For better forward-security support, add functions (7c2d4fee) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+18 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,24 @@

		Changes between 1.0.0 and 1.1.0 [xx XXX xxxx]

		*) Improve forward-security support: add functions

		void SSL_CTX_set_not_resumable_session_callback(SSL_CTX ctx, int (cb)(SSL *ssl, int is_forward_secure))
		void SSL_set_not_resumable_session_callback(SSL ssl, int (cb)(SSL *ssl, int is_forward_secure))

		for use by SSL/TLS servers; the callback function will be called whenever a
		new session is created, and gets to decide whether the session may be
		cached to make it resumable (return 0) or not (return 1). (As by the
		SSL/TLS protocol specifications, the session_id sent by the server will be
		empty to indicate that the session is not resumable; also, the server will
		not generate RFC 4507 (RFC 5077) session tickets.)

		A simple reasonable callback implementation is to return is_forward_secure.
		This parameter will be set to 1 or 0 depending on the ciphersuite selected
		by the SSL/TLS server library, indicating whether it can provide forward
		security.
		[Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]

		*) Add Next Protocol Negotiation,
		http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
		disabled with a no-npn flag to config or Configure. Code donated

apps/s_server.c

+20 −0

Original line number	Diff line number	Diff line
		@@ -201,6 +201,7 @@ typedef unsigned int u_int;
		#ifndef OPENSSL_NO_RSA
		static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export, int keylength);
		#endif
		static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
		static int sv_body(char hostname, int s, unsigned char context);
		static int www_body(char hostname, int s, unsigned char context);
		static void close_accept_socket(void );
		@@ -289,6 +290,7 @@ static int s_tlsextdebug=0;
		static int s_tlsextstatus=0;
		static int cert_status_cb(SSL s, void arg);
		#endif
		static int no_resume_ephemeral = 0;
		static int s_msg=0;
		static int s_quiet=0;

		@@ -476,6 +478,7 @@ static void sv_usage(void)
		#ifndef OPENSSL_NO_ECDH
		BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
		#endif
		BIO_printf(bio_err, "-no_resume_ephemeral - Disable caching and tickets if ephemeral (EC)DH is used\n");
		BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
		BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
		BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
		@@ -853,6 +856,12 @@ static int next_proto_cb(SSL s, const unsigned char data, unsigned int len,
		# endif /* ndef OPENSSL_NO_NPN */
		#endif

		static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
		{
		/* disable resumption for sessions with forward secure ciphers */
		return is_forward_secure;
		}

		int MAIN(int, char **);

		#ifndef OPENSSL_NO_JPAKE
		@@ -1120,6 +1129,8 @@ int MAIN(int argc, char *argv[])
		{ no_dhe=1; }
		else if (strcmp(*argv,"-no_ecdhe") == 0)
		{ no_ecdhe=1; }
		else if (strcmp(*argv,"-no_resume_ephemeral") == 0)
		{ no_resume_ephemeral = 1; }
		#ifndef OPENSSL_NO_PSK
		else if (strcmp(*argv,"-psk_hint") == 0)
		{
		@@ -1689,6 +1700,15 @@ bad:
		#endif
		#endif

		if (no_resume_ephemeral)
		{
		SSL_CTX_set_not_resumable_session_callback(ctx, not_resumable_sess_cb);
		#ifndef OPENSSL_NO_TLSEXT
		if (ctx2)
		SSL_CTX_set_not_resumable_session_callback(ctx2, not_resumable_sess_cb);
		#endif
		}

		#ifndef OPENSSL_NO_PSK
		#ifdef OPENSSL_NO_JPAKE
		if (psk_key != NULL)

ssl/s3_srvr.c

+10 −2

Original line number	Diff line number	Diff line
		@@ -1251,6 +1251,13 @@ int ssl3_get_client_hello(SSL *s)
		goto f_err;
		}
		s->s3->tmp.new_cipher=c;
		/* check whether we should disable session resumption */
		if (s->not_resumable_session_cb != NULL)
		s->session->not_resumable=s->not_resumable_session_cb(s,
		((c->algorithm_mkey & (SSL_kEDH \| SSL_kEECDH)) != 0));
		if (s->session->not_resumable)
		/* do not send a session ticket */
		s->tlsext_ticket_expected = 0;
		}
		else
		{
		@@ -1354,8 +1361,9 @@ int ssl3_send_server_hello(SSL *s)
		* if session caching is disabled so existing functionality
		* is unaffected.
		*/
		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
		&& !s->hit)
		if (s->session->not_resumable \|\|
		(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
		&& !s->hit))
		s->session->session_id_length=0;

		sl=s->session->session_id_length;

ssl/ssl.h

+18 −0

Original line number	Diff line number	Diff line
		@@ -468,6 +468,9 @@ typedef struct ssl_session_st
		char *psk_identity_hint;
		char *psk_identity;
		#endif
		/* Used to indicate that session resumption is not allowed.
		* Applications can also set this bit for a new session via
		* not_resumable_session_cb to disable session caching and tickets. */
		int not_resumable;

		/* The cert is the certificate used to establish this connection */
		@@ -811,6 +814,10 @@ struct ssl_ctx_st

		X509_VERIFY_PARAM *param;

		/* Callback for disabling session caching and ticket support
		* on a session basis, depending on the chosen cipher. */
		int (not_resumable_session_cb)(SSL ssl, int is_forward_secure);

		#if 0
		int purpose; /* Purpose setting */
		int trust; /* Trust setting */
		@@ -1088,6 +1095,10 @@ struct ssl_st

		X509_VERIFY_PARAM *param;

		/* Callback for disabling session caching and ticket support
		* on a session basis, depending on the chosen cipher. */
		int (not_resumable_session_cb)(SSL ssl, int is_forward_secure);

		#if 0
		int purpose; /* Purpose setting */
		int trust; /* Trust setting */
		@@ -1477,6 +1488,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
		#define SSL_CTRL_GET_RI_SUPPORT 76
		#define SSL_CTRL_CLEAR_OPTIONS 77
		#define SSL_CTRL_CLEAR_MODE 78
		#define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79

		#define DTLSv1_get_timeout(ssl, arg) \
		SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
		@@ -1875,6 +1887,12 @@ int SSL_tls1_key_exporter(SSL s, unsigned char label, int label_len,
		unsigned char *context, int context_len,
		unsigned char *out, int olen);

		void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
		int (cb)(SSL ssl, int is_forward_secure));

		void SSL_set_not_resumable_session_callback(SSL *ssl,
		int (cb)(SSL ssl, int is_forward_secure));

		/* BEGIN ERROR CODES */
		/* The following lines are auto generated by the script mkerr.pl. Any changes
		* made after this point may be overwritten when the script is next run.

ssl/ssl_lib.c

+14 −0

Original line number	Diff line number	Diff line
		@@ -319,6 +319,7 @@ SSL SSL_new(SSL_CTX ctx)
		s->msg_callback=ctx->msg_callback;
		s->msg_callback_arg=ctx->msg_callback_arg;
		s->verify_mode=ctx->verify_mode;
		s->not_resumable_session_cb=ctx->not_resumable_session_cb;
		#if 0
		s->verify_depth=ctx->verify_depth;
		#endif
		@@ -3164,6 +3165,19 @@ void SSL_set_msg_callback(SSL ssl, void (cb)(int write_p, int version, int con
		SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
		}

		void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
		int (cb)(SSL ssl, int is_forward_secure))
		{
		SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
		(void (*)(void))cb);
		}
		void SSL_set_not_resumable_session_callback(SSL *ssl,
		int (cb)(SSL ssl, int is_forward_secure))
		{
		SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
		(void (*)(void))cb);
		}

		/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
		* vairable, freeing EVP_MD_CTX previously stored in that variable, if
		* any. If EVP_MD pointer is passed, initializes ctx with this md