diff options
| -rw-r--r-- | lib/libssl/s3_lib.c | 8 | ||||
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 5 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 10 | ||||
| -rw-r--r-- | lib/libssl/ssl_sigalgs.c | 21 | ||||
| -rw-r--r-- | lib/libssl/ssl_sigalgs.h | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_tlsext.c | 348 | ||||
| -rw-r--r-- | lib/libssl/ssl_tlsext.h | 10 | ||||
| -rw-r--r-- | lib/libssl/t1_lib.c | 10 | ||||
| -rw-r--r-- | regress/lib/libssl/client/clienttest.c | 31 | ||||
| -rw-r--r-- | regress/lib/libssl/tlsext/tlsexttest.c | 22 |
10 files changed, 408 insertions, 61 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 9e4998cb42a..53aab7c1e5c 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.178 2019/01/21 01:20:11 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.179 2019/01/23 16:46:04 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1569,6 +1569,7 @@ ssl3_free(SSL *s) freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); + freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); @@ -1605,6 +1606,11 @@ ssl3_clear(SSL *s) freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); + freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); + S3I(s)->hs_tls13.cookie = NULL; + S3I(s)->hs_tls13.cookie_len = 0; + + S3I(s)->hs.extensions_seen = 0; rp = S3I(s)->rbuf.buf; wp = S3I(s)->wbuf.buf; diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index acc48389c07..ee26a200b14 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.52 2019/01/18 00:54:42 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.53 2019/01/23 16:46:04 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1680,7 +1680,8 @@ ssl3_get_certificate_request(SSL *s) SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); goto err; } - if (!tls1_process_sigalgs(s, &sigalgs)) { + if (!tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs, + tls12_sigalgs_len)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); goto err; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 7903d848901..e4b1341db5a 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.228 2019/01/21 10:28:52 tb Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.229 2019/01/23 16:46:04 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -429,6 +429,9 @@ typedef struct ssl_handshake_st { /* key_block is the record-layer key block for TLS 1.2 and earlier. */ int key_block_len; unsigned char *key_block; + + /* Extensions seen in this handshake. */ + uint32_t extensions_seen; } SSL_HANDSHAKE; typedef struct ssl_handshake_tls13_st { @@ -445,6 +448,9 @@ typedef struct ssl_handshake_tls13_st { uint8_t *x25519_peer_public; struct tls13_secrets *secrets; + + uint8_t *cookie; + size_t cookie_len; } SSL_HANDSHAKE_TLS13; typedef struct ssl_ctx_internal_st { @@ -1313,7 +1319,7 @@ int tls1_process_ticket(SSL *s, const unsigned char *session_id, int session_id_len, CBS *ext_block, SSL_SESSION **ret); long ssl_get_algorithm2(SSL *s); -int tls1_process_sigalgs(SSL *s, CBS *cbs); +int tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *, size_t); int tls1_check_ec_server_key(SSL *s); diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c index a6b4251d70d..23f65f5070c 100644 --- a/lib/libssl/ssl_sigalgs.c +++ b/lib/libssl/ssl_sigalgs.c @@ -1,6 +1,6 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.11 2018/11/16 02:41:16 beck Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.12 2019/01/23 16:46:04 beck Exp $ */ /* - * Copyright (c) 2018, Bob Beck <beck@openbsd.org> + * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -163,13 +163,30 @@ const struct ssl_sigalg sigalgs[] = { }, }; +/* Sigalgs for tls 1.3, in preference order, */ +uint16_t tls13_sigalgs[] = { + SIGALG_RSA_PSS_RSAE_SHA512, + SIGALG_RSA_PKCS1_SHA512, + SIGALG_ECDSA_SECP512R1_SHA512, + SIGALG_RSA_PSS_RSAE_SHA384, + SIGALG_RSA_PKCS1_SHA384, + SIGALG_ECDSA_SECP384R1_SHA384, + SIGALG_RSA_PSS_RSAE_SHA256, + SIGALG_RSA_PKCS1_SHA256, + SIGALG_ECDSA_SECP256R1_SHA256, +}; +size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0])); + /* Sigalgs for tls 1.2, in preference order, */ uint16_t tls12_sigalgs[] = { + SIGALG_RSA_PSS_RSAE_SHA512, SIGALG_RSA_PKCS1_SHA512, SIGALG_ECDSA_SECP512R1_SHA512, SIGALG_GOSTR12_512_STREEBOG_512, + SIGALG_RSA_PSS_RSAE_SHA384, SIGALG_RSA_PKCS1_SHA384, SIGALG_ECDSA_SECP384R1_SHA384, + SIGALG_RSA_PSS_RSAE_SHA256, SIGALG_RSA_PKCS1_SHA256, SIGALG_ECDSA_SECP256R1_SHA256, SIGALG_GOSTR12_256_STREEBOG_256, diff --git a/lib/libssl/ssl_sigalgs.h b/lib/libssl/ssl_sigalgs.h index 5ae595835b3..8ea4df9e315 100644 --- a/lib/libssl/ssl_sigalgs.h +++ b/lib/libssl/ssl_sigalgs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.h,v 1.8 2018/11/16 02:41:16 beck Exp $ */ +/* $OpenBSD: ssl_sigalgs.h,v 1.9 2019/01/23 16:46:04 beck Exp $ */ /* * Copyright (c) 2018, Bob Beck <beck@openbsd.org> * @@ -71,6 +71,8 @@ struct ssl_sigalg{ extern uint16_t tls12_sigalgs[]; extern size_t tls12_sigalgs_len; +extern uint16_t tls13_sigalgs[]; +extern size_t tls13_sigalgs_len; const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg); const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len); diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 6eec807f56a..06105f976d1 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.31 2019/01/20 02:53:56 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.32 2019/01/23 16:46:04 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -536,9 +536,26 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb) if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) return 0; - if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len)) - return 0; + switch (TLS1_get_client_version(s)) { + case TLS1_2_VERSION: + if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len)) + return 0; + break; + case TLS1_3_VERSION: + if (S3I(s)->hs_tls13.min_version < TLS1_3_VERSION) { + if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, + tls12_sigalgs_len)) + return 0; + } else { + if (!ssl_sigalgs_build(&sigalgs, tls13_sigalgs, + tls13_sigalgs_len)) + return 0; } + break; + default: + /* Should not happen */ + return 0; + } if (!CBB_flush(cbb)) return 0; @@ -553,7 +570,17 @@ tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) return 0; - return tls1_process_sigalgs(s, &sigalgs); + switch (s->version) { + case TLS1_3_VERSION: + return tls1_process_sigalgs(s, &sigalgs, tls13_sigalgs, + tls13_sigalgs_len); + case TLS1_2_VERSION: + return tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs, + tls12_sigalgs_len); + default: + /* Fail if we get a version > what we recognize */ + return 0; + } } int @@ -1243,7 +1270,7 @@ tlsext_keyshare_client_build(SSL *s, CBB *cbb) return 1; -err: + err: freezero(public_key, X25519_KEY_LENGTH); freezero(private_key, X25519_KEY_LENGTH); @@ -1253,24 +1280,100 @@ err: int tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) { - /* XXX we accept this but currently ignore it */ - if (!CBS_skip(cbs, CBS_len(cbs))) { - *alert = TLS1_AD_INTERNAL_ERROR; - return 0; + CBS client_shares; + CBS key_exchange; + uint16_t group; + size_t out_len; + int ret = 0; + + if (!CBS_get_u16_length_prefixed(cbs, &client_shares)) + goto err; + + if (CBS_len(cbs) != 0) + goto err; + + while (CBS_len(&client_shares) > 0) { + + /* Unpack client share. */ + if (!CBS_get_u16(&client_shares, &group)) + goto err; + + if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange)) + goto err; + + /* + * Skip this client share if not X25519 + * XXX support other groups later. + */ + if (ret || group != tls1_ec_nid2curve_id(NID_X25519)) + continue; + + if (CBS_len(&key_exchange) != X25519_KEY_LENGTH) + goto err; + + if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public, + &out_len)) + goto err; + + ret = 1; } - return 1; + return ret; + + err: + *alert = SSL_AD_DECODE_ERROR; + return 0; } int tlsext_keyshare_server_needs(SSL *s) { - return (!SSL_IS_DTLS(s) && s->version >= TLS1_3_VERSION); + size_t idx; + + if (SSL_IS_DTLS(s) || s->version < TLS1_3_VERSION) + return 0; + if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) + return 0; + return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0); } int tlsext_keyshare_server_build(SSL *s, CBB *cbb) { + uint8_t *public_key = NULL, *private_key = NULL; + CBB key_exchange; + + /* X25519 */ + if (S3I(s)->hs_tls13.x25519_peer_public == NULL) + return 0; + + /* Generate X25519 key pair. */ + if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) + goto err; + if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) + goto err; + X25519_keypair(public_key, private_key); + + /* Add the group and serialize the public key. */ + if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519))) + goto err; + if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) + goto err; + if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) + goto err; + + if (!CBB_flush(cbb)) + goto err; + + S3I(s)->hs_tls13.x25519_public = public_key; + S3I(s)->hs_tls13.x25519_private = private_key; + + return 1; + + err: + freezero(public_key, X25519_KEY_LENGTH); + freezero(private_key, X25519_KEY_LENGTH); + return 0; } @@ -1291,6 +1394,10 @@ tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) goto err; + + if (CBS_len(cbs) != 0) + goto err; + if (CBS_len(&key_exchange) != X25519_KEY_LENGTH) goto err; if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public, @@ -1313,8 +1420,9 @@ tlsext_versions_client_needs(SSL *s) /* XXX once this gets initialized when we get tls13_client.c */ if (S3I(s)->hs_tls13.max_version == 0) return 0; - return (!SSL_IS_DTLS(s) && S3I(s)->hs_tls13.max_version >= - TLS1_3_VERSION); + if (SSL_IS_DTLS(s)) + return 0; + return (S3I(s)->hs_tls13.max_version >= TLS1_3_VERSION); } int @@ -1348,13 +1456,41 @@ tlsext_versions_client_build(SSL *s, CBB *cbb) int tlsext_versions_server_parse(SSL *s, CBS *cbs, int *alert) { - /* XXX we accept this but currently ignore it */ - if (!CBS_skip(cbs, CBS_len(cbs))) { - *alert = TLS1_AD_INTERNAL_ERROR; - return 0; + CBS versions; + uint16_t version; + uint16_t max, min; + uint16_t matched_version = 0; + + max = S3I(s)->hs_tls13.max_version; + min = S3I(s)->hs_tls13.min_version; + + if (!CBS_get_u8_length_prefixed(cbs, &versions)) + goto err; + + if (CBS_len(cbs) != 0) + goto err; + + if (CBS_len(&versions) < 2) + goto err; + + while(CBS_len(&versions) > 0) { + if (!CBS_get_u16(&versions, &version)) + goto err; + /* + * XXX What is below implements client preference, and + * ignores any server preference entirely. + */ + if (matched_version == 0 && version >= min && version <= max) + matched_version = version; } + if (matched_version != 0) + s->version = matched_version; return 1; + + err: + *alert = SSL_AD_DECODE_ERROR; + return 0; } int @@ -1366,7 +1502,11 @@ tlsext_versions_server_needs(SSL *s) int tlsext_versions_server_build(SSL *s, CBB *cbb) { - return 0; + if (!CBB_add_u16(cbb, TLS1_3_VERSION)) + return 0; + /* XXX set 1.2 in legacy version? */ + + return 1; } int @@ -1379,12 +1519,161 @@ tlsext_versions_client_parse(SSL *s, CBS *cbs, int *alert) return 0; } + if (CBS_len(cbs) != 0) { + *alert = SSL_AD_DECODE_ERROR; + return 0; + } + + if (selected_version < TLS1_3_VERSION) { + *alert = SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + /* XXX test between min and max once initialization code goes in */ S3I(s)->hs_tls13.server_version = selected_version; return 1; } + +/* + * Cookie - RFC 8446 section 4.2.2. + */ + +int +tlsext_cookie_client_needs(SSL *s) +{ + /* XXX once this gets initialized when we get tls13_client.c */ + if (S3I(s)->hs_tls13.max_version == 0) + return 0; + if (SSL_IS_DTLS(s)) + return 0; + if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION) + return 0; + return ((S3I(s)->hs_tls13.cookie_len > 0) && + (S3I(s)->hs_tls13.cookie != NULL)); +} + +int +tlsext_cookie_client_build(SSL *s, CBB *cbb) +{ + CBB cookie; + + if (!CBB_add_u16_length_prefixed(cbb, &cookie)) + return 0; + + if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie, + S3I(s)->hs_tls13.cookie_len)) + return 0; + + if (!CBB_flush(cbb)) + return 0; + + return 1; +} + +int +tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert) +{ + CBS cookie; + + if (!CBS_get_u16_length_prefixed(cbs, &cookie)) + goto err; + + if (CBS_len(cbs) != 0) + goto err; + + if (CBS_len(&cookie) != S3I(s)->hs_tls13.cookie_len) + goto err; + + /* + * Check provided cookie value against what server previously + * sent - client *MUST* send the same cookie with new CR after + * a cookie is sent by the server with an HRR + */ + if (memcmp(CBS_data(&cookie), S3I(s)->hs_tls13.cookie, + S3I(s)->hs_tls13.cookie_len) != 0) { + /* XXX special cookie mismatch alert? */ + *alert = SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + + return 1; + + err: + *alert = SSL_AD_DECODE_ERROR; + return 0; +} + +int +tlsext_cookie_server_needs(SSL *s) +{ + /* XXX once this gets initialized when we get tls13_client.c */ + if (S3I(s)->hs_tls13.max_version == 0) + return 0; + if (SSL_IS_DTLS(s)) + return 0; + if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION) + return 0; + /* + * Server needs to set cookie value in tls13 handshake + * in order to send one, should only be sent with HRR. + */ + return ((S3I(s)->hs_tls13.cookie_len > 0) && + (S3I(s)->hs_tls13.cookie != NULL)); +} + +int +tlsext_cookie_server_build(SSL *s, CBB *cbb) +{ + CBB cookie; + + if (!CBB_add_u16_length_prefixed(cbb, &cookie)) + return 0; + if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie, + S3I(s)->hs_tls13.cookie_len)) + return 0; + if (!CBB_flush(cbb)) + return 0; + + return 1; +} + +int +tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert) +{ + CBS cookie; + + /* + * XXX This currently assumes we will not get a second + * HRR from a server with a cookie to process after accepting + * one from the server in the same handshake + */ + if ((S3I(s)->hs_tls13.cookie != NULL) || + S3I(s)->hs_tls13.cookie_len != 0) { + *alert = SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + + if (!CBS_get_u16_length_prefixed(cbs, &cookie)) + goto err; + + if (CBS_len(cbs) != 0) + goto err; + + if ((S3I(s)->hs_tls13.cookie = malloc(CBS_len(&cookie))) == NULL) + goto err; + + memcpy(S3I(s)->hs_tls13.cookie, CBS_data(&cookie), CBS_len(&cookie)); + S3I(s)->hs_tls13.cookie_len = CBS_len(&cookie); + + return 1; + + err: + *alert = SSL_AD_DECODE_ERROR; + return 0; +} + struct tls_extension_funcs { int (*needs)(SSL *s); int (*build)(SSL *s, CBB *cbb); @@ -1542,6 +1831,20 @@ static struct tls_extension tls_extensions[] = { .parse = tlsext_alpn_client_parse, }, }, + { + .type = TLSEXT_TYPE_cookie, + .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_HRR, + .client = { + .needs = tlsext_cookie_client_needs, + .build = tlsext_cookie_client_build, + .parse = tlsext_cookie_server_parse, + }, + .server = { + .needs = tlsext_cookie_server_needs, + .build = tlsext_cookie_server_build, + .parse = tlsext_cookie_client_parse, + }, + }, #ifndef OPENSSL_NO_SRTP { .type = TLSEXT_TYPE_use_srtp, @@ -1565,7 +1868,7 @@ static struct tls_extension tls_extensions[] = { /* Ensure that extensions fit in a uint32_t bitmask. */ CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8)); -static struct tls_extension * +struct tls_extension * tls_extension_find(uint16_t type, size_t *tls_extensions_idx) { size_t i; @@ -1645,11 +1948,12 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) struct tls_extension_funcs *ext; struct tls_extension *tlsext; CBS extensions, extension_data; - uint32_t extensions_seen = 0; uint16_t type; size_t idx; uint16_t version; + S3I(s)->hs.extensions_seen = 0; + if (is_server) version = s->version; else @@ -1688,9 +1992,9 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) } /* Check for duplicate known extensions. */ - if ((extensions_seen & (1 << idx)) != 0) + if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0) return 0; - extensions_seen |= (1 << idx); + S3I(s)->hs.extensions_seen |= (1 << idx); ext = tlsext_funcs(tlsext, is_server); if (!ext->parse(s, &extension_data, alert)) diff --git a/lib/libssl/ssl_tlsext.h b/lib/libssl/ssl_tlsext.h index 940366b7d89..8472a8058b1 100644 --- a/lib/libssl/ssl_tlsext.h +++ b/lib/libssl/ssl_tlsext.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.h,v 1.17 2019/01/18 12:18:10 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.h,v 1.18 2019/01/23 16:46:04 beck Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -101,6 +101,13 @@ int tlsext_keyshare_server_needs(SSL *s); int tlsext_keyshare_server_build(SSL *s, CBB *cbb); int tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert); +int tlsext_cookie_client_needs(SSL *s); +int tlsext_cookie_client_build(SSL *s, CBB *cbb); +int tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert); +int tlsext_cookie_server_needs(SSL *s); +int tlsext_cookie_server_build(SSL *s, CBB *cbb); +int tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert); + #ifndef OPENSSL_NO_SRTP int tlsext_srtp_client_needs(SSL *s); int tlsext_srtp_client_build(SSL *s, CBB *cbb); @@ -116,6 +123,7 @@ int tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type); int tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type); int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type); +struct tls_extension *tls_extension_find(uint16_t, size_t *); __END_HIDDEN_DECLS #endif diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 1402996e426..567b3e48e0d 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.150 2018/11/10 01:19:09 beck Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.151 2019/01/23 16:46:04 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1002,11 +1002,12 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, /* Set preferred digest for each key type */ int -tls1_process_sigalgs(SSL *s, CBS *cbs) +tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *sigalgs, size_t sigalgs_len) { CERT *c = s->cert; /* Extension ignored for inappropriate versions */ + /* XXX get rid of this? */ if (!SSL_USE_SIGALGS(s)) return 1; @@ -1023,9 +1024,8 @@ tls1_process_sigalgs(SSL *s, CBS *cbs) if (!CBS_get_u16(cbs, &sig_alg)) return 0; - if ((sigalg = ssl_sigalg(sig_alg, tls12_sigalgs, - tls12_sigalgs_len)) != NULL && - c->pkeys[sigalg->pkey_idx].sigalg == NULL) { + if ((sigalg = ssl_sigalg(sig_alg, sigalgs, sigalgs_len)) != + NULL && c->pkeys[sigalg->pkey_idx].sigalg == NULL) { c->pkeys[sigalg->pkey_idx].sigalg = sigalg; if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN) c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg; diff --git a/regress/lib/libssl/client/clienttest.c b/regress/lib/libssl/client/clienttest.c index cb45dc583c4..25a8790e61e 100644 --- a/regress/lib/libssl/client/clienttest.c +++ b/regress/lib/libssl/client/clienttest.c @@ -141,15 +141,15 @@ static unsigned char cipher_list_tls12_chacha[] = { }; static unsigned char client_hello_tls12[] = { - 0x16, 0x03, 0x01, 0x00, 0xbf, 0x01, 0x00, 0x00, - 0xbb, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0xcc, 0xa9, - 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, - 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, - 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, + 0x16, 0x03, 0x01, 0x00, 0xc5, 0x01, 0x00, 0x00, + 0xc1, 0x03, 0x03, 0xc9, 0xf9, 0x1f, 0x05, 0xaf, + 0x61, 0xd7, 0xe7, 0x84, 0xd1, 0x1c, 0x6f, 0x79, + 0x32, 0x04, 0x8e, 0x5c, 0xe3, 0x18, 0x5a, 0x85, + 0xee, 0x44, 0xe1, 0xca, 0x32, 0xce, 0x07, 0xd3, + 0xdb, 0x0f, 0x91, 0x00, 0x00, 0x5c, 0xc0, 0x30, + 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, + 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, + 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, @@ -158,14 +158,15 @@ static unsigned char client_hello_tls12[] = { 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, - 0x00, 0xff, 0x01, 0x00, 0x00, 0x36, 0x00, 0x0b, + 0x00, 0xff, 0x01, 0x00, 0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, - 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x1c, - 0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef, - 0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03, - 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, - 0x02, 0x01, 0x02, 0x03, + 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x22, + 0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, + 0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, + 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee, + 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01, + 0x02, 0x03, }; struct client_hello_test { diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c index 7a9f7d9be77..3387b86f3f3 100644 --- a/regress/lib/libssl/tlsext/tlsexttest.c +++ b/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.22 2019/01/18 12:09:52 beck Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.23 2019/01/23 16:46:04 beck Exp $ */ /* * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -1505,10 +1505,11 @@ test_tlsext_ri_server(void) */ static unsigned char tlsext_sigalgs_client[] = { - 0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef, - 0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03, - 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, - 0x02, 0x01, 0x02, 0x03, + 0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, + 0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, + 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee, + 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01, + 0x02, 0x03, }; static int @@ -2732,13 +2733,14 @@ test_tlsext_srtp_server(void) #endif /* OPENSSL_NO_SRTP */ unsigned char tlsext_clienthello_default[] = { - 0x00, 0x36, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, + 0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00, - 0x00, 0x0d, 0x00, 0x1c, 0x00, 0x1a, 0x06, 0x01, - 0x06, 0x03, 0xef, 0xef, 0x05, 0x01, 0x05, 0x03, - 0x04, 0x01, 0x04, 0x03, 0xee, 0xee, 0xed, 0xed, - 0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03, + 0x00, 0x0d, 0x00, 0x22, 0x00, 0x20, 0x08, 0x06, + 0x06, 0x01, 0x06, 0x03, 0xef, 0xef, 0x08, 0x05, + 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, + 0x04, 0x03, 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, + 0x03, 0x03, 0x02, 0x01, 0x02, 0x03, }; unsigned char tlsext_clienthello_disabled[] = {}; |