#ifndef OPENSSL_NO_TLS1_3
static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
{
- unsigned char *encodedPoint = NULL;
- EVP_PKEY *key_share_key = NULL;
+ unsigned char *encoded_point;
+ EVP_PKEY *key_share_key;
size_t encodedlen;
key_share_key = ssl_generate_pkey_curve(curve_id);
/* Encode the public key. */
encodedlen = EVP_PKEY_get1_tls_encodedpoint(key_share_key,
- &encodedPoint);
+ &encoded_point);
if (encodedlen == 0) {
SSLerr(SSL_F_ADD_KEY_SHARE, ERR_R_EC_LIB);
EVP_PKEY_free(key_share_key);
/* Create KeyShareEntry */
if (!WPACKET_put_bytes_u16(pkt, curve_id)
- || !WPACKET_sub_memcpy_u16(pkt, encodedPoint, encodedlen)) {
+ || !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) {
SSLerr(SSL_F_ADD_KEY_SHARE, ERR_R_INTERNAL_ERROR);
EVP_PKEY_free(key_share_key);
- OPENSSL_free(encodedPoint);
+ OPENSSL_free(encoded_point);
return 0;
}
*/
s->s3->tmp.pkey = key_share_key;
s->s3->group_id = curve_id;
- OPENSSL_free(encodedPoint);
+ OPENSSL_free(encoded_point);
return 1;
}
if (!tls_curve_allowed(s, pcurves, SSL_SECOP_CURVE_SUPPORTED))
continue;
- curve_id = (pcurves[0] << 8) | pcurves[1];
+ curve_id = bytestogroup(pcurves);
break;
}
}
return 1;
}
+int tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx, int *al)
+{
+ if (s->early_data_state != SSL_EARLY_DATA_CONNECTING
+ || s->session->ext.max_early_data == 0) {
+ s->max_early_data = 0;
+ return 1;
+ }
+ s->max_early_data = s->session->ext.max_early_data;
+
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_close(pkt)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ /*
+ * We set this to rejected here. Later, if the server acknowledges the
+ * extension, we set it to accepted.
+ */
+ s->ext.early_data = SSL_EARLY_DATA_REJECTED;
+
+ return 1;
+}
+
#define F5_WORKAROUND_MIN_MSG_LEN 0xff
#define F5_WORKAROUND_MAX_MSG_LEN 0x200
return 1;
}
+int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx, int *al)
+{
+ unsigned long max_early_data;
+
+ if (!PACKET_get_net_4(pkt, &max_early_data)
+ || PACKET_remaining(pkt) != 0) {
+ SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO,
+ SSL_R_INVALID_MAX_EARLY_DATA);
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ s->session->ext.max_early_data = max_early_data;
+
+ return 1;
+}
+
#ifndef OPENSSL_NO_EC
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
&& s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
&& s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
- s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
+ s->ext.use_etm = 1;
return 1;
}
return 0;
}
for (i = 0; i < num_curves; i++, pcurves += 2) {
- if (group_id == (unsigned int)((pcurves[0] << 8) | pcurves[1]))
+ if (group_id == bytestogroup(pcurves))
break;
}
if (i >= num_curves
return 1;
}
+int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx, int *al)
+{
+ if (PACKET_remaining(pkt) != 0) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ if (s->ext.early_data != SSL_EARLY_DATA_REJECTED
+ || !s->hit
+ || s->session->ext.tick_identity != 0) {
+ /*
+ * If we get here then we didn't send early data, or we didn't resume
+ * using the first identity so the server should not be accepting it.
+ */
+ *al = SSL_AD_ILLEGAL_PARAMETER;
+ return 0;
+ }
+
+ s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
+
+ return 1;
+}
+
int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx, int *al)
{