diff options
| author | Matt Caswell <matt@openssl.org> | 2015-03-31 00:18:31 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-05-16 09:20:31 +0100 |
| commit | 13c9bb3ecec5f847b4c5295249e039d386e2d10e (patch) | |
| tree | 8a3c816a718d72049d44dc24b6c2239fe954eab0 | |
| parent | 32ec41539b5b23bc42503589fcc5be65d648d1f5 (diff) | |
Client side version negotiation rewrite
Continuing from the previous commit this changes the way we do client side
version negotiation. Similarly all of the s23* "up front" state machine code
has been avoided and again things now work much the same way as they already
did for DTLS, i.e. we just do most of the work in the
ssl3_get_server_hello() function.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
| -rw-r--r-- | apps/ocsp.c | 2 | ||||
| -rw-r--r-- | apps/s_client.c | 2 | ||||
| -rw-r--r-- | apps/s_time.c | 2 | ||||
| -rw-r--r-- | demos/bio/client-arg.c | 2 | ||||
| -rw-r--r-- | demos/bio/client-conf.c | 2 | ||||
| -rw-r--r-- | demos/bio/sconnect.c | 2 | ||||
| -rw-r--r-- | demos/easy_tls/easy-tls.c | 2 | ||||
| -rw-r--r-- | demos/ssl/cli.cpp | 2 | ||||
| -rw-r--r-- | include/openssl/ssl.h | 5 | ||||
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 14 | ||||
| -rw-r--r-- | ssl/record/ssl3_record.c | 3 | ||||
| -rw-r--r-- | ssl/s23_clnt.c | 9 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 104 | ||||
| -rw-r--r-- | ssl/t1_clnt.c | 11 | ||||
| -rwxr-xr-x | util/ssleay.num | 3 |
15 files changed, 127 insertions, 38 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index d52da18a5e..c71b0d6d2c 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1261,7 +1261,7 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, BIO_set_conn_port(cbio, port); if (use_ssl == 1) { BIO *sbio; - ctx = SSL_CTX_new(SSLv23_client_method()); + ctx = SSL_CTX_new(TLS_client_method()); if (ctx == NULL) { BIO_printf(bio_err, "Error creating SSL context.\n"); goto end; diff --git a/apps/s_client.c b/apps/s_client.c index ba411f2e11..339e4517db 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -636,7 +636,7 @@ int s_client_main(int argc, char **argv) SSL_CONF_CTX *cctx = NULL; STACK_OF(OPENSSL_STRING) *ssl_args = NULL; STACK_OF(X509_CRL) *crls = NULL; - const SSL_METHOD *meth = SSLv23_client_method(); + const SSL_METHOD *meth = TLS_client_method(); char *CApath = NULL, *CAfile = NULL, *cbuf = NULL, *sbuf = NULL, *mbuf = NULL; char *cert_file = NULL, *key_file = NULL, *chain_file = NULL, *prog; diff --git a/apps/s_time.c b/apps/s_time.c index 5bca72ba72..74decd23bc 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -167,7 +167,7 @@ int s_time_main(int argc, char **argv) int exitNow = 0; /* Set when it's time to exit main */ #endif - meth = SSLv23_client_method(); + meth = TLS_client_method(); verify_depth = 0; verify_error = X509_V_OK; diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c index 8507e04f49..99ebff1f2a 100644 --- a/demos/bio/client-arg.c +++ b/demos/bio/client-arg.c @@ -17,7 +17,7 @@ int main(int argc, char **argv) ERR_load_SSL_strings(); SSL_library_init(); - ctx = SSL_CTX_new(SSLv23_client_method()); + ctx = SSL_CTX_new(TLS_client_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c index b75088a758..2a78315165 100644 --- a/demos/bio/client-conf.c +++ b/demos/bio/client-conf.c @@ -37,7 +37,7 @@ int main(int argc, char **argv) goto end; } - ctx = SSL_CTX_new(SSLv23_client_method()); + ctx = SSL_CTX_new(TLS_client_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c index 6e4ca6596b..865d503956 100644 --- a/demos/bio/sconnect.c +++ b/demos/bio/sconnect.c @@ -43,7 +43,7 @@ char *argv[]; /* Setup all the global SSL stuff */ OpenSSL_add_ssl_algorithms(); - ssl_ctx = SSL_CTX_new(SSLv23_client_method()); + ssl_ctx = SSL_CTX_new(TLS_client_method()); /* Lets make a SSL structure */ ssl = SSL_new(ssl_ctx); diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index 2befb657a0..b9512909d1 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -667,7 +667,7 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) return NULL; ret = - SSL_CTX_new((a.client_p ? SSLv23_client_method : + SSL_CTX_new((a.client_p ? TLS_client_method : TLS_server_method) ()); if (ret == NULL) diff --git a/demos/ssl/cli.cpp b/demos/ssl/cli.cpp index cb5d329ea4..3459f0f93a 100644 --- a/demos/ssl/cli.cpp +++ b/demos/ssl/cli.cpp @@ -38,7 +38,7 @@ void main () SSL_METHOD *meth; SSLeay_add_ssl_algorithms(); - meth = SSLv23_client_method(); + meth = TLS_client_method(); SSL_load_error_strings(); ctx = SSL_CTX_new (meth); CHK_NULL(ctx); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index f169fcd2a9..3f30bc2a88 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1565,14 +1565,13 @@ __owur const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ #ifdef OPENSSL_USE_DEPRECATED #define SSLv23_method TLS_method #define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method #endif -/* This next one will be deprecated in a subsequent commit */ -__owur const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available - * SSL/TLS version */ /* Negotiate highest available SSL/TLS version */ __owur const SSL_METHOD *TLS_method(void); __owur const SSL_METHOD *TLS_server_method(void); +__owur const SSL_METHOD *TLS_client_method(void); __owur const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ __owur const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 97f6e900c5..c20af880e3 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1124,6 +1124,20 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) goto f_err; } + if(s->version == TLS_ANY_VERSION + && (s->server || rr->type != SSL3_RT_ALERT)) { + /* + * If we've got this far and still haven't decided on what version + * we're using then this must be a client side alert we're dealing with + * (we don't allow heartbeats yet). We shouldn't be receiving anything + * other than a ClientHello if we are a server. + */ + s->version = rr->rec_version; + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + /* * In case of record types for which we have 'fragment' storage, fill * that so that we can process the data at a fixed place. diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 190abd26e8..ff09f0b16a 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -263,7 +263,8 @@ int ssl3_get_record(SSL *s) /* Lets check version */ if (!s->first_packet) { - if (version != s->version) { + if (version != s->version + && s->method->version != TLS_ANY_VERSION) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 34343402c8..75a0582f95 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -116,9 +116,11 @@ #include <openssl/objects.h> #include <openssl/evp.h> -static const SSL_METHOD *ssl23_get_client_method(int ver); +/*static const SSL_METHOD *ssl23_get_client_method(int ver);*/ static int ssl23_client_hello(SSL *s); static int ssl23_get_server_hello(SSL *s); + +/* static const SSL_METHOD *ssl23_get_client_method(int ver) { #ifndef OPENSSL_NO_SSL3 @@ -134,10 +136,7 @@ static const SSL_METHOD *ssl23_get_client_method(int ver) else return (NULL); } - -IMPLEMENT_ssl23_meth_func(SSLv23_client_method, - ssl_undefined_function, - ssl23_connect, ssl23_get_client_method) +*/ int ssl23_connect(SSL *s) { diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 2228654f8e..1bc5bcd9b1 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -234,7 +234,8 @@ int ssl3_connect(SSL *s) if (cb != NULL) cb(s, SSL_CB_HANDSHAKE_START, 1); - if ((s->version & 0xff00) != 0x0300) { + if ((s->version >> 8) != SSL3_VERSION_MAJOR + && s->version != TLS_ANY_VERSION) { SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); s->state = SSL_ST_ERR; ret = -1; @@ -679,27 +680,46 @@ int ssl3_client_hello(SSL *s) int j; SSL_COMP *comp; #endif + unsigned long mask, options = s->options; buf = (unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; - if ((sess == NULL) || (sess->ssl_version != s->version) || -#ifdef OPENSSL_NO_TLSEXT - !sess->session_id_length || -#else + + if (s->method->version == TLS_ANY_VERSION ) { /* - * In the case of EAP-FAST, we can have a pre-shared - * "ticket" without a session ID. + * SSL_OP_NO_X disables all protocols above X *if* there are + * some protocols below X enabled. This is required in order + * to maintain "version capability" vector contiguous. So + * that if application wants to disable TLS1.0 in favour of + * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the + * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3. */ - (!sess->session_id_length && !sess->tlsext_tick) || + mask = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1 +#if !defined(OPENSSL_NO_SSL3) + | SSL_OP_NO_SSLv3 #endif - (sess->not_resumable)) { - if (!ssl_get_new_session(s, 0)) - goto err; - } - if (s->method->version == DTLS_ANY_VERSION) { + ; +#if !defined(OPENSSL_NO_TLS1_2_CLIENT) + s->version = TLS1_2_VERSION; + + if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) + s->version = TLS1_1_VERSION; +#else + s->version = TLS1_1_VERSION; +#endif + mask &= ~SSL_OP_NO_TLSv1_1; + if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) + s->version = TLS1_VERSION; + mask &= ~SSL_OP_NO_TLSv1; +#if !defined(OPENSSL_NO_SSL3) + if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask) + s->version = SSL3_VERSION; + mask &= ~SSL_OP_NO_SSLv3; +#endif + s->client_version = s->version; + } else if (s->method->version == DTLS_ANY_VERSION) { /* Determine which DTLS version to use */ - int options = s->options; /* If DTLS 1.2 disabled correct the version number */ if (options & SSL_OP_NO_DTLSv1_2) { if (tls1_suiteb(s)) { @@ -729,6 +749,21 @@ int ssl3_client_hello(SSL *s) } s->client_version = s->version; } + + if ((sess == NULL) || (sess->ssl_version != s->version) || +#ifdef OPENSSL_NO_TLSEXT + !sess->session_id_length || +#else + /* + * In the case of EAP-FAST, we can have a pre-shared + * "ticket" without a session ID. + */ + (!sess->session_id_length && !sess->tlsext_tick) || +#endif + (sess->not_resumable)) { + if (!ssl_get_new_session(s, 0)) + goto err; + } /* else use the pre-loaded session */ p = s->s3->client_random; @@ -934,7 +969,42 @@ int ssl3_get_server_hello(SSL *s) } d = p = (unsigned char *)s->init_msg; - if (s->method->version == DTLS_ANY_VERSION) { + + if (s->method->version == TLS_ANY_VERSION) { + int sversion = (p[0] << 8) | p[1]; + +#if TLS_MAX_VERSION != TLS1_2_VERSION +#error Code needs updating for new TLS version +#endif +#ifndef OPENSSL_NO_SSL3 + if ((sversion == SSL3_VERSION) && !(s->options & SSL_OP_NO_SSLv3)) { + if (FIPS_mode()) { + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + goto err; + } + s->method = SSLv3_client_method(); + } else +#endif + if ((sversion == TLS1_VERSION) && !(s->options & SSL_OP_NO_TLSv1)) { + s->method = TLSv1_client_method(); + } else if ((sversion == TLS1_1_VERSION) && + !(s->options & SSL_OP_NO_TLSv1_1)) { + s->method = TLSv1_1_client_method(); + } else if ((sversion == TLS1_2_VERSION) && + !(s->options & SSL_OP_NO_TLSv1_2)) { + s->method = TLSv1_2_client_method(); + } else { + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); + goto err; + } + s->session->ssl_version = s->version = s->method->version; + + if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_VERSION_TOO_LOW); + goto err; + } + } else if (s->method->version == DTLS_ANY_VERSION) { /* Work out correct protocol version to use */ int hversion = (p[0] << 8) | p[1]; int options = s->options; @@ -955,9 +1025,7 @@ int ssl3_get_server_hello(SSL *s) goto f_err; } s->version = s->method->version; - } - - if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { + } else if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); s->version = (s->version & 0xff00) | p[1]; al = SSL_AD_PROTOCOL_VERSION; diff --git a/ssl/t1_clnt.c b/ssl/t1_clnt.c index 746b4e6b7a..7ead372bc3 100644 --- a/ssl/t1_clnt.c +++ b/ssl/t1_clnt.c @@ -66,6 +66,8 @@ static const SSL_METHOD *tls1_get_client_method(int ver); static const SSL_METHOD *tls1_get_client_method(int ver) { + if (ver == TLS_ANY_VERSION) + return TLS_server_method(); if (ver == TLS1_2_VERSION) return TLSv1_2_client_method(); if (ver == TLS1_1_VERSION) @@ -75,16 +77,21 @@ static const SSL_METHOD *tls1_get_client_method(int ver) return NULL; } +IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_client_method, + ssl_undefined_function, + ssl3_connect, + tls1_get_client_method, TLSv1_2_enc_data) + IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method, ssl_undefined_function, ssl3_connect, tls1_get_client_method, TLSv1_2_enc_data) - IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method, +IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method, ssl_undefined_function, ssl3_connect, tls1_get_client_method, TLSv1_1_enc_data) - IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method, +IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method, ssl_undefined_function, ssl3_connect, tls1_get_client_method, TLSv1_enc_data) diff --git a/util/ssleay.num b/util/ssleay.num index d0b41915b3..d595fe0e35 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -95,7 +95,7 @@ SSL_use_certificate_ASN1 106 EXIST::FUNCTION: SSL_use_certificate_file 107 EXIST::FUNCTION:STDIO SSL_write 108 EXIST::FUNCTION: SSLeay_add_ssl_algorithms 109 NOEXIST::FUNCTION: -SSLv23_client_method 110 EXIST::FUNCTION:RSA +SSLv23_client_method 110 NOEXIST::FUNCTION: SSLv23_method 111 NOEXIST::FUNCTION: SSLv23_server_method 112 NOEXIST::FUNCTION: SSLv2_client_method 113 NOEXIST::FUNCTION: @@ -398,3 +398,4 @@ SSL_CIPHER_get_cipher_nid 432 EXIST::FUNCTION: SSL_use_certificate_chain_file 433 EXIST::FUNCTION:STDIO TLS_server_method 434 EXIST::FUNCTION: TLS_method 435 EXIST::FUNCTION: +TLS_client_method 436 EXIST::FUNCTION: |