X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=ssl%2Fstatem%2Fextensions.c;h=49a7156a2cfc3458a6ff1e1334e351daa458504d;hb=43ae5eed6f8665b88f45445df666ab2688aae7b0;hp=c2e0411240669704d38864e9b5a116976dbc14e8;hpb=fe874d27d33faa527b5e945137787bf6b0f5c253;p=openssl.git diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index c2e0411240..49a7156a2c 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -329,6 +329,23 @@ static const EXTENSION_DEFINITION ext_defs[] = { } }; +/* Check whether an extension's context matches the current context */ +static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx) +{ + /* Check we're allowed to use this extension in this context */ + if ((thisctx & extctx) == 0) + return 0; + + if (SSL_IS_DTLS(s)) { + if ((extctx & SSL_EXT_TLS_ONLY) != 0) + return 0; + } else if ((extctx & SSL_EXT_DTLS_ONLY) != 0) { + return 0; + } + + return 1; +} + /* * Verify whether we are allowed to use the extension |type| in the current * |context|. Returns 1 to indicate the extension is allowed or unknown or 0 to @@ -345,38 +362,31 @@ static int verify_extension(SSL *s, unsigned int context, unsigned int type, for (i = 0, thisext = ext_defs; i < builtin_num; i++, thisext++) { if (type == thisext->type) { - /* Check we're allowed to use this extension in this context */ - if ((context & thisext->context) == 0) + if (!validate_context(s, thisext->context, context)) return 0; - if (SSL_IS_DTLS(s)) { - if ((thisext->context & SSL_EXT_TLS_ONLY) != 0) - return 0; - } else if ((thisext->context & SSL_EXT_DTLS_ONLY) != 0) { - return 0; - } - *found = &rawexlist[i]; return 1; } } - if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) == 0) { - /* - * Custom extensions only apply to <=TLS1.2. This extension is unknown - * in this context - we allow it - */ - *found = NULL; - return 1; - } - /* Check the custom extensions */ if (meths != NULL) { - for (i = builtin_num; i < builtin_num + meths->meths_count; i++) { - if (meths->meths[i - builtin_num].ext_type == type) { - *found = &rawexlist[i]; - return 1; - } + size_t offset = 0; + int server = -1; + custom_ext_method *meth = NULL; + + if ((context & SSL_EXT_CLIENT_HELLO) != 0) + server = 1; + else if ((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0) + server = 0; + + meth = custom_ext_find(meths, server, type, &offset); + if (meth != NULL) { + if (!validate_context(s, meth->context, context)) + return 0; + *found = &rawexlist[offset + builtin_num]; + return 1; } } @@ -390,8 +400,7 @@ static int verify_extension(SSL *s, unsigned int context, unsigned int type, * the extension is relevant for the current context |thisctx| or not. Returns * 1 if the extension is relevant for this context, and 0 otherwise */ -static int extension_is_relevant(SSL *s, unsigned int extctx, - unsigned int thisctx) +int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx) { if ((SSL_IS_DTLS(s) && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) @@ -399,7 +408,8 @@ static int extension_is_relevant(SSL *s, unsigned int extctx, && (extctx & SSL_EXT_SSL3_ALLOWED) == 0) || (SSL_IS_TLS13(s) && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0) - || (!SSL_IS_TLS13(s) && (extctx & SSL_EXT_TLS1_3_ONLY) != 0)) + || (!SSL_IS_TLS13(s) && (extctx & SSL_EXT_TLS1_3_ONLY) != 0) + || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0)) return 0; return 1; @@ -427,7 +437,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, PACKET extensions = *packet; size_t i = 0; size_t num_exts; - custom_ext_methods *exts = NULL; + custom_ext_methods *exts = &s->cert->custext; RAW_EXTENSION *raw_extensions = NULL; const EXTENSION_DEFINITION *thisexd; @@ -437,12 +447,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, * Initialise server side custom extensions. Client side is done during * construction of extensions for the ClientHello. */ - if ((context & SSL_EXT_CLIENT_HELLO) != 0) { - exts = &s->cert->srv_ext; - custom_ext_init(&s->cert->srv_ext); - } else if ((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0) { - exts = &s->cert->cli_ext; - } + if ((context & SSL_EXT_CLIENT_HELLO) != 0) + custom_ext_init(&s->cert->custext); num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0); raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions)); @@ -560,21 +566,11 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, */ } - /* - * This is a custom extension. We only allow this if it is a non - * resumed session on the server side. - *chain - * TODO(TLS1.3): We only allow old style <=TLS1.2 custom extensions. - * We're going to need a new mechanism for TLS1.3 to specify which - * messages to add the custom extensions to. - */ - if ((!s->hit || !s->server) - && (context - & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0 - && custom_ext_parse(s, s->server, currext->type, - PACKET_data(&currext->data), - PACKET_remaining(&currext->data), - al) <= 0) + /* Parse custom extensions */ + if (custom_ext_parse(s, context, currext->type, + PACKET_data(&currext->data), + PACKET_remaining(&currext->data), + x, chainidx, al) <= 0) return 0; return 1; @@ -595,11 +591,7 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, const EXTENSION_DEFINITION *thisexd; /* Calculate the number of extensions in the extensions list */ - if ((context & SSL_EXT_CLIENT_HELLO) != 0) { - numexts += s->cert->srv_ext.meths_count; - } else if ((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0) { - numexts += s->cert->cli_ext.meths_count; - } + numexts += s->cert->custext.meths_count; /* Parse each extension in turn */ for (i = 0; i < numexts; i++) { @@ -621,6 +613,30 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, return 1; } +int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, + int max_version) +{ + /* Skip if not relevant for our context */ + if ((extctx & thisctx) == 0) + return 0; + + /* Check if this extension is defined for our protocol. If not, skip */ + if ((SSL_IS_DTLS(s) && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) + || (s->version == SSL3_VERSION + && (extctx & SSL_EXT_SSL3_ALLOWED) == 0) + || (SSL_IS_TLS13(s) + && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0) + || (!SSL_IS_TLS13(s) + && (extctx & SSL_EXT_TLS1_3_ONLY) != 0 + && (thisctx & SSL_EXT_CLIENT_HELLO) == 0) + || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0 + && (thisctx & SSL_EXT_CLIENT_HELLO) != 0 + && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))) + return 0; + + return 1; +} + /* * Construct all the extensions relevant to the current |context| and write * them to |pkt|. If this is an extension for a Certificate in a Certificate @@ -634,7 +650,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { size_t i; - int addcustom = 0, min_version, max_version = 0, reason, tmpal; + int min_version, max_version = 0, reason, tmpal; const EXTENSION_DEFINITION *thisexd; /* @@ -667,21 +683,10 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, /* Add custom extensions first */ if ((context & SSL_EXT_CLIENT_HELLO) != 0) { - custom_ext_init(&s->cert->cli_ext); - addcustom = 1; - } else if ((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0) { - /* - * We already initialised the custom extensions during ClientHello - * parsing. - * - * TODO(TLS1.3): We're going to need a new custom extension mechanism - * for TLS1.3, so that custom extensions can specify which of the - * multiple message they wish to add themselves to. - */ - addcustom = 1; + /* On the server side with initiase during ClientHello parsing */ + custom_ext_init(&s->cert->custext); } - - if (addcustom && !custom_ext_add(s, s->server, pkt, &tmpal)) { + if (!custom_ext_add(s, context, pkt, x, chainidx, max_version, &tmpal)) { SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR); goto err; } @@ -691,28 +696,13 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, size_t chainidx, int *al); /* Skip if not relevant for our context */ - if ((thisexd->context & context) == 0) + if (!should_add_extension(s, thisexd->context, context, max_version)) continue; construct = s->server ? thisexd->construct_stoc : thisexd->construct_ctos; - /* Check if this extension is defined for our protocol. If not, skip */ - if ((SSL_IS_DTLS(s) - && (thisexd->context & SSL_EXT_TLS_IMPLEMENTATION_ONLY) - != 0) - || (s->version == SSL3_VERSION - && (thisexd->context & SSL_EXT_SSL3_ALLOWED) == 0) - || (SSL_IS_TLS13(s) - && (thisexd->context & SSL_EXT_TLS1_2_AND_BELOW_ONLY) - != 0) - || (!SSL_IS_TLS13(s) - && (thisexd->context & SSL_EXT_TLS1_3_ONLY) != 0 - && (context & SSL_EXT_CLIENT_HELLO) == 0) - || ((thisexd->context & SSL_EXT_TLS1_3_ONLY) != 0 - && (context & SSL_EXT_CLIENT_HELLO) != 0 - && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)) - || construct == NULL) + if (construct == NULL) continue; if (!construct(s, pkt, context, x, chainidx, &tmpal))