From: Matt Caswell Date: Wed, 23 Nov 2016 15:20:22 +0000 (+0000) Subject: Add EncryptedExtensions message X-Git-Tag: OpenSSL_1_1_1-pre1~2918 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=e46f23344462c33b9a9c25d5cfe09be7d1f039e3 Add EncryptedExtensions message At this stage the message is just empty. We need to fill it in with extension data. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz Reviewed-by: Richard Levitte --- diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 840eb6e97d..7e7c3b1971 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -883,7 +883,9 @@ typedef enum { TLS_ST_SW_SESSION_TICKET, TLS_ST_SW_CERT_STATUS, TLS_ST_SW_CHANGE, - TLS_ST_SW_FINISHED + TLS_ST_SW_FINISHED, + TLS_ST_SW_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_ENCRYPTED_EXTENSIONS } OSSL_HANDSHAKE_STATE; /* @@ -2267,6 +2269,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356 # define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357 # define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358 +# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 443 # define SSL_F_TLS_CONSTRUCT_FINISHED 359 # define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 # define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 @@ -2293,6 +2296,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 # define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 # define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 +# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 444 # define SSL_F_TLS_PROCESS_FINISHED 364 # define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 442 # define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 321a8dde31..c005440f82 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -273,6 +273,7 @@ extern "C" { # define SSL3_MT_CLIENT_HELLO 1 # define SSL3_MT_SERVER_HELLO 2 # define SSL3_MT_NEWSESSION_TICKET 4 +# define SSL3_MT_ENCRYPTED_EXTENSIONS 8 # define SSL3_MT_CERTIFICATE 11 # define SSL3_MT_SERVER_KEY_EXCHANGE 12 # define SSL3_MT_CERTIFICATE_REQUEST 13 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 5c8e9d4fd8..14a44a5278 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -273,6 +273,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { "tls_construct_client_key_exchange"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY), "tls_construct_client_verify"}, + {ERR_FUNC(SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS), + "tls_construct_encrypted_extensions"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST), "tls_construct_hello_request"}, @@ -312,6 +314,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_HELLO), "tls_process_client_hello"}, {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE), "tls_process_client_key_exchange"}, + {ERR_FUNC(SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS), + "tls_process_encrypted_extensions"}, {ERR_FUNC(SSL_F_TLS_PROCESS_FINISHED), "tls_process_finished"}, {ERR_FUNC(SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT), "tls_process_initial_server_flight"}, diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index bd657aabef..ec3991d9a1 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -59,6 +59,8 @@ #include #include +static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt); + static ossl_inline int cert_req_allowed(SSL *s); static int key_exchange_expected(SSL *s); static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b); @@ -135,6 +137,13 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) break; case TLS_ST_CR_SRVR_HELLO: + if (mt == SSL3_MT_ENCRYPTED_EXTENSIONS) { + st->hand_state = TLS_ST_CR_ENCRYPTED_EXTENSIONS; + return 1; + } + break; + + case TLS_ST_CR_ENCRYPTED_EXTENSIONS: if (s->hit) { if (mt == SSL3_MT_FINISHED) { st->hand_state = TLS_ST_CR_FINISHED; @@ -759,6 +768,9 @@ size_t ossl_statem_client_max_message_size(SSL *s) case TLS_ST_CR_FINISHED: return FINISHED_MAX_LENGTH; + + case TLS_ST_CR_ENCRYPTED_EXTENSIONS: + return ENCRYPTED_EXTENSIONS_MAX_LENGTH; } } @@ -803,6 +815,9 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt) case TLS_ST_CR_FINISHED: return tls_process_finished(s, pkt); + + case TLS_ST_CR_ENCRYPTED_EXTENSIONS: + return tls_process_encrypted_extensions(s, pkt); } } @@ -3083,6 +3098,26 @@ int tls_construct_next_proto(SSL *s, WPACKET *pkt) } #endif +static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) +{ + int al = SSL_AD_INTERNAL_ERROR; + PACKET extensions; + + /* TODO(TLS1.3): We need to process these extensions. For now ignore them */ + if (!PACKET_as_length_prefixed_2(pkt, &extensions)) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS, SSL_R_LENGTH_MISMATCH); + goto err; + } + + return MSG_PROCESS_CONTINUE_READING; + + err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + ossl_statem_set_error(s); + return MSG_PROCESS_ERROR; +} + int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { int i = 0; diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index f6c76ab3a2..32f55cca43 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -19,6 +19,7 @@ /* The spec allows for a longer length than this, but we limit it */ #define HELLO_VERIFY_REQUEST_MAX_LENGTH 258 #define SERVER_HELLO_MAX_LENGTH 20000 +#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 #define SERVER_KEY_EXCH_MAX_LENGTH 102400 #define SERVER_HELLO_DONE_MAX_LENGTH 0 #define CCS_MAX_LENGTH 1 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index fa56af1764..50caa42951 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -61,6 +61,7 @@ #include #include +static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt); static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, STACK_OF(SSL_CIPHER) @@ -408,6 +409,10 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_SW_SRVR_HELLO: + st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_ENCRYPTED_EXTENSIONS: if (s->hit) st->hand_state = TLS_ST_SW_FINISHED; else if (send_certificate_request(s)) @@ -855,6 +860,11 @@ int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, *confunc = tls_construct_finished; *mt = SSL3_MT_FINISHED; break; + + case TLS_ST_SW_ENCRYPTED_EXTENSIONS: + *confunc = tls_construct_encrypted_extensions; + *mt = SSL3_MT_ENCRYPTED_EXTENSIONS; + break; } return 1; @@ -3354,6 +3364,18 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt) } #endif +static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt) +{ + /* TODO(TLS1.3): Zero length encrypted extensions message for now */ + if (!WPACKET_put_bytes_u16(pkt, 0)) { + SSLerr(SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS, ERR_R_INTERNAL_ERROR); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + return 0; + } + + return 1; +} + #define SSLV2_CIPHER_LEN 3 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index ee08d0eb87..948931d2bf 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -92,6 +92,7 @@ static ssl_trace_tbl ssl_handshake_tbl[] = { {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"}, {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, {SSL3_MT_FINISHED, "Finished"}, + {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"}, {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"} }; @@ -1284,6 +1285,11 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, return 0; break; + case SSL3_MT_ENCRYPTED_EXTENSIONS: + if (!ssl_print_extensions(bio, indent + 2, 1, msg, msglen)) + return 0; + break; + default: BIO_indent(bio, indent + 2, 80); BIO_puts(bio, "Unsupported, hex dump follows:\n"); diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 50baf2e0fb..c64e54e6f8 100755 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -39,6 +39,7 @@ use constant { my @handmessages = ( [TLSProxy::Message::MT_CLIENT_HELLO, ALL_HANDSHAKES], [TLSProxy::Message::MT_SERVER_HELLO, ALL_HANDSHAKES], + [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, ALL_HANDSHAKES], [TLSProxy::Message::MT_CERTIFICATE_REQUEST, CLIENT_AUTH_HANDSHAKE], [TLSProxy::Message::MT_CERTIFICATE, ALL_HANDSHAKES & ~RESUME_HANDSHAKE], [TLSProxy::Message::MT_CERTIFICATE_STATUS, OCSP_HANDSHAKE], diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm index 3259edc5dd..6fcb9d9525 100644 --- a/util/TLSProxy/Message.pm +++ b/util/TLSProxy/Message.pm @@ -17,6 +17,7 @@ use constant { MT_CLIENT_HELLO => 1, MT_SERVER_HELLO => 2, MT_NEW_SESSION_TICKET => 4, + MT_ENCRYPTED_EXTENSIONS => 8, MT_CERTIFICATE => 11, MT_SERVER_KEY_EXCHANGE => 12, MT_CERTIFICATE_REQUEST => 13, @@ -46,6 +47,7 @@ my %message_type = ( MT_CLIENT_HELLO, "ClientHello", MT_SERVER_HELLO, "ServerHello", MT_NEW_SESSION_TICKET, "NewSessionTicket", + MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions", MT_CERTIFICATE, "Certificate", MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange", MT_CERTIFICATE_REQUEST, "CertificateRequest",