Add support for certificate status requests in TLS 1.3 client

ok jsing@, tb@, inoguchi@
author: beck <> 2020-05-09 15:05:50 +0000
committer: beck <> 2020-05-09 15:05:50 +0000
commit: d8d05819bc6b554eb44da0193703d6c98b4261e0 (patch)
tree: fb8b2a349e65dbf5e714a450a02a712fb9017664
parent: 34e6d9a25c5b927d958c8283776ec93b9c531ef5 (diff)
download: openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.tar.gz
openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.tar.bz2
openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.zip
4 files changed, 81 insertions, 12 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index cb2b2cadc7..bc122686c9 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.64 2020/05/09 10:51:55 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.65 2020/05/09 15:05:50 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -921,12 +921,43 @@ tlsext_ocsp_server_build(SSL *s, CBB *cbb)
 int
 tlsext_ocsp_client_parse(SSL *s, CBS *cbs, int *alert)
 {
-        if (s->tlsext_status_type == -1) {
+        CBS response;
-                *alert = TLS1_AD_UNSUPPORTED_EXTENSION;
+        size_t stow_len;
-                return 0;
+        uint16_t version = TLS1_get_client_version(s);
+        uint8_t status_type;
+        if (version >= TLS1_3_VERSION) {
+                if (!CBS_get_u8(cbs, &status_type)) {
+                        SSLerror(s, SSL_R_LENGTH_MISMATCH);
+                        return 0;
+                }
+                if (status_type != TLSEXT_STATUSTYPE_ocsp) {
+                        SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE);
+                        return 0;
+                }
+                if (!CBS_get_u24_length_prefixed(cbs, &response)) {
+                        SSLerror(s, SSL_R_LENGTH_MISMATCH);
+                        return 0;
+                }
+                if (CBS_len(&response) > 65536) {
+                        SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
+                        return 0;
+                }
+                if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
+                    &stow_len)) {
+                        s->internal->tlsext_ocsp_resplen = 0;
+                        *alert = SSL_AD_INTERNAL_ERROR;
+                        return 0;
+                }
+                s->internal->tlsext_ocsp_resplen = (int)stow_len;
+        } else {
+                if (s->tlsext_status_type == -1) {
+                        *alert = TLS1_AD_UNSUPPORTED_EXTENSION;
+                        return 0;
+                }
+                /* Set flag to expect CertificateStatus message */
+                s->internal->tlsext_status_expected = 1;
        }
-        /* Set flag to expect CertificateStatus message */
-        s->internal->tlsext_status_expected = 1;
        return 1;
 }
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 79318d9313..aab83dcc69 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.54 2020/04/28 20:37:22 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.55 2020/05/09 15:05:50 beck Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -550,13 +550,13 @@ tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs)
 int
 tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
 {
-        CBS cert_request_context, cert_list, cert_data, cert_exts;
+        CBS cert_request_context, cert_list, cert_data;
        struct stack_st_X509 *certs = NULL;
        SSL *s = ctx->ssl;
        X509 *cert = NULL;
        EVP_PKEY *pkey;
        const uint8_t *p;
-        int cert_idx;
+        int cert_idx, alert_desc;
        int ret = 0;
        if ((certs = sk_X509_new_null()) == NULL)
@@ -572,8 +572,12 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
        while (CBS_len(&cert_list) > 0) {
                if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))
                        goto err;
-                if (!CBS_get_u16_length_prefixed(&cert_list, &cert_exts))
+                if (!tlsext_client_parse(ctx->ssl, &cert_list, &alert_desc,
+                    SSL_TLSEXT_MSG_CT)) {
+                        ctx->alert = alert_desc;
                        goto err;
+                }
                p = CBS_data(&cert_data);
                if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL)
@@ -628,6 +632,10 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
        s->session->peer = cert;
        s->session->verify_result = s->verify_result;
+        if (ctx->ocsp_status_recv_cb != NULL &&
+            !ctx->ocsp_status_recv_cb(ctx))
+                goto err;
        ret = 1;
 err:
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index d53672dbfe..b699b20501 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.67 2020/04/28 20:37:22 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.68 2020/05/09 15:05:50 beck Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -51,6 +51,7 @@ typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg);
 typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen,
    void *_cb_arg);
 typedef void (*tls13_handshake_message_cb)(void *_cb_arg);
+typedef int (*tls13_ocsp_status_cb)(void *_cb_arg);
 /*
 * Buffers.
@@ -233,6 +234,7 @@ struct tls13_ctx {
        tls13_handshake_message_cb handshake_message_sent_cb;
        tls13_handshake_message_cb handshake_message_recv_cb;
+        tls13_ocsp_status_cb ocsp_status_recv_cb;
 };
 #ifndef TLS13_PHH_LIMIT_TIME
 #define TLS13_PHH_LIMIT_TIME 3600
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 199f43ca16..37f300ae43 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.36 2020/04/28 20:30:41 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.37 2020/05/09 15:05:50 beck Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -163,6 +163,33 @@ tls13_legacy_handshake_message_sent_cb(void *arg)
 }
 static int
+tls13_legacy_ocsp_status_recv_cb(void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *s = ctx->ssl;
+        int ret;
+        if (s->ctx->internal->tlsext_status_cb == NULL ||
+            s->internal->tlsext_ocsp_resplen == 0)
+                return 1;
+        ret = s->ctx->internal->tlsext_status_cb(s,
+            s->ctx->internal->tlsext_status_arg);
+        if (ret < 0) {
+                ctx->alert = SSL_AD_INTERNAL_ERROR;
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        if (ret == 0) {
+                ctx->alert = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+                SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
+                return 0;
+        }
+        return 1;
+}
+static int
 tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx)
 {
        struct tls13_secrets *secrets = ctx->hs->secrets;
@@ -322,6 +349,7 @@ tls13_ctx_new(int mode)
        ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
        ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
+        ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
        return ctx;
author	beck <>	2020-05-09 15:05:50 +0000
committer	beck <>	2020-05-09 15:05:50 +0000
commit	d8d05819bc6b554eb44da0193703d6c98b4261e0 (patch)
tree	fb8b2a349e65dbf5e714a450a02a712fb9017664
parent	34e6d9a25c5b927d958c8283776ec93b9c531ef5 (diff)
download	openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.tar.gz openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.tar.bz2 openbsd-d8d05819bc6b554eb44da0193703d6c98b4261e0.zip

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index cb2b2cadc7..bc122686c9 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.64 2020/05/09 10:51:55 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.65 2020/05/09 15:05:50 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -921,12 +921,43 @@ tlsext_ocsp_server_build(SSL s, CBB cbb)
921	int	921	int
922	tlsext_ocsp_client_parse(SSL s, CBS cbs, int *alert)	922	tlsext_ocsp_client_parse(SSL s, CBS cbs, int *alert)
923	{	923	{
924	if (s->tlsext_status_type == -1) {	924	CBS response;
925	*alert = TLS1_AD_UNSUPPORTED_EXTENSION;	925	size_t stow_len;
926	return 0;	926	uint16_t version = TLS1_get_client_version(s);
		927	uint8_t status_type;
		928
		929	if (version >= TLS1_3_VERSION) {
		930	if (!CBS_get_u8(cbs, &status_type)) {
		931	SSLerror(s, SSL_R_LENGTH_MISMATCH);
		932	return 0;
		933	}
		934	if (status_type != TLSEXT_STATUSTYPE_ocsp) {
		935	SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE);
		936	return 0;
		937	}
		938	if (!CBS_get_u24_length_prefixed(cbs, &response)) {
		939	SSLerror(s, SSL_R_LENGTH_MISMATCH);
		940	return 0;
		941	}
		942	if (CBS_len(&response) > 65536) {
		943	SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
		944	return 0;
		945	}
		946	if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
		947	&stow_len)) {
		948	s->internal->tlsext_ocsp_resplen = 0;
		949	*alert = SSL_AD_INTERNAL_ERROR;
		950	return 0;
		951	}
		952	s->internal->tlsext_ocsp_resplen = (int)stow_len;
		953	} else {
		954	if (s->tlsext_status_type == -1) {
		955	*alert = TLS1_AD_UNSUPPORTED_EXTENSION;
		956	return 0;
		957	}
		958	/* Set flag to expect CertificateStatus message */
		959	s->internal->tlsext_status_expected = 1;
927	}	960	}
928	/* Set flag to expect CertificateStatus message */
929	s->internal->tlsext_status_expected = 1;
930	return 1;	961	return 1;
931	}	962	}
932		963


diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 79318d9313..aab83dcc69 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.54 2020/04/28 20:37:22 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.55 2020/05/09 15:05:50 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -550,13 +550,13 @@ tls13_server_certificate_request_recv(struct tls13_ctx ctx, CBS cbs)
550	int	550	int
551	tls13_server_certificate_recv(struct tls13_ctx ctx, CBS cbs)	551	tls13_server_certificate_recv(struct tls13_ctx ctx, CBS cbs)
552	{	552	{
553	CBS cert_request_context, cert_list, cert_data, cert_exts;	553	CBS cert_request_context, cert_list, cert_data;
554	struct stack_st_X509 *certs = NULL;	554	struct stack_st_X509 *certs = NULL;
555	SSL *s = ctx->ssl;	555	SSL *s = ctx->ssl;
556	X509 *cert = NULL;	556	X509 *cert = NULL;
557	EVP_PKEY *pkey;	557	EVP_PKEY *pkey;
558	const uint8_t *p;	558	const uint8_t *p;
559	int cert_idx;	559	int cert_idx, alert_desc;
560	int ret = 0;	560	int ret = 0;
561		561
562	if ((certs = sk_X509_new_null()) == NULL)	562	if ((certs = sk_X509_new_null()) == NULL)
@@ -572,8 +572,12 @@ tls13_server_certificate_recv(struct tls13_ctx ctx, CBS cbs)
572	while (CBS_len(&cert_list) > 0) {	572	while (CBS_len(&cert_list) > 0) {
573	if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))	573	if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))
574	goto err;	574	goto err;
575	if (!CBS_get_u16_length_prefixed(&cert_list, &cert_exts))	575
		576	if (!tlsext_client_parse(ctx->ssl, &cert_list, &alert_desc,
		577	SSL_TLSEXT_MSG_CT)) {
		578	ctx->alert = alert_desc;
576	goto err;	579	goto err;
		580	}
577		581
578	p = CBS_data(&cert_data);	582	p = CBS_data(&cert_data);
579	if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL)	583	if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL)
@@ -628,6 +632,10 @@ tls13_server_certificate_recv(struct tls13_ctx ctx, CBS cbs)
628	s->session->peer = cert;	632	s->session->peer = cert;
629	s->session->verify_result = s->verify_result;	633	s->session->verify_result = s->verify_result;
630		634
		635	if (ctx->ocsp_status_recv_cb != NULL &&
		636	!ctx->ocsp_status_recv_cb(ctx))
		637	goto err;
		638
631	ret = 1;	639	ret = 1;
632		640
633	err:	641	err:


diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index d53672dbfe..b699b20501 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_internal.h,v 1.67 2020/04/28 20:37:22 jsing Exp $ */	1	/* $OpenBSD: tls13_internal.h,v 1.68 2020/05/09 15:05:50 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -51,6 +51,7 @@ typedef ssize_t (tls13_read_cb)(void _buf, size_t _buflen, void *_cb_arg);
51	typedef ssize_t (tls13_write_cb)(const void _buf, size_t _buflen,	51	typedef ssize_t (tls13_write_cb)(const void _buf, size_t _buflen,
52	void *_cb_arg);	52	void *_cb_arg);
53	typedef void (tls13_handshake_message_cb)(void _cb_arg);	53	typedef void (tls13_handshake_message_cb)(void _cb_arg);
		54	typedef int (tls13_ocsp_status_cb)(void _cb_arg);
54		55
55	/*	56	/*
56	* Buffers.	57	* Buffers.
@@ -233,6 +234,7 @@ struct tls13_ctx {
233		234
234	tls13_handshake_message_cb handshake_message_sent_cb;	235	tls13_handshake_message_cb handshake_message_sent_cb;
235	tls13_handshake_message_cb handshake_message_recv_cb;	236	tls13_handshake_message_cb handshake_message_recv_cb;
		237	tls13_ocsp_status_cb ocsp_status_recv_cb;
236	};	238	};
237	#ifndef TLS13_PHH_LIMIT_TIME	239	#ifndef TLS13_PHH_LIMIT_TIME
238	#define TLS13_PHH_LIMIT_TIME 3600	240	#define TLS13_PHH_LIMIT_TIME 3600


diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 199f43ca16..37f300ae43 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_lib.c,v 1.36 2020/04/28 20:30:41 jsing Exp $ */	1	/* $OpenBSD: tls13_lib.c,v 1.37 2020/05/09 15:05:50 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -163,6 +163,33 @@ tls13_legacy_handshake_message_sent_cb(void *arg)
163	}	163	}
164		164
165	static int	165	static int
		166	tls13_legacy_ocsp_status_recv_cb(void *arg)
		167	{
		168	struct tls13_ctx *ctx = arg;
		169	SSL *s = ctx->ssl;
		170	int ret;
		171
		172	if (s->ctx->internal->tlsext_status_cb == NULL \|\|
		173	s->internal->tlsext_ocsp_resplen == 0)
		174	return 1;
		175
		176	ret = s->ctx->internal->tlsext_status_cb(s,
		177	s->ctx->internal->tlsext_status_arg);
		178	if (ret < 0) {
		179	ctx->alert = SSL_AD_INTERNAL_ERROR;
		180	SSLerror(s, ERR_R_MALLOC_FAILURE);
		181	return 0;
		182	}
		183	if (ret == 0) {
		184	ctx->alert = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
		185	SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
		186	return 0;
		187	}
		188
		189	return 1;
		190	}
		191
		192	static int
166	tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx)	193	tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx)
167	{	194	{
168	struct tls13_secrets *secrets = ctx->hs->secrets;	195	struct tls13_secrets *secrets = ctx->hs->secrets;
@@ -322,6 +349,7 @@ tls13_ctx_new(int mode)
322		349
323	ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;	350	ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
324	ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;	351	ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
		352	ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
325		353
326	return ctx;	354	return ctx;
327		355