wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix ALPN

Browse source 
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* document ALPN functions
* unit tests

Backport of commit 817cd0d52f

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
This commit is contained in:
Todd Short 2016-03-05 08:47:55 -05:00 committed by Rich Salz
parent 21211ade53
commit af2db04c99
8 changed files with 399 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -4,6 +4,10 @@
Changes between 1.0.2g and 1.0.2h [xx XXX xxxx]
*) Modify behavior of ALPN to invoke callback after SNI/servername
callback, such that updates to the SSL_CTX affect ALPN.
[Todd Short]
*) Remove LOW from the DEFAULT cipher list. This removes singles DES from the
default.
[Kurt Roeckx]

126
doc/ssl/SSL_CTX_set_alpn_select_cb.pod Normal file
View file

@ -0,0 +1,126 @@
=pod
=head1 NAME
SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb,
SSL_select_next_proto, SSL_get0_alpn_selected - handle application layer
protocol negotiation (ALPN)
=head1 SYNOPSIS
#include <openssl/ssl.h>
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
unsigned protos_len);
int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
unsigned protos_len);
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg);
int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *server,
unsigned int server_len,
const unsigned char *client,
unsigned int client_len)
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned int *len);
=head1 DESCRIPTION
SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to
set the list of protocols available to be negotiated. The B<protos> must be in
protocol-list format, described below. The length of B<protos> is specified in
B<protos_len>.
SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
server to select which protocol to use for the incoming connection. When B<cb>
is NULL, ALPN is not used. The B<arg> value is a pointer which is passed to
the application callback.
B<cb> is the application defined callback. The B<in>, B<inlen> parameters are a
vector in protocol-list format. The value of the B<out>, B<outlen> vector
should be set to the value of a single protocol selected from the B<in>,
B<inlen> vector. The B<arg> parameter is the pointer set via
SSL_CTX_set_alpn_select_cb().
SSL_select_next_proto() is a helper function used to select protocols. It
implements the standard protocol selection. It is expected that this function
is called from the application callback B<cb>. The protocol data in B<server>,
B<server_len> and B<client>, B<client_len> must be in the protocol-list format
described below. The first item in the B<server>, B<server_len> list that
matches an item in the B<client>, B<client_len> list is selected, and returned
in B<out>, B<outlen>. The B<out> value will point into either B<server> or
B<client>, so it should be copied immediately. If no match is found, the first
item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This
function can also be used in the NPN callback.
SSL_get0_alpn_selected() returns a pointer to the selected protocol in B<data>
with length B<len>. It is not NUL-terminated. B<data> is set to NULL and B<len>
is set to 0 if no protocol has been selected. B<data> must not be freed.
=head1 NOTES
The protocol-lists must be in wire-format, which is defined as a vector of
non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not
included in the length. Each string is limited to 255 bytes. A byte-string
length of 0 is invalid. A truncated byte-string is invalid. The length of the
vector is not in the vector itself, but in a separate variable.
Example:
unsigned char vector[] = {
6, 's', 'p', 'd', 'y', '/', '1',
8, 'h', 't', 't', 'p', '/', '1', '.', '1'
};
unsigned int length = sizeof(vector);
The ALPN callback is executed after the servername callback; as that servername
callback may update the SSL_CTX, and subsequently, the ALPN callback.
If there is no ALPN proposed in the ClientHello, the ALPN callback is not
invoked.
=head1 RETURN VALUES
SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() return 0 on success, and
non-0 on failure. WARNING: these functions reverse the return value convention.
SSL_select_next_proto() returns one of the following:
=over 4
=item OPENSSL_NPN_NEGOTIATED
A match was found and is returned in B<out>, B<outlen>.
=item OPENSSL_NPN_NO_OVERLAP
No match was found. The first item in B<client>, B<client_len> is returned in
B<out>, B<outlen>.
=back
The ALPN select callback B<cb>, must return one of the following:
=over 4
=item SSL_TLSEXT_ERR_OK
ALPN protocol selected.
=item SSL_TLSEXT_ERR_NOACK
ALPN protocol not selected.
=back
=head1 SEE ALSO
L<ssl(3)>, L<SSL_CTX_set_tlsext_servername_callback(3)>,
L<SSL_CTX_set_tlsext_servername_arg(3)>
=cut

2
ssl/ssl_cert.c
View file

@ -504,6 +504,8 @@ void ssl_cert_free(CERT *c)
#ifndef OPENSSL_NO_TLSEXT
custom_exts_free(&c->cli_ext);
custom_exts_free(&c->srv_ext);
if (c->alpn_proposed)
OPENSSL_free(c->alpn_proposed);
#endif
OPENSSL_free(c);
}

17
ssl/ssl_lib.c
View file

@ -244,7 +244,16 @@ int SSL_clear(SSL *s)
ssl_clear_hash_ctx(&s->write_hash);
s->first_packet = 0;
#ifndef OPENSSL_NO_TLSEXT
if (s->cert != NULL) {
if (s->cert->alpn_proposed) {
OPENSSL_free(s->cert->alpn_proposed);
s->cert->alpn_proposed = NULL;
}
s->cert->alpn_proposed_len = 0;
s->cert->alpn_sent = 0;
}
#endif
#if 1
/*
* Check to see if we were changed into a different method, if so, revert
@ -3174,6 +3183,12 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen;
ocert->ciphers_raw = NULL;
}
#ifndef OPENSSL_NO_TLSEXT
ssl->cert->alpn_proposed = ocert->alpn_proposed;
ssl->cert->alpn_proposed_len = ocert->alpn_proposed_len;
ocert->alpn_proposed = NULL;
ssl->cert->alpn_sent = ocert->alpn_sent;
#endif
ssl_cert_free(ocert);
}

4
ssl/ssl_locl.h
View file

@ -688,6 +688,10 @@ typedef struct cert_st {
custom_ext_methods cli_ext;
custom_ext_methods srv_ext;
int references; /* >1 only if SSL_copy_session_id is used */
/* non-optimal, but here due to compatibility */
unsigned char *alpn_proposed; /* server */
unsigned int alpn_proposed_len;
int alpn_sent; /* client */
} CERT;
typedef struct sess_cert_st {

181
ssl/ssltest.c
View file

@ -217,6 +217,9 @@
# define TEST_CLIENT_CERT "../apps/client.pem"
#endif
static SSL_CTX *s_ctx = NULL;
static SSL_CTX *s_ctx2 = NULL;
/*
* There is really no standard for this, so let's assign some tentative
* numbers. In any case, these numbers are only for this test
@ -300,9 +303,51 @@ static BIO *bio_err = NULL;
static BIO *bio_stdout = NULL;
static const char *alpn_client;
static const char *alpn_server;
static char *alpn_server;
static char *alpn_server2;
static const char *alpn_expected;
static unsigned char *alpn_selected;
static const char *sn_client;
static const char *sn_server1;
static const char *sn_server2;
static int sn_expect = 0;
static int servername_cb(SSL *s, int *ad, void *arg)
{
const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
if (sn_server2 == NULL) {
BIO_printf(bio_stdout, "Servername 2 is NULL\n");
return SSL_TLSEXT_ERR_NOACK;
}
if (servername != NULL) {
if (s_ctx2 != NULL && sn_server2 != NULL &&
!strcasecmp(servername, sn_server2)) {
BIO_printf(bio_stdout, "Switching server context.\n");
SSL_set_SSL_CTX(s, s_ctx2);
}
}
return SSL_TLSEXT_ERR_OK;
}
static int verify_servername(SSL *client, SSL *server)
{
/* just need to see if sn_context is what we expect */
SSL_CTX* ctx = SSL_get_SSL_CTX(server);
if (sn_expect == 0)
return 0;
if (sn_expect == 1 && ctx == s_ctx)
return 0;
if (sn_expect == 2 && ctx == s_ctx2)
return 0;
BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
if (ctx == s_ctx2)
BIO_printf(bio_stdout, "Servername: context is 2\n");
else if (ctx == s_ctx)
BIO_printf(bio_stdout, "Servername: context is 1\n");
else
BIO_printf(bio_stdout, "Servername: context is unknown\n");
return -1;
}
/*-
* next_protos_parse parses a comma separated list of strings into a string
@ -350,11 +395,12 @@ static int cb_server_alpn(SSL *s, const unsigned char **out,
{
unsigned char *protos;
unsigned short protos_len;
char* alpn_str = arg;
protos = next_protos_parse(&protos_len, alpn_server);
protos = next_protos_parse(&protos_len, alpn_str);
if (protos == NULL) {
fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
alpn_server);
alpn_str);
abort();
}
@ -417,8 +463,17 @@ static int verify_alpn(SSL *client, SSL *server)
BIO_printf(bio_stdout, "', server: '");
BIO_write(bio_stdout, server_proto, server_proto_len);
BIO_printf(bio_stdout, "'\n");
BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n",
alpn_client, alpn_server);
BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: ",
alpn_client);
if (SSL_get_SSL_CTX(server) == s_ctx2) {
BIO_printf(bio_stdout, "'%s'\n",
alpn_server2);
} else if (SSL_get_SSL_CTX(server) == s_ctx){
BIO_printf(bio_stdout, "'%s'\n",
alpn_server);
} else {
BIO_printf(bio_stdout, "unknown\n");
}
return -1;
}
@ -756,8 +811,15 @@ static void sv_usage(void)
" -custom_ext - try various custom extension callbacks\n");
fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
fprintf(stderr,
" -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
fprintf(stderr, " -sn_client <string> - have client request this servername\n");
fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
fprintf(stderr, " -sn_expect1 - expected server 1\n");
fprintf(stderr, " -sn_expect2 - expected server 2\n");
}
static void print_details(SSL *c_ssl, const char *prefix)
@ -896,7 +958,6 @@ int main(int argc, char *argv[])
#ifndef OPENSSL_NO_ECDH
char *named_curve = NULL;
#endif
SSL_CTX *s_ctx = NULL;
SSL_CTX *c_ctx = NULL;
const SSL_METHOD *meth = NULL;
SSL *c_ssl, *s_ssl;
@ -1151,14 +1212,35 @@ int main(int argc, char *argv[])
if (--argc < 1)
goto bad;
alpn_client = *(++argv);
} else if (strcmp(*argv, "-alpn_server") == 0) {
} else if (strcmp(*argv, "-alpn_server") == 0 ||
strcmp(*argv, "-alpn_server1") == 0) {
if (--argc < 1)
goto bad;
alpn_server = *(++argv);
} else if (strcmp(*argv, "-alpn_server2") == 0) {
if (--argc < 1)
goto bad;
alpn_server2 = *(++argv);
} else if (strcmp(*argv, "-alpn_expected") == 0) {
if (--argc < 1)
goto bad;
alpn_expected = *(++argv);
} else if (strcmp(*argv, "-sn_client") == 0) {
if (--argc < 1)
goto bad;
sn_client = *(++argv);
} else if (strcmp(*argv, "-sn_server1") == 0) {
if (--argc < 1)
goto bad;
sn_server1 = *(++argv);
} else if (strcmp(*argv, "-sn_server2") == 0) {
if (--argc < 1)
goto bad;
sn_server2 = *(++argv);
} else if (strcmp(*argv, "-sn_expect1") == 0) {
sn_expect = 1;
} else if (strcmp(*argv, "-sn_expect2") == 0) {
sn_expect = 2;
} else {
fprintf(stderr, "unknown option %s\n", *argv);
badop = 1;
@ -1304,7 +1386,8 @@ int main(int argc, char *argv[])
c_ctx = SSL_CTX_new(meth);
s_ctx = SSL_CTX_new(meth);
if ((c_ctx == NULL) || (s_ctx == NULL)) {
s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
@ -1312,7 +1395,9 @@ int main(int argc, char *argv[])
if (cipher != NULL) {
SSL_CTX_set_cipher_list(c_ctx, cipher);
SSL_CTX_set_cipher_list(s_ctx, cipher);
SSL_CTX_set_cipher_list(s_ctx2, cipher);
}
#ifndef OPENSSL_NO_DH
if (!no_dhe) {
if (dhe1024dsa) {
@ -1320,12 +1405,14 @@ int main(int argc, char *argv[])
* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks
*/
SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_options(s_ctx2, SSL_OP_SINGLE_DH_USE);
dh = get_dh1024dsa();
} else if (dhe512)
dh = get_dh512();
else
dh = get_dh1024();
SSL_CTX_set_tmp_dh(s_ctx, dh);
SSL_CTX_set_tmp_dh(s_ctx2, dh);
DH_free(dh);
}
#else
@ -1353,7 +1440,9 @@ int main(int argc, char *argv[])
}
SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
SSL_CTX_set_tmp_ecdh(s_ctx2, ecdh);
SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
SSL_CTX_set_options(s_ctx2, SSL_OP_SINGLE_ECDH_USE);
EC_KEY_free(ecdh);
}
#else
@ -1362,15 +1451,18 @@ int main(int argc, char *argv[])
#ifndef OPENSSL_NO_RSA
SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
SSL_CTX_set_tmp_rsa_callback(s_ctx2, tmp_rsa_cb);
#endif
#ifdef TLSEXT_TYPE_opaque_prf_input
SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx2, opaque_prf_input_cb);
/* or &co2 or NULL */
SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1);
/* or &so2 or NULL */
SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1);
SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx2, &so1);
#endif
if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
@ -1383,6 +1475,16 @@ int main(int argc, char *argv[])
goto end;
}
if (!SSL_CTX_use_certificate_file(s_ctx2, server_cert, SSL_FILETYPE_PEM)) {
ERR_print_errors(bio_err);
} else if (!SSL_CTX_use_PrivateKey_file(s_ctx2,
(server_key ? server_key :
server_cert),
SSL_FILETYPE_PEM)) {
ERR_print_errors(bio_err);
goto end;
}
if (client_auth) {
SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(c_ctx,
@ -1392,6 +1494,8 @@ int main(int argc, char *argv[])
if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
(!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
(!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(c_ctx))) {
/* fprintf(stderr,"SSL_load_verify_locations\n"); */
@ -1406,6 +1510,11 @@ int main(int argc, char *argv[])
verify_callback);
SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
&app_verify_arg);
SSL_CTX_set_verify(s_ctx2,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
&app_verify_arg);
}
if (server_auth) {
BIO_printf(bio_err, "server authentication\n");
@ -1418,6 +1527,8 @@ int main(int argc, char *argv[])
int session_id_context = 0;
SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
sizeof session_id_context);
SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
sizeof session_id_context);
}
/* Use PSK only if PSK key is given */
@ -1436,6 +1547,7 @@ int main(int argc, char *argv[])
#ifndef OPENSSL_NO_PSK
SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
if (debug)
BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) {
@ -1443,6 +1555,11 @@ int main(int argc, char *argv[])
ERR_print_errors(bio_err);
goto end;
}
if (!SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
BIO_printf(bio_err, "error setting PSK identity hint to s_ctx2\n");
ERR_print_errors(bio_err);
goto end;
}
#endif
}
#ifndef OPENSSL_NO_SRP
@ -1461,8 +1578,11 @@ int main(int argc, char *argv[])
if (srp_server_arg.expected_user != NULL) {
SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback);
SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg);
SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb);
}
#endif
@ -1475,11 +1595,16 @@ int main(int argc, char *argv[])
NULL, NULL, NULL,
serverinfo_cli_parse_cb, NULL);
if (serverinfo_file)
if (serverinfo_file) {
if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) {
BIO_printf(bio_err, "missing serverinfo file\n");
goto end;
}
if (!SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
BIO_printf(bio_err, "missing serverinfo file\n");
goto end;
}
}
if (custom_ext) {
SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
@ -1515,10 +1640,29 @@ int main(int argc, char *argv[])
custom_ext_3_srv_add_cb,
NULL, NULL,
custom_ext_3_srv_parse_cb, NULL);
SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
custom_ext_0_srv_add_cb,
NULL, NULL,
custom_ext_0_srv_parse_cb, NULL);
SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
custom_ext_1_srv_add_cb,
NULL, NULL,
custom_ext_1_srv_parse_cb, NULL);
SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
custom_ext_2_srv_add_cb,
NULL, NULL,
custom_ext_2_srv_parse_cb, NULL);
SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
custom_ext_3_srv_add_cb,
NULL, NULL,
custom_ext_3_srv_parse_cb, NULL);
}
if (alpn_server)
SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
if (alpn_server2)
SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
if (alpn_client) {
unsigned short alpn_len;
@ -1532,9 +1676,15 @@ int main(int argc, char *argv[])
OPENSSL_free(alpn);
}
if (sn_server1 || sn_server2)
SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
c_ssl = SSL_new(c_ctx);
s_ssl = SSL_new(s_ctx);
if (sn_client)
SSL_set_tlsext_host_name(c_ssl, sn_client);
#ifndef OPENSSL_NO_KRB5
if (c_ssl && c_ssl->kssl_ctx) {
char localhost[MAXHOSTNAMELEN + 2];
@ -1588,12 +1738,19 @@ int main(int argc, char *argv[])
#endif
}
if (verify_alpn(c_ssl, s_ssl) < 0)
ret = 1;
if (verify_servername(c_ssl, s_ssl) < 0)
ret = 1;
SSL_free(s_ssl);
SSL_free(c_ssl);
end:
if (s_ctx != NULL)
SSL_CTX_free(s_ctx);
if (s_ctx2 != NULL)
SSL_CTX_free(s_ctx2);
if (c_ctx != NULL)
SSL_CTX_free(c_ctx);
@ -1961,10 +2118,6 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
ret = 1;
goto err;
}
if (verify_alpn(c_ssl, s_ssl) < 0) {
ret = 1;
goto err;
}
if (custom_ext_error) {
ret = 1;

88
ssl/t1_lib.c
View file

@ -1539,6 +1539,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
s2n(s->alpn_client_proto_list_len, ret);
memcpy(ret, s->alpn_client_proto_list, s->alpn_client_proto_list_len);
ret += s->alpn_client_proto_list_len;
s->cert->alpn_sent = 1;
}
# ifndef OPENSSL_NO_SRTP
if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
@ -1906,7 +1907,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
# endif /* !OPENSSL_NO_EC */
/*
* tls1_alpn_handle_client_hello is called to process the ALPN extension in a
* tls1_alpn_handle_client_hello is called to save the ALPN extension in a
* ClientHello. data: the contents of the extension, not including the type
* and length. data_len: the number of bytes in |data| al: a pointer to the
* alert value to send in the event of a non-zero return. returns: 0 on
@ -1917,12 +1918,6 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
{
unsigned i;
unsigned proto_len;
const unsigned char *selected;
unsigned char selected_len;
int r;
if (s->ctx->alpn_select_cb == NULL)
return 0;
if (data_len < 2)
goto parse_error;
@ -1953,19 +1948,15 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
i += proto_len;
}
r = s->ctx->alpn_select_cb(s, &selected, &selected_len, data, data_len,
s->ctx->alpn_select_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) {
if (s->s3->alpn_selected)
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = OPENSSL_malloc(selected_len);
if (!s->s3->alpn_selected) {
*al = SSL_AD_INTERNAL_ERROR;
return -1;
}
memcpy(s->s3->alpn_selected, selected, selected_len);
s->s3->alpn_selected_len = selected_len;
if (s->cert->alpn_proposed != NULL)
OPENSSL_free(s->cert->alpn_proposed);
s->cert->alpn_proposed = OPENSSL_malloc(data_len);
if (s->cert->alpn_proposed == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
return -1;
}
memcpy(s->cert->alpn_proposed, data, data_len);
s->cert->alpn_proposed_len = data_len;
return 0;
parse_error:
@ -1973,6 +1964,43 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
return -1;
}
/*
* Process the ALPN extension in a ClientHello.
* ret: a pointer to the TLSEXT return value: SSL_TLSEXT_ERR_*
* al: a pointer to the alert value to send in the event of a failure.
* returns 1 on success, 0 on failure: al/ret set only on failure
*/
static int tls1_alpn_handle_client_hello_late(SSL *s, int *ret, int *al)
{
const unsigned char *selected = NULL;
unsigned char selected_len = 0;
if (s->ctx->alpn_select_cb != NULL && s->cert->alpn_proposed != NULL) {
int r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
s->cert->alpn_proposed,
s->cert->alpn_proposed_len,
s->ctx->alpn_select_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) {
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = OPENSSL_malloc(selected_len);
if (s->s3->alpn_selected == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
*ret = SSL_TLSEXT_ERR_ALERT_FATAL;
return 0;
}
memcpy(s->s3->alpn_selected, selected, selected_len);
s->s3->alpn_selected_len = selected_len;
# ifndef OPENSSL_NO_NEXTPROTONEG
/* ALPN takes precedence over NPN. */
s->s3->next_proto_neg_seen = 0;
# endif
}
}
return 1;
}
static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
unsigned char *limit, int *al)
{
@ -1992,6 +2020,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
}
s->s3->alpn_selected_len = 0;
if (s->cert->alpn_proposed) {
OPENSSL_free(s->cert->alpn_proposed);
s->cert->alpn_proposed = NULL;
}
s->cert->alpn_proposed_len = 0;
# ifndef OPENSSL_NO_HEARTBEATS
s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
@ -2359,8 +2393,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
# endif
# ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
s->s3->tmp.finish_md_len == 0 &&
s->s3->alpn_selected == NULL) {
s->s3->tmp.finish_md_len == 0) {
/*-
* We shouldn't accept this extension on a
* renegotiation.
@ -2383,13 +2416,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
# endif
else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
s->ctx->alpn_select_cb && s->s3->tmp.finish_md_len == 0) {
s->s3->tmp.finish_md_len == 0) {
if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
return 0;
# ifndef OPENSSL_NO_NEXTPROTONEG
/* ALPN takes precedence over NPN. */
s->s3->next_proto_neg_seen = 0;
# endif
}
/* session ticket processed earlier */
@ -2698,7 +2727,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
unsigned len;
/* We must have requested it. */
if (s->alpn_client_proto_list == NULL) {
if (!s->cert->alpn_sent) {
*al = TLS1_AD_UNSUPPORTED_EXTENSION;
return 0;
}
@ -2863,6 +2892,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
}
# endif
s->cert->alpn_sent = 0;
return 1;
}
@ -3066,6 +3096,10 @@ int ssl_check_clienthello_tlsext_late(SSL *s)
} else
s->tlsext_status_expected = 0;
if (!tls1_alpn_handle_client_hello_late(s, &ret, &al)) {
goto err;
}
err:
switch (ret) {
case SSL_TLSEXT_ERR_ALERT_FATAL:

19
test/testssl
View file

@ -236,6 +236,17 @@ $ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_tack || exit 1
$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
$ssltest -bio_pair -tls1 -custom_ext -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
#############################################################################
# SNI tests
$ssltest -bio_pair -sn_client foo || exit 1
$ssltest -bio_pair -sn_server1 foo || exit 1
$ssltest -bio_pair -sn_client foo -sn_server1 foo -sn_expect1 || exit 1
$ssltest -bio_pair -sn_client foo -sn_server1 bar -sn_expect1 || exit 1
$ssltest -bio_pair -sn_client foo -sn_server1 foo -sn_server2 bar -sn_expect1 || exit 1
$ssltest -bio_pair -sn_client bar -sn_server1 foo -sn_server2 bar -sn_expect2 || exit 1
# Negative test - make sure it doesn't crash, and doesn't switch contexts
$ssltest -bio_pair -sn_client foobar -sn_server1 foo -sn_server2 bar -sn_expect1 || exit 1
#############################################################################
# ALPN tests
@ -249,6 +260,14 @@ $ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo -alpn_expecte
$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo -alpn_expected bar || exit 1
$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
#############################################################################
# ALPN + SNI
$ssltest -bio_pair -alpn_client foo,bar -sn_client alice -alpn_server1 foo,123 -sn_server1 alice -alpn_server2 bar,456 -sn_server2 bob -alpn_expected foo || exit 1
$ssltest -bio_pair -alpn_client foo,bar -sn_client bob -alpn_server1 foo,123 -sn_server1 alice -alpn_server2 bar,456 -sn_server2 bob -alpn_expected bar || exit 1
$ssltest -bio_pair -alpn_client foo,bar -sn_client bob -sn_server1 alice -alpn_server2 bar,456 -sn_server2 bob -alpn_expected bar || exit 1
if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
echo skipping SRP tests
else