From 42995b3308983da3add7404dc736c3fcfaa2b90f Mon Sep 17 00:00:00 2001 From: beck <> Date: Wed, 22 Jan 2020 02:21:05 +0000 Subject: Add minimal support for hello retry request for RFC conformance. We currently don't support sending a modified clienthello ok jsing@ tb@ --- src/lib/libssl/tls13_client.c | 65 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/tls13_client.c') diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 4ec29ea956..ed9a69918a 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.22 2020/01/21 12:08:04 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.23 2020/01/22 02:21:05 beck Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -809,3 +809,66 @@ tls13_client_finished_sent(struct tls13_ctx *ctx) return tls13_record_layer_set_write_traffic_key(ctx->rl, &secrets->client_application_traffic); } + + +static int +tls13_client_hello_retry_process(struct tls13_ctx *ctx, CBS *cbs) +{ + CBS server_random, session_id; + uint16_t cipher_suite, legacy_version; + uint8_t compression_method; + int alert_desc; + SSL *s = ctx->ssl; + + if (!CBS_get_u16(cbs, &legacy_version)) + goto err; + if (!CBS_get_bytes(cbs, &server_random, SSL3_RANDOM_SIZE)) + goto err; + if (!CBS_get_u8_length_prefixed(cbs, &session_id)) + goto err; + if (!CBS_get_u16(cbs, &cipher_suite)) + goto err; + if (!CBS_get_u8(cbs, &compression_method)) + goto err; + + /* + * XXX currently this will change state and be hazardous later + * if we decide to support sending an updated client hello. + * however, since we will not today (and are going to return + * illegal parameter as per section 4.1.4) we just ensure + * that the extensions parse correctly. + */ + if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) { + ctx->alert = alert_desc; + goto err; + } + + if (CBS_len(cbs) != 0) + goto err; + + /* XXX for now, just say no, we will not change our hello */ + ctx->alert = SSL_AD_ILLEGAL_PARAMETER; + err: + if (ctx->alert == 0) + ctx->alert = TLS1_AD_DECODE_ERROR; + return 0; +} + +int +tls13_client_hello_retry_recv(struct tls13_ctx *ctx) +{ + int ret = 0; + CBS cbs; + + if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) + goto err; + + if (!tls13_client_hello_retry_process(ctx, &cbs)) { + if (ctx->alert == SSL_AD_ILLEGAL_PARAMETER) + tls13_set_errorx(ctx, TLS13_ERR_HRR_FAILED, 0, + "Unsatisfiable hello retry request", NULL); + goto err; + } +err: + return ret; +} -- cgit v1.2.3-55-g6feb