| blob | 5039e330a56fda77efee4c9bc96bff41a4843813 |
1 This patch adds support for TLS SessionTicket extension (RFC 5077) for
2 the parts used by EAP-FAST (RFC 4851).
4 This is based on the patch from Alexey Kobozev <akobozev@cisco.com>
5 (sent to openssl-dev mailing list on Tue, 07 Jun 2005 15:40:58 +0300).
9 diff -upr openssl-SNAP-20080528.orig/ssl/s3_clnt.c openssl-SNAP-20080528/ssl/s3_clnt.c
10 --- openssl-SNAP-20080528.orig/ssl/s3_clnt.c 2008-04-29 21:00:17.000000000 +0300
11 +++ openssl-SNAP-20080528/ssl/s3_clnt.c 2008-05-29 10:55:43.000000000 +0300
12 @@ -785,6 +785,20 @@ int ssl3_get_server_hello(SSL *s)
13 goto f_err;
14 }
16 +#ifndef OPENSSL_NO_TLSEXT
17 + /* check if we want to resume the session based on external pre-shared secret */
18 + if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
19 + {
20 + SSL_CIPHER *pref_cipher=NULL;
21 + s->session->master_key_length=sizeof(s->session->master_key);
22 + if (s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
23 + NULL, &pref_cipher, s->tls_session_secret_cb_arg))
24 + {
25 + s->session->cipher=pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s,p+j);
26 + }
27 + }
28 +#endif /* OPENSSL_NO_TLSEXT */
29 +
30 if (j != 0 && j == s->session->session_id_length
31 && memcmp(p,s->session->session_id,j) == 0)
32 {
33 @@ -2918,11 +2932,8 @@ static int ssl3_check_finished(SSL *s)
34 {
35 int ok;
36 long n;
37 - /* If we have no ticket or session ID is non-zero length (a match of
38 - * a non-zero session length would never reach here) it cannot be a
39 - * resumed session.
40 - */
41 - if (!s->session->tlsext_tick || s->session->session_id_length)
42 + /* If we have no ticket it cannot be a resumed session. */
43 + if (!s->session->tlsext_tick)
44 return 1;
45 /* this function is called when we really expect a Certificate
46 * message, so permit appropriate message length */
47 diff -upr openssl-SNAP-20080528.orig/ssl/s3_srvr.c openssl-SNAP-20080528/ssl/s3_srvr.c
48 --- openssl-SNAP-20080528.orig/ssl/s3_srvr.c 2008-04-30 20:00:38.000000000 +0300
49 +++ openssl-SNAP-20080528/ssl/s3_srvr.c 2008-05-29 10:49:25.000000000 +0300
50 @@ -1004,6 +1004,59 @@ int ssl3_get_client_hello(SSL *s)
51 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
52 goto err;
53 }
54 +
55 + /* Check if we want to use external pre-shared secret for this
56 + * handshake for not reused session only. We need to generate
57 + * server_random before calling tls_session_secret_cb in order to allow
58 + * SessionTicket processing to use it in key derivation. */
59 + {
60 + unsigned long Time;
61 + unsigned char *pos;
62 + Time=(unsigned long)time(NULL); /* Time */
63 + pos=s->s3->server_random;
64 + l2n(Time,pos);
65 + if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
66 + {
67 + al=SSL_AD_INTERNAL_ERROR;
68 + goto f_err;
69 + }
70 + }
71 +
72 + if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
73 + {
74 + SSL_CIPHER *pref_cipher=NULL;
75 +
76 + s->session->master_key_length=sizeof(s->session->master_key);
77 + if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
78 + ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
79 + {
80 + s->hit=1;
81 + s->session->ciphers=ciphers;
82 + s->session->verify_result=X509_V_OK;
83 +
84 + ciphers=NULL;
85 +
86 + /* check if some cipher was preferred by call back */
87 + pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
88 + if (pref_cipher == NULL)
89 + {
90 + al=SSL_AD_HANDSHAKE_FAILURE;
91 + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
92 + goto f_err;
93 + }
94 +
95 + s->session->cipher=pref_cipher;
96 +
97 + if (s->cipher_list)
98 + sk_SSL_CIPHER_free(s->cipher_list);
99 +
100 + if (s->cipher_list_by_id)
101 + sk_SSL_CIPHER_free(s->cipher_list_by_id);
102 +
103 + s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
104 + s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
105 + }
106 + }
107 #endif
109 /* Worst case, we will use the NULL compression, but if we have other
110 @@ -1130,16 +1183,22 @@ int ssl3_send_server_hello(SSL *s)
111 unsigned char *buf;
112 unsigned char *p,*d;
113 int i,sl;
114 - unsigned long l,Time;
115 + unsigned long l;
116 +#ifdef OPENSSL_NO_TLSEXT
117 + unsigned long Time;
118 +#endif
120 if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
121 {
122 buf=(unsigned char *)s->init_buf->data;
123 +#ifdef OPENSSL_NO_TLSEXT
124 p=s->s3->server_random;
125 + /* Generate server_random if it was not needed previously */
126 Time=(unsigned long)time(NULL); /* Time */
127 l2n(Time,p);
128 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
129 return -1;
130 +#endif
131 /* Do the message type and length last */
132 d=p= &(buf[4]);
134 diff -upr openssl-SNAP-20080528.orig/ssl/ssl.h openssl-SNAP-20080528/ssl/ssl.h
135 --- openssl-SNAP-20080528.orig/ssl/ssl.h 2008-05-26 15:00:37.000000000 +0300
136 +++ openssl-SNAP-20080528/ssl/ssl.h 2008-05-29 10:49:25.000000000 +0300
137 @@ -354,6 +354,7 @@ extern "C" {
138 * 'struct ssl_st *' function parameters used to prototype callbacks
139 * in SSL_CTX. */
140 typedef struct ssl_st *ssl_crock_st;
141 +typedef struct tls_extension_st TLS_EXTENSION;
143 /* used to hold info on the particular ciphers used */
144 typedef struct ssl_cipher_st
145 @@ -380,6 +381,8 @@ DECLARE_STACK_OF(SSL_CIPHER)
146 typedef struct ssl_st SSL;
147 typedef struct ssl_ctx_st SSL_CTX;
149 +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
150 +
151 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
152 typedef struct ssl_method_st
153 {
154 @@ -1128,6 +1131,13 @@ struct ssl_st
155 void *tlsext_opaque_prf_input;
156 size_t tlsext_opaque_prf_input_len;
158 + /* TLS extensions */
159 + TLS_EXTENSION *tls_extension;
160 +
161 + /* TLS pre-shared secret session resumption */
162 + tls_session_secret_cb_fn tls_session_secret_cb;
163 + void *tls_session_secret_cb_arg;
164 +
165 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
166 #define session_ctx initial_ctx
167 #else
168 @@ -1729,6 +1739,12 @@ void *SSL_COMP_get_compression_methods(v
169 int SSL_COMP_add_compression_method(int id,void *cm);
170 #endif
172 +/* TLS extensions functions */
173 +int SSL_set_hello_extension(SSL *s, int ext_type, void *ext_data, int ext_len);
174 +
175 +/* Pre-shared secret session resumption functions */
176 +int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
177 +
178 /* BEGIN ERROR CODES */
179 /* The following lines are auto generated by the script mkerr.pl. Any changes
180 * made after this point may be overwritten when the script is next run.
181 @@ -1928,6 +1944,7 @@ void ERR_load_SSL_strings(void);
182 #define SSL_F_TLS1_PRF 284
183 #define SSL_F_TLS1_SETUP_KEY_BLOCK 211
184 #define SSL_F_WRITE_PENDING 212
185 +#define SSL_F_SSL_SET_HELLO_EXTENSION 213
187 /* Reason codes. */
188 #define SSL_R_APP_DATA_IN_HANDSHAKE 100
189 diff -upr openssl-SNAP-20080528.orig/ssl/ssl_err.c openssl-SNAP-20080528/ssl/ssl_err.c
190 --- openssl-SNAP-20080528.orig/ssl/ssl_err.c 2007-10-27 03:01:29.000000000 +0300
191 +++ openssl-SNAP-20080528/ssl/ssl_err.c 2008-05-29 10:49:25.000000000 +0300
192 @@ -260,6 +260,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
193 {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
194 {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
195 {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
196 +{ERR_FUNC(SSL_F_SSL_SET_HELLO_EXTENSION), "SSL_set_hello_extension"},
197 {0,NULL}
198 };
200 diff -upr openssl-SNAP-20080528.orig/ssl/ssl_sess.c openssl-SNAP-20080528/ssl/ssl_sess.c
201 --- openssl-SNAP-20080528.orig/ssl/ssl_sess.c 2008-05-26 15:00:37.000000000 +0300
202 +++ openssl-SNAP-20080528/ssl/ssl_sess.c 2008-05-29 10:49:25.000000000 +0300
203 @@ -831,6 +831,52 @@ long SSL_CTX_get_timeout(const SSL_CTX *
204 return(s->session_timeout);
205 }
207 +#ifndef OPENSSL_NO_TLSEXT
208 +int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
209 + STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
210 +{
211 + if (s == NULL) return(0);
212 + s->tls_session_secret_cb = tls_session_secret_cb;
213 + s->tls_session_secret_cb_arg = arg;
214 + return(1);
215 +}
216 +
217 +int SSL_set_hello_extension(SSL *s, int ext_type, void *ext_data, int ext_len)
218 +{
219 + if(s->version >= TLS1_VERSION)
220 + {
221 + if(s->tls_extension)
222 + {
223 + OPENSSL_free(s->tls_extension);
224 + s->tls_extension = NULL;
225 + }
226 +
227 + s->tls_extension = OPENSSL_malloc(sizeof(TLS_EXTENSION) + ext_len);
228 + if(!s->tls_extension)
229 + {
230 + SSLerr(SSL_F_SSL_SET_HELLO_EXTENSION, ERR_R_MALLOC_FAILURE);
231 + return 0;
232 + }
233 +
234 + s->tls_extension->type = ext_type;
235 +
236 + if(ext_data)
237 + {
238 + s->tls_extension->length = ext_len;
239 + s->tls_extension->data = s->tls_extension + 1;
240 + memcpy(s->tls_extension->data, ext_data, ext_len);
241 + } else {
242 + s->tls_extension->length = 0;
243 + s->tls_extension->data = NULL;
244 + }
245 +
246 + return 1;
247 + }
248 +
249 + return 0;
250 +}
251 +#endif /* OPENSSL_NO_TLSEXT */
252 +
253 typedef struct timeout_param_st
254 {
255 SSL_CTX *ctx;
256 diff -upr openssl-SNAP-20080528.orig/ssl/t1_lib.c openssl-SNAP-20080528/ssl/t1_lib.c
257 --- openssl-SNAP-20080528.orig/ssl/t1_lib.c 2008-04-30 20:00:39.000000000 +0300
258 +++ openssl-SNAP-20080528/ssl/t1_lib.c 2008-05-29 10:49:25.000000000 +0300
259 @@ -154,6 +154,12 @@ int tls1_new(SSL *s)
261 void tls1_free(SSL *s)
262 {
263 +#ifndef OPENSSL_NO_TLSEXT
264 + if(s->tls_extension)
265 + {
266 + OPENSSL_free(s->tls_extension);
267 + }
268 +#endif
269 ssl3_free(s);
270 }
272 @@ -357,8 +363,24 @@ unsigned char *ssl_add_clienthello_tlsex
273 int ticklen;
274 if (s->session && s->session->tlsext_tick)
275 ticklen = s->session->tlsext_ticklen;
276 + else if (s->session && s->tls_extension &&
277 + s->tls_extension->type == TLSEXT_TYPE_session_ticket &&
278 + s->tls_extension->data)
279 + {
280 + ticklen = s->tls_extension->length;
281 + s->session->tlsext_tick = OPENSSL_malloc(ticklen);
282 + if (!s->session->tlsext_tick)
283 + return NULL;
284 + memcpy(s->session->tlsext_tick, s->tls_extension->data,
285 + ticklen);
286 + s->session->tlsext_ticklen = ticklen;
287 + }
288 else
289 ticklen = 0;
290 + if (ticklen == 0 && s->tls_extension &&
291 + s->tls_extension->type == TLSEXT_TYPE_session_ticket &&
292 + s->tls_extension->data == NULL)
293 + goto skip_ext;
294 /* Check for enough room 2 for extension type, 2 for len
295 * rest for ticket
296 */
297 @@ -371,6 +393,7 @@ unsigned char *ssl_add_clienthello_tlsex
298 ret += ticklen;
299 }
300 }
301 + skip_ext:
303 #ifdef TLSEXT_TYPE_opaque_prf_input
304 if (s->s3->client_opaque_prf_input != NULL)
305 @@ -1427,6 +1450,8 @@ int tls1_process_ticket(SSL *s, unsigned
306 s->tlsext_ticket_expected = 1;
307 return 0; /* Cache miss */
308 }
309 + if (s->tls_session_secret_cb)
310 + return 0;
311 return tls_decrypt_ticket(s, p, size, session_id, len,
312 ret);
313 }
314 diff -upr openssl-SNAP-20080528.orig/ssl/tls1.h openssl-SNAP-20080528/ssl/tls1.h
315 --- openssl-SNAP-20080528.orig/ssl/tls1.h 2008-04-30 20:00:39.000000000 +0300
316 +++ openssl-SNAP-20080528/ssl/tls1.h 2008-05-29 10:49:25.000000000 +0300
317 @@ -512,6 +512,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_T
318 #define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
319 #endif
321 +/* TLS extension struct */
322 +struct tls_extension_st
323 +{
324 + unsigned short type;
325 + unsigned short length;
326 + void *data;
327 +};
328 +
329 #ifdef __cplusplus
330 }
331 #endif
332 diff -upr openssl-SNAP-20080528.orig/util/ssleay.num openssl-SNAP-20080528/util/ssleay.num
333 --- openssl-SNAP-20080528.orig/util/ssleay.num 2007-08-31 16:03:14.000000000 +0300
334 +++ openssl-SNAP-20080528/util/ssleay.num 2008-05-29 10:49:25.000000000 +0300
335 @@ -253,3 +253,5 @@ PEM_write_bio_SSL_SESSION
336 PEM_read_SSL_SESSION 302 EXIST:!WIN16:FUNCTION:
337 PEM_read_bio_SSL_SESSION 303 EXIST::FUNCTION:
338 PEM_write_SSL_SESSION 304 EXIST:!WIN16:FUNCTION:
339 +SSL_set_hello_extension 305 EXIST::FUNCTION:TLSEXT
340 +SSL_set_session_secret_cb 306 EXIST::FUNCTION:TLSEXT