diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b1f0c90b5f..119826f727 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2280,4 +2280,16 @@ int mbedtls_ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, mbedtls_pk_context *own_key, uint16_t *algorithm ); +#if defined(MBEDTLS_SSL_ALPN) +int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ); + + +int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *out_len ); +#endif /* MBEDTLS_SSL_ALPN */ + #endif /* ssl_misc.h */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8332461412..2b82fa05bb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8285,4 +8285,125 @@ int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ +#if defined(MBEDTLS_SSL_ALPN) +int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + const unsigned char *p = buf; + size_t protocol_name_list_len; + const unsigned char *protocol_name_list; + const unsigned char *protocol_name_list_end; + size_t protocol_name_len; + + /* If ALPN not configured, just ignore the extension */ + if( ssl->conf->alpn_list == NULL ) + return( 0 ); + + /* + * RFC7301, section 3.1 + * opaque ProtocolName<1..2^8-1>; + * + * struct { + * ProtocolName protocol_name_list<2..2^16-1> + * } ProtocolNameList; + */ + + /* + * protocol_name_list_len 2 bytes + * protocol_name_len 1 bytes + * protocol_name >=1 byte + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 ); + + protocol_name_list_len = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, protocol_name_list_len ); + protocol_name_list = p; + protocol_name_list_end = p + protocol_name_list_len; + + /* Validate peer's list (lengths) */ + while( p < protocol_name_list_end ) + { + protocol_name_len = *p++; + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, protocol_name_list_end, + protocol_name_len ); + if( protocol_name_len == 0 ) + { + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + p += protocol_name_len; + } + + /* Use our order of preference */ + for( const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++ ) + { + size_t const alpn_len = strlen( *alpn ); + p = protocol_name_list; + while( p < protocol_name_list_end ) + { + protocol_name_len = *p++; + if( protocol_name_len == alpn_len && + memcmp( p, *alpn, alpn_len ) == 0 ) + { + ssl->alpn_chosen = *alpn; + return( 0 ); + } + + p += protocol_name_len; + } + } + + /* If we get here, no match was found */ + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL, + MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL ); + return( MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL ); +} + +int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *out_len ) +{ + unsigned char *p = buf; + size_t protocol_name_len; + *out_len = 0; + + if( ssl->alpn_chosen == NULL ) + { + return( 0 ); + } + + protocol_name_len = strlen( ssl->alpn_chosen ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 + protocol_name_len ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server side, adding alpn extension" ) ); + /* + * 0 . 1 ext identifier + * 2 . 3 ext length + * 4 . 5 protocol list length + * 6 . 6 protocol name length + * 7 . 7+n protocol name + */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 ); + + *out_len = 7 + protocol_name_len; + + MBEDTLS_PUT_UINT16_BE( protocol_name_len + 3, p, 2 ); + MBEDTLS_PUT_UINT16_BE( protocol_name_len + 1, p, 4 ); + /* Note: the length of the chosen protocol has been checked to be less + * than 255 bytes in `mbedtls_ssl_conf_alpn_protocols`. + */ + p[6] = MBEDTLS_BYTE_0( protocol_name_len ); + + memcpy( p + 7, ssl->alpn_chosen, protocol_name_len ); + return ( 0 ); +} +#endif /* MBEDTLS_SSL_ALPN */ + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index e92014c9b9..21e5cda97d 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -528,94 +528,6 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_SSL_ALPN) -static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ - size_t list_len, cur_len, ours_len; - const unsigned char *theirs, *start, *end; - const char **ours; - - /* If ALPN not configured, just ignore the extension */ - if( ssl->conf->alpn_list == NULL ) - return( 0 ); - - /* - * opaque ProtocolName<1..2^8-1>; - * - * struct { - * ProtocolName protocol_name_list<2..2^16-1> - * } ProtocolNameList; - */ - - /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */ - if( len < 4 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - - list_len = ( buf[0] << 8 ) | buf[1]; - if( list_len != len - 2 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - - /* - * Validate peer's list (lengths) - */ - start = buf + 2; - end = buf + len; - for( theirs = start; theirs != end; theirs += cur_len ) - { - cur_len = *theirs++; - - /* Current identifier must fit in list */ - if( cur_len > (size_t)( end - theirs ) ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - - /* Empty strings MUST NOT be included */ - if( cur_len == 0 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - } - } - - /* - * Use our order of preference - */ - for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ ) - { - ours_len = strlen( *ours ); - for( theirs = start; theirs != end; theirs += cur_len ) - { - cur_len = *theirs++; - - if( cur_len == ours_len && - memcmp( theirs, *ours, cur_len ) == 0 ) - { - ssl->alpn_chosen = *ours; - return( 0 ); - } - } - } - - /* If we get there, no match was found */ - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL ); - return( MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL ); -} -#endif /* MBEDTLS_SSL_ALPN */ - #if defined(MBEDTLS_SSL_DTLS_SRTP) static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1524,7 +1436,8 @@ read_record_header: case MBEDTLS_TLS_EXT_ALPN: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); - ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ); + ret = mbedtls_ssl_parse_alpn_ext( ssl, ext + 4, + ext + 4 + ext_size ); if( ret != 0 ) return( ret ); break; @@ -2040,39 +1953,6 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_SSL_ALPN ) -static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) -{ - if( ssl->alpn_chosen == NULL ) - { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding alpn extension" ) ); - - /* - * 0 . 1 ext identifier - * 2 . 3 ext length - * 4 . 5 protocol list length - * 6 . 6 protocol name length - * 7 . 7+n protocol name - */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, buf, 0); - - *olen = 7 + strlen( ssl->alpn_chosen ); - - MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 ); - - MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 ); - - buf[6] = MBEDTLS_BYTE_0( *olen - 7 ); - - memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 ); -} -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ - #if defined(MBEDTLS_SSL_DTLS_SRTP ) && defined(MBEDTLS_SSL_PROTO_DTLS) static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -2446,7 +2326,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_ALPN) - ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); + unsigned char *end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN - 4; + mbedtls_ssl_write_alpn_ext( ssl, p + 2 + ext_len, end, &olen ); ext_len += olen; #endif diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5be338d3ff..7114501881 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -303,6 +303,13 @@ static void ssl_tls13_debug_print_client_hello_exts( mbedtls_ssl_context *ssl ) & MBEDTLS_SSL_EXT_SERVERNAME ) > 0 ) ? "TRUE" : "FALSE" ) ); #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ +#if defined ( MBEDTLS_SSL_ALPN ) + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "- ALPN_EXTENSION ( %s )", + ( ( ssl->handshake->extensions_present + & MBEDTLS_SSL_EXT_ALPN ) > 0 ) ? + "TRUE" : "FALSE" ) ); +#endif /* MBEDTLS_SSL_ALPN */ } #endif /* MBEDTLS_DEBUG_C */ @@ -731,6 +738,21 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS; break; +#if defined(MBEDTLS_SSL_ALPN) + case MBEDTLS_TLS_EXT_ALPN: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); + + ret = mbedtls_ssl_parse_alpn_ext( ssl, p, extension_data_end ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( + 1, ( "mbedtls_ssl_parse_alpn_ext" ), ret ); + return( ret ); + } + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_ALPN; + break; +#endif /* MBEDTLS_SSL_ALPN */ + #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) case MBEDTLS_TLS_EXT_SIG_ALG: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); @@ -1361,9 +1383,11 @@ static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl, unsigned char *end, size_t *out_len ) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; size_t extensions_len = 0; unsigned char *p_extensions_len; + size_t output_len; *out_len = 0; @@ -1372,6 +1396,15 @@ static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl, p += 2; ((void) ssl); + ((void) ret); + ((void) output_len); + +#if defined(MBEDTLS_SSL_ALPN) + ret = mbedtls_ssl_write_alpn_ext( ssl, p, end, &output_len ); + if( ret != 0 ) + return( ret ); + p += output_len; +#endif /* MBEDTLS_SSL_ALPN */ extensions_len = ( p - p_extensions_len ) - 2; MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f507a3251b..9e533362ab 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5901,7 +5901,6 @@ run_test "Not supported version check: srv max TLS 1.1" \ # Tests for ALPN extension -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: none" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ @@ -5909,12 +5908,11 @@ run_test "ALPN: none" \ -C "client hello, adding alpn extension" \ -S "found alpn extension" \ -C "got an alert message, type: \\[2:120]" \ - -S "server hello, adding alpn extension" \ + -S "server side, adding alpn extension" \ -C "found alpn extension " \ -C "Application Layer Protocol is" \ -S "Application Layer Protocol is" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: client only" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 alpn=abc,1234" \ @@ -5922,12 +5920,11 @@ run_test "ALPN: client only" \ -c "client hello, adding alpn extension" \ -s "found alpn extension" \ -C "got an alert message, type: \\[2:120]" \ - -S "server hello, adding alpn extension" \ + -S "server side, adding alpn extension" \ -C "found alpn extension " \ -c "Application Layer Protocol is (none)" \ -S "Application Layer Protocol is" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: server only" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3" \ @@ -5935,12 +5932,11 @@ run_test "ALPN: server only" \ -C "client hello, adding alpn extension" \ -S "found alpn extension" \ -C "got an alert message, type: \\[2:120]" \ - -S "server hello, adding alpn extension" \ + -S "server side, adding alpn extension" \ -C "found alpn extension " \ -C "Application Layer Protocol is" \ -s "Application Layer Protocol is (none)" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: both, common cli1-srv1" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3 alpn=abc,1234" \ @@ -5948,12 +5944,11 @@ run_test "ALPN: both, common cli1-srv1" \ -c "client hello, adding alpn extension" \ -s "found alpn extension" \ -C "got an alert message, type: \\[2:120]" \ - -s "server hello, adding alpn extension" \ + -s "server side, adding alpn extension" \ -c "found alpn extension" \ -c "Application Layer Protocol is abc" \ -s "Application Layer Protocol is abc" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: both, common cli2-srv1" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3 alpn=1234,abc" \ @@ -5961,12 +5956,11 @@ run_test "ALPN: both, common cli2-srv1" \ -c "client hello, adding alpn extension" \ -s "found alpn extension" \ -C "got an alert message, type: \\[2:120]" \ - -s "server hello, adding alpn extension" \ + -s "server side, adding alpn extension" \ -c "found alpn extension" \ -c "Application Layer Protocol is abc" \ -s "Application Layer Protocol is abc" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: both, common cli1-srv2" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3 alpn=1234,abcde" \ @@ -5974,12 +5968,11 @@ run_test "ALPN: both, common cli1-srv2" \ -c "client hello, adding alpn extension" \ -s "found alpn extension" \ -C "got an alert message, type: \\[2:120]" \ - -s "server hello, adding alpn extension" \ + -s "server side, adding alpn extension" \ -c "found alpn extension" \ -c "Application Layer Protocol is 1234" \ -s "Application Layer Protocol is 1234" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: both, no common" \ "$P_SRV debug_level=3 alpn=abc,123" \ "$P_CLI debug_level=3 alpn=1234,abcde" \ @@ -5987,7 +5980,7 @@ run_test "ALPN: both, no common" \ -c "client hello, adding alpn extension" \ -s "found alpn extension" \ -c "got an alert message, type: \\[2:120]" \ - -S "server hello, adding alpn extension" \ + -S "server side, adding alpn extension" \ -C "found alpn extension" \ -C "Application Layer Protocol is 1234" \ -S "Application Layer Protocol is 1234" @@ -10517,6 +10510,36 @@ run_test "TLS 1.3: alpn - gnutls" \ -c "HTTP/1.0 200 OK" \ -c "Application Layer Protocol is h2" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_ALPN +run_test "TLS 1.3: server alpn - openssl" \ + "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \ + "$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \ + 0 \ + -s "found alpn extension" \ + -s "server side, adding alpn extension" \ + -s "Protocol is TLSv1.3" \ + -s "HTTP/1.0 200 OK" \ + -s "Application Layer Protocol is h2" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_ALPN +run_test "TLS 1.3: server alpn - gnutls" \ + "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \ + "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \ + 0 \ + -s "found alpn extension" \ + -s "server side, adding alpn extension" \ + -s "Protocol is TLSv1.3" \ + -s "HTTP/1.0 200 OK" \ + -s "Application Layer Protocol is h2" + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C