#include "../ssl_locl.h"
#include "statem_locl.h"
+typedef struct {
+ /* The ID for the extension */
+ unsigned int type;
+ int (*server_parse)(SSL *s, PACKET *pkt);
+ int (*client_parse)(SSL *s, PACKET *pkt);
+ unsigned int context;
+} EXTENSION_DEFINITION;
+
+
+static const EXTENSION_DEFINITION ext_defs[] = {
+ {
+ TLSEXT_TYPE_renegotiate,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
+ },
+ {
+ TLSEXT_TYPE_server_name,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
+ | EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+ },
+ {
+ TLSEXT_TYPE_srp,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
+ },
+ {
+ TLSEXT_TYPE_ec_point_formats,
+ NULL, NULL,
+ EXT_CLIENT_HELLO
+ },
+ {
+ TLSEXT_TYPE_supported_groups,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+ },
+ {
+ TLSEXT_TYPE_session_ticket,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
+ },
+ {
+ TLSEXT_TYPE_signature_algorithms,
+ NULL, NULL,
+ EXT_CLIENT_HELLO
+ },
+ {
+ TLSEXT_TYPE_status_request,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_3_CERTIFICATE
+ },
+ {
+ TLSEXT_TYPE_next_proto_neg,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
+ },
+ {
+ TLSEXT_TYPE_application_layer_protocol_negotiation,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
+ | EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+ },
+ {
+ TLSEXT_TYPE_use_srtp,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
+ | EXT_TLS1_3_ENCRYPTED_EXTENSIONS | EXT_DTLS_ONLY
+ },
+ {
+ TLSEXT_TYPE_encrypt_then_mac,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
+ },
+ {
+ TLSEXT_TYPE_signed_certificate_timestamp,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_3_CERTIFICATE
+ },
+ {
+ TLSEXT_TYPE_extended_master_secret,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
+ },
+ {
+ TLSEXT_TYPE_supported_versions,
+ NULL, NULL,
+ EXT_CLIENT_HELLO
+ },
+ {
+ TLSEXT_TYPE_padding,
+ NULL, NULL,
+ EXT_CLIENT_HELLO
+ },
+ {
+ TLSEXT_TYPE_key_share,
+ NULL, NULL,
+ EXT_CLIENT_HELLO | EXT_TLS1_3_SERVER_HELLO
+ | EXT_TLS1_3_HELLO_RETRY_REQUEST
+ }
+};
+
/*
* Comparison function used in a call to qsort (see tls_collect_extensions()
* below.)
}
/*
- * Gather a list of all the extensions. We don't actually process the content
- * of the extensions yet, except to check their types.
+ * Verify whether we are allowed to use the extension |type| in the current
+ * |context|. Returns 1 to indicate the extension is allowed or unknown or 0 to
+ * indicate the extension is not allowed.
+ */
+static int verify_extension(SSL *s, unsigned int context, unsigned int type)
+{
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(ext_defs); i++) {
+ if (type == ext_defs[i].type) {
+ /* Check we're allowed to use this extension in this context */
+ if ((context & ext_defs[i].context) == 0)
+ return 0;
+ /* Make sure we don't use DTLS extensions in TLS */
+ if ((ext_defs[i].context & EXT_DTLS_ONLY) && !SSL_IS_DTLS(s))
+ return 0;
+
+ return 1;
+ }
+ }
+
+ /* Unknown extension. We allow it */
+ return 1;
+}
+
+/*
+ * Gather a list of all the extensions from the data in |packet]. |context|
+ * tells us which message this extension is for. The raw extension data is
+ * stored in |*res| with the number of found extensions in |*numfound|. In the
+ * event of an error the alert type to use is stored in |*ad|. We don't actually
+ * process the content of the extensions yet, except to check their types.
*
* Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be
* more than one extension of the same type in a ClientHello or ServerHello.
* TODO(TLS1.3): Refactor ServerHello extension parsing to use this and then
* remove tls1_check_duplicate_extensions()
*/
-int tls_collect_extensions(PACKET *packet, RAW_EXTENSION **res,
- size_t *numfound, int *ad)
+int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
+ RAW_EXTENSION **res, size_t *numfound, int *ad)
{
PACKET extensions = *packet;
size_t num_extensions = 0, i = 0;
if (!PACKET_get_net_2(&extensions, &type) ||
!PACKET_get_length_prefixed_2(&extensions, &extension)) {
+ SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_BAD_EXTENSION);
*ad = SSL_AD_DECODE_ERROR;
goto err;
}
+ /* Verify this extension is allowed */
+ if (!verify_extension(s, context, type)) {
+ SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_BAD_EXTENSION);
+ *ad = SSL_AD_ILLEGAL_PARAMETER;
+ goto err;
+ }
num_extensions++;
}
/* Max should actually be 36 but we are generous */
#define FINISHED_MAX_LENGTH 64
+/* Extension context codes */
+#define EXT_DTLS_ONLY 0x01
+#define EXT_CLIENT_HELLO 0x02
+/* Really means TLS1.2 or below */
+#define EXT_TLS1_2_SERVER_HELLO 0x04
+#define EXT_TLS1_3_SERVER_HELLO 0x08
+#define EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x10
+#define EXT_TLS1_3_HELLO_RETRY_REQUEST 0x20
+#define EXT_TLS1_3_CERTIFICATE 0x40
+#define EXT_TLS1_3_NEW_SESSION_TICKET 0x80
+
/* Message processing return codes */
typedef enum {
/* Something bad happened */
__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst);
__owur WORK_STATE dtls_wait_for_dry(SSL *s);
-int tls_collect_extensions(PACKET *packet, RAW_EXTENSION **res,
- size_t *numfound, int *ad);
+int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
+ RAW_EXTENSION **res, size_t *numfound, int *ad);
/* some client-only functions */
__owur int tls_construct_client_hello(SSL *s, WPACKET *pkt);
projects / oweals / openssl.git / commitdiff