diff options
| author |   beck <beck@openbsd.org> | 2020-06-06 01:40:08 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2020-06-06 01:40:08 +0000 |
| commit | 095832a3beabe6679cff4c4b7d27ace9e87b0258 (patch) | |
| tree | c81f3a50008aad915a5c9ce4a2c6dcb2f18212a7 /lib/libssl/tls13_lib.c | |
| parent | Implement cpu_rnd_messybits() as a read of the virtual counter xored (diff) | |
| download | wireguard-openbsd-095832a3beabe6679cff4c4b7d27ace9e87b0258.tar.xz wireguard-openbsd-095832a3beabe6679cff4c4b7d27ace9e87b0258.zip | |
Implement a rolling hash of the ClientHello message, Enforce RFC 8446
section 4.1.2 to ensure subsequent ClientHello messages after a
HelloRetryRequest messages must be unchanged from the initial
ClientHello.
ok tb@ jsing@
Diffstat (limited to 'lib/libssl/tls13_lib.c')
| -rw-r--r-- | lib/libssl/tls13_lib.c | 81 |
1 files changed, 80 insertions, 1 deletions
diff --git a/lib/libssl/tls13_lib.c b/lib/libssl/tls13_lib.c index 174da2f9c3c..b5939aecab0 100644 --- a/lib/libssl/tls13_lib.c +++ b/lib/libssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.50 2020/05/22 02:37:27 beck Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.51 2020/06/06 01:40:09 beck Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2019 Bob Beck <beck@openbsd.org> @@ -486,3 +486,82 @@ tls13_synthetic_handshake_message(struct tls13_ctx *ctx) return ret; } + +int +tls13_clienthello_hash_init(struct tls13_ctx *ctx) +{ + if (ctx->hs->clienthello_md_ctx != NULL) + return 0; + if ((ctx->hs->clienthello_md_ctx = EVP_MD_CTX_new()) == NULL) + return 0; + if (!EVP_DigestInit_ex(ctx->hs->clienthello_md_ctx, + EVP_sha256(), NULL)) + return 0; + + if ((ctx->hs->clienthello_hash == NULL) && + (ctx->hs->clienthello_hash = calloc(1, EVP_MAX_MD_SIZE)) == + NULL) + return 0; + + return 1; +} + +void +tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs) +{ + EVP_MD_CTX_free(hs->clienthello_md_ctx); + hs->clienthello_md_ctx = NULL; + freezero(hs->clienthello_hash, EVP_MAX_MD_SIZE); + hs->clienthello_hash = NULL; +} + +int +tls13_clienthello_hash_update_bytes(struct tls13_ctx *ctx, void *data, + size_t len) +{ + return EVP_DigestUpdate(ctx->hs->clienthello_md_ctx, data, len); +} + +int +tls13_clienthello_hash_update(struct tls13_ctx *ctx, CBS *cbs) +{ + return tls13_clienthello_hash_update_bytes(ctx, (void *)CBS_data(cbs), + CBS_len(cbs)); +} + +int +tls13_clienthello_hash_finalize(struct tls13_ctx *ctx) +{ + if (!EVP_DigestFinal_ex(ctx->hs->clienthello_md_ctx, + ctx->hs->clienthello_hash, + &ctx->hs->clienthello_hash_len)) + return 0; + EVP_MD_CTX_free(ctx->hs->clienthello_md_ctx); + ctx->hs->clienthello_md_ctx = NULL; + return 1; +} + +int +tls13_clienthello_hash_validate(struct tls13_ctx *ctx) +{ + unsigned char new_ch_hash[EVP_MAX_MD_SIZE]; + unsigned int new_ch_hash_len; + + if (ctx->hs->clienthello_hash == NULL) + return 0; + + if (!EVP_DigestFinal_ex(ctx->hs->clienthello_md_ctx, + new_ch_hash, &new_ch_hash_len)) + return 0; + EVP_MD_CTX_free(ctx->hs->clienthello_md_ctx); + ctx->hs->clienthello_md_ctx = NULL; + + if (ctx->hs->clienthello_hash_len != new_ch_hash_len) + return 0; + if (memcmp(ctx->hs->clienthello_hash, new_ch_hash, + new_ch_hash_len) != 0) + return 0; + + return 1; +} + |