mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

GH787: Fix ALPN

Browse Source 
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
This commit is contained in:
Todd Short 2016-03-05 08:47:55 -05:00 committed by Rich Salz
parent f18ce93488
commit 817cd0d52f
13 changed files with 432 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -4,6 +4,10 @@
Changes between 1.0.2g and 1.1.0 [xx XXX xxxx]
*) Modify behavior of ALPN to invoke callback after SNI/servername
callback, such that updates to the SSL_CTX affect ALPN.
[Todd Short]
*) Changes to the DEFAULT cipherlist:
- Prefer (EC)DHE handshakes over plain RSA.
- Prefer AEAD ciphers over legacy ciphers.

2
apps/apps.c
View File

@ -1960,7 +1960,7 @@ void policies_print(X509_STORE_CTX *ctx)
*
* returns: a malloced buffer or NULL on failure.
*/
unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
unsigned char *next_protos_parse(size_t *outlen, const char *in)
{
size_t len;
unsigned char *out;

2
apps/apps.h
View File

@ -565,7 +565,7 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
extern char *psk_key;
# endif
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
unsigned char *next_protos_parse(size_t *outlen, const char *in);
void print_cert_checks(BIO *bio, X509 *x,
const char *checkhost,

4
apps/s_client.c
View File

@ -445,7 +445,7 @@ static char *srtp_profiles = NULL;
/* This the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
unsigned char *data;
unsigned short len;
size_t len;
int status;
} tlsextnextprotoctx;
@ -1634,7 +1634,7 @@ int s_client_main(int argc, char **argv)
SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
#endif
if (alpn_in) {
unsigned short alpn_len;
size_t alpn_len;
unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
if (alpn == NULL) {

8
apps/s_server.c
View File

@ -743,7 +743,7 @@ static int next_proto_cb(SSL *s, const unsigned char **data,
/* This the context that we pass to alpn_cb */
typedef struct tlsextalpnctx_st {
unsigned char *data;
unsigned short len;
size_t len;
} tlsextalpnctx;
static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
@ -753,7 +753,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
if (!s_quiet) {
/* We can assume that |in| is syntactically valid. */
unsigned i;
unsigned int i;
BIO_printf(bio_s_out, "ALPN protocols advertised by the client: ");
for (i = 0; i < inlen;) {
if (i)
@ -1620,7 +1620,7 @@ int s_server_main(int argc, char *argv[])
}
#if !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto_neg_in) {
unsigned short len;
size_t len;
next_proto.data = next_protos_parse(&len, next_proto_neg_in);
if (next_proto.data == NULL)
goto end;
@ -1631,7 +1631,7 @@ int s_server_main(int argc, char *argv[])
#endif
alpn_ctx.data = NULL;
if (alpn_in) {
unsigned short len;
size_t len;
alpn_ctx.data = next_protos_parse(&len, alpn_in);
if (alpn_ctx.data == NULL)
goto end;

126
doc/ssl/SSL_CTX_set_alpn_select_cb.pod Normal file
View File

@ -0,0 +1,126 @@
=pod
=head1 NAME
SSL_CTX_set_alpn_select_cb, SSL_CTX_set_alpn_protos, SSL_set_alpn_protos,
SSL_get0_alpn_selected, SSL_select_next_proto - handle application layer
protocol negotiation (ALPN)
=head1 SYNOPSIS
#include <openssl/ssl.h>
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
unsigned int protos_len);
int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
unsigned int protos_len);
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg);
int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *server,
unsigned int server_len,
const unsigned char *client,
unsigned int client_len)
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned int *len);
=head1 DESCRIPTION
SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to
set the list of protocols available to be negotiated. The B<protos> must be in
protocol-list format, described below. The length of B<protos> is specified in
B<protos_len>.
SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
server to select which protocol to use for the incoming connection. When B<cb>
is NULL, no ALPN is not used. The B<arg> value is pointer which is passed to
the application callback.
B<cb> is the application defined callback. The B<in>, B<inlen> parameters are a
vector in protocol-list format. The value of the B<out>, B<outlen> vector
should be set to the value of a single protocol contained with in the B<in>,
B<inlen> vector. The B<arg> parameter is the pointer set via
SSL_CTX_set_alpn_select_cb().
SSL_select_next_proto() is a helper function used to select protocols. It
implements the standard protocol selection. It is expected that this function
is called from the application callback B<cb>. The protocol data in B<server>,
B<server_len> and B<client>, B<client_len> must be in protocol-list format
described below. The first item in the B<server>, B<server_len> list that
matches an item in the B<client>, B<client_len> list is selected, and returned
in B<out>, B<outlen>. The B<out> value will point into either B<server> or
B<client>, so it should be copied immediately. If no match is found, the first
item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This
function can also be used in the NPN callback.
SSL_get0_alpn_selected() returns a pointer to the selected protocol in B<data>
with length B<len>. It is not NUL-terminated. B<data> is set to NULL and B<len>
is set to 0 if no protocol has been selected. B<data> value must not be freed.
=head1 NOTES
The protocol-lists must be in wire-format, which is defined as a vector of
non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not
included in the length. Each string is limited to 255 bytes. A byte-string
length of 0 is invalid. A truncated byte-string is invalid. The length of the
vector is not in the vector itself, but in a separate variable.
Example:
unsigned char vector[] = {
6, 's', 'p', 'd', 'y', '/', '1',
8, 'h', 't', 't', 'p', '/', '1', '.', '1'
};
unsigned int length = sizeof(vector);
The ALPN callback is executed after the servername callback; as that servername
callback may update the SSL_CTX, and subsequently, the ALPN callback.
If there is no ALPN proposed in the ClientHello, the ALPN callback is not
invoked.
=head1 RETURN VALUES
SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() return 0 on success, and
non-0 on failure. WARNING: these functions reverse the return value convention.
SSL_select_next_proto() returns one of the following:
=over 4
=item OPENSSL_NPN_NEGOTIATED
A match was found and is returned in B<out>, B<outlen>.
=item OPENSSL_NPN_NO_OVERLAP
No match was found. The first item in B<client>, B<client_len> is returned in
B<out>, B<outlen>.
=back
The ALPN select callback B<cb>, must return one of the following:
=over 4
=item SSL_TLSEXT_ERR_OK
ALPN protocol selected.
=item SSL_TLSEXT_ERR_NOACK
ALPN protocol not selected.
=back
=head1 SEE ALSO
L<ssl(3)>, L<SSL_CTX_set_tlsext_servername_callback(3)>,
L<SSL_CTX_set_tlsext_servername_arg(3)>
=cut

6
include/openssl/ssl.h
View File

@ -782,9 +782,9 @@ __owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
# define OPENSSL_NPN_NO_OVERLAP 2
__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
unsigned protos_len);
unsigned int protos_len);
__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
unsigned protos_len);
unsigned int protos_len);
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
const unsigned char **out,
@ -793,7 +793,7 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
unsigned int inlen,
void *arg), void *arg);
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned *len);
unsigned int *len);
# ifndef OPENSSL_NO_PSK
/*

20
ssl/s3_lib.c
View File

@ -3047,6 +3047,7 @@ void ssl3_free(SSL *s)
OPENSSL_free(s->s3->tmp.peer_sigalgs);
ssl3_free_digest_list(s);
OPENSSL_free(s->s3->alpn_selected);
OPENSSL_free(s->s3->alpn_proposed);
#ifndef OPENSSL_NO_SRP
SSL_SRP_CTX_free(s);
@ -3060,37 +3061,24 @@ void ssl3_clear(SSL *s)
ssl3_cleanup_key_block(s);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
OPENSSL_free(s->s3->tmp.ciphers_raw);
s->s3->tmp.ciphers_raw = NULL;
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
s->s3->tmp.pms = NULL;
OPENSSL_free(s->s3->tmp.peer_sigalgs);
s->s3->tmp.peer_sigalgs = NULL;
#ifndef OPENSSL_NO_EC
s->s3->is_probably_safari = 0;
#endif
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->tmp.pkey);
s->s3->tmp.pkey = NULL;
EVP_PKEY_free(s->s3->peer_tmp);
s->s3->peer_tmp = NULL;
#endif /* !OPENSSL_NO_EC */
ssl3_free_digest_list(s);
if (s->s3->alpn_selected) {
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
}
OPENSSL_free(s->s3->alpn_selected);
OPENSSL_free(s->s3->alpn_proposed);
/* NULL/zero-out everything in the s3 struct */
memset(s->s3, 0, sizeof(*s->s3));
ssl_free_wbio_buffer(s);
s->s3->renegotiate = 0;
s->s3->total_renegotiations = 0;
s->s3->num_renegotiations = 0;
s->s3->in_read_app_data = 0;
s->version = SSL3_VERSION;
#if !defined(OPENSSL_NO_NEXTPROTONEG)

12
ssl/ssl_lib.c
View File

@ -2220,15 +2220,14 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
* length-prefixed strings). Returns 0 on success.
*/
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
unsigned protos_len)
unsigned int protos_len)
{
OPENSSL_free(ctx->alpn_client_proto_list);
ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len);
ctx->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len);
if (ctx->alpn_client_proto_list == NULL) {
SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
return 1;
}
memcpy(ctx->alpn_client_proto_list, protos, protos_len);
ctx->alpn_client_proto_list_len = protos_len;
return 0;
@ -2240,15 +2239,14 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
* length-prefixed strings). Returns 0 on success.
*/
int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
unsigned protos_len)
unsigned int protos_len)
{
OPENSSL_free(ssl->alpn_client_proto_list);
ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len);
ssl->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len);
if (ssl->alpn_client_proto_list == NULL) {
SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
return 1;
}
memcpy(ssl->alpn_client_proto_list, protos, protos_len);
ssl->alpn_client_proto_list_len = protos_len;
return 0;
@ -2278,7 +2276,7 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
* respond with a negotiated protocol then |*len| will be zero.
*/
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned *len)
unsigned int *len)
{
*data = NULL;
if (ssl->s3)

7
ssl/ssl_locl.h
View File

@ -1372,7 +1372,12 @@ typedef struct ssl3_state_st {
* that the server selected once the ServerHello has been processed.
*/
unsigned char *alpn_selected;
unsigned alpn_selected_len;
size_t alpn_selected_len;
/* used by the server to know what options were proposed */
unsigned char *alpn_proposed;
size_t alpn_proposed_len;
/* used by the client to know if it actually sent alpn */
int alpn_sent;
# ifndef OPENSSL_NO_EC
/*

77
ssl/t1_lib.c
View File

@ -1413,6 +1413,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
}
#endif
/*
* finish_md_len is non-zero during a renegotiation, so
* this avoids sending ALPN during the renegotiation
* (see longer comment below)
*/
if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) {
if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len)
return NULL;
@ -1421,6 +1426,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
s2n(s->alpn_client_proto_list_len, ret);
memcpy(ret, s->alpn_client_proto_list, s->alpn_client_proto_list_len);
ret += s->alpn_client_proto_list_len;
s->s3->alpn_sent = 1;
}
#ifndef OPENSSL_NO_SRTP
if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
@ -1701,9 +1707,9 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
s2n(0, ret);
}
if (s->s3->alpn_selected) {
if (s->s3->alpn_selected != NULL) {
const unsigned char *selected = s->s3->alpn_selected;
unsigned len = s->s3->alpn_selected_len;
unsigned int len = s->s3->alpn_selected_len;
if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
return NULL;
@ -1725,16 +1731,13 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
}
/*
* Process the ALPN extension in a ClientHello.
* Save the ALPN extension in a ClientHello.
* pkt: the contents of the ALPN extension, not including type and length.
* al: a pointer to the alert value to send in the event of a failure.
* returns: 1 on success, 0 on error.
*/
static int tls1_alpn_handle_client_hello(SSL *s, PACKET *pkt, int *al)
{
const unsigned char *selected;
unsigned char selected_len;
int r;
PACKET protocol_list, save_protocol_list, protocol;
*al = SSL_AD_DECODE_ERROR;
@ -1753,25 +1756,47 @@ static int tls1_alpn_handle_client_hello(SSL *s, PACKET *pkt, int *al)
}
} while (PACKET_remaining(&protocol_list) != 0);
if (s->ctx->alpn_select_cb == NULL)
return 1;
if (!PACKET_memdup(&save_protocol_list,
&s->s3->alpn_proposed,
&s->s3->alpn_proposed_len)) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
PACKET_data(&save_protocol_list),
PACKET_remaining(&save_protocol_list),
s->ctx->alpn_select_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) {
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = OPENSSL_malloc(selected_len);
if (s->s3->alpn_selected == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
return 1;
}
/*
* Process the ALPN extension in a ClientHello.
* ret: a pointer to the TLSEXT return value: SSL_TLSEXT_ERR_*
* al: a pointer to the alert value to send in the event of a failure.
* returns 1 on success, 0
*/
static int tls1_alpn_handle_client_hello_late(SSL *s, int *ret, int *al)
{
const unsigned char *selected = NULL;
unsigned char selected_len = 0;
if (s->ctx->alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {
int r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
s->s3->alpn_proposed,
s->s3->alpn_proposed_len,
s->ctx->alpn_select_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) {
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
if (s->s3->alpn_selected == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
*ret = SSL_TLSEXT_ERR_ALERT_FATAL;
return 0;
}
s->s3->alpn_selected_len = selected_len;
} else {
*al = SSL_AD_NO_APPLICATION_PROTOCOL;
*ret = SSL_TLSEXT_ERR_ALERT_FATAL;
return 0;
}
memcpy(s->s3->alpn_selected, selected, selected_len);
s->s3->alpn_selected_len = selected_len;
} else {
*al = SSL_AD_NO_APPLICATION_PROTOCOL;
return 0;
}
return 1;
@ -2484,7 +2509,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation) {
unsigned len;
/* We must have requested it. */
if (s->alpn_client_proto_list == NULL) {
if (!s->s3->alpn_sent) {
*al = TLS1_AD_UNSUPPORTED_EXTENSION;
return 0;
}
@ -2617,7 +2642,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
int ssl_prepare_clienthello_tlsext(SSL *s)
{
s->s3->alpn_sent = 0;
return 1;
}
@ -2776,6 +2801,10 @@ int ssl_check_clienthello_tlsext_late(SSL *s)
} else
s->tlsext_status_expected = 0;
if (!tls1_alpn_handle_client_hello_late(s, &ret, &al)) {
goto err;
}
err:
switch (ret) {
case SSL_TLSEXT_ERR_ALERT_FATAL:

64
test/recipes/80-test_ssl.t
View File

@ -64,7 +64,7 @@ my $P2intermediate="tmp_intP2.ss";
plan tests =>
1 # For testss
+ 1 # For ssltest -test_cipherlist
+ 11 # For the first testssl
+ 13 # For the first testssl
+ 16 # For the first testsslproxy
+ 16 # For the second testsslproxy
;
@ -603,10 +603,29 @@ sub testssl {
}
};
subtest 'SNI tests' => sub {
plan tests => 7;
SKIP: {
skip "TLSv1.x is not supported by this OpenSSL build", 7
if $no_tls1 && $no_tls1_1 && $no_tls1_2;
ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo"])));
ok(run(test([@ssltest, "-bio_pair", "-sn_server1", "foo"])));
ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "foo", "-sn_expect1"])));
ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "bar", "-sn_expect1"])));
ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect1"])));
ok(run(test([@ssltest, "-bio_pair", "-sn_client", "bar", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect2"])));
# Negative test - make sure it doesn't crash, and doesn't switch contexts
ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foobar", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect1"])));
}
};
subtest 'ALPN tests' => sub {
######################################################################
plan tests => 14;
plan tests => 12;
SKIP: {
skip "TLSv1.0 is not supported by this OpenSSL build", 12
@ -626,22 +645,39 @@ sub testssl {
is(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "baz", "-alpn_server", "bar,foo"])), 0,
"Testing ALPN with protocol mismatch, expecting failure");
SKIP: {
skip "skipping SRP tests", 4
if $no_srp;
# ALPN + SNI
ok(run(test([@ssltest, "-bio_pair",
"-alpn_client", "foo,bar", "-sn_client", "alice",
"-alpn_server1", "foo,123", "-sn_server1", "alice",
"-alpn_server2", "bar,456", "-sn_server2", "bob",
"-alpn_expected", "foo"])));
ok(run(test([@ssltest, "-bio_pair",
"-alpn_client", "foo,bar", "-sn_client", "bob",
"-alpn_server1", "foo,123", "-sn_server1", "alice",
"-alpn_server2", "bar,456", "-sn_server2", "bob",
"-alpn_expected", "bar"])));
}
};
ok(run(test([@ssltest, "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])),
'test tls1 with SRP');
subtest 'SRP tests' => sub {
ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])),
'test tls1 with SRP via BIO pair');
plan tests => 4;
ok(run(test([@ssltest, "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])),
'test tls1 with SRP auth');
SKIP: {
skip "skipping SRP tests", 4
if $no_srp;
ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])),
'test tls1 with SRP auth via BIO pair');
}
ok(run(test([@ssltest, "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])),
'test tls1 with SRP');
ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])),
'test tls1 with SRP via BIO pair');
ok(run(test([@ssltest, "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])),
'test tls1 with SRP auth');
ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])),
'test tls1 with SRP auth via BIO pair');
}
};

251
test/ssltest.c
View File

@ -207,6 +207,9 @@
# include OPENSSL_UNISTD
#endif
SSL_CTX *s_ctx = NULL;
SSL_CTX *s_ctx2 = NULL;
/*
* There is really no standard for this, so let's assign something
* only for this test
@ -366,7 +369,8 @@ static int verify_npn(SSL *client, SSL *server)
#endif
static const char *alpn_client;
static const char *alpn_server;
static char *alpn_server;
static char *alpn_server2;
static const char *alpn_expected;
static unsigned char *alpn_selected;
static const char *server_min_proto;
@ -374,6 +378,48 @@ static const char *server_max_proto;
static const char *client_min_proto;
static const char *client_max_proto;
static const char *should_negotiate;
static const char *sn_client;
static const char *sn_server1;
static const char *sn_server2;
static int sn_expect = 0;
static int servername_cb(SSL *s, int *ad, void *arg)
{
const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
if (sn_server2 == NULL) {
BIO_printf(bio_stdout, "Servername 2 is NULL\n");
return SSL_TLSEXT_ERR_NOACK;
}
if (servername) {
if (s_ctx2 != NULL && sn_server2 != NULL &&
!strcasecmp(servername, sn_server2)) {
BIO_printf(bio_stdout, "Switching server context.\n");
SSL_set_SSL_CTX(s, s_ctx2);
}
}
return SSL_TLSEXT_ERR_OK;
}
static int verify_servername(SSL *client, SSL *server)
{
/* just need to see if sn_context is what we expect */
SSL_CTX* ctx = SSL_get_SSL_CTX(server);
if (sn_expect == 0)
return 0;
if (sn_expect == 1 && ctx == s_ctx)
return 0;
if (sn_expect == 2 && ctx == s_ctx2)
return 0;
BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
if (ctx == s_ctx2)
BIO_printf(bio_stdout, "Servername: context is 2\n");
else if (ctx == s_ctx)
BIO_printf(bio_stdout, "Servername: context is 1\n");
else
BIO_printf(bio_stdout, "Servername: context is unknown\n");
return -1;
}
/*-
* next_protos_parse parses a comma separated list of strings into a string
@ -384,7 +430,7 @@ static const char *should_negotiate;
*
* returns: a malloced buffer or NULL on failure.
*/
static unsigned char *next_protos_parse(unsigned short *outlen,
static unsigned char *next_protos_parse(size_t *outlen,
const char *in)
{
size_t len;
@ -420,12 +466,13 @@ static int cb_server_alpn(SSL *s, const unsigned char **out,
unsigned int inlen, void *arg)
{
unsigned char *protos;
unsigned short protos_len;
size_t protos_len;
char* alpn_str = arg;
protos = next_protos_parse(&protos_len, alpn_server);
protos = next_protos_parse(&protos_len, alpn_str);
if (protos == NULL) {
fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
alpn_server);
alpn_str);
abort();
}
@ -491,8 +538,15 @@ static int verify_alpn(SSL *client, SSL *server)
BIO_printf(bio_stdout, "', server: '");
BIO_write(bio_stdout, server_proto, server_proto_len);
BIO_printf(bio_stdout, "'\n");
BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n",
alpn_client, alpn_server);
BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
alpn_client);
if (SSL_get_SSL_CTX(server) == s_ctx2) {
BIO_printf(bio_stdout, "%s'\n",
alpn_server2);
} else {
BIO_printf(bio_stdout, "%s'\n",
alpn_server);
}
return -1;
}
@ -769,7 +823,7 @@ static void sv_usage(void)
fprintf(stderr, " -no_dhe - disable DHE\n");
#endif
#ifndef OPENSSL_NO_EC
fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
#endif
#ifndef OPENSSL_NO_PSK
fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
@ -809,12 +863,6 @@ static void sv_usage(void)
fprintf(stderr,
" -time - measure processor time used by client and server\n");
fprintf(stderr, " -zlib - use zlib compression\n");
#ifndef OPENSSL_NO_EC
fprintf(stderr,
" -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
" Use \"openssl ecparam -list_curves\" for all names\n"
" (default is sect163r2).\n");
#endif
fprintf(stderr,
" -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
" When this option is requested, the cipherlist\n"
@ -832,6 +880,8 @@ static void sv_usage(void)
" -custom_ext - try various custom extension callbacks\n");
fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
fprintf(stderr,
" -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
@ -844,6 +894,11 @@ static void sv_usage(void)
fprintf(stderr, " -requestct - request certificate transparency\n");
fprintf(stderr, " -requirect - require certificate transparency\n");
#endif
fprintf(stderr, " -sn_client <string> - have client request this servername\n");
fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
fprintf(stderr, " -sn_expect1 - expected server 1\n");
fprintf(stderr, " -sn_expect2 - expected server 2\n");
}
static void print_key_details(BIO *out, EVP_PKEY *key)
@ -1025,10 +1080,6 @@ int main(int argc, char *argv[])
struct app_verify_arg app_verify_arg =
{ APP_CALLBACK_STRING, 0, 0, NULL, NULL };
char *p;
#ifndef OPENSSL_NO_EC
char *named_curve = NULL;
#endif
SSL_CTX *s_ctx = NULL;
SSL_CTX *c_ctx = NULL;
const SSL_METHOD *meth = NULL;
SSL *c_ssl, *s_ssl;
@ -1038,9 +1089,6 @@ int main(int argc, char *argv[])
DH *dh;
int dhe512 = 0, dhe1024dsa = 0;
#endif
#ifndef OPENSSL_NO_EC
EC_KEY *ecdh = NULL;
#endif
#ifndef OPENSSL_NO_SRP
/* client */
SRP_CLIENT_ARG srp_client_arg = { NULL, NULL };
@ -1048,7 +1096,6 @@ int main(int argc, char *argv[])
SRP_SERVER_ARG srp_server_arg = { NULL, NULL };
#endif
int no_dhe = 0;
int no_ecdhe = 0;
int no_psk = 0;
int print_time = 0;
clock_t s_time = 0, c_time = 0;
@ -1071,7 +1118,7 @@ int main(int argc, char *argv[])
ct_validation_cb ct_validation = NULL;
#endif
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
STACK_OF(OPENSSL_STRING) *conf_args = NULL;
char *arg = NULL, *argn = NULL;
@ -1093,9 +1140,10 @@ int main(int argc, char *argv[])
bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
s_cctx = SSL_CONF_CTX_new();
s_cctx2 = SSL_CONF_CTX_new();
c_cctx = SSL_CONF_CTX_new();
if (!s_cctx || !c_cctx) {
if (!s_cctx || !c_cctx || !s_cctx2) {
ERR_print_errors(bio_err);
goto end;
}
@ -1104,10 +1152,18 @@ int main(int argc, char *argv[])
SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
SSL_CONF_FLAG_CERTIFICATE |
SSL_CONF_FLAG_REQUIRE_PRIVATE);
SSL_CONF_CTX_set_flags(s_cctx2,
SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
SSL_CONF_FLAG_CERTIFICATE |
SSL_CONF_FLAG_REQUIRE_PRIVATE);
if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
ERR_print_errors(bio_err);
goto end;
}
if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
ERR_print_errors(bio_err);
goto end;
}
SSL_CONF_CTX_set_flags(c_cctx,
SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
@ -1165,7 +1221,7 @@ int main(int argc, char *argv[])
} else if (strcmp(*argv, "-no_dhe") == 0)
no_dhe = 1;
else if (strcmp(*argv, "-no_ecdhe") == 0)
no_ecdhe = 1;
/* obsolete */;
else if (strcmp(*argv, "-psk") == 0) {
if (--argc < 1)
goto bad;
@ -1259,17 +1315,7 @@ int main(int argc, char *argv[])
comp = COMP_ZLIB;
}
#endif
else if (strcmp(*argv, "-named_curve") == 0) {
if (--argc < 1)
goto bad;
#ifndef OPENSSL_NO_EC
named_curve = *(++argv);
#else
fprintf(stderr,
"ignoring -named_curve, since I'm compiled without ECDH\n");
++argv;
#endif
} else if (strcmp(*argv, "-app_verify") == 0) {
else if (strcmp(*argv, "-app_verify") == 0) {
app_verify_arg.app_verify = 1;
} else if (strcmp(*argv, "-proxy") == 0) {
app_verify_arg.allow_proxy_certs = 1;
@ -1299,10 +1345,15 @@ int main(int argc, char *argv[])
if (--argc < 1)
goto bad;
alpn_client = *(++argv);
} else if (strcmp(*argv, "-alpn_server") == 0) {
} else if (strcmp(*argv, "-alpn_server") == 0 ||
strcmp(*argv, "-alpn_server1") == 0) {
if (--argc < 1)
goto bad;
alpn_server = *(++argv);
} else if (strcmp(*argv, "-alpn_server2") == 0) {
if (--argc < 1)
goto bad;
alpn_server2 = *(++argv);
} else if (strcmp(*argv, "-alpn_expected") == 0) {
if (--argc < 1)
goto bad;
@ -1327,6 +1378,22 @@ int main(int argc, char *argv[])
if (--argc < 1)
goto bad;
should_negotiate = *(++argv);
} else if (strcmp(*argv, "-sn_client") == 0) {
if (--argc < 1)
goto bad;
sn_client = *(++argv);
} else if (strcmp(*argv, "-sn_server1") == 0) {
if (--argc < 1)
goto bad;
sn_server1 = *(++argv);
} else if (strcmp(*argv, "-sn_server2") == 0) {
if (--argc < 1)
goto bad;
sn_server2 = *(++argv);
} else if (strcmp(*argv, "-sn_expect1") == 0) {
sn_expect = 1;
} else if (strcmp(*argv, "-sn_expect2") == 0) {
sn_expect = 2;
} else {
int rv;
arg = argv[0];
@ -1517,7 +1584,8 @@ int main(int argc, char *argv[])
c_ctx = SSL_CTX_new(meth);
s_ctx = SSL_CTX_new(meth);
if ((c_ctx == NULL) || (s_ctx == NULL)) {
s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
@ -1528,10 +1596,12 @@ int main(int argc, char *argv[])
*/
SSL_CTX_set_security_level(c_ctx, 0);
SSL_CTX_set_security_level(s_ctx, 0);
SSL_CTX_set_security_level(s_ctx2, 0);
if (cipher != NULL) {
if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
|| !SSL_CTX_set_cipher_list(s_ctx, cipher)) {
|| !SSL_CTX_set_cipher_list(s_ctx, cipher)
|| !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
ERR_print_errors(bio_err);
goto end;
}
@ -1547,6 +1617,7 @@ int main(int argc, char *argv[])
/* Process SSL_CONF arguments */
SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
int rv;
@ -1554,8 +1625,10 @@ int main(int argc, char *argv[])
argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
rv = SSL_CONF_cmd(c_cctx, arg, argn);
/* If not recognised use server context */
if (rv == -2)
if (rv == -2) {
SSL_CONF_cmd(s_cctx2, arg, argn);
rv = SSL_CONF_cmd(s_cctx, arg, argn);
}
if (rv <= 0) {
BIO_printf(bio_err, "Error processing %s %s\n",
arg, argn ? argn : "");
@ -1564,7 +1637,7 @@ int main(int argc, char *argv[])
}
}
if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx)) {
if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
BIO_puts(bio_err, "Error finishing context\n");
ERR_print_errors(bio_err);
goto end;
@ -1572,52 +1645,23 @@ int main(int argc, char *argv[])
#ifndef OPENSSL_NO_DH
if (!no_dhe) {
if (dhe1024dsa) {
/*
* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks
*/
SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
dh = get_dh1024dsa();
} else if (dhe512)
dh = get_dh512();
else
dh = get_dh1024();
SSL_CTX_set_tmp_dh(s_ctx, dh);
SSL_CTX_set_tmp_dh(s_ctx2, dh);
DH_free(dh);
}
#else
(void)no_dhe;
#endif
#ifndef OPENSSL_NO_EC
if (!no_ecdhe) {
int nid;
if (named_curve != NULL) {
nid = OBJ_sn2nid(named_curve);
if (nid == 0) {
BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
goto end;
}
} else {
nid = NID_X9_62_prime256v1;
}
ecdh = EC_KEY_new_by_curve_name(nid);
if (ecdh == NULL) {
BIO_printf(bio_err, "unable to create curve\n");
goto end;
}
SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
EC_KEY_free(ecdh);
}
#else
(void)no_ecdhe;
#endif
if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
(!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
(!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(c_ctx))) {
/* fprintf(stderr,"SSL_load_verify_locations\n"); */
@ -1626,6 +1670,7 @@ int main(int argc, char *argv[])
}
if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
!SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
!SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
ERR_print_errors(bio_err);
}
@ -1635,8 +1680,13 @@ int main(int argc, char *argv[])
SSL_CTX_set_verify(s_ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
SSL_CTX_set_verify(s_ctx2,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
&app_verify_arg);
SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
&app_verify_arg);
}
if (server_auth) {
printf("server authentication\n");
@ -1648,7 +1698,9 @@ int main(int argc, char *argv[])
{
int session_id_context = 0;
if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
sizeof session_id_context)) {
sizeof session_id_context) ||
!SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
sizeof session_id_context)) {
ERR_print_errors(bio_err);
goto end;
}
@ -1670,9 +1722,11 @@ int main(int argc, char *argv[])
#ifndef OPENSSL_NO_PSK
SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
if (debug)
BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) {
if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
!SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
ERR_print_errors(bio_err);
goto end;
@ -1695,8 +1749,11 @@ int main(int argc, char *argv[])
if (srp_server_arg.expected_user != NULL) {
SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback);
SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg);
SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb);
}
#endif
@ -1711,10 +1768,13 @@ int main(int argc, char *argv[])
goto end;
}
SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_npn, NULL);
}
if (npn_server_reject) {
SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn,
NULL);
SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_rejects_npn,
NULL);
}
#endif
@ -1736,7 +1796,8 @@ int main(int argc, char *argv[])
}
}
if (serverinfo_file)
if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) {
if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
!SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
BIO_printf(bio_err, "missing serverinfo file\n");
goto end;
}
@ -1762,15 +1823,31 @@ int main(int argc, char *argv[])
custom_ext_0_srv_add_cb,
NULL, NULL,
custom_ext_0_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
custom_ext_0_srv_add_cb,
NULL, NULL,
custom_ext_0_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
custom_ext_1_srv_add_cb,
NULL, NULL,
custom_ext_1_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
custom_ext_1_srv_add_cb,
NULL, NULL,
custom_ext_1_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
custom_ext_2_srv_add_cb,
NULL, NULL,
custom_ext_2_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
custom_ext_2_srv_add_cb,
NULL, NULL,
custom_ext_2_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
custom_ext_3_srv_add_cb,
NULL, NULL,
custom_ext_3_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
custom_ext_3_srv_add_cb,
NULL, NULL,
custom_ext_3_srv_parse_cb, NULL)) {
@ -1780,10 +1857,12 @@ int main(int argc, char *argv[])
}
if (alpn_server)
SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
if (alpn_server2)
SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
if (alpn_client) {
unsigned short alpn_len;
size_t alpn_len;
unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
if (alpn == NULL) {
@ -1799,9 +1878,15 @@ int main(int argc, char *argv[])
OPENSSL_free(alpn);
}
if (sn_server1 != NULL || sn_server2 != NULL)
SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
c_ssl = SSL_new(c_ctx);
s_ssl = SSL_new(s_ctx);
if (sn_client)
SSL_set_tlsext_host_name(c_ssl, sn_client);
if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
goto end;
if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
@ -1883,8 +1968,10 @@ int main(int argc, char *argv[])
end:
SSL_CTX_free(s_ctx);
SSL_CTX_free(s_ctx2);
SSL_CTX_free(c_ctx);
SSL_CONF_CTX_free(s_cctx);
SSL_CONF_CTX_free(s_cctx2);
SSL_CONF_CTX_free(c_cctx);
sk_OPENSSL_STRING_free(conf_args);
@ -2152,6 +2239,10 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
ret = 1;
goto err;
}
if (verify_servername(c_ssl, s_ssl) < 0) {
ret = 1;
goto err;
}
if (custom_ext_error) {
fprintf(stderr, "Custom extension error\n");
@ -2528,6 +2619,10 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
ret = 1;
goto err;
}
if (verify_servername(c_ssl, s_ssl) < 0) {
ret = 1;
goto err;
}
if (custom_ext_error) {
fprintf(stderr, "Custom extension error\n");