[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Fri Aug 18 13:52:23 UTC 2017
The branch master has been updated
via 10ed1b72391ded9853bec417d4d32bd6ec45f916 (commit)
from 326eaa941e03a8922a3789ccab0d134c63d05c92 (commit)
- Log -----------------------------------------------------------------
commit 10ed1b72391ded9853bec417d4d32bd6ec45f916
Author: Todd Short <tshort at akamai.com>
Date: Fri Aug 18 09:32:29 2017 -0400
Reorder extensions to put SigAlgs last
Force non-empty padding extension.
When enabled, force the padding extension to be at least 1 byte long.
WebSphere application server cannot handle having an empty
extension (e.g. EMS/EtM) as the last extension in a client hello.
This moves the SigAlgs extension last for TLSv1.2 to avoid this
issue.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3921)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_locl.h | 2 +-
ssl/statem/extensions.c | 17 ++++++++++-------
ssl/statem/extensions_clnt.c | 6 ++++--
test/sslapitest.c | 2 +-
4 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 8b8625d..f14148a 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -678,7 +678,6 @@ typedef enum tlsext_index_en {
TLSEXT_IDX_ec_point_formats,
TLSEXT_IDX_supported_groups,
TLSEXT_IDX_session_ticket,
- TLSEXT_IDX_signature_algorithms,
TLSEXT_IDX_status_request,
TLSEXT_IDX_next_proto_neg,
TLSEXT_IDX_application_layer_protocol_negotiation,
@@ -686,6 +685,7 @@ typedef enum tlsext_index_en {
TLSEXT_IDX_encrypt_then_mac,
TLSEXT_IDX_signed_certificate_timestamp,
TLSEXT_IDX_extended_master_secret,
+ TLSEXT_IDX_signature_algorithms,
TLSEXT_IDX_supported_versions,
TLSEXT_IDX_psk_kex_modes,
TLSEXT_IDX_key_share,
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index a5dda45..d569f6c 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -110,6 +110,9 @@ typedef struct extensions_definition_st {
* extension is relevant to a particular protocol or protocol version.
*
* TODO(TLS1.3): Make sure we have a test to check the consistency of these
+ *
+ * NOTE: WebSphere Application Server 7+ cannot handle empty extensions at
+ * the end, keep these extensions before signature_algorithm.
*/
#define INVALID_EXTENSION { 0x10000, 0, NULL, NULL, NULL, NULL, NULL, NULL }
static const EXTENSION_DEFINITION ext_defs[] = {
@@ -167,13 +170,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
tls_parse_stoc_session_ticket, tls_construct_stoc_session_ticket,
tls_construct_ctos_session_ticket, NULL
},
- {
- TLSEXT_TYPE_signature_algorithms,
- SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
- init_sig_algs, tls_parse_ctos_sig_algs,
- tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,
- tls_construct_ctos_sig_algs, final_sig_algs
- },
#ifndef OPENSSL_NO_OCSP
{
TLSEXT_TYPE_status_request,
@@ -250,6 +246,13 @@ static const EXTENSION_DEFINITION ext_defs[] = {
tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems
},
{
+ TLSEXT_TYPE_signature_algorithms,
+ SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+ init_sig_algs, tls_parse_ctos_sig_algs,
+ tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,
+ tls_construct_ctos_sig_algs, final_sig_algs
+ },
+ {
TLSEXT_TYPE_supported_versions,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY
| SSL_EXT_TLS1_3_ONLY,
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 35e7173..b1c2eb0 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -765,12 +765,14 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
/*
* Take off the size of extension header itself (2 bytes for type and
- * 2 bytes for length bytes)
+ * 2 bytes for length bytes), but ensure that the extension is at least
+ * 1 byte long so as not to have an empty extension last (WebSphere 7.x,
+ * 8.x are intolerant of that condition)
*/
if (hlen >= 4)
hlen -= 4;
else
- hlen = 0;
+ hlen = 1;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding)
|| !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) {
diff --git a/test/sslapitest.c b/test/sslapitest.c
index dfcbf11..571da55 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -417,7 +417,7 @@ static int full_early_callback(SSL *s, int *al, void *arg)
#ifndef OPENSSL_NO_EC
11, 10,
#endif
- 35, 13, 22, 23};
+ 35, 22, 23, 13};
size_t len;
/* Make sure we can defer processing and get called back. */
More information about the openssl-commits
mailing list