#include <openssl/bn.h>
#include <openssl/engine.h>
+static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt);
+
static ossl_inline int cert_req_allowed(SSL *s);
static int key_exchange_expected(SSL *s);
static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
break;
case TLS_ST_CR_SRVR_HELLO:
+ if (mt == SSL3_MT_ENCRYPTED_EXTENSIONS) {
+ st->hand_state = TLS_ST_CR_ENCRYPTED_EXTENSIONS;
+ return 1;
+ }
+ break;
+
+ case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
if (s->hit) {
if (mt == SSL3_MT_FINISHED) {
st->hand_state = TLS_ST_CR_FINISHED;
case TLS_ST_CR_FINISHED:
return FINISHED_MAX_LENGTH;
+
+ case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+ return ENCRYPTED_EXTENSIONS_MAX_LENGTH;
}
}
case TLS_ST_CR_FINISHED:
return tls_process_finished(s, pkt);
+
+ case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+ return tls_process_encrypted_extensions(s, pkt);
}
}
}
/* TLS extensions */
- if (ssl_prepare_clienthello_tlsext(s) <= 0) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
- return 0;
- }
- if (!WPACKET_start_sub_packet_u16(pkt)
- /*
- * If extensions are of zero length then we don't even add the
- * extensions length bytes
- */
- || !WPACKET_set_flags(pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)
- || !ssl_add_clienthello_tlsext(s, pkt, &al)
- || !WPACKET_close(pkt)) {
+ if (!tls_construct_extensions(s, pkt, EXT_CLIENT_HELLO, &al)) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return 0;
{
STACK_OF(SSL_CIPHER) *sk;
const SSL_CIPHER *c;
- PACKET session_id;
+ PACKET session_id, extpkt;
size_t session_id_len;
const unsigned char *cipherchars;
int i, al = SSL_AD_INTERNAL_ERROR;
unsigned int compression;
unsigned int sversion;
+ unsigned int context;
int protverr;
+ RAW_EXTENSION *extensions = NULL;
#ifndef OPENSSL_NO_COMP
SSL_COMP *comp;
#endif
s->hit = 0;
/* Get the session-id. */
- if (!PACKET_get_length_prefixed_1(pkt, &session_id)) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- session_id_len = PACKET_remaining(&session_id);
- if (session_id_len > sizeof s->session->session_id
- || session_id_len > SSL3_SESSION_ID_SIZE) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG);
- goto f_err;
+ if (!SSL_IS_TLS13(s)) {
+ if (!PACKET_get_length_prefixed_1(pkt, &session_id)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ session_id_len = PACKET_remaining(&session_id);
+ if (session_id_len > sizeof s->session->session_id
+ || session_id_len > SSL3_SESSION_ID_SIZE) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO,
+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
+ } else {
+ PACKET_null_init(&session_id);
+ session_id_len = 0;
}
if (!PACKET_get_bytes(pkt, &cipherchars, TLS_CIPHER_LEN)) {
* we can resume, and later peek at the next handshake message to see if the
* server wants to resume.
*/
- if (s->version >= TLS1_VERSION && s->tls_session_secret_cb &&
- s->session->tlsext_tick) {
+ if (s->version >= TLS1_VERSION && !SSL_IS_TLS13(s)
+ && s->tls_session_secret_cb != NULL && s->session->tlsext_tick) {
const SSL_CIPHER *pref_cipher = NULL;
/*
* s->session->master_key_length is a size_t, but this is an int for
s->s3->tmp.new_cipher = c;
/* lets get the compression algorithm */
/* COMPRESSION */
- if (!PACKET_get_1(pkt, &compression)) {
- SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
- al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ if (!SSL_IS_TLS13(s)) {
+ if (!PACKET_get_1(pkt, &compression)) {
+ SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
+ } else {
+ compression = 0;
}
+
#ifdef OPENSSL_NO_COMP
if (compression != 0) {
al = SSL_AD_ILLEGAL_PARAMETER;
#endif
/* TLS extensions */
- if (!ssl_parse_serverhello_tlsext(s, pkt)) {
- SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_PARSE_TLSEXT);
- goto err;
- }
-
- if (PACKET_remaining(pkt) != 0) {
- /* wrong packet length */
+ if (PACKET_remaining(pkt) == 0) {
+ PACKET_null_init(&extpkt);
+ } else if (!PACKET_as_length_prefixed_2(pkt, &extpkt)) {
al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
+ SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_BAD_LENGTH);
goto f_err;
}
+
+ context = SSL_IS_TLS13(s) ? EXT_TLS1_3_SERVER_HELLO
+ : EXT_TLS1_2_SERVER_HELLO;
+ if (!tls_collect_extensions(s, &extpkt, context, &extensions, &al)
+ || !tls_parse_all_extensions(s, context, extensions, &al))
+ goto f_err;
+
#ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s) && s->hit) {
unsigned char sctpauthkey[64];
goto f_err;
}
+ OPENSSL_free(extensions);
return MSG_PROCESS_CONTINUE_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
ossl_statem_set_error(s);
+ OPENSSL_free(extensions);
return MSG_PROCESS_ERROR;
}
* |tlsext_ocsp_resplen| values will be set if we actually received a status
* message, or NULL and -1 otherwise
*/
- if (s->tlsext_status_type != -1 && s->ctx->tlsext_status_cb != NULL) {
+ if (s->tlsext_status_type != TLSEXT_STATUSTYPE_nothing
+ && s->ctx->tlsext_status_cb != NULL) {
int ret;
ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
if (ret == 0) {
}
#endif
+static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt)
+{
+ int al = SSL_AD_INTERNAL_ERROR;
+ PACKET extensions;
+ RAW_EXTENSION *rawexts = NULL;
+
+ if (!PACKET_as_length_prefixed_2(pkt, &extensions)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS, SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ /*
+ * TODO(TLS1.3): For now we are processing Encrypted Extensions and
+ * Certificate extensions as part of this one message. Later we need to
+ * split out the Certificate extensions into the Certificate message
+ */
+ if (!tls_collect_extensions(s, &extensions,
+ EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+ | EXT_TLS1_3_CERTIFICATE,
+ &rawexts, &al)
+ || !tls_parse_all_extensions(s,
+ EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+ | EXT_TLS1_3_CERTIFICATE,
+ rawexts, &al))
+ goto err;
+
+ OPENSSL_free(rawexts);
+ return MSG_PROCESS_CONTINUE_READING;
+
+ err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ ossl_statem_set_error(s);
+ OPENSSL_free(rawexts);
+ return MSG_PROCESS_ERROR;
+}
+
int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
{
int i = 0;