Only accept early_data if the negotiated ALPN is the same

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
This commit is contained in:
Matt Caswell 2017-02-24 12:45:37 +00:00
parent a832b5ef7a
commit f637004037
5 changed files with 46 additions and 9 deletions

View file

@ -66,6 +66,7 @@ typedef struct {
#endif
long flags;
uint32_t max_early_data;
ASN1_OCTET_STRING *alpn_selected;
} SSL_SESSION_ASN1;
ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
@ -93,7 +94,8 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
#endif
ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13),
ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_age_add, ZLONG, 14),
ASN1_EXP_OPT(SSL_SESSION_ASN1, max_early_data, ZLONG, 15)
ASN1_EXP_OPT(SSL_SESSION_ASN1, max_early_data, ZLONG, 15),
ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16)
} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
@ -134,16 +136,14 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
ASN1_OCTET_STRING comp_id;
unsigned char comp_id_data;
#endif
ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
#ifndef OPENSSL_NO_SRP
ASN1_OCTET_STRING srp_username;
#endif
#ifndef OPENSSL_NO_PSK
ASN1_OCTET_STRING psk_identity, psk_identity_hint;
#endif
ASN1_OCTET_STRING alpn_selected;
long l;
@ -207,6 +207,12 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
as.flags = in->flags;
as.max_early_data = in->ext.max_early_data;
if (in->ext.alpn_selected == NULL)
as.alpn_selected = NULL;
else
ssl_session_oinit(&as.alpn_selected, &alpn_selected,
in->ext.alpn_selected, in->ext.alpn_selected_len);
return i2d_SSL_SESSION_ASN1(&as, pp);
}
@ -362,6 +368,16 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
ret->flags = as->flags;
ret->ext.max_early_data = as->max_early_data;
if (as->alpn_selected != NULL) {
if (!ssl_session_strndup((char **)&ret->ext.alpn_selected,
as->alpn_selected))
goto err;
ret->ext.alpn_selected_len = as->alpn_selected->length;
} else {
ret->ext.alpn_selected = NULL;
ret->ext.alpn_selected_len = 0;
}
M_ASN1_free_of(as, SSL_SESSION_ASN1);
if ((a != NULL) && (*a == NULL))

View file

@ -580,6 +580,9 @@ struct ssl_session_st {
int tick_identity;
/* Max number of bytes that can be sent as early data */
uint32_t max_early_data;
/* The ALPN protocol selected for this session */
unsigned char *alpn_selected;
size_t alpn_selected_len;
} ext;
# ifndef OPENSSL_NO_SRP
char *srp_username;

View file

@ -791,6 +791,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
#ifndef OPENSSL_NO_SRP
OPENSSL_free(ss->srp_username);
#endif
OPENSSL_free(ss->ext.alpn_selected);
CRYPTO_THREAD_lock_free(ss->lock);
OPENSSL_clear_free(ss, sizeof(*ss));
}

View file

@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include "../ssl_locl.h"
#include "statem_locl.h"
@ -1242,7 +1243,10 @@ static int final_early_data(SSL *s, unsigned int context, int sent, int *al)
|| s->session->ext.tick_identity != 0
|| s->early_data_state != SSL_EARLY_DATA_ACCEPTING
|| !s->ext.early_data_ok
|| s->hello_retry_request) {
|| s->hello_retry_request
|| s->s3->alpn_selected_len != s->session->ext.alpn_selected_len
|| memcmp(s->s3->alpn_selected, s->session->ext.alpn_selected,
s->s3->alpn_selected_len) != 0){
s->ext.early_data = SSL_EARLY_DATA_REJECTED;
} else {
s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;

View file

@ -3401,6 +3401,18 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
goto err;
s->session->ext.tick_age_add = age_add_u.age_add;
s->session->time = (long)time(NULL);
if (s->s3->alpn_selected != NULL) {
OPENSSL_free(s->session->ext.alpn_selected);
s->session->ext.alpn_selected =
OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
if (s->session->ext.alpn_selected == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
ERR_R_MALLOC_FAILURE);
goto err;
}
s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;
}
s->session->ext.max_early_data = s->max_early_data;
}
/* get session encoding length */
@ -3410,13 +3422,13 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
* long
*/
if (slen_full == 0 || slen_full > 0xFF00) {
ossl_statem_set_error(s);
return 0;
SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
goto err;
}
senc = OPENSSL_malloc(slen_full);
if (senc == NULL) {
ossl_statem_set_error(s);
return 0;
SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
goto err;
}
ctx = EVP_CIPHER_CTX_new();
@ -3545,6 +3557,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
return 1;
err:
ossl_statem_set_error(s);
OPENSSL_free(senc);
EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);