diff options
| author |   jsing <jsing@openbsd.org> | 2020-04-21 17:06:16 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-04-21 17:06:16 +0000 |
| commit | 5c60a123a018e74830dbbcf8417829c76c82f7f4 (patch) | |
| tree | fbc8eb5946fe7eb67b4474d39738eb3099794128 /lib/libssl/tls13_server.c | |
| parent | unwind(8) is supposed to work in all situations, it no longer (diff) | |
| download | wireguard-openbsd-5c60a123a018e74830dbbcf8417829c76c82f7f4.tar.xz wireguard-openbsd-5c60a123a018e74830dbbcf8417829c76c82f7f4.zip | |
Handle TLSv1.3 key shares other than X25519 on the server side.
Previously we would only select an X25519 key share from the client,
ignoring any others. Change this so that we will select the first of the
key shares that matches one of our supported groups.
ok beck@ inoguchi@ tb@
Diffstat (limited to 'lib/libssl/tls13_server.c')
| -rw-r--r-- | lib/libssl/tls13_server.c | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 1aebf5840c5..f3d21a7477c 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.29 2020/04/17 17:16:53 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.30 2020/04/21 17:06:16 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -49,11 +49,6 @@ tls13_server_init(struct tls13_ctx *ctx) if ((s->session = SSL_SESSION_new()) == NULL) return 0; - if ((ctx->hs->key_share = tls13_key_share_new_nid(NID_X25519)) == NULL) - return 0; - if (!tls13_key_share_generate(ctx->hs->key_share)) - return 0; - arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); return 1; @@ -284,6 +279,14 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) if (s->method->internal->version < TLS1_3_VERSION) return 1; + /* + * If no matching key share was provided, we need to send a + * HelloRetryRequest, if matching security parameters exist. + */ + if (ctx->hs->key_share == NULL) + ctx->handshake_stage.hs_type |= WITH_HRR; + + /* XXX - check this is the correct point */ tls13_record_layer_allow_ccs(ctx->rl, 1); return 1; @@ -524,6 +527,12 @@ err: int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) { + if (ctx->hs->key_share == NULL) + return 0; + + if (!tls13_key_share_generate(ctx->hs->key_share)) + return 0; + if (!tls13_server_hello_build(ctx, cbb)) return 0; @@ -542,11 +551,6 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) SSL *s = ctx->ssl; int ret = 0; - /* XXX - handle other key share types. */ - if (ctx->hs->key_share == NULL) { - /* XXX - alert. */ - goto err; - } if (!tls13_key_share_derive(ctx->hs->key_share, &shared_key, &shared_key_len)) goto err; |