diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_err.c | 3 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 1 | ||||
-rw-r--r-- | ssl/statem/extensions.c | 14 | ||||
-rw-r--r-- | ssl/t1_lib.c | 2 | ||||
-rw-r--r-- | ssl/tls13_enc.c | 8 |
5 files changed, 26 insertions, 2 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 9f075e79cf..79cbf2ea60 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -52,6 +52,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_FINAL_EC_PT_FORMATS), "final_ec_pt_formats"}, {ERR_FUNC(SSL_F_FINAL_EMS), "final_ems"}, {ERR_FUNC(SSL_F_FINAL_RENEGOTIATE), "final_renegotiate"}, + {ERR_FUNC(SSL_F_FINAL_SIG_ALGS), "final_sig_algs"}, {ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"}, {ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION), "ossl_statem_client13_read_transition"}, @@ -565,6 +566,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"}, {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"}, + {ERR_REASON(SSL_R_MISSING_SIGALGS_EXTENSION), + "missing sigalgs extension"}, {ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"}, {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"}, {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"}, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 8186a7f5ba..efb03e2129 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2102,6 +2102,7 @@ __owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *p, size_t plen, int use_context); __owur int tls1_alert_code(int code); +__owur int tls13_alert_code(int code); __owur int ssl3_alert_code(int code); __owur int ssl_ok(SSL *s); diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index a68dd48835..4f54c3f771 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -38,6 +38,7 @@ static int final_ems(SSL *s, unsigned int context, int sent, int *al); #ifndef OPENSSL_NO_SRTP static int init_srtp(SSL *s, unsigned int context); #endif +static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al); /* Structure to define a built-in extension */ typedef struct extensions_definition_st { @@ -152,7 +153,7 @@ static const EXTENSION_DEFINITION ext_defs[] = { TLSEXT_TYPE_signature_algorithms, EXT_CLIENT_HELLO, init_sig_algs, tls_parse_ctos_sig_algs, NULL, NULL, - tls_construct_ctos_sig_algs, NULL + tls_construct_ctos_sig_algs, final_sig_algs }, #ifndef OPENSSL_NO_OCSP { @@ -926,3 +927,14 @@ static int init_srtp(SSL *s, unsigned int context) return 1; } #endif + +static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al) +{ + if (!sent && SSL_IS_TLS13(s)) { + *al = TLS13_AD_MISSING_EXTENSION; + SSLerr(SSL_F_FINAL_SIG_ALGS, SSL_R_MISSING_SIGALGS_EXTENSION); + return 0; + } + + return 1; +} diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index da5797228a..dd25934e67 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -85,7 +85,7 @@ SSL3_ENC_METHOD const TLSv1_3_enc_data = { tls13_final_finish_mac, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, - tls1_alert_code, + tls13_alert_code, tls1_export_keying_material, SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF, ssl3_set_handshake_header, diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 7ee9bb8ca3..449e6f9f36 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -406,3 +406,11 @@ int tls13_change_cipher_state(SSL *s, int which) OPENSSL_cleanse(key, sizeof(key)); return ret; } + +int tls13_alert_code(int code) +{ + if (code == SSL_AD_MISSING_EXTENSION) + return code; + + return tls1_alert_code(code); +} |