/*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
-#endif
-
return EXT_RETURN_SENT;
+#else
+ return EXT_RETURN_NOT_SENT;
+#endif
}
EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
return EXT_RETURN_FAIL;
}
+#ifndef OPENSSL_NO_PSK
+ if (psksess == NULL && s->psk_client_callback != NULL) {
+ char identity[PSK_MAX_IDENTITY_LEN + 1];
+ unsigned char psk[PSK_MAX_PSK_LEN];
+ size_t psklen = 0;
+
+ memset(identity, 0, sizeof(identity));
+ psklen = s->psk_client_callback(s, NULL, identity, sizeof(identity) - 1,
+ psk, sizeof(psk));
+
+ if (psklen > PSK_MAX_PSK_LEN) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+ return EXT_RETURN_FAIL;
+ } else if (psklen > 0) {
+ const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
+ const SSL_CIPHER *cipher;
+
+ idlen = strlen(identity);
+ if (idlen > PSK_MAX_IDENTITY_LEN) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+ ERR_R_INTERNAL_ERROR);
+ return EXT_RETURN_FAIL;
+ }
+ id = (unsigned char *)identity;
+
+ /*
+ * We found a PSK using an old style callback. We don't know
+ * the digest so we default to SHA256 as per the TLSv1.3 spec
+ */
+ cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
+ if (cipher == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+ ERR_R_INTERNAL_ERROR);
+ return EXT_RETURN_FAIL;
+ }
+
+ psksess = SSL_SESSION_new();
+ if (psksess == NULL
+ || !SSL_SESSION_set1_master_key(psksess, psk, psklen)
+ || !SSL_SESSION_set_cipher(psksess, cipher)
+ || !SSL_SESSION_set_protocol_version(psksess, TLS1_3_VERSION)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+ ERR_R_INTERNAL_ERROR);
+ OPENSSL_cleanse(psk, psklen);
+ return EXT_RETURN_FAIL;
+ }
+ OPENSSL_cleanse(psk, psklen);
+ }
+ }
+#endif /* OPENSSL_NO_PSK */
+
SSL_SESSION_free(s->psksession);
s->psksession = psksess;
if (psksess != NULL) {
int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
+ if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
+ /* We ignore this if the server sends a CertificateRequest */
+ /* TODO(TLS1.3): Add support for this */
+ return 1;
+ }
+
/*
* MUST only be sent if we've requested a status
* request message. In TLS <= 1.2 it must also be empty.
int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
{
+ if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
+ /* We ignore this if the server sends it in a CertificateRequest */
+ /* TODO(TLS1.3): Add support for this */
+ return 1;
+ }
+
/*
* Only take it if we asked for it - i.e if there is no CT validation
* callback set, then a custom extension MAY be processing it, so we
if (version == TLS1_3_VERSION_DRAFT)
version = TLS1_3_VERSION;
+ /*
+ * The only protocol version we support which is valid in this extension in
+ * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
+ */
+ if (version != TLS1_3_VERSION) {
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+ SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
+ SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+ return 0;
+ }
+
/* We ignore this extension for HRRs except to sanity check it */
- if (context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) {
- /*
- * The only protocol version we support which has an HRR message is
- * TLSv1.3, therefore we shouldn't be getting an HRR for anything else.
- */
- if (version != TLS1_3_VERSION) {
- SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
- SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
- SSL_R_BAD_HRR_VERSION);
- return 0;
- }
+ if (context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)
return 1;
- }
/* We just set it here. We validate it in ssl_choose_client_version */
s->version = version;