diff options
Diffstat (limited to 'lib/ssl/ssl3con.c')
| -rw-r--r-- | lib/ssl/ssl3con.c | 53 |
1 files changed, 49 insertions, 4 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 8e418a458..982d8587b 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -5099,6 +5099,18 @@ ssl3_AppendCipherSuites(sslSocket *ss, PRBool fallbackSCSV, sslBuffer *buf) } } } + + /* GREASE CipherSuites: + * A client MAY select one or more GREASE cipher suite values and advertise + * them in the "cipher_suites" field [RFC8701, Section 3.1]. */ + if (ss->opt.enableGrease && ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3) { + rv = sslBuffer_AppendNumber(buf, ss->ssl3.hs.grease->idx[grease_cipher], + sizeof(ssl3CipherSuite)); + if (rv != SECSuccess) { + return SECFailure; + } + } + if (SSL_ALL_VERSIONS_DISABLED(&ss->vrange) || (SSL_BUFFER_LEN(buf) - saveLen) == 0) { PORT_SetError(SSL_ERROR_SSL_DISABLED); @@ -10200,7 +10212,7 @@ ssl3_SendServerKeyExchange(sslSocket *ss) SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool forCert, - sslBuffer *buf) + PRBool grease, sslBuffer *buf) { SSLSignatureScheme filtered[MAX_SIGNATURE_SCHEMES] = { 0 }; unsigned int filteredCount = 0; @@ -10211,12 +10223,12 @@ ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool forCert, if (rv != SECSuccess) { return SECFailure; } - return ssl3_EncodeFilteredSigAlgs(ss, filtered, filteredCount, buf); + return ssl3_EncodeFilteredSigAlgs(ss, filtered, filteredCount, grease, buf); } SECStatus ssl3_EncodeFilteredSigAlgs(const sslSocket *ss, const SSLSignatureScheme *schemes, - PRUint32 numSchemes, sslBuffer *buf) + PRUint32 numSchemes, PRBool grease, sslBuffer *buf) { if (!numSchemes) { PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); @@ -10237,6 +10249,35 @@ ssl3_EncodeFilteredSigAlgs(const sslSocket *ss, const SSLSignatureScheme *scheme return SECFailure; } } + + /* GREASE SignatureAlgorithms: + * A client MAY select one or more GREASE signature algorithm values and + * advertise them in the "signature_algorithms" or + * "signature_algorithms_cert" extensions, if sent [RFC8701, Section 3.1]. + * + * When sending a CertificateRequest in TLS 1.3, a server MAY behave as + * follows: [...] A server MAY select one or more GREASE signature + * algorithm values and advertise them in the "signature_algorithms" or + * "signature_algorithms_cert" extensions, if present + * [RFC8701, Section 4.1]. */ + if (grease && + ((!ss->sec.isServer && ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3) || + (ss->sec.isServer && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3))) { + PRUint16 value; + if (ss->sec.isServer) { + rv = tls13_RandomGreaseValue(&value); + if (rv != SECSuccess) { + return SECFailure; + } + } else { + value = ss->ssl3.hs.grease->idx[grease_sigalg]; + } + rv = sslBuffer_AppendNumber(buf, value, 2); + if (rv != SECSuccess) { + return SECFailure; + } + } + return sslBuffer_InsertLength(buf, lengthOffset, 2); } @@ -10328,7 +10369,8 @@ ssl3_SendCertificateRequest(sslSocket *ss) length = 1 + certTypesLength + 2 + calen; if (isTLS12) { - rv = ssl3_EncodeSigAlgs(ss, ss->version, PR_TRUE /* forCert */, &sigAlgsBuf); + rv = ssl3_EncodeSigAlgs(ss, ss->version, PR_TRUE /* forCert */, + PR_FALSE /* GREASE */, &sigAlgsBuf); if (rv != SECSuccess) { return rv; } @@ -14089,6 +14131,9 @@ ssl3_DestroySSL3Info(sslSocket *ss) PK11_HPKE_DestroyContext(ss->ssl3.hs.echHpkeCtx, PR_TRUE); PORT_Free((void *)ss->ssl3.hs.echPublicName); /* CONST */ sslBuffer_Clear(&ss->ssl3.hs.greaseEchBuf); + + /* TLS 1.3 GREASE (client) state. */ + tls13_ClientGreaseDestroy(ss); } /* check if the current cipher spec is FIPS. We only need to |