From 811354ae1302b7cd68c86866b02f4ab4cf11322b Mon Sep 17 00:00:00 2001 From: beck <> Date: Wed, 23 Jan 2019 16:46:04 +0000 Subject: Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@ --- src/lib/libssl/s3_lib.c | 8 +- src/lib/libssl/ssl_clnt.c | 5 +- src/lib/libssl/ssl_locl.h | 10 +- src/lib/libssl/ssl_sigalgs.c | 21 ++- src/lib/libssl/ssl_sigalgs.h | 4 +- src/lib/libssl/ssl_tlsext.c | 348 ++++++++++++++++++++++++++++++++++++++++--- src/lib/libssl/ssl_tlsext.h | 10 +- src/lib/libssl/t1_lib.c | 10 +- 8 files changed, 380 insertions(+), 36 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 9e4998cb42..53aab7c1e5 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.178 2019/01/21 01:20:11 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.179 2019/01/23 16:46:04 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1569,6 +1569,7 @@ ssl3_free(SSL *s) freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); + freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); @@ -1605,6 +1606,11 @@ ssl3_clear(SSL *s) freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); + freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); + S3I(s)->hs_tls13.cookie = NULL; + S3I(s)->hs_tls13.cookie_len = 0; + + S3I(s)->hs.extensions_seen = 0; rp = S3I(s)->rbuf.buf; wp = S3I(s)->wbuf.buf; diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index acc48389c0..ee26a200b1 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.52 2019/01/18 00:54:42 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.53 2019/01/23 16:46:04 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1680,7 +1680,8 @@ ssl3_get_certificate_request(SSL *s) SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); goto err; } - if (!tls1_process_sigalgs(s, &sigalgs)) { + if (!tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs, + tls12_sigalgs_len)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); goto err; diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 7903d84890..e4b1341db5 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.228 2019/01/21 10:28:52 tb Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.229 2019/01/23 16:46:04 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -429,6 +429,9 @@ typedef struct ssl_handshake_st { /* key_block is the record-layer key block for TLS 1.2 and earlier. */ int key_block_len; unsigned char *key_block; + + /* Extensions seen in this handshake. */ + uint32_t extensions_seen; } SSL_HANDSHAKE; typedef struct ssl_handshake_tls13_st { @@ -445,6 +448,9 @@ typedef struct ssl_handshake_tls13_st { uint8_t *x25519_peer_public; struct tls13_secrets *secrets; + + uint8_t *cookie; + size_t cookie_len; } SSL_HANDSHAKE_TLS13; typedef struct ssl_ctx_internal_st { @@ -1313,7 +1319,7 @@ int tls1_process_ticket(SSL *s, const unsigned char *session_id, int session_id_len, CBS *ext_block, SSL_SESSION **ret); long ssl_get_algorithm2(SSL *s); -int tls1_process_sigalgs(SSL *s, CBS *cbs); +int tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *, size_t); int tls1_check_ec_server_key(SSL *s); diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index a6b4251d70..23f65f5070 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c @@ -1,6 +1,6 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.11 2018/11/16 02:41:16 beck Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.12 2019/01/23 16:46:04 beck Exp $ */ /* - * Copyright (c) 2018, Bob Beck + * Copyright (c) 2018-2019 Bob Beck * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -163,13 +163,30 @@ const struct ssl_sigalg sigalgs[] = { }, }; +/* Sigalgs for tls 1.3, in preference order, */ +uint16_t tls13_sigalgs[] = { + SIGALG_RSA_PSS_RSAE_SHA512, + SIGALG_RSA_PKCS1_SHA512, + SIGALG_ECDSA_SECP512R1_SHA512, + SIGALG_RSA_PSS_RSAE_SHA384, + SIGALG_RSA_PKCS1_SHA384, + SIGALG_ECDSA_SECP384R1_SHA384, + SIGALG_RSA_PSS_RSAE_SHA256, + SIGALG_RSA_PKCS1_SHA256, + SIGALG_ECDSA_SECP256R1_SHA256, +}; +size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0])); + /* Sigalgs for tls 1.2, in preference order, */ uint16_t tls12_sigalgs[] = { + SIGALG_RSA_PSS_RSAE_SHA512, SIGALG_RSA_PKCS1_SHA512, SIGALG_ECDSA_SECP512R1_SHA512, SIGALG_GOSTR12_512_STREEBOG_512, + SIGALG_RSA_PSS_RSAE_SHA384, SIGALG_RSA_PKCS1_SHA384, SIGALG_ECDSA_SECP384R1_SHA384, + SIGALG_RSA_PSS_RSAE_SHA256, SIGALG_RSA_PKCS1_SHA256, SIGALG_ECDSA_SECP256R1_SHA256, SIGALG_GOSTR12_256_STREEBOG_256, diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h index 5ae595835b..8ea4df9e31 100644 --- a/src/lib/libssl/ssl_sigalgs.h +++ b/src/lib/libssl/ssl_sigalgs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.h,v 1.8 2018/11/16 02:41:16 beck Exp $ */ +/* $OpenBSD: ssl_sigalgs.h,v 1.9 2019/01/23 16:46:04 beck Exp $ */ /* * Copyright (c) 2018, Bob Beck * @@ -71,6 +71,8 @@ struct ssl_sigalg{ extern uint16_t tls12_sigalgs[]; extern size_t tls12_sigalgs_len; +extern uint16_t tls13_sigalgs[]; +extern size_t tls13_sigalgs_len; const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg); const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len); diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 6eec807f56..06105f976d 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.31 2019/01/20 02:53:56 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.32 2019/01/23 16:46:04 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -536,9 +536,26 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb) if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) return 0; - if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len)) - return 0; + switch (TLS1_get_client_version(s)) { + case TLS1_2_VERSION: + if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len)) + return 0; + break; + case TLS1_3_VERSION: + if (S3I(s)->hs_tls13.min_version < TLS1_3_VERSION) { + if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, + tls12_sigalgs_len)) + return 0; + } else { + if (!ssl_sigalgs_build(&sigalgs, tls13_sigalgs, + tls13_sigalgs_len)) + return 0; } + break; + default: + /* Should not happen */ + return 0; + } if (!CBB_flush(cbb)) return 0; @@ -553,7 +570,17 @@ tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) return 0; - return tls1_process_sigalgs(s, &sigalgs); + switch (s->version) { + case TLS1_3_VERSION: + return tls1_process_sigalgs(s, &sigalgs, tls13_sigalgs, + tls13_sigalgs_len); + case TLS1_2_VERSION: + return tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs, + tls12_sigalgs_len); + default: + /* Fail if we get a version > what we recognize */ + return 0; + } } int @@ -1243,7 +1270,7 @@ tlsext_keyshare_client_build(SSL *s, CBB *cbb) return 1; -err: + err: freezero(public_key, X25519_KEY_LENGTH); freezero(private_key, X25519_KEY_LENGTH); @@ -1253,24 +1280,100 @@ err: int tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) { - /* XXX we accept this but currently ignore it */ - if (!CBS_skip(cbs, CBS_len(cbs))) { - *alert = TLS1_AD_INTERNAL_ERROR; - return 0; + CBS client_shares; + CBS key_exchange; + uint16_t group; + size_t out_len; + int ret = 0; + + if (!CBS_get_u16_length_prefixed(cbs, &client_shares)) + goto err; + + if (CBS_len(cbs) != 0) + goto err; + + while (CBS_len(&client_shares) > 0) { + + /* Unpack client share. */ + if (!CBS_get_u16(&client_shares, &group)) + goto err; + + if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange)) + goto err; + + /* + * Skip this client share if not X25519 + * XXX support other groups later. + */ + if (ret || group != tls1_ec_nid2curve_id(NID_X25519)) + continue; + + if (CBS_len(&key_exchange) != X25519_KEY_LENGTH) + goto err; + + if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public, + &out_len)) + goto err; + + ret = 1; } - return 1; + return ret; + + err: + *alert = SSL_AD_DECODE_ERROR; + return 0; } int tlsext_keyshare_server_needs(SSL *s) { - return (!SSL_IS_DTLS(s) && s->version >= TLS1_3_VERSION); + size_t idx; + + if (SSL_IS_DTLS(s) || s->version < TLS1_3_VERSION) + return 0; + if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) + return 0; + return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0); } int tlsext_keyshare_server_build(SSL *s, CBB *cbb) { + uint8_t *public_key = NULL, *private_key = NULL; + CBB key_exchange; + + /* X25519 */ + if (S3I(s)->hs_tls13.x25519_peer_public == NULL) + return 0; + + /* Generate X25519 key pair. */ + if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) + goto err; + if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) + goto err; + X25519_keypair(public_key, private_key); + + /* Add the group and serialize the public key. */ + if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519))) + goto err; + if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) + goto err; + if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) + goto err; + + if (!CBB_flush(cbb)) + goto err; + + S3I(s)->hs_tls13.x25519_public = public_key; + S3I(s)->hs_tls13.x25519_private = private_key; + + return 1; + + err: + freezero(public_key, X25519_KEY_LENGTH); + freezero(private_key, X25519_KEY_LENGTH); + return 0; } @@ -1291,6 +1394,10 @@ tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) goto err; + + if (CBS_len(cbs) != 0) + goto err; + if (CBS_len(&key_exchange) != X25519_KEY_LENGTH) goto err; if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public, @@ -1313,8 +1420,9 @@ tlsext_versions_client_needs(SSL *s) /* XXX once this gets initialized when we get tls13_client.c */ if (S3I(s)->hs_tls13.max_version == 0) return 0; - return (!SSL_IS_DTLS(s) && S3I(s)->hs_tls13.max_version >= - TLS1_3_VERSION); + if (SSL_IS_DTLS(s)) + return 0; + return (S3I(s)->hs_tls13.max_version >= TLS1_3_VERSION); } int @@ -1348,13 +1456,41 @@ tlsext_versions_client_build(SSL *s, CBB *cbb) int tlsext_versions_server_parse(SSL *s, CBS *cbs, int *alert) { - /* XXX we accept this but currently ignore it */ - if (!CBS_skip(cbs, CBS_len(cbs))) { - *alert = TLS1_AD_INTERNAL_ERROR; - return 0; + CBS versions; + uint16_t version; + uint16_t max, min; + uint16_t matched_version = 0; + + max = S3I(s)->hs_tls13.max_version; + min = S3I(s)->hs_tls13.min_version; + + if (!CBS_get_u8_length_prefixed(cbs, &versions)) + goto err; + + if (CBS_len(cbs) != 0) + goto err; + + if (CBS_len(&versions) < 2) + goto err; + + while(CBS_len(&versions) > 0) { + if (!CBS_get_u16(&versions, &version)) + goto err; + /* + * XXX What is below implements client preference, and + * ignores any server preference entirely. + */ + if (matched_version == 0 && version >= min && version <= max) + matched_version = version; } + if (matched_version != 0) + s->version = matched_version; return 1; + + err: + *alert = SSL_AD_DECODE_ERROR; + return 0; } int @@ -1366,7 +1502,11 @@ tlsext_versions_server_needs(SSL *s) int tlsext_versions_server_build(SSL *s, CBB *cbb) { - return 0; + if (!CBB_add_u16(cbb, TLS1_3_VERSION)) + return 0; + /* XXX set 1.2 in legacy version? */ + + return 1; } int @@ -1379,12 +1519,161 @@ tlsext_versions_client_parse(SSL *s, CBS *cbs, int *alert) return 0; } + if (CBS_len(cbs) != 0) { + *alert = SSL_AD_DECODE_ERROR; + return 0; + } + + if (selected_version < TLS1_3_VERSION) { + *alert = SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + /* XXX test between min and max once initialization code goes in */ S3I(s)->hs_tls13.server_version = selected_version; return 1; } + +/* + * Cookie - RFC 8446 section 4.2.2. + */ + +int +tlsext_cookie_client_needs(SSL *s) +{ + /* XXX once this gets initialized when we get tls13_client.c */ + if (S3I(s)->hs_tls13.max_version == 0) + return 0; + if (SSL_IS_DTLS(s)) + return 0; + if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION) + return 0; + return ((S3I(s)->hs_tls13.cookie_len > 0) && + (S3I(s)->hs_tls13.cookie != NULL)); +} + +int +tlsext_cookie_client_build(SSL *s, CBB *cbb) +{ + CBB cookie; + + if (!CBB_add_u16_length_prefixed(cbb, &cookie)) + return 0; + + if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie, + S3I(s)->hs_tls13.cookie_len)) + return 0; + + if (!CBB_flush(cbb)) + return 0; + + return 1; +} + +int +tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert) +{ + CBS cookie; + + if (!CBS_get_u16_length_prefixed(cbs, &cookie)) + goto err; + + if (CBS_len(cbs) != 0) + goto err; + + if (CBS_len(&cookie) != S3I(s)->hs_tls13.cookie_len) + goto err; + + /* + * Check provided cookie value against what server previously + * sent - client *MUST* send the same cookie with new CR after + * a cookie is sent by the server with an HRR + */ + if (memcmp(CBS_data(&cookie), S3I(s)->hs_tls13.cookie, + S3I(s)->hs_tls13.cookie_len) != 0) { + /* XXX special cookie mismatch alert? */ + *alert = SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + + return 1; + + err: + *alert = SSL_AD_DECODE_ERROR; + return 0; +} + +int +tlsext_cookie_server_needs(SSL *s) +{ + /* XXX once this gets initialized when we get tls13_client.c */ + if (S3I(s)->hs_tls13.max_version == 0) + return 0; + if (SSL_IS_DTLS(s)) + return 0; + if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION) + return 0; + /* + * Server needs to set cookie value in tls13 handshake + * in order to send one, should only be sent with HRR. + */ + return ((S3I(s)->hs_tls13.cookie_len > 0) && + (S3I(s)->hs_tls13.cookie != NULL)); +} + +int +tlsext_cookie_server_build(SSL *s, CBB *cbb) +{ + CBB cookie; + + if (!CBB_add_u16_length_prefixed(cbb, &cookie)) + return 0; + if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie, + S3I(s)->hs_tls13.cookie_len)) + return 0; + if (!CBB_flush(cbb)) + return 0; + + return 1; +} + +int +tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert) +{ + CBS cookie; + + /* + * XXX This currently assumes we will not get a second + * HRR from a server with a cookie to process after accepting + * one from the server in the same handshake + */ + if ((S3I(s)->hs_tls13.cookie != NULL) || + S3I(s)->hs_tls13.cookie_len != 0) { + *alert = SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + + if (!CBS_get_u16_length_prefixed(cbs, &cookie)) + goto err; + + if (CBS_len(cbs) != 0) + goto err; + + if ((S3I(s)->hs_tls13.cookie = malloc(CBS_len(&cookie))) == NULL) + goto err; + + memcpy(S3I(s)->hs_tls13.cookie, CBS_data(&cookie), CBS_len(&cookie)); + S3I(s)->hs_tls13.cookie_len = CBS_len(&cookie); + + return 1; + + err: + *alert = SSL_AD_DECODE_ERROR; + return 0; +} + struct tls_extension_funcs { int (*needs)(SSL *s); int (*build)(SSL *s, CBB *cbb); @@ -1542,6 +1831,20 @@ static struct tls_extension tls_extensions[] = { .parse = tlsext_alpn_client_parse, }, }, + { + .type = TLSEXT_TYPE_cookie, + .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_HRR, + .client = { + .needs = tlsext_cookie_client_needs, + .build = tlsext_cookie_client_build, + .parse = tlsext_cookie_server_parse, + }, + .server = { + .needs = tlsext_cookie_server_needs, + .build = tlsext_cookie_server_build, + .parse = tlsext_cookie_client_parse, + }, + }, #ifndef OPENSSL_NO_SRTP { .type = TLSEXT_TYPE_use_srtp, @@ -1565,7 +1868,7 @@ static struct tls_extension tls_extensions[] = { /* Ensure that extensions fit in a uint32_t bitmask. */ CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8)); -static struct tls_extension * +struct tls_extension * tls_extension_find(uint16_t type, size_t *tls_extensions_idx) { size_t i; @@ -1645,11 +1948,12 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) struct tls_extension_funcs *ext; struct tls_extension *tlsext; CBS extensions, extension_data; - uint32_t extensions_seen = 0; uint16_t type; size_t idx; uint16_t version; + S3I(s)->hs.extensions_seen = 0; + if (is_server) version = s->version; else @@ -1688,9 +1992,9 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) } /* Check for duplicate known extensions. */ - if ((extensions_seen & (1 << idx)) != 0) + if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0) return 0; - extensions_seen |= (1 << idx); + S3I(s)->hs.extensions_seen |= (1 << idx); ext = tlsext_funcs(tlsext, is_server); if (!ext->parse(s, &extension_data, alert)) diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index 940366b7d8..8472a8058b 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.h,v 1.17 2019/01/18 12:18:10 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.h,v 1.18 2019/01/23 16:46:04 beck Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -101,6 +101,13 @@ int tlsext_keyshare_server_needs(SSL *s); int tlsext_keyshare_server_build(SSL *s, CBB *cbb); int tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert); +int tlsext_cookie_client_needs(SSL *s); +int tlsext_cookie_client_build(SSL *s, CBB *cbb); +int tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert); +int tlsext_cookie_server_needs(SSL *s); +int tlsext_cookie_server_build(SSL *s, CBB *cbb); +int tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert); + #ifndef OPENSSL_NO_SRTP int tlsext_srtp_client_needs(SSL *s); int tlsext_srtp_client_build(SSL *s, CBB *cbb); @@ -116,6 +123,7 @@ int tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type); int tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type); int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type); +struct tls_extension *tls_extension_find(uint16_t, size_t *); __END_HIDDEN_DECLS #endif diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 1402996e42..567b3e48e0 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.150 2018/11/10 01:19:09 beck Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.151 2019/01/23 16:46:04 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1002,11 +1002,12 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, /* Set preferred digest for each key type */ int -tls1_process_sigalgs(SSL *s, CBS *cbs) +tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *sigalgs, size_t sigalgs_len) { CERT *c = s->cert; /* Extension ignored for inappropriate versions */ + /* XXX get rid of this? */ if (!SSL_USE_SIGALGS(s)) return 1; @@ -1023,9 +1024,8 @@ tls1_process_sigalgs(SSL *s, CBS *cbs) if (!CBS_get_u16(cbs, &sig_alg)) return 0; - if ((sigalg = ssl_sigalg(sig_alg, tls12_sigalgs, - tls12_sigalgs_len)) != NULL && - c->pkeys[sigalg->pkey_idx].sigalg == NULL) { + if ((sigalg = ssl_sigalg(sig_alg, sigalgs, sigalgs_len)) != + NULL && c->pkeys[sigalg->pkey_idx].sigalg == NULL) { c->pkeys[sigalg->pkey_idx].sigalg = sigalg; if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN) c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg; -- cgit v1.2.3-55-g6feb