Blame - ssl/t1_ext.c - third_party/openssl

blob: 7e44bac000219cccdd88db758bdb752af37f1273 [file] [log] [blame]

Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	1	/* ssl/t1_ext.c */
				2	/* ====================================================================
				3	* Copyright (c) 2014 The OpenSSL Project. All rights reserved.
				4	*
				5	* Redistribution and use in source and binary forms, with or without
				6	* modification, are permitted provided that the following conditions
				7	* are met:
				8	*
				9	* 1. Redistributions of source code must retain the above copyright
				10	* notice, this list of conditions and the following disclaimer.
				11	*
				12	* 2. Redistributions in binary form must reproduce the above copyright
				13	* notice, this list of conditions and the following disclaimer in
				14	* the documentation and/or other materials provided with the
				15	* distribution.
				16	*
				17	* 3. All advertising materials mentioning features or use of this
				18	* software must display the following acknowledgment:
				19	* "This product includes software developed by the OpenSSL Project
				20	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
				21	*
				22	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
				23	* endorse or promote products derived from this software without
				24	* prior written permission. For written permission, please contact
				25	* openssl-core@openssl.org.
				26	*
				27	* 5. Products derived from this software may not be called "OpenSSL"
				28	* nor may "OpenSSL" appear in their names without prior written
				29	* permission of the OpenSSL Project.
				30	*
				31	* 6. Redistributions of any form whatsoever must retain the following
				32	* acknowledgment:
				33	* "This product includes software developed by the OpenSSL Project
				34	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
				35	*
				36	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
				37	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
				38	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
				39	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
				40	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
				41	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				42	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
				43	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
				44	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
				45	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
				46	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
				47	* OF THE POSSIBILITY OF SUCH DAMAGE.
				48	* ====================================================================
				49	*
				50	* This product includes cryptographic software written by Eric Young
				51	* (eay@cryptsoft.com). This product includes software written by Tim
				52	* Hudson (tjh@cryptsoft.com).
				53	*
				54	*/
				55
				56	/* Custom extension utility functions */
				57
				58	#include "ssl_locl.h"
				59
				60	#ifndef OPENSSL_NO_TLSEXT
				61
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	62	/* Find a custom extension from the list. */
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	63	static custom_ext_method custom_ext_find(custom_ext_methods exts,
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	64	unsigned int ext_type)
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	65	{
				66	size_t i;
				67	custom_ext_method *meth = exts->meths;
				68	for (i = 0; i < exts->meths_count; i++, meth++)
				69	{
				70	if (ext_type == meth->ext_type)
				71	return meth;
				72	}
				73	return NULL;
				74	}
Dr. Stephen Henson	28ea0a0	2014-08-12 14:25:49 +0100	[diff] [blame]	75	/* Initialise custom extensions flags to indicate neither sent nor
				76	* received.
				77	*/
				78	void custom_ext_init(custom_ext_methods *exts)
				79	{
				80	size_t i;
				81	custom_ext_method *meth = exts->meths;
				82	for (i = 0; i < exts->meths_count; i++, meth++)
				83	meth->ext_flags = 0;
				84	}
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	85
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	86	/* Pass received custom extension data to the application for parsing. */
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	87	int custom_ext_parse(SSL *s, int server,
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	88	unsigned int ext_type,
				89	const unsigned char *ext_data,
				90	size_t ext_size,
				91	int *al)
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	92	{
				93	custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
				94	custom_ext_method *meth;
				95	meth = custom_ext_find(exts, ext_type);
Dr. Stephen Henson	28ea0a0	2014-08-12 14:25:49 +0100	[diff] [blame]	96	/* If not found return success */
				97	if (!meth)
				98	return 1;
				99	if (!server)
				100	{
				101	/* If it's ServerHello we can't have any extensions not
				102	* sent in ClientHello.
				103	*/
				104	if (!(meth->ext_flags & SSL_EXT_FLAG_SENT))
				105	{
				106	*al = TLS1_AD_UNSUPPORTED_EXTENSION;
				107	return 0;
				108	}
				109	}
				110	/* If already present it's a duplicate */
				111	if (meth->ext_flags & SSL_EXT_FLAG_RECEIVED)
				112	{
				113	*al = TLS1_AD_DECODE_ERROR;
				114	return 0;
				115	}
				116	meth->ext_flags \|= SSL_EXT_FLAG_RECEIVED;
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	117	/* If no parse function set return success */
Dr. Stephen Henson	28ea0a0	2014-08-12 14:25:49 +0100	[diff] [blame]	118	if (!meth->parse_cb)
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	119	return 1;
				120
Dr. Stephen Henson	33f653a	2014-08-16 18:16:26 +0100	[diff] [blame]	121	return meth->parse_cb(s, ext_type, ext_data, ext_size, al, meth->parse_arg);
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	122	}
				123
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	124	/* Request custom extension data from the application and add to the
				125	* return buffer.
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	126	*/
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	127	int custom_ext_add(SSL *s, int server,
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	128	unsigned char **pret,
				129	unsigned char *limit,
				130	int *al)
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	131	{
				132	custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
				133	custom_ext_method *meth;
				134	unsigned char ret = pret;
				135	size_t i;
				136
				137	for (i = 0; i < exts->meths_count; i++)
				138	{
				139	const unsigned char *out = NULL;
Dr. Stephen Henson	de2a9e3	2014-08-14 13:25:50 +0100	[diff] [blame]	140	size_t outlen = 0;
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	141	meth = exts->meths + i;
				142
Dr. Stephen Henson	28ea0a0	2014-08-12 14:25:49 +0100	[diff] [blame]	143	if (server)
				144	{
				145	/* For ServerHello only send extensions present
				146	* in ClientHello.
				147	*/
				148	if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
				149	continue;
				150	/* If callback absent for server skip it */
				151	if (!meth->add_cb)
				152	continue;
				153	}
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	154	if (meth->add_cb)
				155	{
				156	int cb_retval = 0;
				157	cb_retval = meth->add_cb(s, meth->ext_type,
				158	&out, &outlen, al,
Dr. Stephen Henson	33f653a	2014-08-16 18:16:26 +0100	[diff] [blame]	159	meth->add_arg);
				160	if (cb_retval < 0)
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	161	return 0; /* error */
Dr. Stephen Henson	33f653a	2014-08-16 18:16:26 +0100	[diff] [blame]	162	if (cb_retval == 0)
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	163	continue; /* skip this extension */
				164	}
Dr. Stephen Henson	de2a9e3	2014-08-14 13:25:50 +0100	[diff] [blame]	165	if (4 > limit - ret \|\| outlen > (size_t)(limit - ret - 4))
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	166	return 0;
				167	s2n(meth->ext_type, ret);
				168	s2n(outlen, ret);
				169	if (outlen)
				170	{
				171	memcpy(ret, out, outlen);
				172	ret += outlen;
				173	}
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	174	/* We can't send duplicates: code logic should prevent this. */
Dr. Stephen Henson	28ea0a0	2014-08-12 14:25:49 +0100	[diff] [blame]	175	OPENSSL_assert(!(meth->ext_flags & SSL_EXT_FLAG_SENT));
				176	/* Indicate extension has been sent: this is both a sanity
				177	* check to ensure we don't send duplicate extensions
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	178	* and indicates that it is not an error if the extension
				179	* is present in ServerHello.
Dr. Stephen Henson	28ea0a0	2014-08-12 14:25:49 +0100	[diff] [blame]	180	*/
				181	meth->ext_flags \|= SSL_EXT_FLAG_SENT;
Dr. Stephen Henson	33f653a	2014-08-16 18:16:26 +0100	[diff] [blame]	182	if (meth->free_cb)
				183	meth->free_cb(s, meth->ext_type, out, meth->add_arg);
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	184	}
				185	*pret = ret;
				186	return 1;
				187	}
				188
				189	/* Copy table of custom extensions */
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	190	int custom_exts_copy(custom_ext_methods dst, const custom_ext_methods src)
				191	{
				192	if (src->meths_count)
				193	{
				194	dst->meths = BUF_memdup(src->meths, sizeof(custom_ext_method) * src->meths_count);
				195	if (dst->meths == NULL)
				196	return 0;
				197	dst->meths_count = src->meths_count;
				198	}
				199	return 1;
				200	}
				201
				202	void custom_exts_free(custom_ext_methods *exts)
				203	{
				204	if (exts->meths)
				205	OPENSSL_free(exts->meths);
				206	}
				207
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	208	/* Set callbacks for a custom extension. */
Dr. Stephen Henson	8cafe9e	2014-08-19 13:54:38 +0100	[diff] [blame]	209	static int custom_ext_meth_add(custom_ext_methods *exts,
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	210	unsigned int ext_type,
				211	custom_ext_add_cb add_cb,
				212	custom_ext_free_cb free_cb,
				213	void *add_arg,
				214	custom_ext_parse_cb parse_cb, void *parse_arg)
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	215	{
				216	custom_ext_method *meth;
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	217	/* Check application error: if add_cb is not set free_cb will never
				218	* be called.
				219	*/
				220	if (!add_cb && free_cb)
				221	return 0;
				222	/* Don't add if extension supported internally. */
Dr. Stephen Henson	c846a5f	2014-08-19 13:33:51 +0100	[diff] [blame]	223	if (SSL_extension_supported(ext_type))
Dr. Stephen Henson	28ea0a0	2014-08-12 14:25:49 +0100	[diff] [blame]	224	return 0;
Dr. Stephen Henson	de2a9e3	2014-08-14 13:25:50 +0100	[diff] [blame]	225	/* Extension type must fit in 16 bits */
				226	if (ext_type > 0xffff)
				227	return 0;
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	228	/* Search for duplicate */
				229	if (custom_ext_find(exts, ext_type))
				230	return 0;
				231	exts->meths = OPENSSL_realloc(exts->meths,
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	232	(exts->meths_count + 1) * sizeof(custom_ext_method));
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	233
				234	if (!exts->meths)
				235	{
				236	exts->meths_count = 0;
				237	return 0;
				238	}
				239
				240	meth = exts->meths + exts->meths_count;
Dr. Stephen Henson	28ea0a0	2014-08-12 14:25:49 +0100	[diff] [blame]	241	memset(meth, 0, sizeof(custom_ext_method));
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	242	meth->parse_cb = parse_cb;
				243	meth->add_cb = add_cb;
Dr. Stephen Henson	33f653a	2014-08-16 18:16:26 +0100	[diff] [blame]	244	meth->free_cb = free_cb;
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	245	meth->ext_type = ext_type;
Dr. Stephen Henson	33f653a	2014-08-16 18:16:26 +0100	[diff] [blame]	246	meth->add_arg = add_arg;
				247	meth->parse_arg = parse_arg;
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	248	exts->meths_count++;
				249	return 1;
				250	}
				251
				252	/* Application level functions to add custom extension callbacks */
Dr. Stephen Henson	8cafe9e	2014-08-19 13:54:38 +0100	[diff] [blame]	253	int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	254	custom_ext_add_cb add_cb,
				255	custom_ext_free_cb free_cb,
				256	void *add_arg,
				257	custom_ext_parse_cb parse_cb, void *parse_arg)
Dr. Stephen Henson	de2a9e3	2014-08-14 13:25:50 +0100	[diff] [blame]	258
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	259	{
Dr. Stephen Henson	8cafe9e	2014-08-19 13:54:38 +0100	[diff] [blame]	260	return custom_ext_meth_add(&ctx->cert->cli_ext, ext_type,
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	261	add_cb, free_cb, add_arg,
				262	parse_cb, parse_arg);
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	263	}
				264
Dr. Stephen Henson	8cafe9e	2014-08-19 13:54:38 +0100	[diff] [blame]	265	int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	266	custom_ext_add_cb add_cb,
				267	custom_ext_free_cb free_cb,
				268	void *add_arg,
				269	custom_ext_parse_cb parse_cb, void *parse_arg)
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	270	{
Dr. Stephen Henson	8cafe9e	2014-08-19 13:54:38 +0100	[diff] [blame]	271	return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type,
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	272	add_cb, free_cb, add_arg,
				273	parse_cb, parse_arg);
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	274	}
Dr. Stephen Henson	c846a5f	2014-08-19 13:33:51 +0100	[diff] [blame]	275
				276	int SSL_extension_supported(unsigned int ext_type)
				277	{
Dr. Stephen Henson	c846a5f	2014-08-19 13:33:51 +0100	[diff] [blame]	278	switch(ext_type)
				279	{
Dr. Stephen Henson	0cfefe4	2014-08-19 14:02:50 +0100	[diff] [blame]	280	/* Internally supported extensions. */
Dr. Stephen Henson	c846a5f	2014-08-19 13:33:51 +0100	[diff] [blame]	281	case TLSEXT_TYPE_application_layer_protocol_negotiation:
				282	case TLSEXT_TYPE_ec_point_formats:
				283	case TLSEXT_TYPE_elliptic_curves:
				284	case TLSEXT_TYPE_heartbeat:
				285	case TLSEXT_TYPE_next_proto_neg:
				286	case TLSEXT_TYPE_padding:
				287	case TLSEXT_TYPE_renegotiate:
				288	case TLSEXT_TYPE_server_name:
				289	case TLSEXT_TYPE_session_ticket:
				290	case TLSEXT_TYPE_signature_algorithms:
				291	case TLSEXT_TYPE_srp:
				292	case TLSEXT_TYPE_status_request:
				293	case TLSEXT_TYPE_use_srtp:
				294	#ifdef TLSEXT_TYPE_opaque_prf_input
				295	case TLSEXT_TYPE_opaque_prf_input:
				296	#endif
				297	#ifdef TLSEXT_TYPE_encrypt_then_mac
				298	case TLSEXT_TYPE_encrypt_then_mac:
				299	#endif
				300	return 1;
				301	default:
				302	return 0;
				303	}
				304	}
Dr. Stephen Henson	ecf4d66	2014-08-10 12:08:08 +0100	[diff] [blame]	305	#endif