Start rewriting TLS extension handling.

Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code. Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process. Discussed with beck@ ok inoguchi@
author: jsing <> 2017-07-16 18:14:37 +0000
committer: jsing <> 2017-07-16 18:14:37 +0000
commit: 231770c97badca4c3da92986469ccbd7bf13471d (patch)
tree: d9fc4f0686256f704a616fd78164deb16cbfba14 /src/lib/libssl/ssl_tlsext.c
parent: 78c8f5de9ccfc2a6133cb7cb00d67a257d2d4f46 (diff)
download: openbsd-231770c97badca4c3da92986469ccbd7bf13471d.tar.gz
openbsd-231770c97badca4c3da92986469ccbd7bf13471d.tar.bz2
openbsd-231770c97badca4c3da92986469ccbd7bf13471d.zip
1 files changed, 261 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
new file mode 100644
index 0000000000..18ac98103a
--- /dev/null
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -0,0 +1,261 @@
+/* $OpenBSD: ssl_tlsext.c,v 1.1 2017/07/16 18:14:37 jsing Exp $ */
+/*
+ * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "ssl_locl.h"
+#include "bytestring.h"
+#include "ssl_tlsext.h"
+/*
+ * Server Name Indication - RFC 6066, section 3.
+ */
+int
+tlsext_sni_clienthello_needs(SSL *s)
+{
+        return (s->tlsext_hostname != NULL);
+}
+int
+tlsext_sni_clienthello_build(SSL *s, CBB *cbb)
+{
+        CBB server_name_list, host_name;
+        if (!CBB_add_u16_length_prefixed(cbb, &server_name_list))
+                return 0;
+        if (!CBB_add_u8(&server_name_list, TLSEXT_NAMETYPE_host_name))
+                return 0;
+        if (!CBB_add_u16_length_prefixed(&server_name_list, &host_name))
+                return 0;
+        if (!CBB_add_bytes(&host_name, (const uint8_t *)s->tlsext_hostname,
+            strlen(s->tlsext_hostname)))
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
+}
+int
+tlsext_sni_clienthello_parse(SSL *s, CBS *cbs, int *alert)
+{
+        CBS server_name_list, host_name;
+        uint8_t name_type;
+        if (!CBS_get_u16_length_prefixed(cbs, &server_name_list))
+                goto err;
+        /*
+         * RFC 6066 section 3 forbids multiple host names with the same type.
+         * Additionally, only one type (host_name) is specified.
+         */
+        if (!CBS_get_u8(&server_name_list, &name_type))
+                goto err;
+        if (name_type != TLSEXT_NAMETYPE_host_name)
+                goto err;
+        if (!CBS_get_u16_length_prefixed(&server_name_list, &host_name))
+                goto err;
+        if (CBS_len(&host_name) == 0 ||
+            CBS_len(&host_name) > TLSEXT_MAXLEN_host_name ||
+            CBS_contains_zero_byte(&host_name)) {
+                *alert = TLS1_AD_UNRECOGNIZED_NAME;
+                return 0;
+        }
+        if (s->internal->hit) {
+                if (s->session->tlsext_hostname == NULL) {
+                        *alert = TLS1_AD_UNRECOGNIZED_NAME;
+                        return 0;
+                }
+                if (!CBS_mem_equal(&host_name, s->session->tlsext_hostname,
+                    strlen(s->session->tlsext_hostname))) {
+                        *alert = TLS1_AD_UNRECOGNIZED_NAME;
+                        return 0;
+                }
+        } else {
+                if (s->session->tlsext_hostname != NULL)
+                        goto err;
+                if (!CBS_strdup(&host_name, &s->session->tlsext_hostname)) {
+                        *alert = TLS1_AD_INTERNAL_ERROR;
+                        return 0;
+                }
+        }
+        if (CBS_len(&server_name_list) != 0)
+                goto err;
+        if (CBS_len(cbs) != 0)
+                goto err;
+        return 1;
+ err:
+        *alert = SSL_AD_DECODE_ERROR;
+        return 0;
+}
+int
+tlsext_sni_serverhello_needs(SSL *s)
+{
+        return (s->session->tlsext_hostname != NULL);
+}
+int
+tlsext_sni_serverhello_build(SSL *s, CBB *cbb)
+{
+        return 1;
+}
+int
+tlsext_sni_serverhello_parse(SSL *s, CBS *cbs, int *alert)
+{
+        if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) {
+                *alert = TLS1_AD_UNRECOGNIZED_NAME;
+                return 0;
+        }
+        return 1;
+}
+struct tls_extension {
+        uint16_t type;
+        int (*clienthello_needs)(SSL *s);
+        int (*clienthello_build)(SSL *s, CBB *cbb);
+        int (*clienthello_parse)(SSL *s, CBS *cbs, int *alert);
+        int (*serverhello_needs)(SSL *s);
+        int (*serverhello_build)(SSL *s, CBB *cbb);
+        int (*serverhello_parse)(SSL *s, CBS *cbs, int *alert);
+};
+static struct tls_extension tls_extensions[] = {
+        {
+                .type = TLSEXT_TYPE_server_name,
+                .clienthello_needs = tlsext_sni_clienthello_needs,
+                .clienthello_build = tlsext_sni_clienthello_build,
+                .clienthello_parse = tlsext_sni_clienthello_parse,
+                .serverhello_needs = tlsext_sni_serverhello_needs,
+                .serverhello_build = tlsext_sni_serverhello_build,
+                .serverhello_parse = tlsext_sni_serverhello_parse,
+        },
+};
+#define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))
+int
+tlsext_clienthello_build(SSL *s, CBB *cbb)
+{
+        struct tls_extension *tlsext;
+        CBB extension_data;
+        size_t i;
+        memset(&extension_data, 0, sizeof(extension_data));
+        for (i = 0; i < N_TLS_EXTENSIONS; i++) {
+                tlsext = &tls_extensions[i];
+                if (!tlsext->clienthello_needs(s))
+                        continue;
+                
+                if (!CBB_add_u16(cbb, tlsext->type))
+                        return 0;
+                if (!CBB_add_u16_length_prefixed(cbb, &extension_data))
+                        return 0;
+                if (!tls_extensions[i].clienthello_build(s, &extension_data))
+                        return 0;
+                if (!CBB_flush(cbb))
+                        return 0;
+        }
+        return 1;
+}
+int
+tlsext_clienthello_parse_one(SSL *s, CBS *cbs, uint16_t type, int *alert)
+{
+        struct tls_extension *tlsext;
+        size_t i;
+        for (i = 0; i < N_TLS_EXTENSIONS; i++) {
+                tlsext = &tls_extensions[i];
+                if (tlsext->type != type)
+                        continue;
+                if (!tlsext->clienthello_parse(s, cbs, alert))
+                        return 0;
+                if (CBS_len(cbs) != 0) {
+                        *alert = SSL_AD_DECODE_ERROR;
+                        return 0;
+                }
+                return 1;
+        }
+        /* Not found. */
+        return 2;
+}
+int
+tlsext_serverhello_build(SSL *s, CBB *cbb)
+{
+        struct tls_extension *tlsext;
+        CBB extension_data;
+        size_t i;
+        memset(&extension_data, 0, sizeof(extension_data));
+        for (i = 0; i < N_TLS_EXTENSIONS; i++) {
+                tlsext = &tls_extensions[i];
+                if (!tlsext->serverhello_needs(s))
+                        continue;
+                
+                if (!CBB_add_u16(cbb, tlsext->type))
+                        return 0;
+                if (!CBB_add_u16_length_prefixed(cbb, &extension_data))
+                        return 0;
+                if (!tlsext->serverhello_build(s, &extension_data))
+                        return 0;
+                if (!CBB_flush(cbb))
+                        return 0;
+        }
+        return 1;
+}
+int
+tlsext_serverhello_parse_one(SSL *s, CBS *cbs, uint16_t type, int *alert)
+{
+        struct tls_extension *tlsext;
+        size_t i;
+        for (i = 0; i < N_TLS_EXTENSIONS; i++) {
+                tlsext = &tls_extensions[i];
+                if (tlsext->type != type)
+                        continue;
+                if (!tlsext->serverhello_parse(s, cbs, alert))
+                        return 0;
+                if (CBS_len(cbs) != 0) {
+                        *alert = SSL_AD_DECODE_ERROR;
+                        return 0;
+                }
+                return 1;
+        }
+        /* Not found. */
+        return 2;
+}
author	jsing <>	2017-07-16 18:14:37 +0000
committer	jsing <>	2017-07-16 18:14:37 +0000
commit	231770c97badca4c3da92986469ccbd7bf13471d (patch)
tree	d9fc4f0686256f704a616fd78164deb16cbfba14 /src/lib/libssl/ssl_tlsext.c
parent	78c8f5de9ccfc2a6133cb7cb00d67a257d2d4f46 (diff)
download	openbsd-231770c97badca4c3da92986469ccbd7bf13471d.tar.gz openbsd-231770c97badca4c3da92986469ccbd7bf13471d.tar.bz2 openbsd-231770c97badca4c3da92986469ccbd7bf13471d.zip

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c new file mode 100644 index 0000000000..18ac98103a --- /dev/null +++ b/src/lib/libssl/ssl_tlsext.c
@@ -0,0 +1,261 @@
	1	/* $OpenBSD: ssl_tlsext.c,v 1.1 2017/07/16 18:14:37 jsing Exp $ */
	2	/*
	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include "ssl_locl.h"
	19
	20	#include "bytestring.h"
	21	#include "ssl_tlsext.h"
	22
	23	/*
	24	* Server Name Indication - RFC 6066, section 3.
	25	*/
	26	int
	27	tlsext_sni_clienthello_needs(SSL *s)
	28	{
	29	return (s->tlsext_hostname != NULL);
	30	}
	31
	32	int
	33	tlsext_sni_clienthello_build(SSL s, CBB cbb)
	34	{
	35	CBB server_name_list, host_name;
	36
	37	if (!CBB_add_u16_length_prefixed(cbb, &server_name_list))
	38	return 0;
	39	if (!CBB_add_u8(&server_name_list, TLSEXT_NAMETYPE_host_name))
	40	return 0;
	41	if (!CBB_add_u16_length_prefixed(&server_name_list, &host_name))
	42	return 0;
	43	if (!CBB_add_bytes(&host_name, (const uint8_t *)s->tlsext_hostname,
	44	strlen(s->tlsext_hostname)))
	45	return 0;
	46	if (!CBB_flush(cbb))
	47	return 0;
	48
	49	return 1;
	50	}
	51
	52	int
	53	tlsext_sni_clienthello_parse(SSL s, CBS cbs, int *alert)
	54	{
	55	CBS server_name_list, host_name;
	56	uint8_t name_type;
	57
	58	if (!CBS_get_u16_length_prefixed(cbs, &server_name_list))
	59	goto err;
	60
	61	/*
	62	* RFC 6066 section 3 forbids multiple host names with the same type.
	63	* Additionally, only one type (host_name) is specified.
	64	*/
	65	if (!CBS_get_u8(&server_name_list, &name_type))
	66	goto err;
	67	if (name_type != TLSEXT_NAMETYPE_host_name)
	68	goto err;
	69
	70	if (!CBS_get_u16_length_prefixed(&server_name_list, &host_name))
	71	goto err;
	72	if (CBS_len(&host_name) == 0 \|\|
	73	CBS_len(&host_name) > TLSEXT_MAXLEN_host_name \|\|
	74	CBS_contains_zero_byte(&host_name)) {
	75	*alert = TLS1_AD_UNRECOGNIZED_NAME;
	76	return 0;
	77	}
	78
	79	if (s->internal->hit) {
	80	if (s->session->tlsext_hostname == NULL) {
	81	*alert = TLS1_AD_UNRECOGNIZED_NAME;
	82	return 0;
	83	}
	84	if (!CBS_mem_equal(&host_name, s->session->tlsext_hostname,
	85	strlen(s->session->tlsext_hostname))) {
	86	*alert = TLS1_AD_UNRECOGNIZED_NAME;
	87	return 0;
	88	}
	89	} else {
	90	if (s->session->tlsext_hostname != NULL)
	91	goto err;
	92	if (!CBS_strdup(&host_name, &s->session->tlsext_hostname)) {
	93	*alert = TLS1_AD_INTERNAL_ERROR;
	94	return 0;
	95	}
	96	}
	97
	98	if (CBS_len(&server_name_list) != 0)
	99	goto err;
	100	if (CBS_len(cbs) != 0)
	101	goto err;
	102
	103	return 1;
	104
	105	err:
	106	*alert = SSL_AD_DECODE_ERROR;
	107	return 0;
	108	}
	109
	110	int
	111	tlsext_sni_serverhello_needs(SSL *s)
	112	{
	113	return (s->session->tlsext_hostname != NULL);
	114	}
	115
	116	int
	117	tlsext_sni_serverhello_build(SSL s, CBB cbb)
	118	{
	119	return 1;
	120	}
	121
	122	int
	123	tlsext_sni_serverhello_parse(SSL s, CBS cbs, int *alert)
	124	{
	125	if (s->tlsext_hostname == NULL \|\| CBS_len(cbs) != 0) {
	126	*alert = TLS1_AD_UNRECOGNIZED_NAME;
	127	return 0;
	128	}
	129
	130	return 1;
	131	}
	132
	133	struct tls_extension {
	134	uint16_t type;
	135	int (clienthello_needs)(SSL s);
	136	int (clienthello_build)(SSL s, CBB *cbb);
	137	int (clienthello_parse)(SSL s, CBS cbs, int alert);
	138	int (serverhello_needs)(SSL s);
	139	int (serverhello_build)(SSL s, CBB *cbb);
	140	int (serverhello_parse)(SSL s, CBS cbs, int alert);
	141	};
	142
	143	static struct tls_extension tls_extensions[] = {
	144	{
	145	.type = TLSEXT_TYPE_server_name,
	146	.clienthello_needs = tlsext_sni_clienthello_needs,
	147	.clienthello_build = tlsext_sni_clienthello_build,
	148	.clienthello_parse = tlsext_sni_clienthello_parse,
	149	.serverhello_needs = tlsext_sni_serverhello_needs,
	150	.serverhello_build = tlsext_sni_serverhello_build,
	151	.serverhello_parse = tlsext_sni_serverhello_parse,
	152	},
	153	};
	154
	155	#define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))
	156
	157	int
	158	tlsext_clienthello_build(SSL s, CBB cbb)
	159	{
	160	struct tls_extension *tlsext;
	161	CBB extension_data;
	162	size_t i;
	163
	164	memset(&extension_data, 0, sizeof(extension_data));
	165
	166	for (i = 0; i < N_TLS_EXTENSIONS; i++) {
	167	tlsext = &tls_extensions[i];
	168
	169	if (!tlsext->clienthello_needs(s))
	170	continue;
	171
	172	if (!CBB_add_u16(cbb, tlsext->type))
	173	return 0;
	174	if (!CBB_add_u16_length_prefixed(cbb, &extension_data))
	175	return 0;
	176	if (!tls_extensions[i].clienthello_build(s, &extension_data))
	177	return 0;
	178	if (!CBB_flush(cbb))
	179	return 0;
	180	}
	181
	182	return 1;
	183	}
	184
	185	int
	186	tlsext_clienthello_parse_one(SSL s, CBS cbs, uint16_t type, int *alert)
	187	{
	188	struct tls_extension *tlsext;
	189	size_t i;
	190
	191	for (i = 0; i < N_TLS_EXTENSIONS; i++) {
	192	tlsext = &tls_extensions[i];
	193
	194	if (tlsext->type != type)
	195	continue;
	196	if (!tlsext->clienthello_parse(s, cbs, alert))
	197	return 0;
	198	if (CBS_len(cbs) != 0) {
	199	*alert = SSL_AD_DECODE_ERROR;
	200	return 0;
	201	}
	202
	203	return 1;
	204	}
	205
	206	/* Not found. */
	207	return 2;
	208	}
	209
	210	int
	211	tlsext_serverhello_build(SSL s, CBB cbb)
	212	{
	213	struct tls_extension *tlsext;
	214	CBB extension_data;
	215	size_t i;
	216
	217	memset(&extension_data, 0, sizeof(extension_data));
	218
	219	for (i = 0; i < N_TLS_EXTENSIONS; i++) {
	220	tlsext = &tls_extensions[i];
	221
	222	if (!tlsext->serverhello_needs(s))
	223	continue;
	224
	225	if (!CBB_add_u16(cbb, tlsext->type))
	226	return 0;
	227	if (!CBB_add_u16_length_prefixed(cbb, &extension_data))
	228	return 0;
	229	if (!tlsext->serverhello_build(s, &extension_data))
	230	return 0;
	231	if (!CBB_flush(cbb))
	232	return 0;
	233	}
	234
	235	return 1;
	236	}
	237
	238	int
	239	tlsext_serverhello_parse_one(SSL s, CBS cbs, uint16_t type, int *alert)
	240	{
	241	struct tls_extension *tlsext;
	242	size_t i;
	243
	244	for (i = 0; i < N_TLS_EXTENSIONS; i++) {
	245	tlsext = &tls_extensions[i];
	246
	247	if (tlsext->type != type)
	248	continue;
	249	if (!tlsext->serverhello_parse(s, cbs, alert))
	250	return 0;
	251	if (CBS_len(cbs) != 0) {
	252	*alert = SSL_AD_DECODE_ERROR;
	253	return 0;
	254	}
	255
	256	return 1;
	257	}
	258
	259	/* Not found. */
	260	return 2;
	261	}