diff options
| author |   jsing <jsing@openbsd.org> | 2020-01-23 11:57:20 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-01-23 11:57:20 +0000 |
| commit | 103617183d2cdbdbddcfa9e4483297df0e8100c5 (patch) | |
| tree | cd6e8cddc4c0e0de04b2165e2b5f80c10e15f123 /lib/libssl/tls13_server.c | |
| parent | Correct several issues in the current TLSv1.3 server code. (diff) | |
| download | wireguard-openbsd-103617183d2cdbdbddcfa9e4483297df0e8100c5.tar.xz wireguard-openbsd-103617183d2cdbdbddcfa9e4483297df0e8100c5.zip | |
Implement client hello processing in the TLSv1.3 server.
ok beck@
Diffstat (limited to 'lib/libssl/tls13_server.c')
| -rw-r--r-- | lib/libssl/tls13_server.c | 54 |
1 files changed, 49 insertions, 5 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 3c832aec65a..b64fec8edcc 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.12 2020/01/23 11:47:13 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.13 2020/01/23 11:57:20 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -181,9 +181,13 @@ static int tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) { CBS cipher_suites, client_random, compression_methods, session_id; + STACK_OF(SSL_CIPHER) *ciphers = NULL; + const SSL_CIPHER *cipher; uint16_t legacy_version; + uint8_t compression_method; + int alert_desc, comp_null; SSL *s = ctx->ssl; - int alert; + int ret = 0; if (!CBS_get_u16(cbs, &legacy_version)) goto err; @@ -202,13 +206,53 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) return tls13_use_legacy_server(ctx); } - if (!tlsext_server_parse(s, cbs, &alert, SSL_TLSEXT_MSG_CH)) + if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) { + ctx->alert = alert_desc; goto err; + } + + /* + * If we got this far we have a supported versions extension that offers + * TLS 1.3 or later. This requires the legacy version be set to 0x0303. + */ + if (legacy_version != TLS1_2_VERSION) { + ctx->alert = SSL_AD_PROTOCOL_VERSION; + goto err; + } + + /* Parse cipher suites list and select preferred cipher. */ + if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) { + ctx->alert = SSL_AD_ILLEGAL_PARAMETER; + goto err; + } + cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s)); + if (cipher == NULL) { + tls13_set_errorx(ctx, TLS13_ERR_NO_SHARED_CIPHER, 0, + "no shared cipher found", NULL); + ctx->alert = SSL_AD_HANDSHAKE_FAILURE; + goto err; + } + S3I(s)->hs.new_cipher = cipher; + + /* Ensure they advertise the NULL compression method. */ + comp_null = 0; + while (CBS_len(&compression_methods) > 0) { + if (!CBS_get_u8(&compression_methods, &compression_method)) + goto err; + if (compression_method == 0) + comp_null = 1; + } + if (!comp_null) { + ctx->alert = SSL_AD_ILLEGAL_PARAMETER; + goto err; + } - /* XXX - implement. */ + ret = 1; err: - return 0; + sk_SSL_CIPHER_free(ciphers); + + return ret; } int |