From 90fc2c26df23811be080093772b2161850385863 Mon Sep 17 00:00:00 2001 From: Nikolay Morozov Date: Sat, 2 May 2020 12:22:43 +0300 Subject: [PATCH] SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11709) --- apps/s_server.c | 12 ++++++++++- doc/man1/openssl-s_server.pod.in | 7 +++++++ doc/man3/SSL_CONF_cmd.pod | 4 ++++ doc/man3/SSL_CTX_set_options.pod | 8 +++++++- include/openssl/ssl.h | 3 ++- ssl/ssl_conf.c | 5 +++-- ssl/statem/statem_lib.c | 2 +- test/sslapitest.c | 34 +++++++++++++++++++++++++------- 8 files changed, 62 insertions(+), 13 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 4904a21b7a..7ac4221860 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -761,7 +761,7 @@ typedef enum OPTION_choice { OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, - OPT_HTTP_SERVER_BINMODE, + OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -952,6 +952,8 @@ const OPTIONS s_server_options[] = { {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"}, {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"}, {"http_server_binmode", OPT_HTTP_SERVER_BINMODE, '-', "opening files in binary mode when acting as http server (-WWW and -HTTP)"}, + {"no_ca_names", OPT_NOCANAMES, '-', + "Disable TLS Extension CA Names"}, {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"}, #ifndef OPENSSL_NO_SSL3 {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, @@ -1089,6 +1091,7 @@ int s_server_main(int argc, char *argv[]) const char *keylog_file = NULL; int max_early_data = -1, recv_max_early_data = -1; char *psksessf = NULL; + int no_ca_names = 0; #ifndef OPENSSL_NO_SCTP int sctp_label_bug = 0; #endif @@ -1655,6 +1658,9 @@ int s_server_main(int argc, char *argv[]) case OPT_HTTP_SERVER_BINMODE: http_server_binmode = 1; break; + case OPT_NOCANAMES: + no_ca_names = 1; + break; case OPT_SENDFILE: #ifndef OPENSSL_NO_KTLS use_sendfile = 1; @@ -1900,6 +1906,10 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); } + if (no_ca_names) { + SSL_CTX_set_options(ctx, SSL_OP_DISABLE_TLSEXT_CA_NAMES); + } + if (max_send_fragment > 0 && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index fb8df53906..c9f4bfc11b 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -46,6 +46,7 @@ B B [B<-www>] [B<-WWW>] [B<-http_server_binmode>] +[B<-no_ca_names>] [B<-servername>] [B<-servername_fatal>] [B<-tlsextdebug>] @@ -411,6 +412,12 @@ Neither of these options can be used in conjunction with B<-early_data>. When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested by the client in binary mode. +=item B<-no_ca_names> + +Disable TLS Extension CA Names. You may want to disable it for security reasons +or for compatibility with some Windows TLS implementations crashing when this +extension is larger than 1024 bytes. + =item B<-id_prefix> I Generate SSL/TLS session IDs prefixed by I. This is mostly useful diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 73c50da8f4..b060449390 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -507,6 +507,10 @@ B: use extended master secret extension, enabled by default. Inverse of B: that is, B<-ExtendedMasterSecret> is the same as setting B. +B: use CA names extension, enabled by +default. Inverse of B: that is, +B<-CANames> is the same as setting B. + =item B The B argument is a comma separated list of flags to set. diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index dd89125db4..39cb2ec30e 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -67,6 +67,12 @@ The following B options are available: Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. +=item SSL_OP_DISABLE_TLSEXT_CA_NAMES + +Disable TLS Extension CA Names. You may want to disable it for security reasons +or for compatibility with some Windows TLS implementations crashing when this +extension is larger than 1024 bytes. + =item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol @@ -378,7 +384,7 @@ The B option was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index f293b035e3..74d4e305e1 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -331,9 +331,10 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); /* * Reserved value (until OpenSSL 3.0.0) 0x00000080U * Reserved value (until OpenSSL 3.0.0) 0x00000100U - * Reserved value (until OpenSSL 3.0.0) 0x00000200U */ +# define SSL_OP_DISABLE_TLSEXT_CA_NAMES 0x00000200U + /* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ # define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 9408acc89e..aefe8ad203 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -383,7 +383,8 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA), SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT), SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY), - SSL_FLAG_TBL_INV("ExtendedMasterSecret", SSL_OP_NO_EXTENDED_MASTER_SECRET) + SSL_FLAG_TBL_INV("ExtendedMasterSecret", SSL_OP_NO_EXTENDED_MASTER_SECRET), + SSL_FLAG_TBL_INV("CANames", SSL_OP_DISABLE_TLSEXT_CA_NAMES) }; if (value == NULL) return -3; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 262fe355f3..36cdc1be58 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -2342,7 +2342,7 @@ int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt) return 0; } - if (ca_sk != NULL) { + if ((ca_sk != NULL) && !(s->options & SSL_OP_DISABLE_TLSEXT_CA_NAMES)) { int i; for (i = 0; i < sk_X509_NAME_num(ca_sk); i++) { diff --git a/test/sslapitest.c b/test/sslapitest.c index 6889607662..ea86b13f80 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1481,7 +1481,7 @@ static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len, } static int execute_test_session(int maxprot, int use_int_cache, - int use_ext_cache) + int use_ext_cache, long s_options) { SSL_CTX *sctx = NULL, *cctx = NULL; SSL *serverssl1 = NULL, *clientssl1 = NULL; @@ -1524,6 +1524,10 @@ static int execute_test_session(int maxprot, int use_int_cache, | SSL_SESS_CACHE_NO_INTERNAL_STORE); } + if (s_options) { + SSL_CTX_set_options(sctx, s_options); + } + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL, NULL)) || !TEST_true(create_ssl_connection(serverssl1, clientssl1, @@ -1768,12 +1772,12 @@ static int execute_test_session(int maxprot, int use_int_cache, static int test_session_with_only_int_cache(void) { #ifndef OPENSSL_NO_TLS1_3 - if (!execute_test_session(TLS1_3_VERSION, 1, 0)) + if (!execute_test_session(TLS1_3_VERSION, 1, 0, 0)) return 0; #endif #ifndef OPENSSL_NO_TLS1_2 - return execute_test_session(TLS1_2_VERSION, 1, 0); + return execute_test_session(TLS1_2_VERSION, 1, 0, 0); #else return 1; #endif @@ -1782,12 +1786,12 @@ static int test_session_with_only_int_cache(void) static int test_session_with_only_ext_cache(void) { #ifndef OPENSSL_NO_TLS1_3 - if (!execute_test_session(TLS1_3_VERSION, 0, 1)) + if (!execute_test_session(TLS1_3_VERSION, 0, 1, 0)) return 0; #endif #ifndef OPENSSL_NO_TLS1_2 - return execute_test_session(TLS1_2_VERSION, 0, 1); + return execute_test_session(TLS1_2_VERSION, 0, 1, 0); #else return 1; #endif @@ -1796,17 +1800,32 @@ static int test_session_with_only_ext_cache(void) static int test_session_with_both_cache(void) { #ifndef OPENSSL_NO_TLS1_3 - if (!execute_test_session(TLS1_3_VERSION, 1, 1)) + if (!execute_test_session(TLS1_3_VERSION, 1, 1, 0)) + return 0; +#endif + +#ifndef OPENSSL_NO_TLS1_2 + return execute_test_session(TLS1_2_VERSION, 1, 1, 0); +#else + return 1; +#endif +} + +static int test_session_wo_ca_names(void) +{ +#ifndef OPENSSL_NO_TLS1_3 + if (!execute_test_session(TLS1_3_VERSION, 1, 0, SSL_OP_DISABLE_TLSEXT_CA_NAMES)) return 0; #endif #ifndef OPENSSL_NO_TLS1_2 - return execute_test_session(TLS1_2_VERSION, 1, 1); + return execute_test_session(TLS1_2_VERSION, 1, 0, SSL_OP_DISABLE_TLSEXT_CA_NAMES); #else return 1; #endif } + #ifndef OPENSSL_NO_TLS1_3 static SSL_SESSION *sesscache[6]; static int do_cache; @@ -7585,6 +7604,7 @@ int setup_tests(void) ADD_TEST(test_session_with_only_int_cache); ADD_TEST(test_session_with_only_ext_cache); ADD_TEST(test_session_with_both_cache); + ADD_TEST(test_session_wo_ca_names); #ifndef OPENSSL_NO_TLS1_3 ADD_ALL_TESTS(test_stateful_tickets, 3); ADD_ALL_TESTS(test_stateless_tickets, 3); -- 2.25.1