[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Fri Aug 18 13:52:23 UTC 2017 

The branch master has been updated
       via  10ed1b72391ded9853bec417d4d32bd6ec45f916 (commit)
      from  326eaa941e03a8922a3789ccab0d134c63d05c92 (commit)


- Log -----------------------------------------------------------------
commit 10ed1b72391ded9853bec417d4d32bd6ec45f916
Author: Todd Short <tshort at akamai.com>
Date:   Fri Aug 18 09:32:29 2017 -0400

    Reorder extensions to put SigAlgs last
    
    Force non-empty padding extension.
    When enabled, force the padding extension to be at least 1 byte long.
    WebSphere application server cannot handle having an empty
    extension (e.g. EMS/EtM) as the last extension in a client hello.
    This moves the SigAlgs extension last for TLSv1.2 to avoid this
    issue.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3921)

-----------------------------------------------------------------------

Summary of changes:
 ssl/ssl_locl.h               |  2 +-
 ssl/statem/extensions.c      | 17 ++++++++++-------
 ssl/statem/extensions_clnt.c |  6 ++++--
 test/sslapitest.c            |  2 +-
 4 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 8b8625d..f14148a 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -678,7 +678,6 @@ typedef enum tlsext_index_en {
     TLSEXT_IDX_ec_point_formats,
     TLSEXT_IDX_supported_groups,
     TLSEXT_IDX_session_ticket,
-    TLSEXT_IDX_signature_algorithms,
     TLSEXT_IDX_status_request,
     TLSEXT_IDX_next_proto_neg,
     TLSEXT_IDX_application_layer_protocol_negotiation,
@@ -686,6 +685,7 @@ typedef enum tlsext_index_en {
     TLSEXT_IDX_encrypt_then_mac,
     TLSEXT_IDX_signed_certificate_timestamp,
     TLSEXT_IDX_extended_master_secret,
+    TLSEXT_IDX_signature_algorithms,
     TLSEXT_IDX_supported_versions,
     TLSEXT_IDX_psk_kex_modes,
     TLSEXT_IDX_key_share,
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index a5dda45..d569f6c 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -110,6 +110,9 @@ typedef struct extensions_definition_st {
  * extension is relevant to a particular protocol or protocol version.
  *
  * TODO(TLS1.3): Make sure we have a test to check the consistency of these
+ *
+ * NOTE: WebSphere Application Server 7+ cannot handle empty extensions at
+ * the end, keep these extensions before signature_algorithm.
  */
 #define INVALID_EXTENSION { 0x10000, 0, NULL, NULL, NULL, NULL, NULL, NULL }
 static const EXTENSION_DEFINITION ext_defs[] = {
@@ -167,13 +170,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         tls_parse_stoc_session_ticket, tls_construct_stoc_session_ticket,
         tls_construct_ctos_session_ticket, NULL
     },
-    {
-        TLSEXT_TYPE_signature_algorithms,
-        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
-        init_sig_algs, tls_parse_ctos_sig_algs,
-        tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,
-        tls_construct_ctos_sig_algs, final_sig_algs
-    },
 #ifndef OPENSSL_NO_OCSP
     {
         TLSEXT_TYPE_status_request,
@@ -250,6 +246,13 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems
     },
     {
+        TLSEXT_TYPE_signature_algorithms,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        init_sig_algs, tls_parse_ctos_sig_algs,
+        tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,
+        tls_construct_ctos_sig_algs, final_sig_algs
+    },
+    {
         TLSEXT_TYPE_supported_versions,
         SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY
         | SSL_EXT_TLS1_3_ONLY,
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 35e7173..b1c2eb0 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -765,12 +765,14 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
 
         /*
          * Take off the size of extension header itself (2 bytes for type and
-         * 2 bytes for length bytes)
+         * 2 bytes for length bytes), but ensure that the extension is at least
+         * 1 byte long so as not to have an empty extension last (WebSphere 7.x,
+         * 8.x are intolerant of that condition)
          */
         if (hlen >= 4)
             hlen -= 4;
         else
-            hlen = 0;
+            hlen = 1;
 
         if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding)
                 || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) {
diff --git a/test/sslapitest.c b/test/sslapitest.c
index dfcbf11..571da55 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -417,7 +417,7 @@ static int full_early_callback(SSL *s, int *al, void *arg)
 #ifndef OPENSSL_NO_EC
                                        11, 10,
 #endif
-                                       35, 13, 22, 23};
+                                       35, 22, 23, 13};
     size_t len;
 
     /* Make sure we can defer processing and get called back. */

More information about the openssl-commits mailing list