From 42995b3308983da3add7404dc736c3fcfaa2b90f Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 22 Jan 2020 02:21:05 +0000
Subject: Add minimal support for hello retry request for RFC conformance. We
 currently don't support sending a modified clienthello

ok jsing@ tb@
---
 src/lib/libssl/tls13_client.c   | 65 ++++++++++++++++++++++++++++++++++++++++-
 src/lib/libssl/tls13_internal.h |  3 +-
 src/lib/libssl/tls13_lib.c      |  5 +++-
 src/lib/libssl/tls13_server.c   |  9 +-----
 4 files changed, 71 insertions(+), 11 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 4ec29ea956..ed9a69918a 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.22 2020/01/21 12:08:04 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.23 2020/01/22 02:21:05 beck Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -809,3 +809,66 @@ tls13_client_finished_sent(struct tls13_ctx *ctx)
 	return tls13_record_layer_set_write_traffic_key(ctx->rl,
 	    &secrets->client_application_traffic);
 }
+
+
+static int
+tls13_client_hello_retry_process(struct tls13_ctx *ctx, CBS *cbs)
+{
+	CBS server_random, session_id;
+	uint16_t cipher_suite, legacy_version;
+	uint8_t compression_method;
+	int alert_desc;
+	SSL *s = ctx->ssl;
+
+	if (!CBS_get_u16(cbs, &legacy_version))
+		goto err;
+	if (!CBS_get_bytes(cbs, &server_random, SSL3_RANDOM_SIZE))
+		goto err;
+	if (!CBS_get_u8_length_prefixed(cbs, &session_id))
+		goto err;
+	if (!CBS_get_u16(cbs, &cipher_suite))
+		goto err;
+	if (!CBS_get_u8(cbs, &compression_method))
+		goto err;
+
+	/*
+	 * XXX currently this will change state and be hazardous later
+	 * if we decide to support sending an updated client hello.
+	 * however, since we will not today (and are going to return
+	 * illegal parameter as per section 4.1.4) we just ensure
+	 * that the extensions parse correctly.
+	 */
+	if (!tlsext_client_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_SH)) {
+		ctx->alert = alert_desc;
+		goto err;
+	}
+
+	if (CBS_len(cbs) != 0)
+		goto err;
+
+	/* XXX for now, just say no, we will not change our hello */
+	ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
+ err:
+	if (ctx->alert == 0)
+		ctx->alert = TLS1_AD_DECODE_ERROR;
+	return 0;
+}
+
+int
+tls13_client_hello_retry_recv(struct tls13_ctx *ctx)
+{
+	int ret = 0;
+	CBS cbs;
+
+	if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
+		goto err;
+
+	if (!tls13_client_hello_retry_process(ctx, &cbs)) {
+		if (ctx->alert == SSL_AD_ILLEGAL_PARAMETER)
+			tls13_set_errorx(ctx, TLS13_ERR_HRR_FAILED, 0,
+			    "Unsatisfiable hello retry request", NULL);
+		goto err;
+	}
+err:
+	return ret;
+}
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 7fee37f5dd..167ed1f254 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.40 2020/01/22 01:02:28 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.41 2020/01/22 02:21:05 beck Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -38,6 +38,7 @@ __BEGIN_HIDDEN_DECLS
 #define TLS13_IO_USE_LEGACY	-4
 
 #define TLS13_ERR_VERIFY_FAILED	16
+#define TLS13_ERR_HRR_FAILED	17
 
 typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
 typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *cbs);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index bb749a9b68..e353e9fdad 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_lib.c,v 1.17 2020/01/22 01:02:28 jsing Exp $ */
+/*	$OpenBSD: tls13_lib.c,v 1.18 2020/01/22 02:21:05 beck Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -353,6 +353,9 @@ tls13_legacy_error(SSL *ssl)
 	case TLS13_ERR_VERIFY_FAILED:
 		reason = SSL_R_CERTIFICATE_VERIFY_FAILED;
 		break;
+	case TLS13_ERR_HRR_FAILED:
+		reason = SSL_R_NO_CIPHERS_AVAILABLE;
+		break;
 	}
 
 	ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 541e341936..10d85a62b3 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.3 2019/11/17 14:25:03 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.4 2020/01/22 02:21:05 beck Exp $ */
 /*
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -96,13 +96,6 @@ tls13_server_hello_retry_recv(struct tls13_ctx *ctx)
 	return 0;
 }
 
-int
-tls13_client_hello_retry_recv(struct tls13_ctx *ctx)
-{
-	return 0;
-}
-
-
 int
 tls13_client_end_of_early_data_send(struct tls13_ctx *ctx)
 {
-- 
cgit v1.2.3-55-g6feb