public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge early_data_info extension into early_data

Browse source 
As per draft-19

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
This commit is contained in:
Matt Caswell 2017-03-09 15:31:55 +00:00
parent ef6c191bce
commit 6594189fa1
9 changed files with 38 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

1
include/openssl/ssl.h
View file

@ -2413,6 +2413,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 # define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464
# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465 # define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465
# define SSL_F_TLS_PARSE_STOC_COOKIE 534 # define SSL_F_TLS_PARSE_STOC_COOKIE 534
# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538
# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528 # define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528
# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445 # define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445
# define SSL_F_TLS_PARSE_STOC_PSK 502 # define SSL_F_TLS_PARSE_STOC_PSK 502

1
include/openssl/tls1.h
View file

@ -184,7 +184,6 @@ extern "C" {
# define TLSEXT_TYPE_supported_versions 43 # define TLSEXT_TYPE_supported_versions 43
# define TLSEXT_TYPE_cookie 44 # define TLSEXT_TYPE_cookie 44
# define TLSEXT_TYPE_psk_kex_modes 45 # define TLSEXT_TYPE_psk_kex_modes 45
# define TLSEXT_TYPE_early_data_info 46
/* Temporary extension type */ /* Temporary extension type */
# define TLSEXT_TYPE_renegotiate 0xff01 # define TLSEXT_TYPE_renegotiate 0xff01

1
ssl/ssl_err.c
View file

@ -405,6 +405,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"tls_parse_ctos_renegotiate"}, "tls_parse_ctos_renegotiate"},
{ERR_FUNC(SSL_F_TLS_PARSE_CTOS_USE_SRTP), "tls_parse_ctos_use_srtp"}, {ERR_FUNC(SSL_F_TLS_PARSE_CTOS_USE_SRTP), "tls_parse_ctos_use_srtp"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_COOKIE), "tls_parse_stoc_cookie"}, {ERR_FUNC(SSL_F_TLS_PARSE_STOC_COOKIE), "tls_parse_stoc_cookie"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA), "tls_parse_stoc_early_data"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO), {ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO),
"tls_parse_stoc_early_data_info"}, "tls_parse_stoc_early_data_info"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_KEY_SHARE), "tls_parse_stoc_key_share"}, {ERR_FUNC(SSL_F_TLS_PARSE_STOC_KEY_SHARE), "tls_parse_stoc_key_share"},

1
ssl/ssl_locl.h
View file

@ -1791,7 +1791,6 @@ typedef enum tlsext_index_en {
TLSEXT_IDX_renegotiate, TLSEXT_IDX_renegotiate,
TLSEXT_IDX_server_name, TLSEXT_IDX_server_name,
TLSEXT_IDX_srp, TLSEXT_IDX_srp,
TLSEXT_IDX_early_data_info,
TLSEXT_IDX_ec_point_formats, TLSEXT_IDX_ec_point_formats,
TLSEXT_IDX_supported_groups, TLSEXT_IDX_supported_groups,
TLSEXT_IDX_session_ticket, TLSEXT_IDX_session_ticket,

9
ssl/statem/extensions.c
View file

@ -131,12 +131,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
#else #else
INVALID_EXTENSION, INVALID_EXTENSION,
#endif #endif
{
TLSEXT_TYPE_early_data_info,
EXT_TLS1_3_NEW_SESSION_TICKET,
NULL, NULL, tls_parse_stoc_early_data_info,
tls_construct_stoc_early_data_info, NULL, NULL
},
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
{ {
TLSEXT_TYPE_ec_point_formats, TLSEXT_TYPE_ec_point_formats,
@ -287,7 +281,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
}, },
{ {
TLSEXT_TYPE_early_data, TLSEXT_TYPE_early_data,
EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS, EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS
| EXT_TLS1_3_NEW_SESSION_TICKET,
NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data, NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data,
tls_construct_stoc_early_data, tls_construct_ctos_early_data, tls_construct_stoc_early_data, tls_construct_ctos_early_data,
final_early_data final_early_data

34
ssl/statem/extensions_clnt.c
View file

@ -931,24 +931,6 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
return 1; return 1;
} }
int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
{
unsigned long max_early_data;
if (!PACKET_get_net_4(pkt, &max_early_data)
|| PACKET_remaining(pkt) != 0) {
SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO,
SSL_R_INVALID_MAX_EARLY_DATA);
*al = SSL_AD_DECODE_ERROR;
return 0;
}
s->session->ext.max_early_data = max_early_data;
return 1;
}
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al) X509 *x, size_t chainidx, int *al)
@ -1382,6 +1364,22 @@ int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al) X509 *x, size_t chainidx, int *al)
{ {
if (context == EXT_TLS1_3_NEW_SESSION_TICKET) {
unsigned long max_early_data;
if (!PACKET_get_net_4(pkt, &max_early_data)
|| PACKET_remaining(pkt) != 0) {
SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA,
SSL_R_INVALID_MAX_EARLY_DATA);
*al = SSL_AD_DECODE_ERROR;
return 0;
}
s->session->ext.max_early_data = max_early_data;
return 1;
}
if (PACKET_remaining(pkt) != 0) { if (PACKET_remaining(pkt) != 0) {
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
return 0; return 0;

33
ssl/statem/extensions_srvr.c
View file

@ -841,24 +841,6 @@ int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context,
return 1; return 1;
} }
int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx, int *al)
{
if (s->max_early_data == 0)
return 1;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data_info)
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_put_bytes_u32(pkt, s->max_early_data)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, ERR_R_INTERNAL_ERROR);
return 0;
}
return 1;
}
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context, int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al) X509 *x, size_t chainidx, int *al)
@ -1151,6 +1133,21 @@ int tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, unsigned int context,
int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context, int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al) X509 *x, size_t chainidx, int *al)
{ {
if (context == EXT_TLS1_3_NEW_SESSION_TICKET) {
if (s->max_early_data == 0)
return 1;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_put_bytes_u32(pkt, s->max_early_data)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR);
return 0;
}
return 1;
}
if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED) if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
return 1; return 1;

5
ssl/statem/statem_locl.h
View file

@ -238,9 +238,6 @@ int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al); X509 *x, size_t chainidx, int *al);
int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context, int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al); X509 *x, size_t chainidx, int *al);
int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx, int *al);
int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context, int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al); X509 *x, size_t chainidx, int *al);
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
@ -345,8 +342,6 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al); X509 *x, size_t chainidx, int *al);
int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al); X509 *x, size_t chainidx, int *al);
int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al);
int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al); X509 *x, size_t chainidx, int *al);
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC

5
ssl/t1_trce.c
View file

@ -476,7 +476,6 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_padding, "padding"}, {TLSEXT_TYPE_padding, "padding"},
{TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
{TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}, {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"},
{TLSEXT_TYPE_early_data_info, "ticket_early_data_info"},
{TLSEXT_TYPE_early_data, "early_data"} {TLSEXT_TYPE_early_data, "early_data"}
}; };
@ -833,7 +832,9 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1,
ssl_psk_kex_modes_tbl); ssl_psk_kex_modes_tbl);
case TLSEXT_TYPE_early_data_info: case TLSEXT_TYPE_early_data:
if (mt != SSL3_MT_NEWSESSION_TICKET)
break;
if (extlen != 4) if (extlen != 4)
return 0; return 0;
max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8) max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8)