babassl 8.2.0

Support NTLS; Support delegated credential; Update BoringSSL QUIC API; Fix some CVE;
Tongsuo-Project · May 19, 2021 · 5ff3b86 · 5ff3b86
1 parent b4984cf
commit 5ff3b86
Show file tree

Hide file tree

Showing 183 changed files with 24,320 additions and 1,607 deletions.
diff --git a/CHANGES.BabaSSL b/CHANGES.BabaSSL
@@ -5,6 +5,22 @@
  This is a high-level summary of the most important changes.
  For a full list of changes, see the git commit log.
 
+ Changes between 8.2.0 and 8.3.0 [xx XXX xxxx]
+
+  *)
+
+ Changes between 8.1.3 and 8.2.0 [19 May 2021]
+
+  *) Support NTLS(formal GM double cert) handshake processing, GB/T 38636-2020 TLCP
+
+  *) Support delegated credential
+
+  *) Update BoringSSL QUIC API
+
+  *) Fix CVE-2021-3449
+
+  *) Fix CVE-2021-23840 and CVE-2021-23841
+
  Changes with 8.1.3 [15 Jan 2021]
 
   *) Support more QUIC related APIs

diff --git a/Configure b/Configure
@@ -445,7 +445,8 @@ my @disablables = (
     "status",
     "req-status",
     "dycert-ocsp",
-    "options2"
+    "options2",
+    "delegated-credential"
     );
 foreach my $proto ((@tls, @dtls))
         {

diff --git a/README.md b/README.md
@@ -5,9 +5,10 @@ BabaSSL is a modern cryptographic and secure protocol library developed by the a
 # Feature
 
 BabaSSL provides the following major features:
-
   * Support [RFC 8998](https://tools.ietf.org/html/rfc8998), Chinese SM cipher suites in TLS 1.3 protocol
+  * Support NTLS(formal GM double cert) handshake processing, according to GB/T 38636-2020 TLCP
   * QUIC API support
+  * Support delegated credentials, according to [draft-ietf-tls-subcerts-10](https://www.ietf.org/archive/id/draft-ietf-tls-subcerts-10.txt)
   * ...
 
 # Reporting Security Bugs

diff --git a/apps/build.info b/apps/build.info
@@ -47,6 +47,10 @@ IF[{- !$disabled{apps} -}]
     SOURCE[openssl]=dhparam.c
     DEPEND[dhparam.o]=progs.h
   ENDIF
+  IF[{- !$disabled{'delegated-credential'} -}]
+    SOURCE[openssl]=delecred.c
+    DEPEND[delecred.o]=progs.h
+  ENDIF
   IF[{- !$disabled{'dsa'} -}]
     SOURCE[openssl]=dsa.c dsaparam.c gendsa.c
     DEPEND[dsa.o]=progs.h

diff --git a/apps/delecred.c b/apps/delecred.c
@@ -0,0 +1,213 @@
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+#include "../ssl/ssl_local.h"
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_IN, OPT_OUT,
+    OPT_NEW, OPT_DC_KEY,
+    OPT_EE_CERT, OPT_EE_KEY,
+    OPT_SEC, OPT_MD,
+    OPT_EXPECT_VERIFY_MD, OPT_CLIENT, OPT_SERVER,
+    OPT_TEXT, OPT_NOOUT
+} OPTION_CHOICE;
+
+const OPTIONS delecred_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "input file"},
+    {"out", OPT_OUT, '>', "output file"},
+    {"new", OPT_NEW, '-', "generate a new delegated credential"},
+    {"dc_key", OPT_DC_KEY, 's', "private key of delegated credential"},
+    {"parent_cert", OPT_EE_CERT, 's', "end-entity certificate used to sign the dc"},
+    {"parent_key", OPT_EE_KEY, 's', "private key of the end-entity certificate"},
+    {"sec", OPT_SEC, 'p', "dc valid time, default is 604800 seconds(7 days)"},
+    {"expect_verify_md", OPT_EXPECT_VERIFY_MD, 's', "expected message digest of signature algorithm of dc key pair"},
+    {"", OPT_MD, '-', "Any supported digest"},
+    {"client", OPT_CLIENT, '-', "client DC"},
+    {"server", OPT_SERVER, '-', "server DC"},
+    {"text", OPT_TEXT, '-', "print the dc in text form"},
+    {"noout", OPT_NOOUT, '-', "no dc output"},
+    {NULL}
+};
+
+int delecred_main(int argc, char **argv)
+{
+    int ret = 1;
+    int res;
+    char *prog;
+    size_t i;
+    OPTION_CHOICE o;
+    char *infile = NULL, *outfile = NULL;
+    BIO *in = NULL, *out = NULL;
+    int text = 0;
+    int noout = 0;
+    int new_flag = 0;
+    char *dc_key = NULL;
+    char *ee_cert_file = NULL, *ee_key_file = NULL;
+    char *expect_verify_hash = NULL;
+    const EVP_MD *expect_verify_md = EVP_md_null();
+    const EVP_MD *sign_md = EVP_md_null();
+    int is_server = 1;
+    int valid_time = 7 * 24 * 3600;
+    DELEGATED_CREDENTIAL *dc = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *dc_pkey = NULL;
+    X509 *ee_cert = NULL;
+    EVP_PKEY *ee_pkey = NULL;
+    unsigned char *dc_raw = NULL;
+    unsigned long dc_raw_len = 0;
+
+    prog = opt_init(argc, argv, delecred_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+            case OPT_EOF:
+            case OPT_ERR:
+opthelp:
+                BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+                goto end;
+            case OPT_HELP:
+                opt_help(delecred_options);
+                ret = 0;
+                goto end;
+            case OPT_IN:
+                infile = opt_arg();
+                break;
+            case OPT_OUT:
+                outfile = opt_arg();
+                break;
+            case OPT_NEW:
+                new_flag = 1;
+                break;
+            case OPT_DC_KEY:
+                dc_key = opt_arg();
+                break;
+            case OPT_EE_CERT:
+                ee_cert_file = opt_arg();
+                break;
+            case OPT_EE_KEY:
+                ee_key_file = opt_arg();
+                break;
+            case OPT_SEC:
+                opt_int(opt_arg(), &valid_time);
+                break;
+            case OPT_EXPECT_VERIFY_MD:
+                expect_verify_hash = opt_arg();
+                if (!opt_md(expect_verify_hash, &expect_verify_md))
+                    goto opthelp;
+                break;
+            case OPT_MD:
+                if (!opt_md(opt_unknown(), &sign_md))
+                    goto opthelp;
+                break;
+            case OPT_CLIENT:
+                is_server = 0;
+                break;
+            case OPT_SERVER:
+                is_server = 1;
+                break;
+            case OPT_TEXT:
+                text = 1;
+                break;
+            case OPT_NOOUT:
+                noout = 1;
+                break;
+        }
+    }
+
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (infile) {
+        dc = DC_load_from_file(infile);
+
+        if (dc == NULL) {
+            goto end;
+        }
+
+        if (text) {
+            if (!DC_print(bio_out, dc))
+                goto end;
+        }
+    } else if (new_flag) {
+        dc_pkey = load_key(dc_key, FORMAT_PEM, 1, NULL, e, "key");
+        if (dc_pkey == NULL) {
+            goto end;
+        }
+
+        ee_cert = load_cert(ee_cert_file, FORMAT_PEM, "end-entity cert");
+        if (ee_cert == NULL) {
+            goto end;
+        }
+
+        ee_pkey = load_key(ee_key_file, FORMAT_PEM, 1, NULL, e, "end-entity key");
+        if (ee_pkey == NULL) {
+            goto end;
+        }
+
+        dc = DC_new();
+        if (dc == NULL) {
+            BIO_printf(bio_err, "failed to new DC\n");
+            goto end;
+        }
+
+        if (!DC_sign(dc, dc_pkey, valid_time, EVP_MD_type(expect_verify_md),
+                     ee_cert, ee_pkey, sign_md, is_server)) {
+            BIO_printf(bio_err, "failed to sign DC\n");
+            goto end;
+        }
+    } else {
+        goto opthelp;
+    }
+
+    if (!noout) {
+        dc_raw = DC_get0_raw_byte(dc);
+        dc_raw_len = DC_get_raw_byte_len(dc);
+
+        if (dc_raw == NULL || dc_raw_len <= 0) {
+            BIO_printf(bio_err, "Invalid DC raw\n");
+            goto end;
+        }
+
+        if (outfile) {
+            out = BIO_new_file(outfile, "w");
+            if (out == NULL)
+                goto end;
+        } else {
+            out = dup_bio_out(FORMAT_TEXT);
+        }
+
+        for (i = 0; i < dc_raw_len; i++) {
+            res = BIO_printf(out, "%02x", dc_raw[i]);
+            if (res <= 0) {
+                BIO_printf(bio_out, "output dc error");
+                goto end;
+            }
+        }
+    }
+
+    ret = 0;
+
+end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+
+    release_engine(e);
+    EVP_PKEY_free(ee_pkey);
+    X509_free(ee_cert);
+    EVP_PKEY_free(dc_pkey);
+    DC_free(dc);
+    BIO_free(out);
+    BIO_free(in);
+
+    return ret;
+}
+
diff --git a/apps/s_apps.h b/apps/s_apps.h
@@ -20,7 +20,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
               unsigned char *context, int naccept, BIO *bio_s_out);
 
 int verify_callback(int ok, X509_STORE_CTX *ctx);
-
+#ifndef OPENSSL_NO_DELEGATED_CREDENTIAL
+int set_dc_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
+                          DELEGATED_CREDENTIAL *dc, int is_server);
+#endif
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
                        STACK_OF(X509) *chain, int build_chain);

diff --git a/apps/s_cb.c b/apps/s_cb.c
@@ -179,6 +179,34 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
     return 1;
 }
 
+#ifndef OPENSSL_NO_DELEGATED_CREDENTIAL
+int set_dc_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
+                          DELEGATED_CREDENTIAL *dc, int is_server)
+{
+    if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
+        BIO_printf(bio_err, "error setting certificate\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    if (!SSL_CTX_use_dc(ctx, dc)) {
+        BIO_printf(bio_err, "error setting dc\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    if (!SSL_CTX_use_dc_PrivateKey(ctx, key)) {
+        BIO_printf(bio_err, "error setting dc key\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    SSL_CTX_enable_sign_by_dc(ctx);
+
+    return 1;
+}
+#endif
+
 #if (!defined OPENSSL_NO_NTLS) && (!defined OPENSSL_NO_SM2)    \
      && (!defined OPENSSL_NO_SM3) && (!defined OPENSSL_NO_SM4)
 int set_sign_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,