projects / mech_eap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Updated through tag hostap_2_5 from git://w1.fi/hostap.git
[mech_eap.git] / libeap / patches / openssl-0.9.8za-tls-extensions.patch
1 This patch adds support for TLS SessionTicket extension (RFC 5077) for
2 the parts used by EAP-FAST (RFC 4851).
3
4 This is based on the patch from Alexey Kobozev <akobozev@cisco.com>
5 (sent to openssl-dev mailing list on Tue, 07 Jun 2005 15:40:58 +0300).
6
7 OpenSSL 0.9.8za does not enable TLS extension support by default, so it
8 will need to be enabled by adding enable-tlsext to config script
9 command line.
10
11
12 diff -upr openssl-0.9.8za.orig/ssl/s3_clnt.c openssl-0.9.8za/ssl/s3_clnt.c
13 --- openssl-0.9.8za.orig/ssl/s3_clnt.c  2014-06-05 11:09:26.000000000 +0300
14 +++ openssl-0.9.8za/ssl/s3_clnt.c       2014-06-05 20:37:09.221387312 +0300
15 @@ -767,6 +767,22 @@ int ssl3_get_server_hello(SSL *s)
16                 goto f_err;
17                 }
18  
19 +#ifndef OPENSSL_NO_TLSEXT
20 +       /* check if we want to resume the session based on external pre-shared secret */
21 +       if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
22 +               {
23 +               SSL_CIPHER *pref_cipher=NULL;
24 +               s->session->master_key_length=sizeof(s->session->master_key);
25 +               if (s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
26 +                       NULL, &pref_cipher, s->tls_session_secret_cb_arg))
27 +                       {
28 +                       s->session->cipher=pref_cipher ?
29 +                               pref_cipher : ssl_get_cipher_by_char(s,p+j);
30 +                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
31 +                       }
32 +               }
33 +#endif /* OPENSSL_NO_TLSEXT */
34 +
35         if (j != 0 && j == s->session->session_id_length
36             && memcmp(p,s->session->session_id,j) == 0)
37             {
38 @@ -2745,11 +2760,8 @@ int ssl3_check_finished(SSL *s)
39         {
40         int ok;
41         long n;
42 -       /* If we have no ticket or session ID is non-zero length (a match of
43 -        * a non-zero session length would never reach here) it cannot be a
44 -        * resumed session.
45 -        */
46 -       if (!s->session->tlsext_tick || s->session->session_id_length)
47 +       /* If we have no ticket it cannot be a resumed session. */
48 +       if (!s->session->tlsext_tick)
49                 return 1;
50         /* this function is called when we really expect a Certificate
51          * message, so permit appropriate message length */
52 diff -upr openssl-0.9.8za.orig/ssl/s3_srvr.c openssl-0.9.8za/ssl/s3_srvr.c
53 --- openssl-0.9.8za.orig/ssl/s3_srvr.c  2014-06-05 11:09:26.000000000 +0300
54 +++ openssl-0.9.8za/ssl/s3_srvr.c       2014-06-05 20:37:09.225387312 +0300
55 @@ -1011,6 +1011,59 @@ int ssl3_get_client_hello(SSL *s)
56                         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
57                         goto err;
58                 }
59 +
60 +       /* Check if we want to use external pre-shared secret for this
61 +        * handshake for not reused session only. We need to generate
62 +        * server_random before calling tls_session_secret_cb in order to allow
63 +        * SessionTicket processing to use it in key derivation. */
64 +       {
65 +               unsigned long Time;
66 +               unsigned char *pos;
67 +               Time=(unsigned long)time(NULL);                 /* Time */
68 +               pos=s->s3->server_random;
69 +               l2n(Time,pos);
70 +               if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
71 +                       {
72 +                       al=SSL_AD_INTERNAL_ERROR;
73 +                       goto f_err;
74 +                       }
75 +       }
76 +
77 +       if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
78 +               {
79 +               SSL_CIPHER *pref_cipher=NULL;
80 +
81 +               s->session->master_key_length=sizeof(s->session->master_key);
82 +               if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length, 
83 +                       ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
84 +                       {
85 +                       s->hit=1;
86 +                       s->session->ciphers=ciphers;
87 +                       s->session->verify_result=X509_V_OK;
88 +                       
89 +                       ciphers=NULL;
90 +                       
91 +                       /* check if some cipher was preferred by call back */
92 +                       pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
93 +                       if (pref_cipher == NULL)
94 +                               {
95 +                               al=SSL_AD_HANDSHAKE_FAILURE;
96 +                               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
97 +                               goto f_err;
98 +                               }
99 +
100 +                       s->session->cipher=pref_cipher;
101 +
102 +                       if (s->cipher_list)
103 +                               sk_SSL_CIPHER_free(s->cipher_list);
104 +
105 +                       if (s->cipher_list_by_id)
106 +                               sk_SSL_CIPHER_free(s->cipher_list_by_id);
107 +
108 +                       s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
109 +                       s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
110 +                       }
111 +               }
112  #endif
113         /* Worst case, we will use the NULL compression, but if we have other
114          * options, we will now look for them.  We have i-1 compression
115 @@ -1161,16 +1214,22 @@ int ssl3_send_server_hello(SSL *s)
116         unsigned char *buf;
117         unsigned char *p,*d;
118         int i,sl;
119 -       unsigned long l,Time;
120 +       unsigned long l;
121 +#ifdef OPENSSL_NO_TLSEXT
122 +       unsigned long Time;
123 +#endif
124  
125         if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
126                 {
127                 buf=(unsigned char *)s->init_buf->data;
128 +#ifdef OPENSSL_NO_TLSEXT
129                 p=s->s3->server_random;
130 +               /* Generate server_random if it was not needed previously */
131                 Time=(unsigned long)time(NULL);                 /* Time */
132                 l2n(Time,p);
133                 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
134                         return -1;
135 +#endif
136                 /* Do the message type and length last */
137                 d=p= &(buf[4]);
138  
139 diff -upr openssl-0.9.8za.orig/ssl/ssl_err.c openssl-0.9.8za/ssl/ssl_err.c
140 --- openssl-0.9.8za.orig/ssl/ssl_err.c  2014-06-05 11:09:08.000000000 +0300
141 +++ openssl-0.9.8za/ssl/ssl_err.c       2014-06-05 20:37:09.225387312 +0300
142 @@ -265,6 +265,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
143  {ERR_FUNC(SSL_F_TLS1_ENC),     "TLS1_ENC"},
144  {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
145  {ERR_FUNC(SSL_F_WRITE_PENDING),        "WRITE_PENDING"},
146 +{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
147  {0,NULL}
148         };
149  
150 diff -upr openssl-0.9.8za.orig/ssl/ssl.h openssl-0.9.8za/ssl/ssl.h
151 --- openssl-0.9.8za.orig/ssl/ssl.h      2014-06-05 11:09:08.000000000 +0300
152 +++ openssl-0.9.8za/ssl/ssl.h   2014-06-05 20:37:09.229387312 +0300
153 @@ -344,6 +344,7 @@ extern "C" {
154   * 'struct ssl_st *' function parameters used to prototype callbacks
155   * in SSL_CTX. */
156  typedef struct ssl_st *ssl_crock_st;
157 +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
158  
159  /* used to hold info on the particular ciphers used */
160  typedef struct ssl_cipher_st
161 @@ -362,6 +363,9 @@ typedef struct ssl_cipher_st
162  
163  DECLARE_STACK_OF(SSL_CIPHER)
164  
165 +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
166 +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
167 +
168  /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
169  typedef struct ssl_method_st
170         {
171 @@ -1053,6 +1057,18 @@ struct ssl_st
172  
173         /* RFC4507 session ticket expected to be received or sent */
174         int tlsext_ticket_expected;
175 +
176 +       /* TLS Session Ticket extension override */
177 +       TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
178 +
179 +       /* TLS Session Ticket extension callback */
180 +       tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
181 +       void *tls_session_ticket_ext_cb_arg;
182 +
183 +       /* TLS pre-shared secret session resumption */
184 +       tls_session_secret_cb_fn tls_session_secret_cb;
185 +       void *tls_session_secret_cb_arg;
186 +
187         SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
188  #define session_ctx initial_ctx
189  #else
190 @@ -1668,6 +1684,15 @@ void *SSL_COMP_get_compression_methods(v
191  int SSL_COMP_add_compression_method(int id,void *cm);
192  #endif
193  
194 +/* TLS extensions functions */
195 +int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
196 +
197 +int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
198 +                                 void *arg);
199 +
200 +/* Pre-shared secret session resumption functions */
201 +int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
202 +
203  /* BEGIN ERROR CODES */
204  /* The following lines are auto generated by the script mkerr.pl. Any changes
205   * made after this point may be overwritten when the script is next run.
206 @@ -1872,6 +1897,7 @@ void ERR_load_SSL_strings(void);
207  #define SSL_F_TLS1_ENC                                  210
208  #define SSL_F_TLS1_SETUP_KEY_BLOCK                      211
209  #define SSL_F_WRITE_PENDING                             212
210 +#define SSL_F_SSL_SET_SESSION_TICKET_EXT                213
211  
212  /* Reason codes. */
213  #define SSL_R_APP_DATA_IN_HANDSHAKE                     100
214 diff -upr openssl-0.9.8za.orig/ssl/ssl_sess.c openssl-0.9.8za/ssl/ssl_sess.c
215 --- openssl-0.9.8za.orig/ssl/ssl_sess.c 2014-06-05 11:09:08.000000000 +0300
216 +++ openssl-0.9.8za/ssl/ssl_sess.c      2014-06-05 20:37:09.229387312 +0300
217 @@ -712,6 +712,61 @@ long SSL_CTX_get_timeout(const SSL_CTX *
218         return(s->session_timeout);
219         }
220  
221 +#ifndef OPENSSL_NO_TLSEXT
222 +int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
223 +       STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
224 +       {
225 +       if (s == NULL) return(0);
226 +       s->tls_session_secret_cb = tls_session_secret_cb;
227 +       s->tls_session_secret_cb_arg = arg;
228 +       return(1);
229 +       }
230 +
231 +int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
232 +                                 void *arg)
233 +       {
234 +       if (s == NULL) return(0);
235 +       s->tls_session_ticket_ext_cb = cb;
236 +       s->tls_session_ticket_ext_cb_arg = arg;
237 +       return(1);
238 +       }
239 +
240 +int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
241 +       {
242 +       if (s->version >= TLS1_VERSION)
243 +               {
244 +               if (s->tlsext_session_ticket)
245 +                       {
246 +                       OPENSSL_free(s->tlsext_session_ticket);
247 +                       s->tlsext_session_ticket = NULL;
248 +                       }
249 +
250 +               s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
251 +               if (!s->tlsext_session_ticket)
252 +                       {
253 +                       SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
254 +                       return 0;
255 +                       }
256 +
257 +               if (ext_data)
258 +                       {
259 +                       s->tlsext_session_ticket->length = ext_len;
260 +                       s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
261 +                       memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
262 +                       }
263 +               else
264 +                       {
265 +                       s->tlsext_session_ticket->length = 0;
266 +                       s->tlsext_session_ticket->data = NULL;
267 +                       }
268 +
269 +               return 1;
270 +               }
271 +
272 +       return 0;
273 +       }
274 +#endif /* OPENSSL_NO_TLSEXT */
275 +
276  typedef struct timeout_param_st
277         {
278         SSL_CTX *ctx;
279 diff -upr openssl-0.9.8za.orig/ssl/t1_lib.c openssl-0.9.8za/ssl/t1_lib.c
280 --- openssl-0.9.8za.orig/ssl/t1_lib.c   2014-06-05 11:09:08.000000000 +0300
281 +++ openssl-0.9.8za/ssl/t1_lib.c        2014-06-05 20:37:09.229387312 +0300
282 @@ -106,6 +106,12 @@ int tls1_new(SSL *s)
283  
284  void tls1_free(SSL *s)
285         {
286 +#ifndef OPENSSL_NO_TLSEXT
287 +       if (s->tlsext_session_ticket)
288 +               {
289 +               OPENSSL_free(s->tlsext_session_ticket);
290 +               }
291 +#endif
292         ssl3_free(s);
293         }
294  
295 @@ -206,8 +212,23 @@ unsigned char *ssl_add_clienthello_tlsex
296                 int ticklen;
297                 if (!s->new_session && s->session && s->session->tlsext_tick)
298                         ticklen = s->session->tlsext_ticklen;
299 +               else if (s->session && s->tlsext_session_ticket &&
300 +                        s->tlsext_session_ticket->data)
301 +                       {
302 +                       ticklen = s->tlsext_session_ticket->length;
303 +                       s->session->tlsext_tick = OPENSSL_malloc(ticklen);
304 +                       if (!s->session->tlsext_tick)
305 +                               return NULL;
306 +                       memcpy(s->session->tlsext_tick,
307 +                              s->tlsext_session_ticket->data,
308 +                              ticklen);
309 +                       s->session->tlsext_ticklen = ticklen;
310 +                       }
311                 else
312                         ticklen = 0;
313 +               if (ticklen == 0 && s->tlsext_session_ticket &&
314 +                   s->tlsext_session_ticket->data == NULL)
315 +                       goto skip_ext;
316                 /* Check for enough room 2 for extension type, 2 for len
317                  * rest for ticket
318                  */
319 @@ -221,6 +242,7 @@ unsigned char *ssl_add_clienthello_tlsex
320                         ret += ticklen;
321                         }
322                 }
323 +               skip_ext:
324  
325         if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
326             s->version != DTLS1_VERSION)
327 @@ -574,6 +596,15 @@ int ssl_parse_clienthello_tlsext(SSL *s,
328                                 return 0;
329                         renegotiate_seen = 1;
330                         }
331 +               else if (type == TLSEXT_TYPE_session_ticket)
332 +                       {
333 +                       if (s->tls_session_ticket_ext_cb &&
334 +                           !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
335 +                               {
336 +                               *al = TLS1_AD_INTERNAL_ERROR;
337 +                               return 0;
338 +                               }
339 +                       }
340                 else if (type == TLSEXT_TYPE_status_request &&
341                          s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
342                         {
343 @@ -751,6 +782,12 @@ int ssl_parse_serverhello_tlsext(SSL *s,
344                         }
345                 else if (type == TLSEXT_TYPE_session_ticket)
346                         {
347 +                       if (s->tls_session_ticket_ext_cb &&
348 +                           !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
349 +                               {
350 +                               *al = TLS1_AD_INTERNAL_ERROR;
351 +                               return 0;
352 +                               }
353                         if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
354                                 || (size > 0))
355                                 {
356 @@ -1043,6 +1080,15 @@ int tls1_process_ticket(SSL *s, unsigned
357                                 s->tlsext_ticket_expected = 1;
358                                 return 0;       /* Cache miss */
359                                 }
360 +                       if (s->tls_session_secret_cb)
361 +                               {
362 +                               /* Indicate cache miss here and instead of
363 +                                * generating the session from ticket now,
364 +                                * trigger abbreviated handshake based on
365 +                                * external mechanism to calculate the master
366 +                                * secret later. */
367 +                               return 0;
368 +                               }
369                         return tls_decrypt_ticket(s, p, size, session_id, len,
370                                                                         ret);
371                         }
372 diff -upr openssl-0.9.8za.orig/ssl/tls1.h openssl-0.9.8za/ssl/tls1.h
373 --- openssl-0.9.8za.orig/ssl/tls1.h     2014-06-05 11:09:08.000000000 +0300
374 +++ openssl-0.9.8za/ssl/tls1.h  2014-06-05 20:37:09.229387312 +0300
375 @@ -415,6 +415,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_T
376  #define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/
377  #endif
378  
379 +/* TLS extension struct */
380 +struct tls_session_ticket_ext_st
381 +       {
382 +       unsigned short length;
383 +       void *data;
384 +       };
385 +
386  #ifdef  __cplusplus
387  }
388  #endif
389 diff -upr openssl-0.9.8za.orig/util/ssleay.num openssl-0.9.8za/util/ssleay.num
390 --- openssl-0.9.8za.orig/util/ssleay.num        2014-06-05 12:38:45.000000000 +0300
391 +++ openssl-0.9.8za/util/ssleay.num     2014-06-05 20:37:09.229387312 +0300
392 @@ -242,3 +242,5 @@ SSL_set_SSL_CTX
393  SSL_get_servername                      291    EXIST::FUNCTION:TLSEXT
394  SSL_get_servername_type                 292    EXIST::FUNCTION:TLSEXT
395  SSL_CTX_set_client_cert_engine          293    EXIST::FUNCTION:ENGINE
396 +SSL_set_session_ticket_ext             306     EXIST::FUNCTION:TLSEXT
397 +SSL_set_session_secret_cb              307     EXIST::FUNCTION:TLSEXT
Moonshot GSS-API mechanism