From 0a603f6ba38c0a87a61171ce8cf9545da70287d4 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 6 Feb 2020 13:14:17 +0000 Subject: Correctly handle key share extensions in a hello retry request. In a hello retry request the server will only send the selected group and not actually provide a key exchange. In this case we need to store the server selected group for further processing. ok tb@ --- src/lib/libssl/ssl_locl.h | 3 ++- src/lib/libssl/ssl_tlsext.c | 12 +++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 7f3e8a63a8..b3f7e9b2a5 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.262 2020/02/05 17:30:30 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.263 2020/02/06 13:14:17 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -463,6 +463,7 @@ typedef struct ssl_handshake_tls13_st { /* Version proposed by peer server. */ uint16_t server_version; + uint16_t server_group; struct tls13_key_share *key_share; struct tls13_secrets *secrets; diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 58ba11954d..3d1d1c8b7b 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.59 2020/02/01 12:41:58 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.60 2020/02/06 13:14:17 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1338,11 +1338,17 @@ tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert) /* Unpack server share. */ if (!CBS_get_u16(cbs, &group)) goto err; + + if (CBS_len(cbs) == 0) { + /* HRR does not include an actual key share. */ + /* XXX - we should know that we are in a HRR... */ + S3I(s)->hs_tls13.server_group = group; + return 1; + } + if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) return 0; - /* XXX - Handle other groups and verify that they're valid. */ - if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share, group, &key_exchange)) goto err; -- cgit v1.2.3-55-g6feb