From d4092763cf386a3590d13240b4dad2162c7a0c2f Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 15 Apr 2008 17:08:15 +0300 Subject: [PATCH] Fixed fallback to full handshake when server rejects PAC-Opaque The TLS client changes in ssl3_get_server_hello() were based on the pre-RFC 5077 version of OpenSSL and they hardcoded s->hit to 1 in case PAC-Opaque was used. This prevented fallback to full TLS handshake in case the server rejected PAC-Opaque in ClientHello. The fixed version simplifies ssl3_get_server_hello() and uses the new RFC 5077 functionality in OpenSSL (ssl3_check_finished) to allow the state machine handle start of abbreviated handshake based on the used ticket. --- patches/openssl-0.9.9-session-ticket.patch | 78 +++++++++------------- 1 file changed, 31 insertions(+), 47 deletions(-) diff --git a/patches/openssl-0.9.9-session-ticket.patch b/patches/openssl-0.9.9-session-ticket.patch index 2c2733789..ae2cca033 100644 --- a/patches/openssl-0.9.9-session-ticket.patch +++ b/patches/openssl-0.9.9-session-ticket.patch @@ -1,4 +1,4 @@ -This patch adds support for TLS SessionTicket extension (RFC 4507) for +This patch adds support for TLS SessionTicket extension (RFC 5077) for the parts used by EAP-FAST (RFC 4851). This is based on the patch from Alexey Kobozev @@ -6,26 +6,15 @@ This is based on the patch from Alexey Kobozev -diff -upr openssl-SNAP-20071101.orig/ssl/s3_clnt.c openssl-SNAP-20071101/ssl/s3_clnt.c ---- openssl-SNAP-20071101.orig/ssl/s3_clnt.c 2007-10-26 06:00:28.000000000 -0700 -+++ openssl-SNAP-20071101/ssl/s3_clnt.c 2007-11-01 19:19:43.000000000 -0700 -@@ -715,7 +715,7 @@ int ssl3_get_server_hello(SSL *s) - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; - unsigned char *p,*d; -- int i,al,ok; -+ int i,al,ok,pre_shared; - unsigned int j; - long n; - #ifndef OPENSSL_NO_COMP -@@ -782,7 +782,26 @@ int ssl3_get_server_hello(SSL *s) +diff -upr openssl-SNAP-20080415.orig/ssl/s3_clnt.c openssl-SNAP-20080415/ssl/s3_clnt.c +--- openssl-SNAP-20080415.orig/ssl/s3_clnt.c 2008-01-06 00:00:33.000000000 +0200 ++++ openssl-SNAP-20080415/ssl/s3_clnt.c 2008-04-15 16:58:39.000000000 +0300 +@@ -785,6 +785,20 @@ int ssl3_get_server_hello(SSL *s) goto f_err; } -- if (j != 0 && j == s->session->session_id_length -+ /* check if we want to resume the session based on external pre-shared secret */ -+ pre_shared = 0; +#ifndef OPENSSL_NO_TLSEXT ++ /* check if we want to resume the session based on external pre-shared secret */ + if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) + { + SSL_CIPHER *pref_cipher=NULL; @@ -33,22 +22,17 @@ diff -upr openssl-SNAP-20071101.orig/ssl/s3_clnt.c openssl-SNAP-20071101/ssl/s3_ + if (s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length, + NULL, &pref_cipher, s->tls_session_secret_cb_arg)) + { -+ s->hit=1; + s->session->cipher=pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s,p+j); -+ s->session->session_id_length = j; -+ memcpy(s->session->session_id, p, j); -+ pre_shared = 1; + } + } +#endif /* OPENSSL_NO_TLSEXT */ + -+ if ((pre_shared || j != 0) && j == s->session->session_id_length + if (j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) { - if(s->sid_ctx_length != s->session->sid_ctx_length -diff -upr openssl-SNAP-20071101.orig/ssl/s3_srvr.c openssl-SNAP-20071101/ssl/s3_srvr.c ---- openssl-SNAP-20071101.orig/ssl/s3_srvr.c 2007-10-26 06:00:29.000000000 -0700 -+++ openssl-SNAP-20071101/ssl/s3_srvr.c 2007-11-01 19:19:43.000000000 -0700 +diff -upr openssl-SNAP-20080415.orig/ssl/s3_srvr.c openssl-SNAP-20080415/ssl/s3_srvr.c +--- openssl-SNAP-20080415.orig/ssl/s3_srvr.c 2007-10-26 16:00:29.000000000 +0300 ++++ openssl-SNAP-20080415/ssl/s3_srvr.c 2008-04-15 16:32:08.000000000 +0300 @@ -992,6 +992,59 @@ int ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); goto err; @@ -133,9 +117,9 @@ diff -upr openssl-SNAP-20071101.orig/ssl/s3_srvr.c openssl-SNAP-20071101/ssl/s3_ /* Do the message type and length last */ d=p= &(buf[4]); -diff -upr openssl-SNAP-20071101.orig/ssl/ssl.h openssl-SNAP-20071101/ssl/ssl.h ---- openssl-SNAP-20071101.orig/ssl/ssl.h 2007-10-26 17:01:28.000000000 -0700 -+++ openssl-SNAP-20071101/ssl/ssl.h 2007-11-01 19:20:47.000000000 -0700 +diff -upr openssl-SNAP-20080415.orig/ssl/ssl.h openssl-SNAP-20080415/ssl/ssl.h +--- openssl-SNAP-20080415.orig/ssl/ssl.h 2007-10-27 03:01:28.000000000 +0300 ++++ openssl-SNAP-20080415/ssl/ssl.h 2008-04-15 16:32:08.000000000 +0300 @@ -353,6 +353,7 @@ extern "C" { * 'struct ssl_st *' function parameters used to prototype callbacks * in SSL_CTX. */ @@ -188,9 +172,9 @@ diff -upr openssl-SNAP-20071101.orig/ssl/ssl.h openssl-SNAP-20071101/ssl/ssl.h /* Reason codes. */ #define SSL_R_APP_DATA_IN_HANDSHAKE 100 -diff -upr openssl-SNAP-20071101.orig/ssl/ssl_err.c openssl-SNAP-20071101/ssl/ssl_err.c ---- openssl-SNAP-20071101.orig/ssl/ssl_err.c 2007-10-26 17:01:29.000000000 -0700 -+++ openssl-SNAP-20071101/ssl/ssl_err.c 2007-11-01 19:19:43.000000000 -0700 +diff -upr openssl-SNAP-20080415.orig/ssl/ssl_err.c openssl-SNAP-20080415/ssl/ssl_err.c +--- openssl-SNAP-20080415.orig/ssl/ssl_err.c 2007-10-27 03:01:29.000000000 +0300 ++++ openssl-SNAP-20080415/ssl/ssl_err.c 2008-04-15 16:32:08.000000000 +0300 @@ -260,6 +260,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, @@ -199,9 +183,9 @@ diff -upr openssl-SNAP-20071101.orig/ssl/ssl_err.c openssl-SNAP-20071101/ssl/ssl {0,NULL} }; -diff -upr openssl-SNAP-20071101.orig/ssl/ssl_sess.c openssl-SNAP-20071101/ssl/ssl_sess.c ---- openssl-SNAP-20071101.orig/ssl/ssl_sess.c 2007-10-17 11:00:45.000000000 -0700 -+++ openssl-SNAP-20071101/ssl/ssl_sess.c 2007-11-01 19:19:43.000000000 -0700 +diff -upr openssl-SNAP-20080415.orig/ssl/ssl_sess.c openssl-SNAP-20080415/ssl/ssl_sess.c +--- openssl-SNAP-20080415.orig/ssl/ssl_sess.c 2007-10-17 21:00:45.000000000 +0300 ++++ openssl-SNAP-20080415/ssl/ssl_sess.c 2008-04-15 16:32:08.000000000 +0300 @@ -831,6 +831,52 @@ long SSL_CTX_get_timeout(const SSL_CTX * return(s->session_timeout); } @@ -255,9 +239,9 @@ diff -upr openssl-SNAP-20071101.orig/ssl/ssl_sess.c openssl-SNAP-20071101/ssl/ss typedef struct timeout_param_st { SSL_CTX *ctx; -diff -upr openssl-SNAP-20071101.orig/ssl/t1_lib.c openssl-SNAP-20071101/ssl/t1_lib.c ---- openssl-SNAP-20071101.orig/ssl/t1_lib.c 2007-10-26 06:00:29.000000000 -0700 -+++ openssl-SNAP-20071101/ssl/t1_lib.c 2007-11-01 19:19:43.000000000 -0700 +diff -upr openssl-SNAP-20080415.orig/ssl/t1_lib.c openssl-SNAP-20080415/ssl/t1_lib.c +--- openssl-SNAP-20080415.orig/ssl/t1_lib.c 2008-03-17 00:00:10.000000000 +0200 ++++ openssl-SNAP-20080415/ssl/t1_lib.c 2008-04-15 16:32:08.000000000 +0300 @@ -154,6 +154,12 @@ int tls1_new(SSL *s) void tls1_free(SSL *s) @@ -271,7 +255,7 @@ diff -upr openssl-SNAP-20071101.orig/ssl/t1_lib.c openssl-SNAP-20071101/ssl/t1_l ssl3_free(s); } -@@ -355,8 +361,24 @@ unsigned char *ssl_add_clienthello_tlsex +@@ -357,8 +363,24 @@ unsigned char *ssl_add_clienthello_tlsex int ticklen; if (s->session && s->session->tlsext_tick) ticklen = s->session->tlsext_ticklen; @@ -296,7 +280,7 @@ diff -upr openssl-SNAP-20071101.orig/ssl/t1_lib.c openssl-SNAP-20071101/ssl/t1_l /* Check for enough room 2 for extension type, 2 for len * rest for ticket */ -@@ -369,6 +391,7 @@ unsigned char *ssl_add_clienthello_tlsex +@@ -371,6 +393,7 @@ unsigned char *ssl_add_clienthello_tlsex ret += ticklen; } } @@ -304,7 +288,7 @@ diff -upr openssl-SNAP-20071101.orig/ssl/t1_lib.c openssl-SNAP-20071101/ssl/t1_l #ifdef TLSEXT_TYPE_opaque_prf_input if (s->s3->client_opaque_prf_input != NULL) -@@ -1422,6 +1445,8 @@ int tls1_process_ticket(SSL *s, unsigned +@@ -1425,6 +1448,8 @@ int tls1_process_ticket(SSL *s, unsigned s->tlsext_ticket_expected = 1; return 0; /* Cache miss */ } @@ -313,9 +297,9 @@ diff -upr openssl-SNAP-20071101.orig/ssl/t1_lib.c openssl-SNAP-20071101/ssl/t1_l return tls_decrypt_ticket(s, p, size, session_id, len, ret); } -diff -upr openssl-SNAP-20071101.orig/ssl/tls1.h openssl-SNAP-20071101/ssl/tls1.h ---- openssl-SNAP-20071101.orig/ssl/tls1.h 2007-09-26 15:01:39.000000000 -0700 -+++ openssl-SNAP-20071101/ssl/tls1.h 2007-11-01 19:19:43.000000000 -0700 +diff -upr openssl-SNAP-20080415.orig/ssl/tls1.h openssl-SNAP-20080415/ssl/tls1.h +--- openssl-SNAP-20080415.orig/ssl/tls1.h 2007-09-27 01:01:39.000000000 +0300 ++++ openssl-SNAP-20080415/ssl/tls1.h 2008-04-15 16:32:08.000000000 +0300 @@ -509,6 +509,14 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPA #define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ #endif @@ -331,9 +315,9 @@ diff -upr openssl-SNAP-20071101.orig/ssl/tls1.h openssl-SNAP-20071101/ssl/tls1.h #ifdef __cplusplus } #endif -diff -upr openssl-SNAP-20071101.orig/util/ssleay.num openssl-SNAP-20071101/util/ssleay.num ---- openssl-SNAP-20071101.orig/util/ssleay.num 2007-08-31 06:03:14.000000000 -0700 -+++ openssl-SNAP-20071101/util/ssleay.num 2007-11-01 19:19:43.000000000 -0700 +diff -upr openssl-SNAP-20080415.orig/util/ssleay.num openssl-SNAP-20080415/util/ssleay.num +--- openssl-SNAP-20080415.orig/util/ssleay.num 2007-08-31 16:03:14.000000000 +0300 ++++ openssl-SNAP-20080415/util/ssleay.num 2008-04-15 16:32:08.000000000 +0300 @@ -253,3 +253,5 @@ PEM_write_bio_SSL_SESSION PEM_read_SSL_SESSION 302 EXIST:!WIN16:FUNCTION: PEM_read_bio_SSL_SESSION 303 EXIST::FUNCTION: