From 2b0aeecabfbf3cf8eadcb7742899898fdaa3acfc Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 1 Jul 2014 00:39:02 -0400 Subject: [PATCH] Remove authz extension (RFC5878) Found no users of the functions which control the feature. (Also I don't particularly want to port all of that to CBS...) Change-Id: I55da42c44d57252bd47bdcb30431be5e6e90dc56 Reviewed-on: https://boringssl-review.googlesource.com/1061 Reviewed-by: Adam Langley --- ssl/s23_clnt.c | 2 - ssl/s3_clnt.c | 137 +---------------------------- ssl/s3_lib.c | 18 ---- ssl/s3_srvr.c | 119 +------------------------- ssl/ssl.h | 32 +------ ssl/ssl3.h | 16 ---- ssl/ssl_cert.c | 25 ------ ssl/ssl_lib.c | 21 ----- ssl/ssl_locl.h | 17 ---- ssl/ssl_rsa.c | 228 ------------------------------------------------- ssl/ssl_sess.c | 11 --- ssl/t1_lib.c | 199 ------------------------------------------ ssl/tls1.h | 15 ---- 13 files changed, 5 insertions(+), 835 deletions(-) diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 6e5b1a53..092b5f48 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -341,8 +341,6 @@ static int ssl23_client_hello(SSL *s) ssl2_compat = 0; if (s->tlsext_status_type != -1) ssl2_compat = 0; - if (s->ctx->tlsext_authz_server_audit_proof_cb != NULL) - ssl2_compat = 0; } #endif diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 3e522104..e763d7c3 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -296,26 +296,11 @@ int ssl3_connect(SSL *s) } else { -#ifndef OPENSSL_NO_TLSEXT - /* The server hello indicated that - * an audit proof would follow. */ - if (s->s3->tlsext_authz_server_promised) - s->state=SSL3_ST_CR_SUPPLEMENTAL_DATA_A; - else -#endif - s->state=SSL3_ST_CR_CERT_A; + s->state=SSL3_ST_CR_CERT_A; } s->init_num=0; break; -#ifndef OPENSSL_NO_TLSEXT - case SSL3_ST_CR_SUPPLEMENTAL_DATA_A: - case SSL3_ST_CR_SUPPLEMENTAL_DATA_B: - ret = tls1_get_server_supplemental_data(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_CERT_A; - s->init_num = 0; - break; -#endif + case SSL3_ST_CR_CERT_A: case SSL3_ST_CR_CERT_B: #ifndef OPENSSL_NO_TLSEXT @@ -1325,21 +1310,6 @@ int ssl3_get_server_certificate(SSL *s) s->session->verify_result = s->verify_result; x=NULL; -#ifndef OPENSSL_NO_TLSEXT - /* Check the audit proof. */ - if (s->ctx->tlsext_authz_server_audit_proof_cb) - { - ret = s->ctx->tlsext_authz_server_audit_proof_cb(s, - s->ctx->tlsext_authz_server_audit_proof_cb_arg); - if (ret <= 0) - { - al = SSL_AD_BAD_CERTIFICATE; - OPENSSL_PUT_ERROR(SSL, ssl3_get_server_certificate, SSL_R_INVALID_AUDIT_PROOF); - goto f_err; - } - } - -#endif ret=1; if (0) { @@ -3390,106 +3360,3 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) i = s->ctx->client_cert_cb(s,px509,ppkey); return i; } - -#ifndef OPENSSL_NO_TLSEXT -int tls1_get_server_supplemental_data(SSL *s) - { - int al; - int ok; - unsigned long supp_data_len, authz_data_len; - long n; - unsigned short supp_data_type, authz_data_type, proof_len; - const unsigned char *p; - unsigned char *new_proof; - - n=s->method->ssl_get_message(s, - SSL3_ST_CR_SUPPLEMENTAL_DATA_A, - SSL3_ST_CR_SUPPLEMENTAL_DATA_B, - SSL3_MT_SUPPLEMENTAL_DATA, - /* use default limit */ - TLSEXT_MAXLEN_supplemental_data, - &ok); - - if (!ok) return((int)n); - - p = (unsigned char *)s->init_msg; - - /* The message cannot be empty */ - if (n < 3) - { - al = SSL_AD_DECODE_ERROR; - OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - /* Length of supplemental data */ - n2l3(p,supp_data_len); - n -= 3; - /* We must have at least one supplemental data entry - * with type (1 byte) and length (2 bytes). */ - if (supp_data_len != (unsigned long) n || n < 4) - { - al = SSL_AD_DECODE_ERROR; - OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - /* Supplemental data type: must be authz_data */ - n2s(p,supp_data_type); - n -= 2; - if (supp_data_type != TLSEXT_SUPPLEMENTALDATATYPE_authz_data) - { - al = SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE); - goto f_err; - } - /* Authz data length */ - n2s(p, authz_data_len); - n -= 2; - if (authz_data_len != (unsigned long) n || n < 1) - { - al = SSL_AD_DECODE_ERROR; - OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - /* Authz data type: must be audit_proof */ - authz_data_type = *(p++); - n -= 1; - if (authz_data_type != TLSEXT_AUTHZDATAFORMAT_audit_proof) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_UNKNOWN_AUTHZ_DATA_TYPE); - goto f_err; - } - /* We have a proof: read its length */ - if (n < 2) - { - al = SSL_AD_DECODE_ERROR; - OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - n2s(p, proof_len); - n -= 2; - if (proof_len != (unsigned long) n) - { - al = SSL_AD_DECODE_ERROR; - OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - /* Store the proof */ - new_proof = OPENSSL_realloc(s->session->audit_proof, - proof_len); - if (new_proof == NULL) - { - OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_MALLOC_FAILURE); - return 0; - } - s->session->audit_proof_length = proof_len; - s->session->audit_proof = new_proof; - memcpy(s->session->audit_proof, p, proof_len); - - /* Got the proof, but can't verify it yet. */ - return 1; -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return -1; - } -#endif diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index a674e723..125a6082 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2722,10 +2722,6 @@ void ssl3_free(SSL *s) OPENSSL_free(s->s3->alpn_selected); #endif -#ifndef OPENSSL_NO_TLSEXT - if (s->s3->tlsext_authz_client_types != NULL) - OPENSSL_free(s->s3->tlsext_authz_client_types); -#endif OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); s->s3=NULL; @@ -2756,11 +2752,6 @@ void ssl3_clear(SSL *s) } #endif #ifndef OPENSSL_NO_TLSEXT - if (s->s3->tlsext_authz_client_types != NULL) - { - OPENSSL_free(s->s3->tlsext_authz_client_types); - s->s3->tlsext_authz_client_types = NULL; - } #ifndef OPENSSL_NO_EC s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ @@ -3494,10 +3485,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_CHAIN_CERT_STORE: return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg); - case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG: - ctx->tlsext_authz_server_audit_proof_cb_arg = parg; - break; - #endif /* !OPENSSL_NO_TLSEXT */ /* A Thawte special :-) */ @@ -3616,11 +3603,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) HMAC_CTX *, int))fp; break; - case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB: - ctx->tlsext_authz_server_audit_proof_cb = - (int (*)(SSL *, void *))fp; - break; - #endif default: return(0); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 95ed74d3..cd041451 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -346,34 +346,13 @@ int ssl3_accept(SSL *s) } #else if (s->hit) - s->state=SSL3_ST_SW_CHANGE_A; + s->state=SSL3_ST_SW_CHANGE_A; #endif else -#ifndef OPENSSL_NO_TLSEXT - s->state = SSL3_ST_SW_SUPPLEMENTAL_DATA_A; -#else - s->state = SSL3_ST_SW_CERT_A; -#endif + s->state = SSL3_ST_SW_CERT_A; s->init_num = 0; break; -#ifndef OPENSSL_NO_TLSEXT - case SSL3_ST_SW_SUPPLEMENTAL_DATA_A: - case SSL3_ST_SW_SUPPLEMENTAL_DATA_B: - /* We promised to send an audit proof in the hello. */ - if (s->s3->tlsext_authz_promised_to_client) - { - ret = tls1_send_server_supplemental_data(s); - if (ret <= 0) goto end; - } - else - skip = 1; - - s->state = SSL3_ST_SW_CERT_A; - s->init_num = 0; - break; -#endif - case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH, */ @@ -3463,98 +3442,4 @@ err: return ret; } -int tls1_send_server_supplemental_data(SSL *s) - { - size_t length = 0; - const unsigned char *authz, *orig_authz; - unsigned char *p; - size_t authz_length, i; - - if (s->state != SSL3_ST_SW_SUPPLEMENTAL_DATA_A) - return ssl3_do_write(s, SSL3_RT_HANDSHAKE); - - orig_authz = authz = ssl_get_authz_data(s, &authz_length); - if (authz == NULL) - { - /* This should never occur. */ - return 0; - } - - /* First we walk over the authz data to see how long the handshake - * message will be. */ - for (i = 0; i < authz_length; i++) - { - unsigned short len; - unsigned char type; - - type = *(authz++); - n2s(authz, len); - /* n2s increments authz by 2*/ - i += 2; - - if (memchr(s->s3->tlsext_authz_client_types, - type, - s->s3->tlsext_authz_client_types_len) != NULL) - length += 1 /* authz type */ + 2 /* length */ + len; - - authz += len; - i += len; - } - - length += 1 /* handshake type */ + - 3 /* handshake length */ + - 3 /* supplemental data length */ + - 2 /* supplemental entry type */ + - 2 /* supplemental entry length */; - - if (!BUF_MEM_grow_clean(s->init_buf, length)) - { - OPENSSL_PUT_ERROR(SSL, tls1_send_server_supplemental_data, ERR_R_BUF_LIB); - return 0; - } - - p = (unsigned char *)s->init_buf->data; - *(p++) = SSL3_MT_SUPPLEMENTAL_DATA; - /* Handshake length */ - l2n3(length - 4, p); - /* Length of supplemental data */ - l2n3(length - 7, p); - /* Supplemental data type */ - s2n(TLSEXT_SUPPLEMENTALDATATYPE_authz_data, p); - /* Its length */ - s2n(length - 11, p); - - authz = orig_authz; - - /* Walk over the authz again and append the selected elements. */ - for (i = 0; i < authz_length; i++) - { - unsigned short len; - unsigned char type; - - type = *(authz++); - n2s(authz, len); - /* n2s increments authz by 2 */ - i += 2; - - if (memchr(s->s3->tlsext_authz_client_types, - type, - s->s3->tlsext_authz_client_types_len) != NULL) - { - *(p++) = type; - s2n(len, p); - memcpy(p, authz, len); - p += len; - } - - authz += len; - i += len; - } - - s->state = SSL3_ST_SW_SUPPLEMENTAL_DATA_B; - s->init_num = length; - s->init_off = 0; - - return ssl3_do_write(s, SSL3_RT_HANDSHAKE); - } #endif diff --git a/ssl/ssl.h b/ssl/ssl.h index 2afa4628..a83cf1af 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -528,13 +528,6 @@ struct ssl_session_st #endif char peer_sha256_valid; /* Non-zero if peer_sha256 is valid */ unsigned char peer_sha256[SHA256_DIGEST_LENGTH]; /* SHA256 of peer certificate */ -#ifndef OPENSSL_NO_TLSEXT - /* Used by client: the proof for this session. - * We store it outside the sess_cert structure, since the proof - * is received before the certificate. */ - unsigned char *audit_proof; - size_t audit_proof_length; -#endif /* original_handshake_hash contains the handshake hash (either * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full @@ -1136,9 +1129,7 @@ struct ssl_ctx_st size_t tlsext_ellipticcurvelist_length; unsigned char *tlsext_ellipticcurvelist; # endif /* OPENSSL_NO_EC */ - int (*tlsext_authz_server_audit_proof_cb)(SSL *s, void *arg); - void *tlsext_authz_server_audit_proof_cb_arg; -#endif +#endif /* OPENSSL_NO_TLSEXT */ /* If true, a client will advertise the Channel ID extension and a * server will echo it. */ @@ -1799,9 +1790,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 #define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 #define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 -/* Callback for verifying audit proofs (client only) */ -#define SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB 95 -#define SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG 96 #endif /* OPENSSL_NO_TLSEXT */ #define DTLS_CTRL_GET_TIMEOUT 73 @@ -2085,20 +2073,6 @@ int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); int SSL_use_certificate(SSL *ssl, X509 *x); int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); -#ifndef OPENSSL_NO_TLSEXT -/* Set authz data for the current active cert. */ -int SSL_CTX_use_authz(SSL_CTX *ctx, unsigned char *authz, size_t authz_length); -int SSL_use_authz(SSL *ssl, unsigned char *authz, size_t authz_length); -/* Get the authz of type 'type' associated with the current active cert. */ -const unsigned char *SSL_CTX_get_authz_data(SSL_CTX *ctx, unsigned char type, - size_t *data_length); -#ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_authz_file(SSL_CTX *ctx, const char *file); -int SSL_use_authz_file(SSL *ssl, const char *file); -#endif - -#endif - #ifndef OPENSSL_NO_STDIO int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); @@ -2142,10 +2116,6 @@ int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); #ifndef OPENSSL_NO_BIO int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); #endif -#ifndef OPENSSL_NO_TLSEXT -unsigned char *SSL_SESSION_get_tlsext_authz_server_audit_proof(SSL_SESSION *s, - size_t *proof_length); -#endif void SSL_SESSION_free(SSL_SESSION *ses); int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); int SSL_set_session(SSL *to, SSL_SESSION *session); diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 9fc8b182..165a1cc4 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -541,20 +541,6 @@ typedef struct ssl3_state_st #endif #ifndef OPENSSL_NO_TLSEXT - /* tlsext_authz_client_types contains an array of supported authz - * types, as advertised by the client. The array is sorted and - * does not contain any duplicates. */ - unsigned char *tlsext_authz_client_types; - size_t tlsext_authz_client_types_len; - /* tlsext_authz_promised_to_client is true iff we're a server and we - * echoed the client's supplemental data extension and therefore must - * send a supplemental data handshake message. */ - char tlsext_authz_promised_to_client; - /* tlsext_authz_server_promised is true iff we're a client and the - * server echoed our server_authz extension and therefore must send us - * a supplemental data handshake message. */ - char tlsext_authz_server_promised; - #ifndef OPENSSL_NO_EC /* This is set to true if we believe that this is a version of Safari * running on OS X 10.6 or newer. We wish to know this because Safari @@ -613,8 +599,6 @@ typedef struct ssl3_state_st #define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) #define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) #define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) -#define SSL3_ST_CR_SUPPLEMENTAL_DATA_A (0x210|SSL_ST_CONNECT) -#define SSL3_ST_CR_SUPPLEMENTAL_DATA_B (0x211|SSL_ST_CONNECT) /* write to server */ #define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) #define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index a11d7a3c..e13e1ef4 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -324,24 +324,6 @@ CERT *ssl_cert_dup(CERT *cert) } } rpk->valid_flags = 0; -#ifndef OPENSSL_NO_TLSEXT - if (cert->pkeys[i].authz != NULL) - { - /* Just copy everything. */ - ret->pkeys[i].authz_length = - cert->pkeys[i].authz_length; - ret->pkeys[i].authz = - OPENSSL_malloc(ret->pkeys[i].authz_length); - if (ret->pkeys[i].authz == NULL) - { - OPENSSL_PUT_ERROR(SSL, ssl_cert_dup, ERR_R_MALLOC_FAILURE); - return NULL; - } - memcpy(ret->pkeys[i].authz, - cert->pkeys[i].authz, - cert->pkeys[i].authz_length); - } -#endif } ret->references=1; @@ -456,13 +438,6 @@ void ssl_cert_clear_certs(CERT *c) sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = NULL; } -#ifndef OPENSSL_NO_TLSEXT - if (cpk->authz) - { - OPENSSL_free(cpk->authz); - cpk->authz = NULL; - } -#endif /* Clear all flags apart from explicit sign */ cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 09efe851..8ee09b9a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2644,27 +2644,6 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) return c->pkeys[idx].privatekey; } -#ifndef OPENSSL_NO_TLSEXT -unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length) - { - CERT *c; - int i; - - c = s->cert; - i = ssl_get_server_cert_index(s); - - if (i == -1) - return NULL; - - *authz_length = 0; - if (c->pkeys[i].authz == NULL) - return(NULL); - *authz_length = c->pkeys[i].authz_length; - - return c->pkeys[i].authz; - } -#endif - void ssl_update_cache(SSL *s,int mode) { int i; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 17dc08b6..8b99244e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -516,15 +516,6 @@ typedef struct cert_pkey_st const EVP_MD *digest; /* Chain for this certificate */ STACK_OF(X509) *chain; -#ifndef OPENSSL_NO_TLSEXT - /* authz/authz_length contain authz data for this certificate. The data - * is in wire format, specifically it's a series of records like: - * uint8_t authz_type; // (RFC 5878, AuthzDataFormat) - * uint16_t length; - * uint8_t data[length]; */ - unsigned char *authz; - size_t authz_length; -#endif /* Set if CERT_PKEY can be used with current SSL session: e.g. * appropriate curve, signature algorithms etc. If zero it can't be * used at all. @@ -1026,9 +1017,6 @@ int ssl_undefined_function(SSL *s); int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); -#ifndef OPENSSL_NO_TLSEXT -unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length); -#endif EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); int ssl_cert_type(X509 *x,EVP_PKEY *pkey); void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); @@ -1289,11 +1277,6 @@ int ssl_parse_serverhello_tlsext(SSL *s, CBS *cbs); int ssl_prepare_clienthello_tlsext(SSL *s); int ssl_prepare_serverhello_tlsext(SSL *s); -/* server only */ -int tls1_send_server_supplemental_data(SSL *s); -/* client only */ -int tls1_get_server_supplemental_data(SSL *s); - #ifdef OPENSSL_NO_SHA256 #define tlsext_tick_md EVP_sha1 #else diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 4a6ed62b..1b5b1d10 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -68,10 +68,6 @@ static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -#ifndef OPENSSL_NO_TLSEXT -static int ssl_set_authz(CERT *c, unsigned char *authz, - size_t authz_length); -#endif int SSL_use_certificate(SSL *ssl, X509 *x) { if (x == NULL) @@ -803,228 +799,4 @@ end: if (in != NULL) BIO_free(in); return(ret); } -#endif - -#ifndef OPENSSL_NO_TLSEXT -/* authz_validate returns true iff authz is well formed, i.e. that it meets the - * wire format as documented in the CERT_PKEY structure and that there are no - * duplicate entries. */ -static char authz_validate(const unsigned char *authz, size_t length) - { - unsigned char types_seen_bitmap[32]; - - if (!authz) - return 1; - - memset(types_seen_bitmap, 0, sizeof(types_seen_bitmap)); - - for (;;) - { - unsigned char type, byte, bit; - unsigned short len; - - if (!length) - return 1; - - type = *(authz++); - length--; - - byte = type / 8; - bit = type & 7; - if (types_seen_bitmap[byte] & (1 << bit)) - return 0; - types_seen_bitmap[byte] |= (1 << bit); - - if (length < 2) - return 0; - len = ((unsigned short) authz[0]) << 8 | - ((unsigned short) authz[1]); - authz += 2; - length -= 2; - - if (length < len) - return 0; - - authz += len; - length -= len; - } - } - -static const unsigned char *authz_find_data(const unsigned char *authz, - size_t authz_length, - unsigned char data_type, - size_t *data_length) - { - if (authz == NULL) return NULL; - if (!authz_validate(authz, authz_length)) - { - OPENSSL_PUT_ERROR(SSL, authz_find_data, SSL_R_INVALID_AUTHZ_DATA); - return NULL; - } - - for (;;) - { - unsigned char type; - unsigned short len; - if (!authz_length) - return NULL; - - type = *(authz++); - authz_length--; - - /* We've validated the authz data, so we don't have to - * check again that we have enough bytes left. */ - len = ((unsigned short) authz[0]) << 8 | - ((unsigned short) authz[1]); - authz += 2; - authz_length -= 2; - if (type == data_type) - { - *data_length = len; - return authz; - } - authz += len; - authz_length -= len; - } - /* No match */ - return NULL; - } - -static int ssl_set_authz(CERT *c, unsigned char *authz, size_t authz_length) - { - CERT_PKEY *current_key = c->key; - if (current_key == NULL) - return 0; - if (!authz_validate(authz, authz_length)) - { - OPENSSL_PUT_ERROR(SSL, ssl_set_authz, SSL_R_INVALID_AUTHZ_DATA); - return(0); - } - current_key->authz = OPENSSL_realloc(current_key->authz, authz_length); - if (current_key->authz == NULL) - { - OPENSSL_PUT_ERROR(SSL, ssl_set_authz, ERR_R_MALLOC_FAILURE); - return 0; - } - current_key->authz_length = authz_length; - memcpy(current_key->authz, authz, authz_length); - return 1; - } - -int SSL_CTX_use_authz(SSL_CTX *ctx, unsigned char *authz, - size_t authz_length) - { - if (authz == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_authz, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!ssl_cert_inst(&ctx->cert)) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_authz, ERR_R_MALLOC_FAILURE); - return 0; - } - return ssl_set_authz(ctx->cert, authz, authz_length); - } - -int SSL_use_authz(SSL *ssl, unsigned char *authz, size_t authz_length) - { - if (authz == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_authz, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!ssl_cert_inst(&ssl->cert)) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_authz, ERR_R_MALLOC_FAILURE); - return 0; - } - return ssl_set_authz(ssl->cert, authz, authz_length); - } - -const unsigned char *SSL_CTX_get_authz_data(SSL_CTX *ctx, unsigned char type, - size_t *data_length) - { - CERT_PKEY *current_key; - - if (ctx->cert == NULL) - return NULL; - current_key = ctx->cert->key; - if (current_key->authz == NULL) - return NULL; - return authz_find_data(current_key->authz, - current_key->authz_length, type, data_length); - } - -#ifndef OPENSSL_NO_STDIO -/* read_authz returns a newly allocated buffer with authz data */ -static unsigned char *read_authz(const char *file, size_t *authz_length) - { - BIO *authz_in = NULL; - unsigned char *authz = NULL; - /* Allow authzs up to 64KB. */ - static const size_t authz_limit = 65536; - size_t read_length; - unsigned char *ret = NULL; - - authz_in = BIO_new(BIO_s_file()); - if (authz_in == NULL) - { - OPENSSL_PUT_ERROR(SSL, read_authz, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(authz_in,file) <= 0) - { - OPENSSL_PUT_ERROR(SSL, read_authz, ERR_R_SYS_LIB); - goto end; - } - - authz = OPENSSL_malloc(authz_limit); - read_length = BIO_read(authz_in, authz, authz_limit); - if (read_length == authz_limit || read_length <= 0) - { - OPENSSL_PUT_ERROR(SSL, read_authz, SSL_R_AUTHZ_DATA_TOO_LARGE); - OPENSSL_free(authz); - goto end; - } - *authz_length = read_length; - ret = authz; -end: - if (authz_in != NULL) BIO_free(authz_in); - return ret; - } - -int SSL_CTX_use_authz_file(SSL_CTX *ctx, const char *file) - { - unsigned char *authz = NULL; - size_t authz_length = 0; - int ret; - - authz = read_authz(file, &authz_length); - if (authz == NULL) - return 0; - - ret = SSL_CTX_use_authz(ctx, authz, authz_length); - /* SSL_CTX_use_authz makes a local copy of the authz. */ - OPENSSL_free(authz); - return ret; - } - -int SSL_use_authz_file(SSL *ssl, const char *file) - { - unsigned char *authz = NULL; - size_t authz_length = 0; - int ret; - - authz = read_authz(file, &authz_length); - if (authz == NULL) - return 0; - - ret = SSL_use_authz(ssl, authz, authz_length); - /* SSL_use_authz makes a local copy of the authz. */ - OPENSSL_free(authz); - return ret; - } #endif /* OPENSSL_NO_STDIO */ -#endif /* OPENSSL_NO_TLSEXT */ diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 2fd57dcf..0153ba77 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -761,8 +761,6 @@ void SSL_SESSION_free(SSL_SESSION *ss) ss->tlsext_ellipticcurvelist_length = 0; if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ - if (ss->audit_proof != NULL) OPENSSL_free(ss->audit_proof); - ss->audit_proof_length = 0; #endif #ifndef OPENSSL_NO_PSK if (ss->psk_identity_hint != NULL) @@ -869,15 +867,6 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, return 1; } -#ifndef OPENSSL_NO_TLSEXT -unsigned char *SSL_SESSION_get_tlsext_authz_server_audit_proof(SSL_SESSION *s, size_t *proof_length) - { - if (s->audit_proof != NULL) - *proof_length = s->audit_proof_length; - return s->audit_proof; - } -#endif - long SSL_CTX_set_timeout(SSL_CTX *s, long t) { long l; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index fabb97bb..43f2c3f6 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1229,19 +1229,6 @@ void ssl_set_client_disabled(SSL *s) c->valid = 1; } -/* byte_compare is a compare function for qsort(3) that compares bytes. */ -static int byte_compare(const void *in_a, const void *in_b) - { - unsigned char a = *((const unsigned char*) in_a); - unsigned char b = *((const unsigned char*) in_b); - - if (a > b) - return 1; - else if (a < b) - return -1; - return 0; -} - /* header_len is the length of the ClientHello header written so far, used to * compute padding. It does not include the record header. Pass 0 if no padding * is to be done. */ @@ -1498,26 +1485,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c ret += el; } - /* Add TLS extension Server_Authz_DataFormats to the ClientHello */ - /* 2 bytes for extension type */ - /* 2 bytes for extension length */ - /* 1 byte for the list length */ - /* 1 byte for the list (we only support audit proofs) */ - if (s->ctx->tlsext_authz_server_audit_proof_cb != NULL) - { - const unsigned short ext_len = 2; - const unsigned char list_len = 1; - - if (limit < ret + 6) - return NULL; - - s2n(TLSEXT_TYPE_server_authz, ret); - /* Extension length: 2 bytes */ - s2n(ext_len, ret); - *(ret++) = list_len; - *(ret++) = TLSEXT_AUTHZDATAFORMAT_audit_proof; - } - #ifndef OPENSSL_NO_EC if (using_ecc) { @@ -1743,79 +1710,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c } #endif - /* If the client supports authz then see whether we have any to offer - * to it. */ - if (s->s3->tlsext_authz_client_types_len) - { - size_t authz_length; - /* By now we already know the new cipher, so we can look ahead - * to see whether the cert we are going to send - * has any authz data attached to it. */ - const unsigned char* authz = ssl_get_authz_data(s, &authz_length); - const unsigned char* const orig_authz = authz; - size_t i; - unsigned authz_count = 0; - - /* The authz data contains a number of the following structures: - * uint8_t authz_type - * uint16_t length - * uint8_t data[length] - * - * First we walk over it to find the number of authz elements. */ - for (i = 0; i < authz_length; i++) - { - unsigned short length; - unsigned char type; - - type = *(authz++); - if (memchr(s->s3->tlsext_authz_client_types, - type, - s->s3->tlsext_authz_client_types_len) != NULL) - authz_count++; - - n2s(authz, length); - /* n2s increments authz by 2 */ - i += 2; - authz += length; - i += length; - } - - if (authz_count) - { - /* Add TLS extension server_authz to the ServerHello message - * 2 bytes for extension type - * 2 bytes for extension length - * 1 byte for the list length - * n bytes for the list */ - const unsigned short ext_len = 1 + authz_count; - - if ((long)(limit - ret - 4 - ext_len) < 0) return NULL; - s2n(TLSEXT_TYPE_server_authz, ret); - s2n(ext_len, ret); - *(ret++) = authz_count; - s->s3->tlsext_authz_promised_to_client = 1; - } - - authz = orig_authz; - for (i = 0; i < authz_length; i++) - { - unsigned short length; - unsigned char type; - - authz_count++; - type = *(authz++); - if (memchr(s->s3->tlsext_authz_client_types, - type, - s->s3->tlsext_authz_client_types_len) != NULL) - *(ret++) = type; - n2s(authz, length); - /* n2s increments authz by 2 */ - i += 2; - authz += length; - i += length; - } - } - if (s->s3->alpn_selected) { const uint8_t *selected = s->s3->alpn_selected; @@ -2466,65 +2360,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char return 0; } - else if (type == TLSEXT_TYPE_server_authz) - { - unsigned char *sdata = data; - unsigned char server_authz_dataformatlist_length; - - if (size == 0) - { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - - server_authz_dataformatlist_length = *(sdata++); - - if (server_authz_dataformatlist_length != size - 1) - { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - - /* Successful session resumption uses the same authz - * information as the original session so we ignore this - * in the case of a session resumption. */ - if (!s->hit) - { - if (s->s3->tlsext_authz_client_types != NULL) - OPENSSL_free(s->s3->tlsext_authz_client_types); - s->s3->tlsext_authz_client_types = - OPENSSL_malloc(server_authz_dataformatlist_length); - if (!s->s3->tlsext_authz_client_types) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - - s->s3->tlsext_authz_client_types_len = - server_authz_dataformatlist_length; - memcpy(s->s3->tlsext_authz_client_types, - sdata, - server_authz_dataformatlist_length); - - /* Sort the types in order to check for duplicates. */ - qsort(s->s3->tlsext_authz_client_types, - server_authz_dataformatlist_length, - 1 /* element size */, - byte_compare); - - for (i = 0; i < server_authz_dataformatlist_length; i++) - { - if (i > 0 && - s->s3->tlsext_authz_client_types[i] == - s->s3->tlsext_authz_client_types[i-1]) - { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - } - } - } - data+=size; } @@ -2805,40 +2640,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, CBS *cbs, int *out_alert) if (!ssl_parse_serverhello_use_srtp_ext(s, &extension, out_alert)) return 0; } - - else if (type == TLSEXT_TYPE_server_authz) - { - /* We only support audit proofs. It's an error to send - * an authz hello extension if the client - * didn't request a proof. */ - CBS authz_data_formats; - uint8_t authz_data_format; - - if (!s->ctx->tlsext_authz_server_audit_proof_cb) - { - *out_alert = SSL_AD_UNSUPPORTED_EXTENSION; - return 0; - } - - if (!CBS_get_u8_length_prefixed(&extension, &authz_data_formats) || - CBS_len(&extension) != 0) - { - *out_alert = SSL_AD_DECODE_ERROR; - return 0; - } - - /* We only support audit proofs, so a legal ServerHello - * authz list contains exactly one entry. */ - if (!CBS_get_u8(&authz_data_formats, &authz_data_format) || - CBS_len(&authz_data_formats) != 0 || - authz_data_format != TLSEXT_AUTHZDATAFORMAT_audit_proof) - { - *out_alert = SSL_AD_UNSUPPORTED_EXTENSION; - return 0; - } - - s->s3->tlsext_authz_server_promised = 1; - } } if (!s->hit && tlsext_servername == 1) diff --git a/ssl/tls1.h b/ssl/tls1.h index 8cdcf919..c26a05af 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -301,14 +301,6 @@ extern "C" { #define TLSEXT_MAXLEN_host_name 255 -/* From RFC 5878 */ -#define TLSEXT_SUPPLEMENTALDATATYPE_authz_data 16386 -/* This is not IANA assigned. See - * https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#authorization-data-rules */ -#define TLSEXT_AUTHZDATAFORMAT_audit_proof 182 - -#define TLSEXT_MAXLEN_supplemental_data 1024*16 /* Let's limit to 16k */ - const char *SSL_get_servername(const SSL *s, const int type); int SSL_get_servername_type(const SSL *s); /* SSL_export_keying_material exports a value derived from the master secret, @@ -387,13 +379,6 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) -/* Used by clients to process audit proofs. */ -#define SSL_CTX_set_tlsext_authz_server_audit_proof_cb(ctx, cb) \ -SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB,(void (*)(void))cb) - -#define SSL_CTX_set_tlsext_authz_server_audit_proof_cb_arg(ctx, arg) \ -SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG, 0, arg); - #endif /* OPENSSL_NO_TLSEXT */ /* PSK ciphersuites from 4279 */