diff options
| author | beck <> | 2019-01-18 03:39:27 +0000 |
|---|---|---|
| committer | beck <> | 2019-01-18 03:39:27 +0000 |
| commit | 8b7cd098ae2478f54bbd22392da74023aae42e1c (patch) | |
| tree | 36d6aa2f686997cad2ffff647776c82b628406df /src | |
| parent | d4f2f8d85299261fd08d6d00c913f5b6503e098e (diff) | |
| download | openbsd-8b7cd098ae2478f54bbd22392da74023aae42e1c.tar.gz openbsd-8b7cd098ae2478f54bbd22392da74023aae42e1c.tar.bz2 openbsd-8b7cd098ae2478f54bbd22392da74023aae42e1c.zip | |
Add support for RFC 8446 section 4.2 enforcing which extensions may
appear with which messages.
ok jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 51 |
1 files changed, 43 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index b8f4414365..da34a79f7d 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.27 2019/01/18 00:54:42 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.28 2019/01/18 03:39:27 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -1201,6 +1201,7 @@ struct tls_extension_funcs { | |||
| 1201 | 1201 | ||
| 1202 | struct tls_extension { | 1202 | struct tls_extension { |
| 1203 | uint16_t type; | 1203 | uint16_t type; |
| 1204 | uint16_t messages; | ||
| 1204 | struct tls_extension_funcs client; | 1205 | struct tls_extension_funcs client; |
| 1205 | struct tls_extension_funcs server; | 1206 | struct tls_extension_funcs server; |
| 1206 | }; | 1207 | }; |
| @@ -1208,6 +1209,7 @@ struct tls_extension { | |||
| 1208 | static struct tls_extension tls_extensions[] = { | 1209 | static struct tls_extension tls_extensions[] = { |
| 1209 | { | 1210 | { |
| 1210 | .type = TLSEXT_TYPE_server_name, | 1211 | .type = TLSEXT_TYPE_server_name, |
| 1212 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, | ||
| 1211 | .client = { | 1213 | .client = { |
| 1212 | .needs = tlsext_sni_client_needs, | 1214 | .needs = tlsext_sni_client_needs, |
| 1213 | .build = tlsext_sni_client_build, | 1215 | .build = tlsext_sni_client_build, |
| @@ -1221,6 +1223,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1221 | }, | 1223 | }, |
| 1222 | { | 1224 | { |
| 1223 | .type = TLSEXT_TYPE_renegotiate, | 1225 | .type = TLSEXT_TYPE_renegotiate, |
| 1226 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, | ||
| 1224 | .client = { | 1227 | .client = { |
| 1225 | .needs = tlsext_ri_client_needs, | 1228 | .needs = tlsext_ri_client_needs, |
| 1226 | .build = tlsext_ri_client_build, | 1229 | .build = tlsext_ri_client_build, |
| @@ -1234,6 +1237,8 @@ static struct tls_extension tls_extensions[] = { | |||
| 1234 | }, | 1237 | }, |
| 1235 | { | 1238 | { |
| 1236 | .type = TLSEXT_TYPE_status_request, | 1239 | .type = TLSEXT_TYPE_status_request, |
| 1240 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_CR | | ||
| 1241 | SSL_TLSEXT_MSG_CT, | ||
| 1237 | .client = { | 1242 | .client = { |
| 1238 | .needs = tlsext_ocsp_client_needs, | 1243 | .needs = tlsext_ocsp_client_needs, |
| 1239 | .build = tlsext_ocsp_client_build, | 1244 | .build = tlsext_ocsp_client_build, |
| @@ -1247,6 +1252,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1247 | }, | 1252 | }, |
| 1248 | { | 1253 | { |
| 1249 | .type = TLSEXT_TYPE_ec_point_formats, | 1254 | .type = TLSEXT_TYPE_ec_point_formats, |
| 1255 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, | ||
| 1250 | .client = { | 1256 | .client = { |
| 1251 | .needs = tlsext_ecpf_client_needs, | 1257 | .needs = tlsext_ecpf_client_needs, |
| 1252 | .build = tlsext_ecpf_client_build, | 1258 | .build = tlsext_ecpf_client_build, |
| @@ -1260,6 +1266,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1260 | }, | 1266 | }, |
| 1261 | { | 1267 | { |
| 1262 | .type = TLSEXT_TYPE_supported_groups, | 1268 | .type = TLSEXT_TYPE_supported_groups, |
| 1269 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, | ||
| 1263 | .client = { | 1270 | .client = { |
| 1264 | .needs = tlsext_supportedgroups_client_needs, | 1271 | .needs = tlsext_supportedgroups_client_needs, |
| 1265 | .build = tlsext_supportedgroups_client_build, | 1272 | .build = tlsext_supportedgroups_client_build, |
| @@ -1273,6 +1280,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1273 | }, | 1280 | }, |
| 1274 | { | 1281 | { |
| 1275 | .type = TLSEXT_TYPE_session_ticket, | 1282 | .type = TLSEXT_TYPE_session_ticket, |
| 1283 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, | ||
| 1276 | .client = { | 1284 | .client = { |
| 1277 | .needs = tlsext_sessionticket_client_needs, | 1285 | .needs = tlsext_sessionticket_client_needs, |
| 1278 | .build = tlsext_sessionticket_client_build, | 1286 | .build = tlsext_sessionticket_client_build, |
| @@ -1286,6 +1294,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1286 | }, | 1294 | }, |
| 1287 | { | 1295 | { |
| 1288 | .type = TLSEXT_TYPE_signature_algorithms, | 1296 | .type = TLSEXT_TYPE_signature_algorithms, |
| 1297 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_CR, | ||
| 1289 | .client = { | 1298 | .client = { |
| 1290 | .needs = tlsext_sigalgs_client_needs, | 1299 | .needs = tlsext_sigalgs_client_needs, |
| 1291 | .build = tlsext_sigalgs_client_build, | 1300 | .build = tlsext_sigalgs_client_build, |
| @@ -1299,6 +1308,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1299 | }, | 1308 | }, |
| 1300 | { | 1309 | { |
| 1301 | .type = TLSEXT_TYPE_application_layer_protocol_negotiation, | 1310 | .type = TLSEXT_TYPE_application_layer_protocol_negotiation, |
| 1311 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, | ||
| 1302 | .client = { | 1312 | .client = { |
| 1303 | .needs = tlsext_alpn_client_needs, | 1313 | .needs = tlsext_alpn_client_needs, |
| 1304 | .build = tlsext_alpn_client_build, | 1314 | .build = tlsext_alpn_client_build, |
| @@ -1313,6 +1323,7 @@ static struct tls_extension tls_extensions[] = { | |||
| 1313 | #ifndef OPENSSL_NO_SRTP | 1323 | #ifndef OPENSSL_NO_SRTP |
| 1314 | { | 1324 | { |
| 1315 | .type = TLSEXT_TYPE_use_srtp, | 1325 | .type = TLSEXT_TYPE_use_srtp, |
| 1326 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, | ||
| 1316 | .client = { | 1327 | .client = { |
| 1317 | .needs = tlsext_srtp_client_needs, | 1328 | .needs = tlsext_srtp_client_needs, |
| 1318 | .build = tlsext_srtp_client_build, | 1329 | .build = tlsext_srtp_client_build, |
| @@ -1357,13 +1368,19 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server) | |||
| 1357 | } | 1368 | } |
| 1358 | 1369 | ||
| 1359 | static int | 1370 | static int |
| 1360 | tlsext_build(SSL *s, CBB *cbb, int is_server) | 1371 | tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type) |
| 1361 | { | 1372 | { |
| 1362 | struct tls_extension_funcs *ext; | 1373 | struct tls_extension_funcs *ext; |
| 1363 | struct tls_extension *tlsext; | 1374 | struct tls_extension *tlsext; |
| 1364 | CBB extensions, extension_data; | 1375 | CBB extensions, extension_data; |
| 1365 | int extensions_present = 0; | 1376 | int extensions_present = 0; |
| 1366 | size_t i; | 1377 | size_t i; |
| 1378 | uint16_t version; | ||
| 1379 | |||
| 1380 | if (is_server) | ||
| 1381 | version = s->version; | ||
| 1382 | else | ||
| 1383 | version = TLS1_get_client_version(s); | ||
| 1367 | 1384 | ||
| 1368 | if (!CBB_add_u16_length_prefixed(cbb, &extensions)) | 1385 | if (!CBB_add_u16_length_prefixed(cbb, &extensions)) |
| 1369 | return 0; | 1386 | return 0; |
| @@ -1372,6 +1389,11 @@ tlsext_build(SSL *s, CBB *cbb, int is_server) | |||
| 1372 | tlsext = &tls_extensions[i]; | 1389 | tlsext = &tls_extensions[i]; |
| 1373 | ext = tlsext_funcs(tlsext, is_server); | 1390 | ext = tlsext_funcs(tlsext, is_server); |
| 1374 | 1391 | ||
| 1392 | /* RFC 8446 Section 4.2 */ | ||
| 1393 | if (version >= TLS1_3_VERSION && | ||
| 1394 | !(tlsext->messages & msg_type)) | ||
| 1395 | continue; | ||
| 1396 | |||
| 1375 | if (!ext->needs(s)) | 1397 | if (!ext->needs(s)) |
| 1376 | continue; | 1398 | continue; |
| 1377 | 1399 | ||
| @@ -1396,7 +1418,7 @@ tlsext_build(SSL *s, CBB *cbb, int is_server) | |||
| 1396 | } | 1418 | } |
| 1397 | 1419 | ||
| 1398 | static int | 1420 | static int |
| 1399 | tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server) | 1421 | tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) |
| 1400 | { | 1422 | { |
| 1401 | struct tls_extension_funcs *ext; | 1423 | struct tls_extension_funcs *ext; |
| 1402 | struct tls_extension *tlsext; | 1424 | struct tls_extension *tlsext; |
| @@ -1404,6 +1426,12 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server) | |||
| 1404 | uint32_t extensions_seen = 0; | 1426 | uint32_t extensions_seen = 0; |
| 1405 | uint16_t type; | 1427 | uint16_t type; |
| 1406 | size_t idx; | 1428 | size_t idx; |
| 1429 | uint16_t version; | ||
| 1430 | |||
| 1431 | if (is_server) | ||
| 1432 | version = s->version; | ||
| 1433 | else | ||
| 1434 | version = TLS1_get_client_version(s); | ||
| 1407 | 1435 | ||
| 1408 | /* An empty extensions block is valid. */ | 1436 | /* An empty extensions block is valid. */ |
| 1409 | if (CBS_len(cbs) == 0) | 1437 | if (CBS_len(cbs) == 0) |
| @@ -1430,6 +1458,13 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server) | |||
| 1430 | if ((tlsext = tls_extension_find(type, &idx)) == NULL) | 1458 | if ((tlsext = tls_extension_find(type, &idx)) == NULL) |
| 1431 | continue; | 1459 | continue; |
| 1432 | 1460 | ||
| 1461 | /* RFC 8446 Section 4.2 */ | ||
| 1462 | if (version >= TLS1_3_VERSION && | ||
| 1463 | !(tlsext->messages & msg_type)) { | ||
| 1464 | *alert = SSL_AD_ILLEGAL_PARAMETER; | ||
| 1465 | return 0; | ||
| 1466 | } | ||
| 1467 | |||
| 1433 | /* Check for duplicate known extensions. */ | 1468 | /* Check for duplicate known extensions. */ |
| 1434 | if ((extensions_seen & (1 << idx)) != 0) | 1469 | if ((extensions_seen & (1 << idx)) != 0) |
| 1435 | return 0; | 1470 | return 0; |
| @@ -1460,7 +1495,7 @@ tlsext_client_reset_state(SSL *s) | |||
| 1460 | int | 1495 | int |
| 1461 | tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type) | 1496 | tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type) |
| 1462 | { | 1497 | { |
| 1463 | return tlsext_build(s, cbb, 0); | 1498 | return tlsext_build(s, cbb, 0, msg_type); |
| 1464 | } | 1499 | } |
| 1465 | 1500 | ||
| 1466 | int | 1501 | int |
| @@ -1469,13 +1504,13 @@ tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type) | |||
| 1469 | /* XXX - this possibly should be done by the caller... */ | 1504 | /* XXX - this possibly should be done by the caller... */ |
| 1470 | tlsext_client_reset_state(s); | 1505 | tlsext_client_reset_state(s); |
| 1471 | 1506 | ||
| 1472 | return tlsext_parse(s, cbs, alert, 0); | 1507 | return tlsext_parse(s, cbs, alert, 0, msg_type); |
| 1473 | } | 1508 | } |
| 1474 | 1509 | ||
| 1475 | static void | 1510 | static void |
| 1476 | tlsext_server_reset_state(SSL *s) | 1511 | tlsext_server_reset_state(SSL *s) |
| 1477 | { | 1512 | { |
| 1478 | S3I(s)->renegotiate_seen = 0; | 1513 | S3I(s)->renegotiate_seen = 0; |
| 1479 | free(S3I(s)->alpn_selected); | 1514 | free(S3I(s)->alpn_selected); |
| 1480 | S3I(s)->alpn_selected = NULL; | 1515 | S3I(s)->alpn_selected = NULL; |
| 1481 | } | 1516 | } |
| @@ -1483,7 +1518,7 @@ tlsext_server_reset_state(SSL *s) | |||
| 1483 | int | 1518 | int |
| 1484 | tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type) | 1519 | tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type) |
| 1485 | { | 1520 | { |
| 1486 | return tlsext_build(s, cbb, 1); | 1521 | return tlsext_build(s, cbb, 1, msg_type); |
| 1487 | } | 1522 | } |
| 1488 | 1523 | ||
| 1489 | int | 1524 | int |
| @@ -1492,5 +1527,5 @@ tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type) | |||
| 1492 | /* XXX - this possibly should be done by the caller... */ | 1527 | /* XXX - this possibly should be done by the caller... */ |
| 1493 | tlsext_server_reset_state(s); | 1528 | tlsext_server_reset_state(s); |
| 1494 | 1529 | ||
| 1495 | return tlsext_parse(s, cbs, alert, 1); | 1530 | return tlsext_parse(s, cbs, alert, 1, msg_type); |
| 1496 | } | 1531 | } |