_tls13.cookie != NULL); |
| 1532 | } | 1535 | } |
| 1533 | 1536 | ||
| 1534 | static int | 1537 | int |
| 1535 | tlsext_cookie_build_internal(SSL *s, CBB *cbb) | 1538 | tlsext_cookie_client_build(SSL *s, CBB *cbb) |
| 1536 | { | 1539 | { |
| 1537 | CBB cookie; | 1540 | CBB cookie; |
| 1538 | 1541 | ||
| @@ -1550,12 +1553,6 @@ tlsext_cookie_build_internal(SSL *s, CBB *cbb) | |||
| 1550 | } | 1553 | } |
| 1551 | 1554 | ||
| 1552 | int | 1555 | int |
| 1553 | tlsext_cookie_client_build(SSL *s, CBB *cbb) | ||
| 1554 | { | ||
| 1555 | return tlsext_cookie_build_internal(s, cbb); | ||
| 1556 | } | ||
| 1557 | |||
| 1558 | int | ||
| 1559 | tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert) | 1556 | tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert) |
| 1560 | { | 1557 | { |
| 1561 | CBS cookie; | 1558 | CBS cookie; |
| @@ -1602,10 +1599,24 @@ tlsext_cookie_server_needs(SSL *s) | |||
| 1602 | } | 1599 | } |
| 1603 | 1600 | ||
| 1604 | int | 1601 | int |
| 1605 | tlsext_cookie_server_build(SSL *s, CBB *cbb) { | 1602 | tlsext_cookie_server_build(SSL *s, CBB *cbb) |
| 1606 | return tlsext_cookie_build_internal(s, cbb); | 1603 | { |
| 1607 | } | 1604 | CBB cookie; |
| 1605 | |||
| 1606 | /* XXX deduplicate with client code */ | ||
| 1608 | 1607 | ||
| 1608 | if (!CBB_add_u16_length_prefixed(cbb, &cookie)) | ||
| 1609 | return 0; | ||
| 1610 | |||
| 1611 | if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie, | ||
| 1612 | S3I(s)->hs_tls13.cookie_len)) | ||
| 1613 | return 0; | ||
| 1614 | |||
| 1615 | if (!CBB_flush(cbb)) | ||
| 1616 | return 0; | ||
| 1617 | |||
| 1618 | return 1; | ||
| 1619 | } | ||
| 1609 | 1620 | ||
| 1610 | int | 1621 | int |
| 1611 | tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert) | 1622 | tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert) |