Commit graph

26 commits

Author SHA1 Message Date
Matt Caswell
8521ced616 Rename the chain variable to chainidx
This variable represents the index of the cert within the chain, so give it
a name that better represents that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
2017-01-06 10:25:14 +00:00
Matt Caswell
f63e428872 Implement TLSv1.3 style CertificateStatus
We remove the separate CertificateStatus message for TLSv1.3, and instead
send back the response in the appropriate Certificate message extension.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
2017-01-06 10:25:13 +00:00
Matt Caswell
f97d4c3708 Extends extension parsing to take the Certificate
Continuing from the previous commit we also need to extend the extensions
framework to supply the Certificate we just read during parsing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
2017-01-06 10:25:13 +00:00
Matt Caswell
30aeba432c Extend tls_construct_extensions() to enable passing of a certificate
The Certificate message in TLS1.3 has an extensions block for each
Certificate. Therefore we need to extend tls_construct_extensions() to pass
in the certificate we are working on. We also pass in the position in the
chain (with 0 being the first certificate).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
2017-01-06 10:25:13 +00:00
Richard Levitte
8f8c11d83f Don't build OCSP stuff when OCSP is disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)
2017-01-04 15:27:00 +01:00
Matt Caswell
0785274ca5 Fix extension for various no- options
Previously we were omitting the extension information from ext_defs if
the association no- option was defined. This doesn't work because the
indexes into the table are no longer valid.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
2016-12-29 13:32:54 +00:00
Matt Caswell
3b58c54f26 Fix the EC point formats extension
This should be sent in the ServerHello if a EC based ciphersuite is
negotiated. The relevant flag to do this was missed off in the recent
extensions refactor.

Fixes GitHub Issue #2133

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
2016-12-29 13:32:54 +00:00
Matt Caswell
7fe97c077b Fix make update issues
Various functions got renamed. We need to rename the error codes too.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:21 +00:00
Matt Caswell
ecc2f938cf Fix more style issues following extensions refactor feedback
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:15 +00:00
Matt Caswell
cbb0954471 Introduce TLSEXT_STATUSTYPE_nothing constant
The existing code used the magic number -1 to represent the absence of
a status_type in the extension. This commit replaces it with a macro.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:09 +00:00
Matt Caswell
d270de322c Change TLSEXT_IDX_* values into an enum
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:03 +00:00
Matt Caswell
1266eefdb6 Various style updates following extensions refactor
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:58 +00:00
Matt Caswell
a1448c26d2 Remove some spurious whitespace
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:22 +00:00
Matt Caswell
332eb39088 Move ServerHello extension parsing into the new extension framework
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:04 +00:00
Matt Caswell
70af3d8ed7 Avoid repeatedly scanning the list of extensions
Because extensions were keyed by type which is sparse, we were continually
scanning the list to find the one we wanted. The way we stored them also
had the side effect that we were running initialisers/finalisers in a
different oder to the parsers. In this commit we change things so that we
instead key on an index value for each extension.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:56 +00:00
Matt Caswell
02f0274e8c Move ALPN processing into an extension finalisation function
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:46 +00:00
Matt Caswell
805a2e9e13 Provide server side extension init and finalisation functions
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:40 +00:00
Matt Caswell
68db4ddab7 Add an extension initilisation and finalisation capability
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:35 +00:00
Matt Caswell
ab83e31414 Move client construction of ClientHello extensions into new framework
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:30 +00:00
Matt Caswell
6dd083fd68 Move client parsing of ServerHello extensions into new framework
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:25 +00:00
Matt Caswell
e56c33b98b Rename some functions
The _clienthello_ in the extensions parsing functions is overly specific.
Better to keep the convention to just _client_

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:18 +00:00
Matt Caswell
7da160b0f4 Move ServerHello extension construction into the new extensions framework
This lays the foundation for a later move to have the extensions built and
placed into the correct message for TLSv1.3 (e.g. ServerHello or
EncryptedExtensions).

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:12 +00:00
Matt Caswell
25670f3e87 Split extensions code into core extensions and server extensions code
Later we will have client extensions code too.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:06 +00:00
Matt Caswell
4b299b8e17 Add extensions construction support
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:00 +00:00
Matt Caswell
224135e96a Continue the extensions refactor
Add support for construction of extensions

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:17:53 +00:00
Matt Caswell
6b473acabd Refactor ClientHello extension parsing
This builds on the work started in 1ab3836b3 and extends is so that
each extension has its own identified parsing functions, as well as an
allowed context identifying which messages and protocols it is relevant for.
Subsequent commits will do a similar job for the ServerHello extensions.
This will enable us to have common functions for processing extension blocks
no matter which of the multiple messages they are received from. In TLSv1.3
a number of different messages have extension blocks, and some extensions
have moved from one message to another when compared to TLSv1.2.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:17:45 +00:00