kris
/
boringssl
1
0
Derivar 0
Código Questões 0 Pedidos de integração 0 Lançamentos 0 Wiki Trabalho
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
5289 Cometimentos
12 Ramos
38 MiB
 
 
 
 
 
 
Árvore: 9c3b120b61
Ramos Etiquetas
${ item.name }
Criar ramo ${ searchTerm }
de '9c3b120b61'
${ noResults }
boringssl/ssl/custom_extensions.cc

266 linhas
8.7 KiB
Em bruto Responsabilidade Histórico 

  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <openssl/ssl.h>

  16. 

  17. #include <assert.h>

  18. #include <string.h>

  19. 

  20. #include <openssl/bytestring.h>

  21. #include <openssl/err.h>

  22. #include <openssl/mem.h>

  23. #include <openssl/stack.h>

  24. 

  25. #include "internal.h"

  26. 

  27. 

  28. namespace bssl {

  29. 

  30. void SSL_CUSTOM_EXTENSION_free(SSL_CUSTOM_EXTENSION *custom_extension) {

  31.   OPENSSL_free(custom_extension);

  32. }

  33. 

  34. static const SSL_CUSTOM_EXTENSION *custom_ext_find(

  35.     STACK_OF(SSL_CUSTOM_EXTENSION) *stack,

  36.     unsigned *out_index, uint16_t value) {

  37.   for (size_t i = 0; i < sk_SSL_CUSTOM_EXTENSION_num(stack); i++) {

  38.     const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);

  39.     if (ext->value == value) {

  40.       if (out_index != NULL) {

  41.         *out_index = i;

  42.       }

  43.       return ext;

  44.     }

  45.   }

  46. 

  47.   return NULL;

  48. }

  49. 

  50. // default_add_callback is used as the |add_callback| when the user doesn't

  51. // provide one. For servers, it does nothing while, for clients, it causes an

  52. // empty extension to be included.

  53. static int default_add_callback(SSL *ssl, unsigned extension_value,

  54.                                 const uint8_t **out, size_t *out_len,

  55.                                 int *out_alert_value, void *add_arg) {

  56.   if (ssl->server) {

  57.     return 0;

  58.   }

  59.   *out_len = 0;

  60.   return 1;

  61. }

  62. 

  63. static int custom_ext_add_hello(SSL_HANDSHAKE *hs, CBB *extensions) {

  64.   SSL *const ssl = hs->ssl;

  65.   STACK_OF(SSL_CUSTOM_EXTENSION) *stack = ssl->ctx->client_custom_extensions;

  66.   if (ssl->server) {

  67.     stack = ssl->ctx->server_custom_extensions;

  68.   }

  69. 

  70.   if (stack == NULL) {

  71.     return 1;

  72.   }

  73. 

  74.   for (size_t i = 0; i < sk_SSL_CUSTOM_EXTENSION_num(stack); i++) {

  75.     const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);

  76. 

  77.     if (ssl->server &&

  78.         !(hs->custom_extensions.received & (1u << i))) {

  79.       // Servers cannot echo extensions that the client didn't send.

  80.       continue;

  81.     }

  82. 

  83.     const uint8_t *contents;

  84.     size_t contents_len;

  85.     int alert = SSL_AD_DECODE_ERROR;

  86.     CBB contents_cbb;

  87. 

  88.     switch (ext->add_callback(ssl, ext->value, &contents, &contents_len, &alert,

  89.                               ext->add_arg)) {

  90.       case 1:

  91.         if (!CBB_add_u16(extensions, ext->value) ||

  92.             !CBB_add_u16_length_prefixed(extensions, &contents_cbb) ||

  93.             !CBB_add_bytes(&contents_cbb, contents, contents_len) ||

  94.             !CBB_flush(extensions)) {

  95.           OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);

  96.           ERR_add_error_dataf("extension %u", (unsigned) ext->value);

  97.           if (ext->free_callback && 0 < contents_len) {

  98.             ext->free_callback(ssl, ext->value, contents, ext->add_arg);

  99.           }

  100.           return 0;

  101.         }

  102. 

  103.         if (ext->free_callback && 0 < contents_len) {

  104.           ext->free_callback(ssl, ext->value, contents, ext->add_arg);

  105.         }

  106. 

  107.         if (!ssl->server) {

  108.           assert((hs->custom_extensions.sent & (1u << i)) == 0);

  109.           hs->custom_extensions.sent |= (1u << i);

  110.         }

  111.         break;

  112. 

  113.       case 0:

  114.         break;

  115. 

  116.       default:

  117.         ssl_send_alert(ssl, SSL3_AL_FATAL, alert);

  118.         OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);

  119.         ERR_add_error_dataf("extension %u", (unsigned) ext->value);

  120.         return 0;

  121.     }

  122.   }

  123. 

  124.   return 1;

  125. }

  126. 

  127. int custom_ext_add_clienthello(SSL_HANDSHAKE *hs, CBB *extensions) {

  128.   return custom_ext_add_hello(hs, extensions);

  129. }

  130. 

  131. int custom_ext_parse_serverhello(SSL_HANDSHAKE *hs, int *out_alert,

  132.                                  uint16_t value, const CBS *extension) {

  133.   SSL *const ssl = hs->ssl;

  134.   unsigned index;

  135.   const SSL_CUSTOM_EXTENSION *ext =

  136.       custom_ext_find(ssl->ctx->client_custom_extensions, &index, value);

  137. 

  138.   if (// Unknown extensions are not allowed in a ServerHello.

  139.       ext == NULL ||

  140.       // Also, if we didn't send the extension, that's also unacceptable.

  141.       !(hs->custom_extensions.sent & (1u << index))) {

  142.     OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);

  143.     ERR_add_error_dataf("extension %u", (unsigned)value);

  144.     *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;

  145.     return 0;

  146.   }

  147. 

  148.   if (ext->parse_callback != NULL &&

  149.       !ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),

  150.                            out_alert, ext->parse_arg)) {

  151.     OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);

  152.     ERR_add_error_dataf("extension %u", (unsigned)ext->value);

  153.     return 0;

  154.   }

  155. 

  156.   return 1;

  157. }

  158. 

  159. int custom_ext_parse_clienthello(SSL_HANDSHAKE *hs, int *out_alert,

  160.                                  uint16_t value, const CBS *extension) {

  161.   SSL *const ssl = hs->ssl;

  162.   unsigned index;

  163.   const SSL_CUSTOM_EXTENSION *ext =

  164.       custom_ext_find(ssl->ctx->server_custom_extensions, &index, value);

  165. 

  166.   if (ext == NULL) {

  167.     return 1;

  168.   }

  169. 

  170.   assert((hs->custom_extensions.received & (1u << index)) == 0);

  171.   hs->custom_extensions.received |= (1u << index);

  172. 

  173.   if (ext->parse_callback &&

  174.       !ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),

  175.                            out_alert, ext->parse_arg)) {

  176.     OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);

  177.     ERR_add_error_dataf("extension %u", (unsigned)ext->value);

  178.     return 0;

  179.   }

  180. 

  181.   return 1;

  182. }

  183. 

  184. int custom_ext_add_serverhello(SSL_HANDSHAKE *hs, CBB *extensions) {

  185.   return custom_ext_add_hello(hs, extensions);

  186. }

  187. 

  188. // MAX_NUM_CUSTOM_EXTENSIONS is the maximum number of custom extensions that

  189. // can be set on an |SSL_CTX|. It's determined by the size of the bitset used

  190. // to track when an extension has been sent.

  191. #define MAX_NUM_CUSTOM_EXTENSIONS \

  192.   (sizeof(((SSL_HANDSHAKE *)NULL)->custom_extensions.sent) * 8)

  193. 

  194. static int custom_ext_append(STACK_OF(SSL_CUSTOM_EXTENSION) **stack,

  195.                              unsigned extension_value,

  196.                              SSL_custom_ext_add_cb add_cb,

  197.                              SSL_custom_ext_free_cb free_cb, void *add_arg,

  198.                              SSL_custom_ext_parse_cb parse_cb,

  199.                              void *parse_arg) {

  200.   if (add_cb == NULL ||

  201.       0xffff < extension_value ||

  202.       SSL_extension_supported(extension_value) ||

  203.       // Specifying a free callback without an add callback is nonsensical

  204.       // and an error.

  205.       (*stack != NULL &&

  206.        (MAX_NUM_CUSTOM_EXTENSIONS <= sk_SSL_CUSTOM_EXTENSION_num(*stack) ||

  207.         custom_ext_find(*stack, NULL, extension_value) != NULL))) {

  208.     return 0;

  209.   }

  210. 

  211.   SSL_CUSTOM_EXTENSION *ext =

  212.       (SSL_CUSTOM_EXTENSION *)OPENSSL_malloc(sizeof(SSL_CUSTOM_EXTENSION));

  213.   if (ext == NULL) {

  214.     return 0;

  215.   }

  216.   ext->add_callback = add_cb;

  217.   ext->add_arg = add_arg;

  218.   ext->free_callback = free_cb;

  219.   ext->parse_callback = parse_cb;

  220.   ext->parse_arg = parse_arg;

  221.   ext->value = extension_value;

  222. 

  223.   if (*stack == NULL) {

  224.     *stack = sk_SSL_CUSTOM_EXTENSION_new_null();

  225.     if (*stack == NULL) {

  226.       SSL_CUSTOM_EXTENSION_free(ext);

  227.       return 0;

  228.     }

  229.   }

  230. 

  231.   if (!sk_SSL_CUSTOM_EXTENSION_push(*stack, ext)) {

  232.     SSL_CUSTOM_EXTENSION_free(ext);

  233.     if (sk_SSL_CUSTOM_EXTENSION_num(*stack) == 0) {

  234.       sk_SSL_CUSTOM_EXTENSION_free(*stack);

  235.       *stack = NULL;

  236.     }

  237.     return 0;

  238.   }

  239. 

  240.   return 1;

  241. }

  242. 

  243. }  // namespace bssl

  244. 

  245. using namespace bssl;

  246. 

  247. int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned extension_value,

  248.                                   SSL_custom_ext_add_cb add_cb,

  249.                                   SSL_custom_ext_free_cb free_cb, void *add_arg,

  250.                                   SSL_custom_ext_parse_cb parse_cb,

  251.                                   void *parse_arg) {

  252.   return custom_ext_append(&ctx->client_custom_extensions, extension_value,

  253.                            add_cb ? add_cb : default_add_callback, free_cb,

  254.                            add_arg, parse_cb, parse_arg);

  255. }

  256. 

  257. int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned extension_value,

  258.                                   SSL_custom_ext_add_cb add_cb,

  259.                                   SSL_custom_ext_free_cb free_cb, void *add_arg,

  260.                                   SSL_custom_ext_parse_cb parse_cb,

  261.                                   void *parse_arg) {

  262.   return custom_ext_append(&ctx->server_custom_extensions, extension_value,

  263.                            add_cb ? add_cb : default_add_callback, free_cb,

  264.                            add_arg, parse_cb, parse_arg);

  265. }