RFC 5878 support.

author: Ben Laurie <ben@openssl.org> 2012-05-30 10:10:58 +0000
committer: Ben Laurie <ben@openssl.org> 2012-05-30 10:10:58 +0000
commit: a9e1c50bb09a110d4774e6710f9322344684fa2d (patch)
tree: e030d9ea1f33d1c7d310e8ceba621e77e59b988b /ssl/s3_clnt.c
parent: 03c1d9f99d95e19d4940aae8587808924cab486a (diff)
download: openssl-new-a9e1c50bb09a110d4774e6710f9322344684fa2d.tar.gz
1 files changed, 137 insertions, 3 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index cd4f0ad468..e8fe968e59 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -307,10 +307,27 @@ int ssl3_connect(SSL *s)
 #endif
 				}
 			else
-				s->state=SSL3_ST_CR_CERT_A;
+				{
+#ifndef OPENSSL_NO_TLSEXT
+				/* The server hello indicated that
+				 * an audit proof would follow. */
+				if (s->s3->tlsext_authz_server_promised)
+					s->state=SSL3_ST_CR_SUPPLEMENTAL_DATA_A;
+				else
+#endif
+					s->state=SSL3_ST_CR_CERT_A;
+				}
 			s->init_num=0;
 			break;
-
+#ifndef OPENSSL_NO_TLSEXT
+		case SSL3_ST_CR_SUPPLEMENTAL_DATA_A:
+		case SSL3_ST_CR_SUPPLEMENTAL_DATA_B:
+			ret = tls1_get_server_supplemental_data(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_CR_CERT_A;
+			s->init_num = 0;
+			break;
+#endif
 		case SSL3_ST_CR_CERT_A:
 		case SSL3_ST_CR_CERT_B:
 #ifndef OPENSSL_NO_TLSEXT
@@ -1231,8 +1248,22 @@ int ssl3_get_server_certificate(SSL *s)
 	s->session->verify_result = s->verify_result;
 
 	x=NULL;
-	ret=1;
+#ifndef OPENSSL_NO_TLSEXT
+	/* Check the audit proof. */
+	if (s->ctx->tlsext_authz_server_audit_proof_cb)
+		{
+		ret = s->ctx->tlsext_authz_server_audit_proof_cb(s,
+			s->ctx->tlsext_authz_server_audit_proof_cb_arg);
+		if (ret <= 0)
+			{
+			al = SSL_AD_BAD_CERTIFICATE;
+			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_INVALID_AUDIT_PROOF);
+			goto f_err;
+			}
+		}
 
+#endif
+	ret=1;
 	if (0)
 		{
 f_err:
@@ -3432,3 +3463,106 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
 		i = s->ctx->client_cert_cb(s,px509,ppkey);
 	return i;
 	}
+
+#ifndef OPENSSL_NO_TLSEXT
+int tls1_get_server_supplemental_data(SSL *s)
+	{
+	int al;
+	int ok;
+	unsigned long supp_data_len, authz_data_len;
+	long n;
+	unsigned short supp_data_type, authz_data_type, proof_len;
+	const unsigned char *p;
+	unsigned char *new_proof;
+
+	n=s->method->ssl_get_message(s,
+		SSL3_ST_CR_SUPPLEMENTAL_DATA_A,
+		SSL3_ST_CR_SUPPLEMENTAL_DATA_B,
+		SSL3_MT_SUPPLEMENTAL_DATA,
+		/* use default limit */
+		TLSEXT_MAXLEN_supplemental_data,
+		&ok);
+
+	if (!ok) return((int)n);
+
+	p = (unsigned char *)s->init_msg;
+
+	/* The message cannot be empty */
+	if (n < 3)
+		{
+		al = SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA,SSL_R_LENGTH_MISMATCH);
+		goto f_err;
+		}
+	/* Length of supplemental data */
+	n2l3(p,supp_data_len);
+	n -= 3;
+	/* We must have at least one supplemental data entry
+	 * with type (1 byte) and length (2 bytes). */
+	if (supp_data_len != (unsigned long) n || n < 4)
+		{
+		al = SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA,SSL_R_LENGTH_MISMATCH);
+		goto f_err;
+		}
+	/* Supplemental data type: must be authz_data */
+	n2s(p,supp_data_type);
+	n -= 2;
+	if (supp_data_type != TLSEXT_SUPPLEMENTALDATATYPE_authz_data)
+		{
+		al = SSL_AD_UNEXPECTED_MESSAGE;
+		SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA,SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE);
+		goto f_err;
+		}
+	/* Authz data length */
+	n2s(p, authz_data_len);
+	n -= 2;
+	if (authz_data_len != (unsigned long) n || n < 1)
+		{
+		al = SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA,SSL_R_LENGTH_MISMATCH);
+		goto f_err;
+		}
+	/* Authz data type: must be audit_proof */
+	authz_data_type = *(p++);
+	n -= 1;
+	if (authz_data_type != TLSEXT_AUTHZDATAFORMAT_audit_proof)
+		{
+		al=SSL_AD_UNEXPECTED_MESSAGE;
+		SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA,SSL_R_UNKNOWN_AUTHZ_DATA_TYPE);
+		goto f_err;
+		}
+	/* We have a proof: read its length */
+	if (n < 2)
+		{
+		al = SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA,SSL_R_LENGTH_MISMATCH);
+		goto f_err;
+		}
+	n2s(p, proof_len);
+	n -= 2;
+	if (proof_len != (unsigned long) n)
+		{
+		al = SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA,SSL_R_LENGTH_MISMATCH);
+		goto f_err;
+		}
+	/* Store the proof */
+	new_proof = OPENSSL_realloc(s->session->audit_proof,
+				    proof_len);
+	if (new_proof == NULL)
+		{
+		SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	s->session->audit_proof_length = proof_len;
+	s->session->audit_proof = new_proof;
+	memcpy(s->session->audit_proof, p, proof_len);
+
+	/* Got the proof, but can't verify it yet. */
+	return 1;
+f_err:
+	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+	return -1;
+	}
+#endif
author	Ben Laurie <ben@openssl.org>	2012-05-30 10:10:58 +0000
committer	Ben Laurie <ben@openssl.org>	2012-05-30 10:10:58 +0000
commit	a9e1c50bb09a110d4774e6710f9322344684fa2d (patch)
tree	e030d9ea1f33d1c7d310e8ceba621e77e59b988b /ssl/s3_clnt.c
parent	03c1d9f99d95e19d4940aae8587808924cab486a (diff)
download	openssl-new-a9e1c50bb09a110d4774e6710f9322344684fa2d.tar.gz