[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Mon Feb 27 18:25:51 UTC 2017


The branch master has been updated
       via  fa64210a88a90277aa499fd1616102e5f11967be (commit)
       via  03f44b974b1c85804b54af7c3ffb5241d5ffd952 (commit)
      from  013bc448672cbc3c9cd154709400c676c2955229 (commit)


- Log -----------------------------------------------------------------
commit fa64210a88a90277aa499fd1616102e5f11967be
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Feb 22 17:26:04 2017 +0000

    Trace support for TLS 1.3 certificate request message
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2728)

commit 03f44b974b1c85804b54af7c3ffb5241d5ffd952
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Feb 22 17:26:44 2017 +0000

    Initial incomplete TLS 1.3 certificate request support.
    
    This adds partial support for TLS 1.3 certificate request message.
    
    The request context and extensions are currently ignored on receive
    and set to zero length on send.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2728)

-----------------------------------------------------------------------

Summary of changes:
 include/openssl/ssl.h    |  1 +
 ssl/ssl_err.c            |  1 +
 ssl/statem/statem_clnt.c | 64 +++++++++++++++++++++++++++++++----------
 ssl/statem/statem_srvr.c | 30 ++++++++++++++-----
 ssl/t1_trce.c            | 75 +++++++++++++++++++++++++++---------------------
 5 files changed, 116 insertions(+), 55 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 51dbca4..24360d7 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2503,6 +2503,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN             204
 # define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
 # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
+# define SSL_R_EXT_LENGTH_MISMATCH                        162
 # define SSL_R_FAILED_TO_INIT_ASYNC                       405
 # define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 444de8e..70764b3 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -565,6 +565,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
      "error setting tlsa base domain"},
     {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
     {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE), "extra data in message"},
+    {ERR_REASON(SSL_R_EXT_LENGTH_MISMATCH), "ext length mismatch"},
     {ERR_REASON(SSL_R_FAILED_TO_INIT_ASYNC), "failed to init async"},
     {ERR_REASON(SSL_R_FRAGMENTED_CLIENT_HELLO), "fragmented client hello"},
     {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 6e162fb..5957718 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2196,27 +2196,45 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
 MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
 {
     int ret = MSG_PROCESS_ERROR;
-    unsigned int list_len, i, name_len;
+    unsigned int i, name_len;
     X509_NAME *xn = NULL;
     const unsigned char *namestart, *namebytes;
     STACK_OF(X509_NAME) *ca_sk = NULL;
-    PACKET ctypes;
+    PACKET cadns;
 
     if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
         SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
         goto err;
     }
 
-    /* get the certificate types */
-    if (!PACKET_get_length_prefixed_1(pkt, &ctypes)) {
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-        SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
-        goto err;
-    }
+    if (SSL_IS_TLS13(s)) {
+        PACKET reqctx;
+
+        /* Free and zero certificate types: it is not present in TLS 1.3 */
+        OPENSSL_free(s->s3->tmp.ctype);
+        s->s3->tmp.ctype = NULL;
+        s->s3->tmp.ctype_len = 0;
+        /* TODO(TLS1.3) need to process request context, for now ignore */
+        if (!PACKET_get_length_prefixed_1(pkt, &reqctx)) {
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                   SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+    } else {
+        PACKET ctypes;
 
-    if (!PACKET_memdup(&ctypes, &s->s3->tmp.ctype, &s->s3->tmp.ctype_len)) {
-        SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
+        /* get the certificate types */
+        if (!PACKET_get_length_prefixed_1(pkt, &ctypes)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                   SSL_R_LENGTH_MISMATCH);
             goto err;
+        }
+
+        if (!PACKET_memdup(&ctypes, &s->s3->tmp.ctype, &s->s3->tmp.ctype_len)) {
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
     }
 
     if (SSL_USE_SIGALGS(s)) {
@@ -2246,16 +2264,15 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
     }
 
     /* get the CA RDNs */
-    if (!PACKET_get_net_2(pkt, &list_len)
-        || PACKET_remaining(pkt) != list_len) {
+    if (!PACKET_get_length_prefixed_2(pkt, &cadns)) {
         ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
         SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
         goto err;
     }
 
-    while (PACKET_remaining(pkt)) {
-        if (!PACKET_get_net_2(pkt, &name_len)
-            || !PACKET_get_bytes(pkt, &namebytes, name_len)) {
+    while (PACKET_remaining(&cadns)) {
+        if (!PACKET_get_net_2(&cadns, &name_len)
+            || !PACKET_get_bytes(&cadns, &namebytes, name_len)) {
             ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
             SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
                    SSL_R_LENGTH_MISMATCH);
@@ -2283,6 +2300,23 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
         }
         xn = NULL;
     }
+    /* TODO(TLS1.3) need to parse and process extensions, for now ignore */
+    if (SSL_IS_TLS13(s)) {
+        PACKET reqexts;
+
+        if (!PACKET_get_length_prefixed_2(pkt, &reqexts)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                   SSL_R_EXT_LENGTH_MISMATCH);
+            goto err;
+        }
+    }
+
+    if (PACKET_remaining(pkt) != 0) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+        SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
 
     /* we should setup a certificate to return.... */
     s->s3->tmp.cert_req = 1;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 9c422e4..26c37c7 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2448,12 +2448,21 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
     int i;
     STACK_OF(X509_NAME) *sk = NULL;
 
-    /* get the list of acceptable cert types */
-    if (!WPACKET_start_sub_packet_u8(pkt)
-            || !ssl3_get_req_cert_type(s, pkt)
-            || !WPACKET_close(pkt)) {
-        SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
-        goto err;
+    if (SSL_IS_TLS13(s)) {
+        /* TODO(TLS1.3) for now send empty request context */
+        if (!WPACKET_put_bytes_u8(pkt, 0)) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                   ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    } else {
+        /* get the list of acceptable cert types */
+        if (!WPACKET_start_sub_packet_u8(pkt)
+            || !ssl3_get_req_cert_type(s, pkt) || !WPACKET_close(pkt)) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                   ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
     }
 
     if (SSL_USE_SIGALGS(s)) {
@@ -2494,11 +2503,18 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
         }
     }
     /* else no CA names */
-
     if (!WPACKET_close(pkt)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
         goto err;
     }
+    /*
+     * TODO(TLS1.3) implement configurable certificate_extensions
+     * For now just send zero length extensions.
+     */
+    if (SSL_IS_TLS13(s) && !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
 
     s->s3->tmp.cert_request = 1;
 
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 7340fd1..e99a2ce 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1206,46 +1206,50 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s,
     size_t xlen;
     unsigned int sigalg;
 
-    if (msglen < 1)
-        return 0;
-    xlen = msg[0];
-    if (msglen < xlen + 1)
-        return 0;
-    msg++;
-    BIO_indent(bio, indent, 80);
-    BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen);
-    if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl))
-        return 0;
-    msg += xlen;
-    msglen -= xlen + 1;
-    if (!SSL_USE_SIGALGS(s))
-        goto skip_sig;
-    if (msglen < 2)
-        return 0;
-    xlen = (msg[0] << 8) | msg[1];
-    if (msglen < xlen + 2 || (xlen & 1))
-        return 0;
-    msg += 2;
-    BIO_indent(bio, indent, 80);
-    BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen);
-    while (xlen > 0) {
-        BIO_indent(bio, indent + 2, 80);
-        sigalg = (msg[0] << 8) | msg[1];
-        BIO_printf(bio, "%s (0x%04x)\n",
-                   ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg);
-        xlen -= 2;
+    if (SSL_IS_TLS13(s)) {
+        if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen))
+            return 0;
+    } else {
+        if (msglen < 1)
+            return 0;
+        xlen = msg[0];
+        if (msglen < xlen + 1)
+            return 0;
+        msg++;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen);
+        if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl))
+            return 0;
+        msg += xlen;
+        msglen -= xlen + 1;
+    }
+    if (SSL_USE_SIGALGS(s)) {
+        if (msglen < 2)
+            return 0;
+        xlen = (msg[0] << 8) | msg[1];
+        if (msglen < xlen + 2 || (xlen & 1))
+            return 0;
         msg += 2;
+        msglen -= xlen + 2;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen);
+        while (xlen > 0) {
+            BIO_indent(bio, indent + 2, 80);
+            sigalg = (msg[0] << 8) | msg[1];
+            BIO_printf(bio, "%s (0x%04x)\n",
+                       ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg);
+            xlen -= 2;
+            msg += 2;
+        }
+        msg += xlen;
     }
-    msg += xlen;
-    msglen -= xlen + 2;
 
- skip_sig:
     xlen = (msg[0] << 8) | msg[1];
     BIO_indent(bio, indent, 80);
     if (msglen < xlen + 2)
         return 0;
     msg += 2;
-    msglen -= 2;
+    msglen -= 2 + xlen;
     BIO_printf(bio, "certificate_authorities (len=%d)\n", (int)xlen);
     while (xlen > 0) {
         size_t dlen;
@@ -1271,7 +1275,12 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s,
         xlen -= dlen + 2;
         msg += dlen;
     }
-    return 1;
+    if (SSL_IS_TLS13(s)) {
+         if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2,
+                               &msg, &msglen))
+        return 0;
+    }
+    return msglen == 0;
 }
 
 static int ssl_print_ticket(BIO *bio, int indent, SSL *s,


More information about the openssl-commits mailing list