From 6126567f386c34c6cff5dc95e8e5072c34ba7b00 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 7 Feb 2019 15:54:18 +0000
Subject: Implement processing of EncryptedExtensions in the TLS 1.3 client.

ok bcook@ tb@
---
 src/lib/libssl/tls13_client.c    | 28 +++++++++++++++++++++++++++-
 src/lib/libssl/tls13_handshake.c |  8 +-------
 2 files changed, 28 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 4d34cf9943..0f0c673f2c 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.2 2019/02/04 16:18:15 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.3 2019/02/07 15:54:18 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -230,6 +230,8 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
 	return 1;
 
  err:
+	/* XXX - send alert. */
+
 	return 0;
 }
 
@@ -253,6 +255,7 @@ tls13_server_hello_recv(struct tls13_ctx *ctx)
 
 	if (S3I(s)->hs_tls13.server_version < TLS1_3_VERSION) {
 		/* XXX - switch back to legacy client. */
+		goto err;
 	}
 
 	if (ctx->handshake_stage.hs_type & WITH_HRR)
@@ -314,3 +317,26 @@ tls13_server_hello_recv(struct tls13_ctx *ctx)
 	freezero(shared_key, X25519_KEY_LENGTH);
 	return ret;
 }
+
+int
+tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx)
+{
+	int alert;
+	CBS cbs;
+
+	if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
+		goto err;
+
+	if (!tlsext_client_parse(ctx->ssl, &cbs, &alert, SSL_TLSEXT_MSG_EE))
+		goto err;
+
+	if (CBS_len(&cbs) != 0)
+		goto err;
+
+	return 1;
+
+ err:
+	/* XXX - send alert. */
+
+	return 0;
+}
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index b3c08ef39c..68d6a9d444 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_handshake.c,v 1.23 2019/02/04 16:18:15 jsing Exp $	*/
+/*	$OpenBSD: tls13_handshake.c,v 1.24 2019/02/07 15:54:18 jsing Exp $	*/
 /*
  * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -474,12 +474,6 @@ tls13_server_hello_send(struct tls13_ctx *ctx)
 	return 0;
 }
 
-int
-tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx)
-{
-	return 0;
-}
-
 int
 tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx)
 {
-- 
cgit v1.2.3-55-g6feb