summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorbeck <>2017-08-12 23:39:24 +0000
committerbeck <>2017-08-12 23:39:24 +0000
commitd14932b0913ef6f21bc09535d4eb1863708fefb6 (patch)
tree40af0a8b49ae13870bfa61315a2cd560fabe481c /src/lib
parent5ba659ad744cb6a4bab19f260e7ae9033a468660 (diff)
downloadopenbsd-d14932b0913ef6f21bc09535d4eb1863708fefb6.tar.gz
openbsd-d14932b0913ef6f21bc09535d4eb1863708fefb6.tar.bz2
openbsd-d14932b0913ef6f21bc09535d4eb1863708fefb6.zip
Rewrite the TLS status request extension to use the new TLS extension framework.
ok jsing@
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/ssl_tlsext.c171
-rw-r--r--src/lib/libssl/ssl_tlsext.h9
-rw-r--r--src/lib/libssl/t1_lib.c176
3 files changed, 179 insertions, 177 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 9db2d1ab41..646c59e5d6 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,7 +1,8 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.8 2017/08/12 21:47:59 jsing Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.9 2017/08/12 23:38:12 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
5 * Copyright (c) 2017 Bob Beck <beck@openbsd.org>
5 * 6 *
6 * Permission to use, copy, modify, and distribute this software for any 7 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above 8 * purpose with or without fee is hereby granted, provided that the above
@@ -15,6 +16,7 @@
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */ 18 */
19#include <openssl/ocsp.h>
18 20
19#include "ssl_locl.h" 21#include "ssl_locl.h"
20 22
@@ -551,6 +553,160 @@ tlsext_sni_serverhello_parse(SSL *s, CBS *cbs, int *alert)
551} 553}
552 554
553/* 555/*
556 *Certificate Status Request - RFC 6066 section 8.
557 */
558
559int
560tlsext_ocsp_clienthello_needs(SSL *s)
561{
562 return (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
563 s->version != DTLS1_VERSION);
564}
565
566int
567tlsext_ocsp_clienthello_build(SSL *s, CBB *cbb)
568{
569 CBB ocsp_respid_list, respid, exts;
570 unsigned char *ext_data;
571 size_t ext_len;
572 int i;
573
574 if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp))
575 return 0;
576 if (!CBB_add_u16_length_prefixed(cbb, &ocsp_respid_list))
577 return 0;
578 if (!CBB_add_u16_length_prefixed(cbb, &exts))
579 return 0;
580 for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) {
581 unsigned char *respid_data;
582 OCSP_RESPID *id;
583 size_t id_len;
584
585 if ((id = sk_OCSP_RESPID_value(s->internal->tlsext_ocsp_ids,
586 i)) == NULL)
587 return 0;
588 if ((id_len = i2d_OCSP_RESPID(id, NULL)) == -1)
589 return 0;
590 if (!CBB_add_u16_length_prefixed(&ocsp_respid_list, &respid))
591 return 0;
592 if (!CBB_add_space(&respid, &respid_data, id_len))
593 return 0;
594 if ((i2d_OCSP_RESPID(id, &respid_data)) != id_len)
595 return 0;
596 }
597 if ((ext_len = i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts,
598 NULL)) == -1)
599 return 0;
600 if (!CBB_add_space(&exts, &ext_data, ext_len))
601 return 0;
602 if ((i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, &ext_data) !=
603 ext_len))
604 return 0;
605 if (!CBB_flush(cbb))
606 return 0;
607 return 1;
608}
609
610int
611tlsext_ocsp_clienthello_parse(SSL *s, CBS *cbs, int *alert)
612{
613 int failure = SSL_AD_DECODE_ERROR;
614 unsigned char *respid_data = NULL;
615 unsigned char *ext_data = NULL;
616 size_t ext_len, respid_len;
617 uint8_t status_type;
618 CBS respids, exts;
619 int ret = 0;
620
621 if (!CBS_get_u8(cbs, &status_type))
622 goto err;
623 if (status_type != TLSEXT_STATUSTYPE_ocsp) {
624 /* ignore unknown status types */
625 s->tlsext_status_type = -1;
626 return 1;
627 }
628 s->tlsext_status_type = status_type;
629 if (!CBS_get_u16_length_prefixed(cbs, &respids))
630 goto err;
631
632 /* XXX */
633 sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
634 s->internal->tlsext_ocsp_ids = NULL;
635 if (CBS_len(cbs) > 0) {
636 s->internal->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
637 if (s->internal->tlsext_ocsp_ids == NULL) {
638 failure = SSL_AD_INTERNAL_ERROR;
639 goto err;
640 }
641 }
642
643 while (CBS_len(&respids) > 0) {
644 OCSP_RESPID *id = NULL;
645
646 if (!CBS_stow(cbs, &respid_data, &respid_len))
647 goto err;
648 if ((id = d2i_OCSP_RESPID(NULL,
649 (const unsigned char **)&respid_data, respid_len)) == NULL)
650 goto err;
651 if (!sk_OCSP_RESPID_push(s->internal->tlsext_ocsp_ids, id)) {
652 failure = SSL_AD_INTERNAL_ERROR;
653 OCSP_RESPID_free(id);
654 goto err;
655 }
656 free(respid_data);
657 respid_data = NULL;
658 }
659
660 /* Read in request_extensions */
661 if (!CBS_get_u16_length_prefixed(cbs, &exts))
662 goto err;
663 if (!CBS_stow(&exts, &ext_data, &ext_len))
664 goto err;
665 if (ext_len > 0) {
666 sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
667 X509_EXTENSION_free);
668 if ((s->internal->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL,
669 (const unsigned char **)&ext_data, ext_len)) == NULL)
670 goto err;
671 }
672 /* should be nothing left */
673 if (CBS_len(cbs) > 0)
674 goto err;
675
676 ret = 1;
677 err:
678 free(respid_data);
679 free(ext_data);
680 if (ret == 0)
681 *alert = failure;
682 return ret;
683}
684
685int
686tlsext_ocsp_serverhello_needs(SSL *s)
687{
688 return s->internal->tlsext_status_expected;
689}
690
691int
692tlsext_ocsp_serverhello_build(SSL *s, CBB *cbb)
693{
694 return 1;
695}
696
697int
698tlsext_ocsp_serverhello_parse(SSL *s, CBS *cbs, int *alert)
699{
700 if (s->tlsext_status_type == -1) {
701 *alert = TLS1_AD_UNSUPPORTED_EXTENSION;
702 return 0;
703 }
704 /* Set flag to expect CertificateStatus message */
705 s->internal->tlsext_status_expected = 1;
706 return 1;
707}
708
709/*
554 * SessionTicket extension - RFC 5077 section 3.2 710 * SessionTicket extension - RFC 5077 section 3.2
555 */ 711 */
556int 712int
@@ -705,6 +861,15 @@ static struct tls_extension tls_extensions[] = {
705 .serverhello_parse = tlsext_ri_serverhello_parse, 861 .serverhello_parse = tlsext_ri_serverhello_parse,
706 }, 862 },
707 { 863 {
864 .type = TLSEXT_TYPE_status_request,
865 .clienthello_needs = tlsext_ocsp_clienthello_needs,
866 .clienthello_build = tlsext_ocsp_clienthello_build,
867 .clienthello_parse = tlsext_ocsp_clienthello_parse,
868 .serverhello_needs = tlsext_ocsp_serverhello_needs,
869 .serverhello_build = tlsext_ocsp_serverhello_build,
870 .serverhello_parse = tlsext_ocsp_serverhello_parse,
871 },
872 {
708 .type = TLSEXT_TYPE_ec_point_formats, 873 .type = TLSEXT_TYPE_ec_point_formats,
709 .clienthello_needs = tlsext_ecpf_clienthello_needs, 874 .clienthello_needs = tlsext_ecpf_clienthello_needs,
710 .clienthello_build = tlsext_ecpf_clienthello_build, 875 .clienthello_build = tlsext_ecpf_clienthello_build,
@@ -758,7 +923,7 @@ tlsext_clienthello_build(SSL *s, CBB *cbb)
758 923
759 if (!tlsext->clienthello_needs(s)) 924 if (!tlsext->clienthello_needs(s))
760 continue; 925 continue;
761 926
762 if (!CBB_add_u16(cbb, tlsext->type)) 927 if (!CBB_add_u16(cbb, tlsext->type))
763 return 0; 928 return 0;
764 if (!CBB_add_u16_length_prefixed(cbb, &extension_data)) 929 if (!CBB_add_u16_length_prefixed(cbb, &extension_data))
@@ -811,7 +976,7 @@ tlsext_serverhello_build(SSL *s, CBB *cbb)
811 976
812 if (!tlsext->serverhello_needs(s)) 977 if (!tlsext->serverhello_needs(s))
813 continue; 978 continue;
814 979
815 if (!CBB_add_u16(cbb, tlsext->type)) 980 if (!CBB_add_u16(cbb, tlsext->type))
816 return 0; 981 return 0;
817 if (!CBB_add_u16_length_prefixed(cbb, &extension_data)) 982 if (!CBB_add_u16_length_prefixed(cbb, &extension_data))
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index 4f8ae0cf35..bba8bdbea9 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.h,v 1.7 2017/08/12 21:47:59 jsing Exp $ */ 1/* $OpenBSD: ssl_tlsext.h,v 1.8 2017/08/12 23:38:12 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -51,6 +51,13 @@ int tlsext_ecpf_serverhello_needs(SSL *s);
51int tlsext_ecpf_serverhello_build(SSL *s, CBB *cbb); 51int tlsext_ecpf_serverhello_build(SSL *s, CBB *cbb);
52int tlsext_ecpf_serverhello_parse(SSL *s, CBS *cbs, int *alert); 52int tlsext_ecpf_serverhello_parse(SSL *s, CBS *cbs, int *alert);
53 53
54int tlsext_ocsp_clienthello_needs(SSL *s);
55int tlsext_ocsp_clienthello_build(SSL *s, CBB *cbb);
56int tlsext_ocsp_clienthello_parse(SSL *s, CBS *cbs, int *alert);
57int tlsext_ocsp_serverhello_needs(SSL *s);
58int tlsext_ocsp_serverhello_build(SSL *s, CBB *cbb);
59int tlsext_ocsp_serverhello_parse(SSL *s, CBS *cbs, int *alert);
60
54int tlsext_sessionticket_clienthello_needs(SSL *s); 61int tlsext_sessionticket_clienthello_needs(SSL *s);
55int tlsext_sessionticket_clienthello_build(SSL *s, CBB *cbb); 62int tlsext_sessionticket_clienthello_build(SSL *s, CBB *cbb);
56int tlsext_sessionticket_clienthello_parse(SSL *s, CBS *cbs, int *alert); 63int tlsext_sessionticket_clienthello_parse(SSL *s, CBS *cbs, int *alert);
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index e27a7d1a59..405f08ed33 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.130 2017/08/12 21:47:59 jsing Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.131 2017/08/12 23:38:12 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -687,51 +687,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
687 return NULL; 687 return NULL;
688 ret += len; 688 ret += len;
689 689
690 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
691 s->version != DTLS1_VERSION) {
692 int i;
693 long extlen, idlen, itmp;
694 OCSP_RESPID *id;
695
696 idlen = 0;
697 for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) {
698 id = sk_OCSP_RESPID_value(s->internal->tlsext_ocsp_ids, i);
699 itmp = i2d_OCSP_RESPID(id, NULL);
700 if (itmp <= 0)
701 return NULL;
702 idlen += itmp + 2;
703 }
704
705 if (s->internal->tlsext_ocsp_exts) {
706 extlen = i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, NULL);
707 if (extlen < 0)
708 return NULL;
709 } else
710 extlen = 0;
711
712 if ((size_t)(limit - ret) < 7 + extlen + idlen)
713 return NULL;
714 s2n(TLSEXT_TYPE_status_request, ret);
715 if (extlen + idlen > 0xFFF0)
716 return NULL;
717 s2n(extlen + idlen + 5, ret);
718 *(ret++) = TLSEXT_STATUSTYPE_ocsp;
719 s2n(idlen, ret);
720 for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) {
721 /* save position of id len */
722 unsigned char *q = ret;
723 id = sk_OCSP_RESPID_value(s->internal->tlsext_ocsp_ids, i);
724 /* skip over id len */
725 ret += 2;
726 itmp = i2d_OCSP_RESPID(id, &ret);
727 /* write id len */
728 s2n(itmp, q);
729 }
730 s2n(extlen, ret);
731 if (extlen > 0)
732 i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, &ret);
733 }
734
735 if (s->internal->alpn_client_proto_list != NULL && 690 if (s->internal->alpn_client_proto_list != NULL &&
736 S3I(s)->tmp.finish_md_len == 0) { 691 S3I(s)->tmp.finish_md_len == 0) {
737 if ((size_t)(limit - ret) < 692 if ((size_t)(limit - ret) <
@@ -837,14 +792,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
837 * extension. 792 * extension.
838 */ 793 */
839 794
840 if (s->internal->tlsext_status_expected) {
841 if ((size_t)(limit - ret) < 4)
842 return NULL;
843
844 s2n(TLSEXT_TYPE_status_request, ret);
845 s2n(0, ret);
846 }
847
848#ifndef OPENSSL_NO_SRTP 795#ifndef OPENSSL_NO_SRTP
849 if (SSL_IS_DTLS(s) && s->internal->srtp_profile) { 796 if (SSL_IS_DTLS(s) && s->internal->srtp_profile) {
850 int el; 797 int el;
@@ -1011,111 +958,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1011 if (!tlsext_clienthello_parse_one(s, &cbs, type, al)) 958 if (!tlsext_clienthello_parse_one(s, &cbs, type, al))
1012 return 0; 959 return 0;
1013 960
1014 if (type == TLSEXT_TYPE_status_request && 961 if (type ==
1015 s->version != DTLS1_VERSION) {
1016
1017 if (size < 5) {
1018 *al = SSL_AD_DECODE_ERROR;
1019 return 0;
1020 }
1021
1022 s->tlsext_status_type = *data++;
1023 size--;
1024 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
1025 const unsigned char *sdata;
1026 int dsize;
1027 /* Read in responder_id_list */
1028 n2s(data, dsize);
1029 size -= 2;
1030 if (dsize > size) {
1031 *al = SSL_AD_DECODE_ERROR;
1032 return 0;
1033 }
1034
1035 /*
1036 * We remove any OCSP_RESPIDs from a
1037 * previous handshake to prevent
1038 * unbounded memory growth.
1039 */
1040 sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids,
1041 OCSP_RESPID_free);
1042 s->internal->tlsext_ocsp_ids = NULL;
1043 if (dsize > 0) {
1044 s->internal->tlsext_ocsp_ids =
1045 sk_OCSP_RESPID_new_null();
1046 if (s->internal->tlsext_ocsp_ids == NULL) {
1047 *al = SSL_AD_INTERNAL_ERROR;
1048 return 0;
1049 }
1050 }
1051
1052 while (dsize > 0) {
1053 OCSP_RESPID *id;
1054 int idsize;
1055 if (dsize < 4) {
1056 *al = SSL_AD_DECODE_ERROR;
1057 return 0;
1058 }
1059 n2s(data, idsize);
1060 dsize -= 2 + idsize;
1061 size -= 2 + idsize;
1062 if (dsize < 0) {
1063 *al = SSL_AD_DECODE_ERROR;
1064 return 0;
1065 }
1066 sdata = data;
1067 data += idsize;
1068 id = d2i_OCSP_RESPID(NULL,
1069 &sdata, idsize);
1070 if (!id) {
1071 *al = SSL_AD_DECODE_ERROR;
1072 return 0;
1073 }
1074 if (data != sdata) {
1075 OCSP_RESPID_free(id);
1076 *al = SSL_AD_DECODE_ERROR;
1077 return 0;
1078 }
1079 if (!sk_OCSP_RESPID_push(
1080 s->internal->tlsext_ocsp_ids, id)) {
1081 OCSP_RESPID_free(id);
1082 *al = SSL_AD_INTERNAL_ERROR;
1083 return 0;
1084 }
1085 }
1086
1087 /* Read in request_extensions */
1088 if (size < 2) {
1089 *al = SSL_AD_DECODE_ERROR;
1090 return 0;
1091 }
1092 n2s(data, dsize);
1093 size -= 2;
1094 if (dsize != size) {
1095 *al = SSL_AD_DECODE_ERROR;
1096 return 0;
1097 }
1098 sdata = data;
1099 if (dsize > 0) {
1100 sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
1101 X509_EXTENSION_free);
1102
1103 s->internal->tlsext_ocsp_exts =
1104 d2i_X509_EXTENSIONS(NULL,
1105 &sdata, dsize);
1106 if (!s->internal->tlsext_ocsp_exts ||
1107 (data + dsize != sdata)) {
1108 *al = SSL_AD_DECODE_ERROR;
1109 return 0;
1110 }
1111 }
1112 } else {
1113 /* We don't know what to do with any other type
1114 * so ignore it.
1115 */
1116 s->tlsext_status_type = -1;
1117 }
1118 } else if (type ==
1119 TLSEXT_TYPE_application_layer_protocol_negotiation && 962 TLSEXT_TYPE_application_layer_protocol_negotiation &&
1120 s->ctx->internal->alpn_select_cb != NULL && 963 s->ctx->internal->alpn_select_cb != NULL &&
1121 S3I(s)->tmp.finish_md_len == 0) { 964 S3I(s)->tmp.finish_md_len == 0) {
@@ -1123,7 +966,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1123 size, al) != 1) 966 size, al) != 1)
1124 return (0); 967 return (0);
1125 } 968 }
1126
1127 /* session ticket processed earlier */ 969 /* session ticket processed earlier */
1128#ifndef OPENSSL_NO_SRTP 970#ifndef OPENSSL_NO_SRTP
1129 else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { 971 else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
@@ -1197,19 +1039,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1197 if (!tlsext_serverhello_parse_one(s, &cbs, type, al)) 1039 if (!tlsext_serverhello_parse_one(s, &cbs, type, al))
1198 return 0; 1040 return 0;
1199 1041
1200 if (type == TLSEXT_TYPE_status_request && 1042 if (type == TLSEXT_TYPE_application_layer_protocol_negotiation) {
1201 s->version != DTLS1_VERSION) {
1202 /* MUST be empty and only sent if we've requested
1203 * a status request message.
1204 */
1205 if ((s->tlsext_status_type == -1) || (size > 0)) {
1206 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1207 return 0;
1208 }
1209 /* Set flag to expect CertificateStatus message */
1210 s->internal->tlsext_status_expected = 1;
1211 } else if (type ==
1212 TLSEXT_TYPE_application_layer_protocol_negotiation) {
1213 unsigned int len; 1043 unsigned int len;
1214 1044
1215 /* We must have requested it. */ 1045 /* We must have requested it. */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-24 18:24:16 +0000