diff options
Diffstat (limited to 'freebsd/crypto/openssl/ssl/statem/extensions.c')
-rw-r--r-- | freebsd/crypto/openssl/ssl/statem/extensions.c | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/freebsd/crypto/openssl/ssl/statem/extensions.c b/freebsd/crypto/openssl/ssl/statem/extensions.c index d75460f2..33df9084 100644 --- a/freebsd/crypto/openssl/ssl/statem/extensions.c +++ b/freebsd/crypto/openssl/ssl/statem/extensions.c @@ -1,7 +1,7 @@ #include <machine/rtems-bsd-user-space.h> /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -350,10 +350,12 @@ static const EXTENSION_DEFINITION ext_defs[] = { { /* * Special unsolicited ServerHello extension only used when - * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set + * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but + * ignore it. */ TLSEXT_TYPE_cryptopro_bug, - SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL }, { @@ -625,7 +627,12 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, && type != TLSEXT_TYPE_cookie && type != TLSEXT_TYPE_renegotiate && type != TLSEXT_TYPE_signed_certificate_timestamp - && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) { + && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0 +#ifndef OPENSSL_NO_GOST + && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 + && type == TLSEXT_TYPE_cryptopro_bug) +#endif + ) { SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION); goto err; @@ -984,7 +991,6 @@ static int final_server_name(SSL *s, unsigned int context, int sent) ss->ext.ticklen = 0; ss->ext.tick_lifetime_hint = 0; ss->ext.tick_age_add = 0; - ss->ext.tick_identity = 0; if (!ssl_generate_session_id(s, ss)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME, ERR_R_INTERNAL_ERROR); @@ -1036,18 +1042,18 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) */ if (s->ext.ecpointformats != NULL && s->ext.ecpointformats_len > 0 - && s->session->ext.ecpointformats != NULL - && s->session->ext.ecpointformats_len > 0 + && s->ext.peer_ecpointformats != NULL + && s->ext.peer_ecpointformats_len > 0 && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; - unsigned char *list = s->session->ext.ecpointformats; + unsigned char *list = s->ext.peer_ecpointformats; - for (i = 0; i < s->session->ext.ecpointformats_len; i++) { + for (i = 0; i < s->ext.peer_ecpointformats_len; i++) { if (*list++ == TLSEXT_ECPOINTFORMAT_uncompressed) break; } - if (i == s->session->ext.ecpointformats_len) { + if (i == s->ext.peer_ecpointformats_len) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EC_PT_FORMATS, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); return 0; @@ -1444,8 +1450,13 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE]; unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE]; unsigned char *early_secret; +#ifdef CHARSET_EBCDIC + static const unsigned char resumption_label[] = { 0x72, 0x65, 0x64, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; + static const unsigned char external_label[] = { 0x65, 0x78, 0x74, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; +#else static const unsigned char resumption_label[] = "res binder"; static const unsigned char external_label[] = "ext binder"; +#endif const unsigned char *label; size_t bindersize, labelsize, hashsize; int hashsizei = EVP_MD_size(md); @@ -1508,7 +1519,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, /* Generate the binder key */ if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, - hashsize, binderkey, hashsize)) { + hashsize, binderkey, hashsize, 1)) { /* SSLfatal() already called */ goto err; } @@ -1641,13 +1652,12 @@ static int final_early_data(SSL *s, unsigned int context, int sent) if (s->max_early_data == 0 || !s->hit - || s->session->ext.tick_identity != 0 || s->early_data_state != SSL_EARLY_DATA_ACCEPTING || !s->ext.early_data_ok || s->hello_retry_request != SSL_HRR_NONE - || (s->ctx->allow_early_data_cb != NULL - && !s->ctx->allow_early_data_cb(s, - s->ctx->allow_early_data_cb_data))) { + || (s->allow_early_data_cb != NULL + && !s->allow_early_data_cb(s, + s->allow_early_data_cb_data))) { s->ext.early_data = SSL_EARLY_DATA_REJECTED; } else { s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; |