[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Thu Dec 10 11:35:14 UTC 2020 

The branch OpenSSL_1_1_1-stable has been updated
       via  ad8e83cf11187388c71cfbdb70880d9e7ed26e0e (commit)
       via  e0b139b845341b62a18b7f285d34921340dc4ab9 (commit)
      from  7da3894cdddd70ce0d6641f345a23ee9de0082cb (commit)


- Log -----------------------------------------------------------------
commit ad8e83cf11187388c71cfbdb70880d9e7ed26e0e
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Nov 3 15:51:23 2020 +0000

    Test that we can negotiate TLSv1.3 if we have an SNI callback
    
    If an SNI callback has been set then we may have no certificuates suitable
    for TLSv1.3 use configured for the current SSL_CTX. This should not prevent
    us from negotiating TLSv1.3, since we may change the SSL_CTX by the time we
    need a suitable certificate.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13305)

commit e0b139b845341b62a18b7f285d34921340dc4ab9
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Nov 3 14:01:46 2020 +0000

    Modify is_tls13_capable() to take account of the servername cb
    
    A servername cb may change the available certificates, so if we have one
    set then we cannot rely on the configured certificates to determine if we
    are capable of negotiating TLSv1.3 or not.
    
    Fixes #13291
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13305)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_lib.c | 15 +++++++++++--
 test/sslapitest.c       | 59 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 364f77f08a..c3b6f8f456 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1504,8 +1504,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
 
 /*
  * Only called by servers. Returns 1 if the server has a TLSv1.3 capable
- * certificate type, or has PSK or a certificate callback configured. Otherwise
- * returns 0.
+ * certificate type, or has PSK or a certificate callback configured, or has
+ * a servername callback configured. Otherwise returns 0.
  */
 static int is_tls13_capable(const SSL *s)
 {
@@ -1515,6 +1515,17 @@ static int is_tls13_capable(const SSL *s)
     EC_KEY *eckey;
 #endif
 
+    if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
+        return 0;
+
+    /*
+     * A servername callback can change the available certs, so if a servername
+     * cb is set then we just assume TLSv1.3 will be ok
+     */
+    if (s->ctx->ext.servername_cb != NULL
+            || s->session_ctx->ext.servername_cb != NULL)
+        return 1;
+
 #ifndef OPENSSL_NO_PSK
     if (s->psk_server_callback != NULL)
         return 1;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index ad1824c68d..4a27ee1ba2 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -6658,6 +6658,62 @@ static int test_ssl_dup(void)
 }
 #endif
 
+#ifndef OPENSSL_NO_TLS1_3
+/*
+ * Test that setting an SNI callback works with TLSv1.3. Specifically we check
+ * that it works even without a certificate configured for the original
+ * SSL_CTX
+ */
+static int test_sni_tls13(void)
+{
+    SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
+    SSL *clientssl = NULL, *serverssl = NULL;
+    int testresult = 0;
+
+    /* Reset callback counter */
+    snicb = 0;
+
+    /* Create an initial SSL_CTX with no certificate configured */
+    sctx = SSL_CTX_new(TLS_server_method());
+    if (!TEST_ptr(sctx))
+        goto end;
+    /* Require TLSv1.3 as a minimum */
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_3_VERSION, 0, &sctx2, &cctx, cert,
+                                       privkey)))
+        goto end;
+
+    /* Set up SNI */
+    if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
+            || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
+        goto end;
+
+    /*
+     * Connection should still succeed because the final SSL_CTX has the right
+     * certificates configured.
+     */
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+                                      &clientssl, NULL, NULL))
+            || !TEST_true(create_ssl_connection(serverssl, clientssl,
+                                                SSL_ERROR_NONE)))
+        goto end;
+
+    /* We should have had the SNI callback called exactly once */
+    if (!TEST_int_eq(snicb, 1))
+        goto end;
+
+    testresult = 1;
+
+end:
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx2);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+    return testresult;
+}
+#endif
+
 int setup_tests(void)
 {
     if (!TEST_ptr(certsdir = test_get_argument(0))
@@ -6780,6 +6836,9 @@ int setup_tests(void)
     ADD_ALL_TESTS(test_servername, 10);
 #ifndef OPENSSL_NO_TLS1_2
     ADD_TEST(test_ssl_dup);
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+    ADD_TEST(test_sni_tls13);
 #endif
     return 1;
 }

More information about the openssl-commits mailing list