From 7136a54d43d7b515b6d9043faeb359a87cf1ab0f Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 23 Jan 2020 11:57:20 +0000 Subject: Implement client hello processing in the TLSv1.3 server. ok beck@ --- src/lib/libssl/tls13_internal.h | 9 ++++--- src/lib/libssl/tls13_lib.c | 5 +++- src/lib/libssl/tls13_server.c | 54 +++++++++++++++++++++++++++++++++++++---- 3 files changed, 58 insertions(+), 10 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index f11d96f2ea..e9f629f387 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.49 2020/01/23 07:30:55 beck Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.50 2020/01/23 11:57:20 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck * Copyright (c) 2018 Theo Buehler @@ -38,9 +38,10 @@ __BEGIN_HIDDEN_DECLS #define TLS13_IO_WANT_POLLOUT -4 #define TLS13_IO_USE_LEGACY -5 -#define TLS13_ERR_VERIFY_FAILED 16 -#define TLS13_ERR_HRR_FAILED 17 -#define TLS13_ERR_TRAILING_DATA 18 +#define TLS13_ERR_VERIFY_FAILED 16 +#define TLS13_ERR_HRR_FAILED 17 +#define TLS13_ERR_TRAILING_DATA 18 +#define TLS13_ERR_NO_SHARED_CIPHER 19 typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg); typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *cbs); diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 91dd566864..473163ee76 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.25 2020/01/23 10:40:59 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.26 2020/01/23 11:57:20 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * Copyright (c) 2019 Bob Beck @@ -376,6 +376,9 @@ tls13_legacy_error(SSL *ssl) case TLS13_ERR_TRAILING_DATA: reason = SSL_R_EXTRA_DATA_IN_MESSAGE; break; + case TLS13_ERR_NO_SHARED_CIPHER: + reason = SSL_R_NO_SHARED_CIPHER; + break; } ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file, diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 3c832aec65..b64fec8edc 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.12 2020/01/23 11:47:13 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.13 2020/01/23 11:57:20 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -181,9 +181,13 @@ static int tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) { CBS cipher_suites, client_random, compression_methods, session_id; + STACK_OF(SSL_CIPHER) *ciphers = NULL; + const SSL_CIPHER *cipher; uint16_t legacy_version; + uint8_t compression_method; + int alert_desc, comp_null; SSL *s = ctx->ssl; - int alert; + int ret = 0; if (!CBS_get_u16(cbs, &legacy_version)) goto err; @@ -202,13 +206,53 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) return tls13_use_legacy_server(ctx); } - if (!tlsext_server_parse(s, cbs, &alert, SSL_TLSEXT_MSG_CH)) + if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) { + ctx->alert = alert_desc; goto err; + } + + /* + * If we got this far we have a supported versions extension that offers + * TLS 1.3 or later. This requires the legacy version be set to 0x0303. + */ + if (legacy_version != TLS1_2_VERSION) { + ctx->alert = SSL_AD_PROTOCOL_VERSION; + goto err; + } + + /* Parse cipher suites list and select preferred cipher. */ + if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) { + ctx->alert = SSL_AD_ILLEGAL_PARAMETER; + goto err; + } + cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s)); + if (cipher == NULL) { + tls13_set_errorx(ctx, TLS13_ERR_NO_SHARED_CIPHER, 0, + "no shared cipher found", NULL); + ctx->alert = SSL_AD_HANDSHAKE_FAILURE; + goto err; + } + S3I(s)->hs.new_cipher = cipher; + + /* Ensure they advertise the NULL compression method. */ + comp_null = 0; + while (CBS_len(&compression_methods) > 0) { + if (!CBS_get_u8(&compression_methods, &compression_method)) + goto err; + if (compression_method == 0) + comp_null = 1; + } + if (!comp_null) { + ctx->alert = SSL_AD_ILLEGAL_PARAMETER; + goto err; + } - /* XXX - implement. */ + ret = 1; err: - return 0; + sk_SSL_CIPHER_free(ciphers); + + return ret; } int -- cgit v1.2.3-55-g6feb