"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "nss/lib/ssl/tls13exthandle.c" between
nss-3.61.tar.gz and nss-3.62.tar.gz

About: NSS is a set of libraries, APIs, utilities, and documentation designed to support cross-platform development of security-enabled client and server applications. It provides a complete implementation of the crypto libraries used by Mozilla and other companies.

tls13exthandle.c  (nss-3.61):tls13exthandle.c  (nss-3.62)
skipping to change at line 1214 skipping to change at line 1214
} }
SECStatus SECStatus
tls13_ClientHandleEchXtn(const sslSocket *ss, TLSExtensionData *xtnData, tls13_ClientHandleEchXtn(const sslSocket *ss, TLSExtensionData *xtnData,
SECItem *data) SECItem *data)
{ {
SECStatus rv; SECStatus rv;
PRCList parsedConfigs; PRCList parsedConfigs;
PR_INIT_CLIST(&parsedConfigs); PR_INIT_CLIST(&parsedConfigs);
PORT_Assert(!xtnData->ech);
xtnData->ech = PORT_ZNew(sslEchXtnState);
if (!xtnData->ech) {
return SECFailure;
}
/* Parse the list to determine 1) That the configs are valid /* Parse the list to determine 1) That the configs are valid
* and properly encoded, and 2) If any are compatible. */ * and properly encoded, and 2) If any are compatible. */
rv = tls13_DecodeEchConfigs(data, &parsedConfigs); rv = tls13_DecodeEchConfigs(data, &parsedConfigs);
if (rv == SECFailure) { if (rv == SECFailure) {
ssl3_ExtSendAlert(ss, alert_fatal, decode_error); ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
PORT_SetError(SSL_ERROR_RX_MALFORMED_ECH_CONFIG); PORT_SetError(SSL_ERROR_RX_MALFORMED_ECH_CONFIG);
return SECFailure; return SECFailure;
} }
/* Don't mark ECH negotiated on retry. Save the the raw /* Don't mark ECH negotiated on rejection with retry_config.
* configs so the application can retry. If we sent GREASE * Save the the raw configs so the application can retry. If
* ECH (no echHpkeCtx), don't apply returned retry_configs. */ * we sent GREASE ECH (no echHpkeCtx), don't apply retry_configs. */
if (ss->ssl3.hs.echHpkeCtx && !PR_CLIST_IS_EMPTY(&parsedConfigs)) { if (ss->ssl3.hs.echHpkeCtx && !PR_CLIST_IS_EMPTY(&parsedConfigs)) {
rv = SECITEM_CopyItem(NULL, &xtnData->echRetryConfigs, data); rv = SECITEM_CopyItem(NULL, &xtnData->ech->retryConfigs, data);
} }
tls13_DestroyEchConfigs(&parsedConfigs); tls13_DestroyEchConfigs(&parsedConfigs);
return rv; return rv;
} }
/* Indicates support for the delegated credentials extension. This should be /* Indicates support for the delegated credentials extension. This should be
* hooked while processing the ClientHello. */ * hooked while processing the ClientHello. */
SECStatus SECStatus
tls13_ClientSendDelegatedCredentialsXtn(const sslSocket *ss, tls13_ClientSendDelegatedCredentialsXtn(const sslSocket *ss,
skipping to change at line 1468 skipping to change at line 1474
SECItem senderPubKey; SECItem senderPubKey;
SECItem encryptedCh; SECItem encryptedCh;
/* Ignore it if not doing 1.3+. If we have no ECHConfigs, /* Ignore it if not doing 1.3+. If we have no ECHConfigs,
* proceed to save the config_id for HRR validation. */ * proceed to save the config_id for HRR validation. */
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3 || if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3 ||
IS_DTLS(ss)) { IS_DTLS(ss)) {
return SECSuccess; return SECSuccess;
} }
/* On CHInner, the extension must be empty. */ if (ss->ssl3.hs.echAccepted) {
if (ss->ssl3.hs.echAccepted && data->len > 0) {
ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter); ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter);
PORT_SetError(SSL_ERROR_RX_MALFORMED_ECH_EXTENSION); PORT_SetError(SSL_ERROR_RX_UNEXPECTED_EXTENSION);
return SECFailure;
}
if (ssl3_FindExtension(CONST_CAST(sslSocket, ss), ssl_tls13_ech_is_inner_xtn
)) {
ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter);
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_EXTENSION);
return SECFailure;
}
PORT_Assert(!xtnData->ech);
xtnData->ech = PORT_ZNew(sslEchXtnState);
if (!xtnData->ech) {
return SECFailure; return SECFailure;
} else if (ss->ssl3.hs.echAccepted) {
xtnData->negotiated[xtnData->numNegotiated++] = ssl_tls13_encrypted_clie
nt_hello_xtn;
return SECSuccess;
} }
/* Parse the KDF and AEAD. */ /* Parse the KDF and AEAD. */
rv = ssl3_ExtConsumeHandshakeNumber(ss, &tmp, 2, rv = ssl3_ExtConsumeHandshakeNumber(ss, &tmp, 2,
&data->data, &data->len); &data->data, &data->len);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto alert_loser; goto alert_loser;
} }
kdf = (HpkeKdfId)tmp; kdf = (HpkeKdfId)tmp;
rv = ssl3_ExtConsumeHandshakeNumber(ss, &tmp, 2, rv = ssl3_ExtConsumeHandshakeNumber(ss, &tmp, 2,
skipping to change at line 1506 skipping to change at line 1520
goto alert_loser; goto alert_loser;
} }
/* enc */ /* enc */
rv = ssl3_ExtConsumeHandshakeVariable(ss, &senderPubKey, 2, rv = ssl3_ExtConsumeHandshakeVariable(ss, &senderPubKey, 2,
&data->data, &data->len); &data->data, &data->len);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto alert_loser; goto alert_loser;
} }
/* payload */ /* payload, which must be final and non-empty. */
rv = ssl3_ExtConsumeHandshakeVariable(ss, &encryptedCh, 2, rv = ssl3_ExtConsumeHandshakeVariable(ss, &encryptedCh, 2,
&data->data, &data->len); &data->data, &data->len);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto alert_loser; goto alert_loser;
} }
if (data->len || !encryptedCh.len) {
if (data->len) {
goto alert_loser; goto alert_loser;
} }
/* All fields required. */ if (!ss->ssl3.hs.helloRetry) {
if (!configId.len || !senderPubKey.len || !encryptedCh.len) { /* In the real ECH HRR case, config_id and enc should be empty. This
goto alert_loser; * is checked after acceptance, because it might be GREASE ECH. */
} if (!configId.len || !senderPubKey.len) {
goto alert_loser;
}
rv = SECITEM_CopyItem(NULL, &xtnData->echSenderPubKey, &senderPubKey); rv = SECITEM_CopyItem(NULL, &xtnData->ech->senderPubKey, &senderPubKey);
if (rv == SECFailure) { if (rv == SECFailure) {
return SECFailure; return SECFailure;
} }
rv = SECITEM_CopyItem(NULL, &xtnData->innerCh, &encryptedCh); rv = SECITEM_CopyItem(NULL, &xtnData->ech->configId, &configId);
if (rv == SECFailure) { if (rv == SECFailure) {
return SECFailure; return SECFailure;
}
} }
rv = SECITEM_CopyItem(NULL, &xtnData->echConfigId, &configId); rv = SECITEM_CopyItem(NULL, &xtnData->ech->innerCh, &encryptedCh);
if (rv == SECFailure) { if (rv == SECFailure) {
return SECFailure; return SECFailure;
} }
xtnData->echCipherSuite = (aead & 0xFFFF) << 16 | (kdf & 0xFFFF); xtnData->ech->kdfId = kdf;
xtnData->ech->aeadId = aead;
/* Not negotiated until tls13_MaybeAcceptEch. */ /* Not negotiated until tls13_MaybeAcceptEch. */
return SECSuccess; return SECSuccess;
alert_loser: alert_loser:
ssl3_ExtSendAlert(ss, alert_fatal, decode_error); ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
PORT_SetError(SSL_ERROR_RX_MALFORMED_ECH_EXTENSION); PORT_SetError(SSL_ERROR_RX_MALFORMED_ECH_EXTENSION);
return SECFailure; return SECFailure;
} }
SECStatus
tls13_ServerHandleEchIsInnerXtn(const sslSocket *ss,
TLSExtensionData *xtnData,
SECItem *data)
{
SSL_TRC(3, ("%d: TLS13[%d]: handle ech_is_inner extension",
SSL_GETPID(), ss->fd));
if (data->len) {
PORT_SetError(SSL_ERROR_RX_MALFORMED_ECH_EXTENSION);
return SECFailure;
}
if (ssl3_FindExtension(CONST_CAST(sslSocket, ss), ssl_tls13_encrypted_client
_hello_xtn)) {
ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter);
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_EXTENSION);
return SECFailure;
}
/* Consider encrypted_client_hello_xtn negotiated if we performed the
* CHOuter decryption. This is only supported in shared mode, so we'll also
* handle ech_is_inner in that case. We might, however, receive a CHInner
* that was forwarded by a different client-facing server. In this case,
* mark ech_is_inner as negotiated, which triggers sending of the ECH
* acceptance signal. ech_is_inner_xtn being negotiated does not imply
* that any other ECH state actually exists. */
if (ss->ssl3.hs.echAccepted) {
xtnData->negotiated[xtnData->numNegotiated++] = ssl_tls13_encrypted_clie
nt_hello_xtn;
}
xtnData->negotiated[xtnData->numNegotiated++] = ssl_tls13_ech_is_inner_xtn;
return SECSuccess;
}
 End of changes. 14 change blocks. 
27 lines changed or deleted 44 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)