From 6594189fa16e845df5565ca4c180220783a752d4 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 9 Mar 2017 15:31:55 +0000 Subject: [PATCH] Merge early_data_info extension into early_data As per draft-19 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2895) --- include/openssl/ssl.h | 1 + include/openssl/tls1.h | 1 - ssl/ssl_err.c | 1 + ssl/ssl_locl.h | 1 - ssl/statem/extensions.c | 9 ++------- ssl/statem/extensions_clnt.c | 34 ++++++++++++++++------------------ ssl/statem/extensions_srvr.c | 33 +++++++++++++++------------------ ssl/statem/statem_locl.h | 5 ----- ssl/t1_trce.c | 5 +++-- 9 files changed, 38 insertions(+), 52 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index bf0dd6bdd7..e3e85d6165 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2413,6 +2413,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 # define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465 # define SSL_F_TLS_PARSE_STOC_COOKIE 534 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538 # define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528 # define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445 # define SSL_F_TLS_PARSE_STOC_PSK 502 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 8e890bf8b4..f2af3abb06 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -184,7 +184,6 @@ extern "C" { # define TLSEXT_TYPE_supported_versions 43 # define TLSEXT_TYPE_cookie 44 # define TLSEXT_TYPE_psk_kex_modes 45 -# define TLSEXT_TYPE_early_data_info 46 /* Temporary extension type */ # define TLSEXT_TYPE_renegotiate 0xff01 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index f8d344b563..c476b1e7e0 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -405,6 +405,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { "tls_parse_ctos_renegotiate"}, {ERR_FUNC(SSL_F_TLS_PARSE_CTOS_USE_SRTP), "tls_parse_ctos_use_srtp"}, {ERR_FUNC(SSL_F_TLS_PARSE_STOC_COOKIE), "tls_parse_stoc_cookie"}, + {ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA), "tls_parse_stoc_early_data"}, {ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO), "tls_parse_stoc_early_data_info"}, {ERR_FUNC(SSL_F_TLS_PARSE_STOC_KEY_SHARE), "tls_parse_stoc_key_share"}, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b2e0f66638..9913548c88 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1791,7 +1791,6 @@ typedef enum tlsext_index_en { TLSEXT_IDX_renegotiate, TLSEXT_IDX_server_name, TLSEXT_IDX_srp, - TLSEXT_IDX_early_data_info, TLSEXT_IDX_ec_point_formats, TLSEXT_IDX_supported_groups, TLSEXT_IDX_session_ticket, diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 0ab1f0494c..f11f5e03b9 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -131,12 +131,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { #else INVALID_EXTENSION, #endif - { - TLSEXT_TYPE_early_data_info, - EXT_TLS1_3_NEW_SESSION_TICKET, - NULL, NULL, tls_parse_stoc_early_data_info, - tls_construct_stoc_early_data_info, NULL, NULL - }, #ifndef OPENSSL_NO_EC { TLSEXT_TYPE_ec_point_formats, @@ -287,7 +281,8 @@ static const EXTENSION_DEFINITION ext_defs[] = { }, { TLSEXT_TYPE_early_data, - EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS + | EXT_TLS1_3_NEW_SESSION_TICKET, NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data, tls_construct_stoc_early_data, tls_construct_ctos_early_data, final_early_data diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index c6cd0ce8a3..59bc974219 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -931,24 +931,6 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, return 1; } -int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx, int *al) -{ - unsigned long max_early_data; - - if (!PACKET_get_net_4(pkt, &max_early_data) - || PACKET_remaining(pkt) != 0) { - SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO, - SSL_R_INVALID_MAX_EARLY_DATA); - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - s->session->ext.max_early_data = max_early_data; - - return 1; -} - #ifndef OPENSSL_NO_EC int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) @@ -1382,6 +1364,22 @@ int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { + if (context == EXT_TLS1_3_NEW_SESSION_TICKET) { + unsigned long max_early_data; + + if (!PACKET_get_net_4(pkt, &max_early_data) + || PACKET_remaining(pkt) != 0) { + SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA, + SSL_R_INVALID_MAX_EARLY_DATA); + *al = SSL_AD_DECODE_ERROR; + return 0; + } + + s->session->ext.max_early_data = max_early_data; + + return 1; + } + if (PACKET_remaining(pkt) != 0) { *al = SSL_AD_DECODE_ERROR; return 0; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index ab3ad468fb..076a635d24 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -841,24 +841,6 @@ int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context, return 1; } -int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx, int *al) -{ - if (s->max_early_data == 0) - return 1; - - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data_info) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u32(pkt, s->max_early_data) - || !WPACKET_close(pkt)) { - SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, ERR_R_INTERNAL_ERROR); - return 0; - } - - return 1; -} - #ifndef OPENSSL_NO_EC int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) @@ -1151,6 +1133,21 @@ int tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, unsigned int context, int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { + if (context == EXT_TLS1_3_NEW_SESSION_TICKET) { + if (s->max_early_data == 0) + return 1; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u32(pkt, s->max_early_data) + || !WPACKET_close(pkt)) { + SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; + } + if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED) return 1; diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index daf8a5b192..2e9821caf9 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -238,9 +238,6 @@ int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al); int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al); -int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx, int *al); int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al); #ifndef OPENSSL_NO_EC @@ -345,8 +342,6 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al); int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al); -int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx, int *al); int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al); #ifndef OPENSSL_NO_EC diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 5cfaacd398..3968509eb7 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -476,7 +476,6 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_padding, "padding"}, {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}, - {TLSEXT_TYPE_early_data_info, "ticket_early_data_info"}, {TLSEXT_TYPE_early_data, "early_data"} }; @@ -833,7 +832,9 @@ static int ssl_print_extension(BIO *bio, int indent, int server, return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_psk_kex_modes_tbl); - case TLSEXT_TYPE_early_data_info: + case TLSEXT_TYPE_early_data: + if (mt != SSL3_MT_NEWSESSION_TICKET) + break; if (extlen != 4) return 0; max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8) -- 2.25.1