/* Handle an incoming KeyShare extension at the client and copy to * |xtnData->remoteKeyShares| for future use. The key * share is processed in tls13_HandleServerKeyShare(). */ SECStatus tls13_ClientHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data) { SECStatus rv; PORT_Assert(PR_CLIST_IS_EMPTY(&xtnData->remoteKeyShares)); PORT_Assert(!ss->sec.isServer); /* The server must not send this extension when negotiating < TLS 1.3. */ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { PORT_SetError(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION); return SECFailure; } SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension", SSL_GETPID(), ss->fd)); rv = tls13_HandleKeyShareEntry(ss, xtnData, data); if (rv != SECSuccess) { PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE); return SECFailure; } if (data->len) { PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE); return SECFailure; } return SECSuccess; }
/* Handle an incoming KeyShare extension at the client and copy to * |xtnData->remoteKeyShares| for future use. The key * share is processed in tls13_HandleServerKeyShare(). */ SECStatus tls13_ClientHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data) { SECStatus rv; PORT_Assert(PR_CLIST_IS_EMPTY(&xtnData->remoteKeyShares)); PORT_Assert(!ss->sec.isServer); if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { /* This can't happen because the extension processing * code filters out TLS 1.3 extensions when not in * TLS 1.3 mode. */ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension", SSL_GETPID(), ss->fd)); rv = tls13_HandleKeyShareEntry(ss, xtnData, data); if (rv != SECSuccess) { PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE); return SECFailure; } if (data->len) { PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE); return SECFailure; } return SECSuccess; }
/* Handle an incoming KeyShare extension at the server and copy to * |xtnData->remoteKeyShares| for future use. The key * share is processed in tls13_HandleClientKeyShare(). */ SECStatus tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data) { SECStatus rv; PRUint32 length; PORT_Assert(ss->sec.isServer); PORT_Assert(PR_CLIST_IS_EMPTY(&xtnData->remoteKeyShares)); if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { return SECSuccess; } SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension", SSL_GETPID(), ss->fd)); /* Redundant length because of TLS encoding (this vector consumes * the entire extension.) */ rv = ssl3_ExtConsumeHandshakeNumber(ss, &length, 2, &data->data, &data->len); if (rv != SECSuccess) goto loser; if (length != data->len) { /* Check for consistency */ PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE); goto loser; } while (data->len) { rv = tls13_HandleKeyShareEntry(ss, xtnData, data); if (rv != SECSuccess) goto loser; } /* Check that the client only offered one share if this is * after HRR. */ if (ss->ssl3.hs.helloRetry) { if (PR_PREV_LINK(&xtnData->remoteKeyShares) != PR_NEXT_LINK(&xtnData->remoteKeyShares)) { PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); goto loser; } } return SECSuccess; loser: tls13_DestroyKeyShares(&xtnData->remoteKeyShares); return SECFailure; }