kris
/
boringssl
1
0
Креирај огранак 0
Код Дискусије 0 Захтеви за спајање 0 Издања 0 Вики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1641 Комити
12 Гране
38 MiB
 
 
 
 
 
 
Дрво: 6de0e53919
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from '6de0e53919'
${ noResults }
boringssl/ssl/custom_extensions.c

253 lines
8.5 KiB
Датотека Blame Историја 

  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <assert.h>

  16. #include <string.h>

  17. 

  18. #include <openssl/ssl.h>

  19. 

  20. #include "internal.h"

  21. 

  22. 

  23. void SSL_CUSTOM_EXTENSION_free(SSL_CUSTOM_EXTENSION *custom_extension) {

  24.   OPENSSL_free(custom_extension);

  25. }

  26. 

  27. static const SSL_CUSTOM_EXTENSION *custom_ext_find(

  28.     STACK_OF(SSL_CUSTOM_EXTENSION) *stack,

  29.     unsigned *out_index, uint16_t value) {

  30.   size_t i;

  31.   for (i = 0; i < sk_SSL_CUSTOM_EXTENSION_num(stack); i++) {

  32.     const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);

  33.     if (ext->value == value) {

  34.       if (out_index != NULL) {

  35.         *out_index = i;

  36.       }

  37.       return ext;

  38.     }

  39.   }

  40. 

  41.   return NULL;

  42. }

  43. 

  44. /* default_add_callback is used as the |add_callback| when the user doesn't

  45.  * provide one. For servers, it does nothing while, for clients, it causes an

  46.  * empty extension to be included. */

  47. static int default_add_callback(SSL *ssl, unsigned extension_value,

  48.                                 const uint8_t **out, size_t *out_len,

  49.                                 int *out_alert_value, void *add_arg) {

  50.   if (ssl->server) {

  51.     return 0;

  52.   }

  53.   *out_len = 0;

  54.   return 1;

  55. }

  56. 

  57. static int custom_ext_add_hello(SSL *ssl, CBB *extensions) {

  58.   STACK_OF(SSL_CUSTOM_EXTENSION) *stack = ssl->ctx->client_custom_extensions;

  59.   if (ssl->server) {

  60.     stack = ssl->ctx->server_custom_extensions;

  61.   }

  62. 

  63.   if (stack == NULL) {

  64.     return 1;

  65.   }

  66. 

  67.   size_t i;

  68.   for (i = 0; i < sk_SSL_CUSTOM_EXTENSION_num(stack); i++) {

  69.     const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);

  70. 

  71.     if (ssl->server &&

  72.         !(ssl->s3->tmp.custom_extensions.received & (1u << i))) {

  73.       /* Servers cannot echo extensions that the client didn't send. */

  74.       continue;

  75.     }

  76. 

  77.     const uint8_t *contents;

  78.     size_t contents_len;

  79.     int alert = SSL_AD_DECODE_ERROR;

  80.     CBB contents_cbb;

  81. 

  82.     switch (ext->add_callback(ssl, ext->value, &contents, &contents_len, &alert,

  83.                               ext->add_arg)) {

  84.       case 1:

  85.         if (!CBB_add_u16(extensions, ext->value) ||

  86.             !CBB_add_u16_length_prefixed(extensions, &contents_cbb) ||

  87.             !CBB_add_bytes(&contents_cbb, contents, contents_len) ||

  88.             !CBB_flush(extensions)) {

  89.           OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);

  90.           ERR_add_error_dataf("extension: %u", (unsigned) ext->value);

  91.           if (ext->free_callback && 0 < contents_len) {

  92.             ext->free_callback(ssl, ext->value, contents, ext->add_arg);

  93.           }

  94.           return 0;

  95.         }

  96. 

  97.         if (ext->free_callback && 0 < contents_len) {

  98.           ext->free_callback(ssl, ext->value, contents, ext->add_arg);

  99.         }

  100. 

  101.         if (!ssl->server) {

  102.           assert((ssl->s3->tmp.custom_extensions.sent & (1u << i)) == 0);

  103.           ssl->s3->tmp.custom_extensions.sent |= (1u << i);

  104.         }

  105.         break;

  106. 

  107.       case 0:

  108.         break;

  109. 

  110.       default:

  111.         ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);

  112.         OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);

  113.         ERR_add_error_dataf("extension: %u", (unsigned) ext->value);

  114.         return 0;

  115.     }

  116.   }

  117. 

  118.   return 1;

  119. }

  120. 

  121. int custom_ext_add_clienthello(SSL *ssl, CBB *extensions) {

  122.   return custom_ext_add_hello(ssl, extensions);

  123. }

  124. 

  125. int custom_ext_parse_serverhello(SSL *ssl, int *out_alert, uint16_t value,

  126.                                  const CBS *extension) {

  127.   unsigned index;

  128.   const SSL_CUSTOM_EXTENSION *ext =

  129.       custom_ext_find(ssl->ctx->client_custom_extensions, &index, value);

  130. 

  131.   if (/* Unknown extensions are not allowed in a ServerHello. */

  132.       ext == NULL ||

  133.       /* Also, if we didn't send the extension, that's also unacceptable. */

  134.       !(ssl->s3->tmp.custom_extensions.sent & (1u << index))) {

  135.     OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);

  136.     ERR_add_error_dataf("extension: %u", (unsigned)ext->value);

  137.     *out_alert = SSL_AD_DECODE_ERROR;

  138.     return 0;

  139.   }

  140. 

  141.   if (ext->parse_callback != NULL &&

  142.       !ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),

  143.                            out_alert, ext->parse_arg)) {

  144.     OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);

  145.     ERR_add_error_dataf("extension: %u", (unsigned)ext->value);

  146.     return 0;

  147.   }

  148. 

  149.   return 1;

  150. }

  151. 

  152. int custom_ext_parse_clienthello(SSL *ssl, int *out_alert, uint16_t value,

  153.                                  const CBS *extension) {

  154.   unsigned index;

  155.   const SSL_CUSTOM_EXTENSION *ext =

  156.       custom_ext_find(ssl->ctx->server_custom_extensions, &index, value);

  157. 

  158.   if (ext == NULL) {

  159.     return 1;

  160.   }

  161. 

  162.   assert((ssl->s3->tmp.custom_extensions.received & (1u << index)) == 0);

  163.   ssl->s3->tmp.custom_extensions.received |= (1u << index);

  164. 

  165.   if (ext->parse_callback &&

  166.       !ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),

  167.                            out_alert, ext->parse_arg)) {

  168.     OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);

  169.     ERR_add_error_dataf("extension: %u", (unsigned)ext->value);

  170.     return 0;

  171.   }

  172. 

  173.   return 1;

  174. }

  175. 

  176. int custom_ext_add_serverhello(SSL *ssl, CBB *extensions) {

  177.   return custom_ext_add_hello(ssl, extensions);

  178. }

  179. 

  180. /* MAX_NUM_CUSTOM_EXTENSIONS is the maximum number of custom extensions that

  181.  * can be set on an |SSL_CTX|. It's determined by the size of the bitset used

  182.  * to track when an extension has been sent. */

  183. #define MAX_NUM_CUSTOM_EXTENSIONS \

  184.   (sizeof(((struct ssl3_state_st *)NULL)->tmp.custom_extensions.sent) * 8)

  185. 

  186. static int custom_ext_append(STACK_OF(SSL_CUSTOM_EXTENSION) **stack,

  187.                              unsigned extension_value,

  188.                              SSL_custom_ext_add_cb add_cb,

  189.                              SSL_custom_ext_free_cb free_cb, void *add_arg,

  190.                              SSL_custom_ext_parse_cb parse_cb,

  191.                              void *parse_arg) {

  192.   if (add_cb == NULL ||

  193.       0xffff < extension_value ||

  194.       SSL_extension_supported(extension_value) ||

  195.       /* Specifying a free callback without an add callback is nonsensical

  196.        * and an error. */

  197.       (*stack != NULL &&

  198.        (MAX_NUM_CUSTOM_EXTENSIONS <= sk_SSL_CUSTOM_EXTENSION_num(*stack) ||

  199.         custom_ext_find(*stack, NULL, extension_value) != NULL))) {

  200.     return 0;

  201.   }

  202. 

  203.   SSL_CUSTOM_EXTENSION *ext = OPENSSL_malloc(sizeof(SSL_CUSTOM_EXTENSION));

  204.   if (ext == NULL) {

  205.     return 0;

  206.   }

  207.   ext->add_callback = add_cb;

  208.   ext->add_arg = add_arg;

  209.   ext->free_callback = free_cb;

  210.   ext->parse_callback = parse_cb;

  211.   ext->parse_arg = parse_arg;

  212.   ext->value = extension_value;

  213. 

  214.   if (*stack == NULL) {

  215.     *stack = sk_SSL_CUSTOM_EXTENSION_new_null();

  216.     if (*stack == NULL) {

  217.       SSL_CUSTOM_EXTENSION_free(ext);

  218.       return 0;

  219.     }

  220.   }

  221. 

  222.   if (!sk_SSL_CUSTOM_EXTENSION_push(*stack, ext)) {

  223.     SSL_CUSTOM_EXTENSION_free(ext);

  224.     if (sk_SSL_CUSTOM_EXTENSION_num(*stack) == 0) {

  225.       sk_SSL_CUSTOM_EXTENSION_free(*stack);

  226.       *stack = NULL;

  227.     }

  228.     return 0;

  229.   }

  230. 

  231.   return 1;

  232. }

  233. 

  234. int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned extension_value,

  235.                                   SSL_custom_ext_add_cb add_cb,

  236.                                   SSL_custom_ext_free_cb free_cb, void *add_arg,

  237.                                   SSL_custom_ext_parse_cb parse_cb,

  238.                                   void *parse_arg) {

  239.   return custom_ext_append(&ctx->client_custom_extensions, extension_value,

  240.                            add_cb ? add_cb : default_add_callback, free_cb,

  241.                            add_arg, parse_cb, parse_arg);

  242. }

  243. 

  244. int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned extension_value,

  245.                                   SSL_custom_ext_add_cb add_cb,

  246.                                   SSL_custom_ext_free_cb free_cb, void *add_arg,

  247.                                   SSL_custom_ext_parse_cb parse_cb,

  248.                                   void *parse_arg) {

  249.   return custom_ext_append(&ctx->server_custom_extensions, extension_value,

  250.                            add_cb ? add_cb : default_add_callback, free_cb,

  251.                            add_arg, parse_cb, parse_arg);

  252. }