From 632cc1991812141e5dd4d60c65b7f9b6721d8259 Mon Sep 17 00:00:00 2001 From: samuel40791765 Date: Fri, 25 Oct 2024 18:41:27 +0000 Subject: [PATCH] Support Finished-based APIs for TLS 1.3 --- include/openssl/ssl.h | 5 +- ssl/internal.h | 2 +- ssl/ssl_lib.cc | 6 +- ssl/ssl_test.cc | 154 +++++++++++++++++++++++++++++---------- ssl/ssl_transfer_asn1.cc | 25 +++++-- ssl/tls13_both.cc | 32 ++++++++ 6 files changed, 169 insertions(+), 55 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 54580b7c79d..39b8c91bbfc 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -5361,15 +5361,14 @@ OPENSSL_EXPORT int SSL_want(const SSL *ssl); // SSL_get_finished writes up to |count| bytes of the Finished message sent by // |ssl| to |buf|. It returns the total untruncated length or zero if none has -// been sent yet. At TLS 1.3 and later, it returns zero. +// been sent yet. // // Use |SSL_get_tls_unique| instead. OPENSSL_EXPORT size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count); // SSL_get_peer_finished writes up to |count| bytes of the Finished message // received from |ssl|'s peer to |buf|. It returns the total untruncated length -// or zero if none has been received yet. At TLS 1.3 and later, it returns -// zero. +// or zero if none has been received yet. // // Use |SSL_get_tls_unique| instead. OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL *ssl, void *buf, diff --git a/ssl/internal.h b/ssl/internal.h index 148e4761540..e1087f2f8d5 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -2861,7 +2861,7 @@ enum ssl_ech_status_t { #define SSL3_SEND_ALERT_SIZE 2 #define TLS_SEQ_NUM_SIZE 8 #define SSL3_CHANNEL_ID_SIZE 64 -#define PREV_FINISHED_MAX_SIZE 12 +#define PREV_FINISHED_MAX_SIZE EVP_MAX_MD_SIZE struct SSL3_STATE { static constexpr bool kAllowUniquePtr = true; diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 63cb730fb3d..d8557b82868 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -1701,8 +1701,7 @@ static size_t copy_finished(void *out, size_t out_len, const uint8_t *in, } size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) { - if (!ssl->s3->initial_handshake_complete || - ssl_protocol_version(ssl) >= TLS1_3_VERSION) { + if (!ssl->s3->initial_handshake_complete) { return 0; } @@ -1716,8 +1715,7 @@ size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) { } size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) { - if (!ssl->s3->initial_handshake_complete || - ssl_protocol_version(ssl) >= TLS1_3_VERSION) { + if (!ssl->s3->initial_handshake_complete) { return 0; } diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 6a65f036eb7..0b8e7c835a3 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -7844,7 +7844,7 @@ struct EncodeDecodeKATTestParam { }; static const EncodeDecodeKATTestParam kEncodeDecodeKATs[] = { - // V1 input round-trips as V2 output + // V1 input round-trips as V3 output {"308201173082011302010102020303020240003081fa0201010408000000000000000104" "0800000000000000010420000004d29e62f41ded4bb33d0faa6ffada380e2c489dfbfb44" "4f574e475244010420cf3926d1ec5a562a642935a8050222b0aed93ffd9d1cac682274d9" @@ -7853,17 +7853,21 @@ static const EncodeDecodeKATTestParam kEncodeDecodeKATs[] = { "a80400043085668dcf9f0921094ebd7f91bf2a8c60d276e4c279fd85a989402f67868232" "4fd8098dc19d900b856d0a77e048e3ced2a104020204d2a20402021c20a4020400b10301" "01ffb20302011da206040474657374a7030101ff020108020100a0030101ff", - "308201173082011302010102020303020240003081fa0201020408000000000000000104" - "0800000000000000010420000004d29e62f41ded4bb33d0faa6ffada380e2c489dfbfb44" - "4f574e475244010420cf3926d1ec5a562a642935a8050222b0aed93ffd9d1cac682274d9" - "42e99e42a604020000020100020103040cb9b409f5129440622f87f84402010c040c1f49" - "e2e989c66a263e9c227502010c020100020100020100a05b3059020101020203030402cc" - "a80400043085668dcf9f0921094ebd7f91bf2a8c60d276e4c279fd85a989402f67868232" - "4fd8098dc19d900b856d0a77e048e3ced2a104020204d2a20402021c20a4020400b10301" - "01ffb20302011da206040474657374a7030101ff020108020100a0030101ff"}, + "308201803082017c02010102020303020240003082016202010304080000000000000001" + "040800000000000000010420000004d29e62f41ded4bb33d0faa6ffada380e2c489dfbfb" + "444f574e475244010420cf3926d1ec5a562a642935a8050222b0aed93ffd9d1cac682274" + "d942e99e42a6040200000201000201030440b9b409f5129440622f87f84402010c040c1f" + "49e2e989c66a263e9c227502010c020100020100020100a05b3059020101020203030402" + "cca80400043085668dcf02010c04401f49e2e989c66a263e9c227502010c020100020100" + "020100a05b3059020101020203030402cca80400043085668dcf9f0921094ebd7f91bf2a" + "8c60d276e4c27902010c020100020100020100a05b3059020101020203030402cca80400" + "043085668dcf9f0921094ebd7f91bf2a8c60d276e4c279fd85a989402f678682324fd809" + "8dc19d900b856d0a77e048e3ced2a104020204d2a20402021c20a4020400b1030101ffb2" + "0302011da206040474657374a7030101ff020108020100a0030101ff"}, // In runner.go, the test case "Basic-Server-TLS-Sync-SSL_Transfer" is used // to generate below bytes by adding print statement on the output of // |SSL_to_bytes| in bssl_shim.cc. + // V2 input round-trips as V3 output. {"308201173082011302010102020303020240003081fa0201020408000000000000000104" "0800000000000000010420000004d29e62f41ded4bb33d0faa6ffada380e2c489dfbfb44" "4f574e475244010420cf3926d1ec5a562a642935a8050222b0aed93ffd9d1cac682274d9" @@ -7872,37 +7876,109 @@ static const EncodeDecodeKATTestParam kEncodeDecodeKATs[] = { "a80400043085668dcf9f0921094ebd7f91bf2a8c60d276e4c279fd85a989402f67868232" "4fd8098dc19d900b856d0a77e048e3ced2a104020204d2a20402021c20a4020400b10301" "01ffb20302011da206040474657374a7030101ff020108020100a0030101ff", - nullptr}, + "308201803082017c02010102020303020240003082016202010304080000000000000001" + "040800000000000000010420000004d29e62f41ded4bb33d0faa6ffada380e2c489dfbfb" + "444f574e475244010420cf3926d1ec5a562a642935a8050222b0aed93ffd9d1cac682274" + "d942e99e42a6040200000201000201030440b9b409f5129440622f87f84402010c040c1f" + "49e2e989c66a263e9c227502010c020100020100020100a05b3059020101020203030402" + "cca80400043085668dcf02010c04401f49e2e989c66a263e9c227502010c020100020100" + "020100a05b3059020101020203030402cca80400043085668dcf9f0921094ebd7f91bf2a" + "8c60d276e4c27902010c020100020100020100a05b3059020101020203030402cca80400" + "043085668dcf9f0921094ebd7f91bf2a8c60d276e4c279fd85a989402f678682324fd809" + "8dc19d900b856d0a77e048e3ced2a104020204d2a20402021c20a4020400b1030101ffb2" + "0302011da206040474657374a7030101ff020108020100a0030101ff"}, + // In runner.go, the test case + // "TLS-TLS13-AES_128_GCM_SHA256-server-SSL_Transfer" is used to generate + // below bytes by adding print statement on the output of |SSL_to_bytes| in + // bssl_shim.cc. + // V2 input round-trips as V3 output. + {"308203883082038402010102020304020240003082036a020102040800000000000000000" + "408000000000000000004206beca5c14aff6b92757545948b883c6c175327814bedcf38a6" + "b2e4c43bc02d180420a32aee5b7705a19e4bb2b47f4918199c76cee7245f1311bc4ba3888" + "3d33f236a04020000020100020101040c000000000000000000000000020100040c000000" + "000000000000000000020100020100020100020100a04e304c02010102020304040213010" + "40004200b66320d38c8fa1b0dfe9e37fcf2bf0bafb43077fa31ed2f1220dd245cef4c4da1" + "04020204d2a205020302a300a4020400b20302011db9050203093a80a206040474657374a" + "b03020100ac03010100ad03010100ae03010100af03020100b032043034c0893be938bade" + "e7029ca3cfea4c821dde48e03f0d07641cba33b247bc161c0000000000000000000000000" + "0000000b103020120b232043094b319ed2f41ee11aa73e141a238e5724c04f2aa8298c16b" + "43c910c40cc98d1500000000000000000000000000000000b303020120b432043015a178c" + "e69c0110ad36da8d58ca8428d9615ff07fc6a4e1bbab026c1bb0c02180000000000000000" + "0000000000000000b503020120b88201700482016c040000b20002a30056355452010000a" + "027abfd1f1aa28cee6e8e2396112e8285f150768898158dbce97a1aef0a63fa6dda1002a4" + "d75942a3739c11e4b25827f529ab59d22e34e0cf0b59b9336eb60edbb1f686c072ab33c30" + "e784f876da5b4c7fddd67f4a2ffa995f8c9ccf2128200ae9668d626866b1b7c6bb111867a" + "87ed2a96122736595374f8fe5343e6ca492b278b67b1571423f2c1bcb673922e9044e9094" + "9975ff72ab4a0eb659d8de664cac600042a2a0000040000b20002a3009e8c6738010100a0" + "27abfd1f1aa28cee6e8e2396112e82851f15c84668b2f1d717681d1a3c6d2ea52d3401d31" + "10a04498246480b96a7e5b3c39ea6cef3a2a86b81896f1621950472d858d18796c97e8320" + "4daf94c1f30dfe763cd282fbee718a679dca8bff3cc8e11724062232e573bcf0252dc4d39" + "0baa2b7f49a164b46d2d685e9fe826465cc135130f3e2e47838658af57173f864070fdce2" + "41be58ecbd60d18128dfa28f4b1a00042a2a0000ba2330210201010204030013013016020" + "101020117040e300c0201010201000201000101ffbb233021020101020403001301301602" + "0101020117040e300c0201010201000201000101ff020108020100a0030101ff", + "308203f0308203ec0201010202030402024000308203d202010304080000000000000000" + "0408000000000000000004206beca5c14aff6b92757545948b883c6c175327814bedcf38" + "a6b2e4c43bc02d180420a32aee5b7705a19e4bb2b47f4918199c76cee7245f1311bc4ba3" + "8883d33f236a040200000201000201010440000000000000000000000000020100040c00" + "0000000000000000000000020100020100020100020100a04e304c020101020203040402" + "1301040004200b66320d0201000440000000000000000000000000020100020100020100" + "020100a04e304c0201010202030404021301040004200b66320d38c8fa1b0dfe9e37fcf2" + "bf0bafb43077fa020100020100020100020100a04e304c02010102020304040213010400" + "04200b66320d38c8fa1b0dfe9e37fcf2bf0bafb43077fa31ed2f1220dd245cef4c4da104" + "020204d2a205020302a300a4020400b20302011db9050203093a80a206040474657374ab" + "03020100ac03010100ad03010100ae03010100af03020100b032043034c0893be938bade" + "e7029ca3cfea4c821dde48e03f0d07641cba33b247bc161c000000000000000000000000" + "00000000b103020120b232043094b319ed2f41ee11aa73e141a238e5724c04f2aa8298c1" + "6b43c910c40cc98d1500000000000000000000000000000000b303020120b432043015a1" + "78ce69c0110ad36da8d58ca8428d9615ff07fc6a4e1bbab026c1bb0c0218000000000000" + "00000000000000000000b503020120b88201700482016c040000b20002a3005635545201" + "0000a027abfd1f1aa28cee6e8e2396112e8285f150768898158dbce97a1aef0a63fa6dda" + "1002a4d75942a3739c11e4b25827f529ab59d22e34e0cf0b59b9336eb60edbb1f686c072" + "ab33c30e784f876da5b4c7fddd67f4a2ffa995f8c9ccf2128200ae9668d626866b1b7c6b" + "b111867a87ed2a96122736595374f8fe5343e6ca492b278b67b1571423f2c1bcb673922e" + "9044e90949975ff72ab4a0eb659d8de664cac600042a2a0000040000b20002a3009e8c67" + "38010100a027abfd1f1aa28cee6e8e2396112e82851f15c84668b2f1d717681d1a3c6d2e" + "a52d3401d3110a04498246480b96a7e5b3c39ea6cef3a2a86b81896f1621950472d858d1" + "8796c97e83204daf94c1f30dfe763cd282fbee718a679dca8bff3cc8e11724062232e573" + "bcf0252dc4d390baa2b7f49a164b46d2d685e9fe826465cc135130f3e2e47838658af571" + "73f864070fdce241be58ecbd60d18128dfa28f4b1a00042a2a0000ba2330210201010204" + "030013013016020101020117040e300c0201010201000201000101ffbb23302102010102" + "04030013013016020101020117040e300c0201010201000201000101ff020108020100a0" + "030101ff"}, // In runner.go, the test case - // "TLS-TLS13-AES_128_GCM_SHA256-server-SSL_Transfer" is used to generate - // below bytes by adding print statement on the output of |SSL_to_bytes| in - // bssl_shim.cc. - {"308203883082038402010102020304020240003082036a020102040800000000000000000" - "408000000000000000004206beca5c14aff6b92757545948b883c6c175327814bedcf38a6" - "b2e4c43bc02d180420a32aee5b7705a19e4bb2b47f4918199c76cee7245f1311bc4ba3888" - "3d33f236a04020000020100020101040c000000000000000000000000020100040c000000" - "000000000000000000020100020100020100020100a04e304c02010102020304040213010" - "40004200b66320d38c8fa1b0dfe9e37fcf2bf0bafb43077fa31ed2f1220dd245cef4c4da1" - "04020204d2a205020302a300a4020400b20302011db9050203093a80a206040474657374a" - "b03020100ac03010100ad03010100ae03010100af03020100b032043034c0893be938bade" - "e7029ca3cfea4c821dde48e03f0d07641cba33b247bc161c0000000000000000000000000" - "0000000b103020120b232043094b319ed2f41ee11aa73e141a238e5724c04f2aa8298c16b" - "43c910c40cc98d1500000000000000000000000000000000b303020120b432043015a178c" - "e69c0110ad36da8d58ca8428d9615ff07fc6a4e1bbab026c1bb0c02180000000000000000" - "0000000000000000b503020120b88201700482016c040000b20002a30056355452010000a" - "027abfd1f1aa28cee6e8e2396112e8285f150768898158dbce97a1aef0a63fa6dda1002a4" - "d75942a3739c11e4b25827f529ab59d22e34e0cf0b59b9336eb60edbb1f686c072ab33c30" - "e784f876da5b4c7fddd67f4a2ffa995f8c9ccf2128200ae9668d626866b1b7c6bb111867a" - "87ed2a96122736595374f8fe5343e6ca492b278b67b1571423f2c1bcb673922e9044e9094" - "9975ff72ab4a0eb659d8de664cac600042a2a0000040000b20002a3009e8c6738010100a0" - "27abfd1f1aa28cee6e8e2396112e82851f15c84668b2f1d717681d1a3c6d2ea52d3401d31" - "10a04498246480b96a7e5b3c39ea6cef3a2a86b81896f1621950472d858d18796c97e8320" - "4daf94c1f30dfe763cd282fbee718a679dca8bff3cc8e11724062232e573bcf0252dc4d39" - "0baa2b7f49a164b46d2d685e9fe826465cc135130f3e2e47838658af57173f864070fdce2" - "41be58ecbd60d18128dfa28f4b1a00042a2a0000ba2330210201010204030013013016020" - "101020117040e300c0201010201000201000101ffbb233021020101020403001301301602" - "0101020117040e300c0201010201000201000101ff020108020100a0030101ff", - nullptr}}; + // "TLS-ECH-Server-Cipher-HKDF-SHA256-AES-256-GCM-SSL_Transfer" is used + // to generate below bytes by adding print statement on the output of + // |SSL_to_bytes| in bssl_shim.cc. + {"308203e3308203df0201010202030402024000308203c502010304080000000000000000" + "04080000000000000000042028431b914ffdb44ea92ca53d5734976c6a16f141d44f180b" + "0816a5cb2b8e79030420bdaf544fa82d833d58c92213e44e850cc0b8147699b0b410d4aa" + "2a277030f3220402000002010002010104409e155007d04cd03cf4d8a95ce244dc978a87" + "e1808f0f6c6acb51ad7bf8063ae000000000000000000000000000000000000000000000" + "0000000000000000000002012004406680e8c36429d465ea520ae74a2062a5e07c39f34b" + "688024ae2edfab2898670700000000000000000000000000000000000000000000000000" + "00000000000000020120020100020100020100a04e304c02010102020304040213030400" + "0420df74ecd172087ad53083d505145ec4f6cf0ec5ed64b67ba526d55c918a0f8936a104" + "020204d2a205020302a300a4020400b20302011db9050203093a80a210040e7365637265" + "742e6578616d706c65ab03020100ac03010100ad03010100ae03010100af03020100b032" + "0430c40f9f95646fa700d58934e79c36b84ba3502d33df04248d56cded3444927e300000" + "0000000000000000000000000000b103020120b23204307a1a99bf276b5e5be57dd68968" + "411594e77b1a48cf2c03cc5c143985aa40b32e00000000000000000000000000000000b3" + "03020120b4320430cbf50af88bc5a610910139172a468663675882caacaf176aa961b12a" + "38a0df2a00000000000000000000000000000000b503020120b703020101b88201700482" + "016c040000b20002a300bbccf972010000a041e0b13ecd71dfb3d9e3cb451e37cfde8197" + "3a1b73106b6669b53475781f0203a3f32f45cef7742cf0efb86d850081254f20d3b6bd83" + "30bc70331464905bcd99383c33e42c7d34bfeb47b387bf43b5c796daa4581f8b0043b7eb" + "216911f8eebaf1e8bd5d05277943d5a319cc03d9555e414990099f56ee887145f34e8bff" + "27f06d1865aa64d548a22208318566959a097c080fa3e5e0d4b1d933132ef32929950004" + "5a5a0000040000b20002a3002ecba343010100a041e0b13ecd71dfb3d9e3cb451e37cfde" + "289f90201519fb0dff08aa9e14a9f4ee1434edce481e49d22f061529bb4d230258f3dac8" + "86c2c1100bee2ccc7be889a90b417270c30b3b770558ef6f3c444ddefd08e673f788931d" + "86542c4a1e7ec44b0957bb315c17851bd8498b1d1131a79e19c66463e0566985ef55deb5" + "48fe370058ba83566278d01b3a565075b8ef2a82bea17ae95fa91b7b3ffa611a7d8a6331" + "00045a5a0000ba15301302010102040300130330080201010201050400bb153013020101" + "02040300130330080201010201050400020108020100a0030101ff", nullptr} +}; class EncodeDecodeKATTest : public testing::TestWithParam {}; diff --git a/ssl/ssl_transfer_asn1.cc b/ssl/ssl_transfer_asn1.cc index f2baa2dd2b6..0d3a145ac1e 100644 --- a/ssl/ssl_transfer_asn1.cc +++ b/ssl/ssl_transfer_asn1.cc @@ -115,7 +115,8 @@ static bool SSL3_STATE_get_optional_octet_string(CBS *cbs, void *dst, enum SSL3_STATE_SERDE_VERSION { SSL3_STATE_SERDE_VERSION_ONE = 1, - SSL3_STATE_SERDE_VERSION_TWO = 2 + SSL3_STATE_SERDE_VERSION_TWO = 2, + SSL3_STATE_SERDE_VERSION_THREE = 3 }; static const unsigned kS3EstablishedSessionTag = @@ -191,7 +192,7 @@ static int SSL3_STATE_to_bytes(SSL3_STATE *in, uint16_t protocol_version, CBB s3, child, child2; if (!CBB_add_asn1(cbb, &s3, CBS_ASN1_SEQUENCE) || - !CBB_add_asn1_uint64(&s3, SSL3_STATE_SERDE_VERSION_TWO) || + !CBB_add_asn1_uint64(&s3, SSL3_STATE_SERDE_VERSION_THREE) || !CBB_add_asn1_octet_string(&s3, in->read_sequence, TLS_SEQ_NUM_SIZE) || !CBB_add_asn1_octet_string(&s3, in->write_sequence, TLS_SEQ_NUM_SIZE) || !CBB_add_asn1_octet_string(&s3, in->server_random, SSL3_RANDOM_SIZE) || @@ -469,9 +470,15 @@ static int SSL3_STATE_from_bytes(SSL *ssl, CBS *cbs, const SSL_CTX *ctx) { int pending_app_data_present, read_buffer_present; if (!CBS_get_asn1(cbs, &s3, CBS_ASN1_SEQUENCE) || !CBS_get_asn1_uint64(&s3, &serde_version) || - serde_version > SSL3_STATE_SERDE_VERSION_TWO || - (is_tls13 && serde_version < SSL3_STATE_SERDE_VERSION_TWO) || - !CBS_get_asn1(&s3, &read_seq, CBS_ASN1_OCTETSTRING) || + serde_version > SSL3_STATE_SERDE_VERSION_THREE || + (is_tls13 && serde_version < SSL3_STATE_SERDE_VERSION_TWO)){ + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL3_STATE); + return 0; + } + + bool is_pre_v3 = (serde_version < SSL3_STATE_SERDE_VERSION_THREE); + + if (!CBS_get_asn1(&s3, &read_seq, CBS_ASN1_OCTETSTRING) || CBS_len(&read_seq) != TLS_SEQ_NUM_SIZE || !CBS_get_asn1(&s3, &write_seq, CBS_ASN1_OCTETSTRING) || CBS_len(&write_seq) != TLS_SEQ_NUM_SIZE || @@ -485,11 +492,13 @@ static int SSL3_STATE_from_bytes(SSL *ssl, CBS *cbs, const SSL_CTX *ctx) { !CBS_get_asn1_uint64(&s3, &early_data_reason) || early_data_reason > ssl_early_data_reason_max_value || !CBS_get_asn1(&s3, &previous_client_finished, CBS_ASN1_OCTETSTRING) || - CBS_len(&previous_client_finished) != PREV_FINISHED_MAX_SIZE || + (is_pre_v3 && CBS_len(&previous_client_finished) != 12) || + (!is_pre_v3 && CBS_len(&previous_client_finished) != PREV_FINISHED_MAX_SIZE) || !CBS_get_asn1_uint64(&s3, &previous_client_finished_len) || previous_client_finished_len > PREV_FINISHED_MAX_SIZE || !CBS_get_asn1(&s3, &previous_server_finished, CBS_ASN1_OCTETSTRING) || - CBS_len(&previous_server_finished) != PREV_FINISHED_MAX_SIZE || + (is_pre_v3 && CBS_len(&previous_server_finished) != 12) || + (!is_pre_v3 && CBS_len(&previous_server_finished) != PREV_FINISHED_MAX_SIZE) || !CBS_get_asn1_uint64(&s3, &previous_server_finished_len) || previous_server_finished_len > PREV_FINISHED_MAX_SIZE || !CBS_get_asn1_uint64(&s3, &empty_record_count) || @@ -521,7 +530,7 @@ static int SSL3_STATE_from_bytes(SSL *ssl, CBS *cbs, const SSL_CTX *ctx) { return 0; } - bool is_v2 = (serde_version == SSL3_STATE_SERDE_VERSION_TWO); + bool is_v2 = (serde_version >= SSL3_STATE_SERDE_VERSION_TWO); // We should have no more data at this point if we are deserializing v1 // encoding. diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc index 9c84804e00a..6e894f9f36e 100644 --- a/ssl/tls13_both.cc +++ b/ssl/tls13_both.cc @@ -381,6 +381,22 @@ bool tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg, return false; } + if (verify_data.size() > sizeof(ssl->s3->previous_client_finished) || + verify_data.size() > sizeof(ssl->s3->previous_server_finished)) { + OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); + return ssl_hs_error; + } + + if (ssl->server) { + OPENSSL_memcpy(ssl->s3->previous_client_finished, verify_data.data(), + verify_data.size()); + ssl->s3->previous_client_finished_len = verify_data.size(); + } else { + OPENSSL_memcpy(ssl->s3->previous_server_finished, verify_data.data(), + verify_data.size()); + ssl->s3->previous_server_finished_len = verify_data.size(); + } + return true; } @@ -605,6 +621,22 @@ bool tls13_add_finished(SSL_HANDSHAKE *hs) { return false; } + if (verify_data_len > sizeof(ssl->s3->previous_client_finished) || + verify_data_len > sizeof(ssl->s3->previous_server_finished)) { + OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); + return ssl_hs_error; + } + + if (ssl->server) { + OPENSSL_memcpy(ssl->s3->previous_server_finished, verify_data, + verify_data_len); + ssl->s3->previous_server_finished_len = verify_data_len; + } else { + OPENSSL_memcpy(ssl->s3->previous_client_finished, verify_data, + verify_data_len); + ssl->s3->previous_client_finished_len = verify_data_len; + } + ScopedCBB cbb; CBB body; if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_FINISHED) ||