2016-05-18 02:18:30 +08:00
|
|
|
/*
|
2021-01-28 03:23:33 +08:00
|
|
|
* Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
|
2014-08-10 19:08:08 +08:00
|
|
|
*
|
2018-12-06 20:08:51 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 02:18:30 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
2014-08-10 19:08:08 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
/* Custom extension utility functions */
|
|
|
|
|
2016-03-19 02:30:20 +08:00
|
|
|
#include <openssl/ct.h>
|
2019-09-28 06:45:40 +08:00
|
|
|
#include "../ssl_local.h"
|
2017-08-02 21:46:31 +08:00
|
|
|
#include "internal/cryptlib.h"
|
2019-09-28 06:45:40 +08:00
|
|
|
#include "statem_local.h"
|
2014-08-10 19:08:08 +08:00
|
|
|
|
2017-04-05 18:59:23 +08:00
|
|
|
typedef struct {
|
|
|
|
void *add_arg;
|
|
|
|
custom_ext_add_cb add_cb;
|
|
|
|
custom_ext_free_cb free_cb;
|
|
|
|
} custom_ext_add_cb_wrap;
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
void *parse_arg;
|
|
|
|
custom_ext_parse_cb parse_cb;
|
|
|
|
} custom_ext_parse_cb_wrap;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Provide thin wrapper callbacks which convert new style arguments to old style
|
|
|
|
*/
|
|
|
|
static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,
|
|
|
|
unsigned int context,
|
|
|
|
const unsigned char **out,
|
|
|
|
size_t *outlen, X509 *x, size_t chainidx,
|
|
|
|
int *al, void *add_arg)
|
|
|
|
{
|
|
|
|
custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
|
|
|
|
|
|
|
|
if (add_cb_wrap->add_cb == NULL)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,
|
|
|
|
add_cb_wrap->add_arg);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,
|
|
|
|
unsigned int context,
|
|
|
|
const unsigned char *out, void *add_arg)
|
|
|
|
{
|
|
|
|
custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
|
|
|
|
|
|
|
|
if (add_cb_wrap->free_cb == NULL)
|
|
|
|
return;
|
|
|
|
|
|
|
|
add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
|
|
|
|
unsigned int context,
|
|
|
|
const unsigned char *in,
|
|
|
|
size_t inlen, X509 *x, size_t chainidx,
|
|
|
|
int *al, void *parse_arg)
|
|
|
|
{
|
|
|
|
custom_ext_parse_cb_wrap *parse_cb_wrap =
|
|
|
|
(custom_ext_parse_cb_wrap *)parse_arg;
|
|
|
|
|
2017-04-26 02:36:10 +08:00
|
|
|
if (parse_cb_wrap->parse_cb == NULL)
|
|
|
|
return 1;
|
|
|
|
|
2017-04-05 18:59:23 +08:00
|
|
|
return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
|
|
|
|
parse_cb_wrap->parse_arg);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2017-04-07 18:20:00 +08:00
|
|
|
* Find a custom extension from the list. The |role| param is there to
|
2017-04-05 18:59:23 +08:00
|
|
|
* support the legacy API where custom extensions for client and server could
|
2017-04-07 18:20:00 +08:00
|
|
|
* be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we
|
|
|
|
* are trying to find a method relevant to the server, ENDPOINT_CLIENT for the
|
|
|
|
* client, or ENDPOINT_BOTH for either
|
2017-04-05 18:59:23 +08:00
|
|
|
*/
|
2017-04-07 18:20:00 +08:00
|
|
|
custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
|
|
|
|
ENDPOINT role, unsigned int ext_type,
|
|
|
|
size_t *idx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
size_t i;
|
|
|
|
custom_ext_method *meth = exts->meths;
|
2017-04-07 17:56:59 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
for (i = 0; i < exts->meths_count; i++, meth++) {
|
2017-04-05 18:59:23 +08:00
|
|
|
if (ext_type == meth->ext_type
|
2017-04-07 18:20:00 +08:00
|
|
|
&& (role == ENDPOINT_BOTH || role == meth->role
|
|
|
|
|| meth->role == ENDPOINT_BOTH)) {
|
2017-04-05 18:59:23 +08:00
|
|
|
if (idx != NULL)
|
|
|
|
*idx = i;
|
2015-01-22 11:40:55 +08:00
|
|
|
return meth;
|
2017-04-05 18:59:23 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialise custom extensions flags to indicate neither sent nor received.
|
2014-08-12 21:25:49 +08:00
|
|
|
*/
|
|
|
|
void custom_ext_init(custom_ext_methods *exts)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
size_t i;
|
|
|
|
custom_ext_method *meth = exts->meths;
|
2017-04-07 17:56:59 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
for (i = 0; i < exts->meths_count; i++, meth++)
|
|
|
|
meth->ext_flags = 0;
|
|
|
|
}
|
2014-08-10 19:08:08 +08:00
|
|
|
|
2014-08-19 21:02:50 +08:00
|
|
|
/* Pass received custom extension data to the application for parsing. */
|
2022-06-20 23:11:28 +08:00
|
|
|
int custom_ext_parse(SSL_CONNECTION *s, unsigned int context,
|
|
|
|
unsigned int ext_type,
|
2017-04-05 18:59:23 +08:00
|
|
|
const unsigned char *ext_data, size_t ext_size, X509 *x,
|
2017-11-22 01:18:43 +08:00
|
|
|
size_t chainidx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2017-11-22 01:18:43 +08:00
|
|
|
int al;
|
2017-04-05 18:59:23 +08:00
|
|
|
custom_ext_methods *exts = &s->cert->custext;
|
2015-01-22 11:40:55 +08:00
|
|
|
custom_ext_method *meth;
|
2017-04-07 18:20:00 +08:00
|
|
|
ENDPOINT role = ENDPOINT_BOTH;
|
2017-04-05 18:59:23 +08:00
|
|
|
|
|
|
|
if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)
|
2017-04-07 18:20:00 +08:00
|
|
|
role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;
|
2017-04-05 18:59:23 +08:00
|
|
|
|
2017-04-07 18:20:00 +08:00
|
|
|
meth = custom_ext_find(exts, role, ext_type, NULL);
|
2015-01-22 11:40:55 +08:00
|
|
|
/* If not found return success */
|
|
|
|
if (!meth)
|
|
|
|
return 1;
|
2017-04-05 18:59:23 +08:00
|
|
|
|
|
|
|
/* Check if extension is defined for our protocol. If not, skip */
|
|
|
|
if (!extension_is_relevant(s, meth->context, context))
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
|
|
|
|
| SSL_EXT_TLS1_3_SERVER_HELLO
|
|
|
|
| SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
|
2015-01-22 11:40:55 +08:00
|
|
|
/*
|
2017-04-05 18:59:23 +08:00
|
|
|
* If it's ServerHello or EncryptedExtensions we can't have any
|
|
|
|
* extensions not sent in ClientHello.
|
2015-01-22 11:40:55 +08:00
|
|
|
*/
|
2017-04-05 18:59:23 +08:00
|
|
|
if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
2017-04-05 18:59:23 +08:00
|
|
|
|
|
|
|
/*
|
2021-09-20 21:15:18 +08:00
|
|
|
* Extensions received in the ClientHello or CertificateRequest are marked
|
|
|
|
* with the SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent
|
|
|
|
* extensions in the response messages
|
2017-04-05 18:59:23 +08:00
|
|
|
*/
|
2021-09-20 21:15:18 +08:00
|
|
|
if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST))
|
|
|
|
!= 0)
|
2017-04-05 18:59:23 +08:00
|
|
|
meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
/* If no parse function set return success */
|
2022-06-20 23:11:28 +08:00
|
|
|
if (meth->parse_cb == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
2014-08-10 19:08:08 +08:00
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
if (meth->parse_cb(SSL_CONNECTION_GET_SSL(s), ext_type, context, ext_data,
|
|
|
|
ext_size, x, chainidx, &al, meth->parse_arg) <= 0) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, al, SSL_R_BAD_EXTENSION);
|
2017-11-22 01:18:43 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2014-08-10 19:08:08 +08:00
|
|
|
|
2016-08-04 03:57:52 +08:00
|
|
|
/*
|
|
|
|
* Request custom extension data from the application and add to the return
|
|
|
|
* buffer.
|
|
|
|
*/
|
2022-06-20 23:11:28 +08:00
|
|
|
int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x,
|
|
|
|
size_t chainidx, int maxversion)
|
2016-08-04 03:57:52 +08:00
|
|
|
{
|
2017-04-05 18:59:23 +08:00
|
|
|
custom_ext_methods *exts = &s->cert->custext;
|
2016-08-04 03:57:52 +08:00
|
|
|
custom_ext_method *meth;
|
|
|
|
size_t i;
|
2017-11-22 01:18:43 +08:00
|
|
|
int al;
|
2022-08-30 05:00:07 +08:00
|
|
|
int for_comp = (context & SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION) != 0;
|
2016-08-04 03:57:52 +08:00
|
|
|
|
|
|
|
for (i = 0; i < exts->meths_count; i++) {
|
|
|
|
const unsigned char *out = NULL;
|
|
|
|
size_t outlen = 0;
|
|
|
|
|
|
|
|
meth = exts->meths + i;
|
|
|
|
|
2017-04-05 18:59:23 +08:00
|
|
|
if (!should_add_extension(s, meth->context, context, maxversion))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
|
|
|
|
| SSL_EXT_TLS1_3_SERVER_HELLO
|
2017-04-10 23:18:26 +08:00
|
|
|
| SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
|
|
|
|
| SSL_EXT_TLS1_3_CERTIFICATE
|
2021-01-28 03:23:33 +08:00
|
|
|
| SSL_EXT_TLS1_3_RAW_PUBLIC_KEY
|
2017-04-10 23:18:26 +08:00
|
|
|
| SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
|
2021-09-20 21:15:18 +08:00
|
|
|
/* Only send extensions present in ClientHello/CertificateRequest */
|
2016-08-04 03:57:52 +08:00
|
|
|
if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
|
|
|
|
continue;
|
|
|
|
}
|
2017-04-05 18:59:23 +08:00
|
|
|
/*
|
|
|
|
* We skip it if the callback is absent - except for a ClientHello where
|
|
|
|
* we add an empty extension.
|
|
|
|
*/
|
|
|
|
if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (meth->add_cb != NULL) {
|
2022-06-20 23:11:28 +08:00
|
|
|
int cb_retval = meth->add_cb(SSL_CONNECTION_GET_SSL(s),
|
|
|
|
meth->ext_type, context, &out,
|
2017-11-22 01:18:43 +08:00
|
|
|
&outlen, x, chainidx, &al,
|
2017-04-07 17:56:59 +08:00
|
|
|
meth->add_arg);
|
|
|
|
|
2017-11-22 01:18:43 +08:00
|
|
|
if (cb_retval < 0) {
|
2022-08-30 05:00:07 +08:00
|
|
|
if (!for_comp)
|
|
|
|
SSLfatal(s, al, SSL_R_CALLBACK_FAILED);
|
2016-08-04 03:57:52 +08:00
|
|
|
return 0; /* error */
|
2017-11-22 01:18:43 +08:00
|
|
|
}
|
2016-08-04 03:57:52 +08:00
|
|
|
if (cb_retval == 0)
|
|
|
|
continue; /* skip this extension */
|
|
|
|
}
|
|
|
|
|
2016-09-20 21:47:44 +08:00
|
|
|
if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
|
2016-09-09 07:13:41 +08:00
|
|
|
|| !WPACKET_start_sub_packet_u16(pkt)
|
2016-09-06 22:09:51 +08:00
|
|
|
|| (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
|
|
|
|
|| !WPACKET_close(pkt)) {
|
2022-08-30 05:00:07 +08:00
|
|
|
if (!for_comp)
|
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2016-08-04 03:57:52 +08:00
|
|
|
return 0;
|
|
|
|
}
|
2017-04-05 18:59:23 +08:00
|
|
|
if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
|
|
|
|
/*
|
|
|
|
* We can't send duplicates: code logic should prevent this.
|
|
|
|
*/
|
2017-05-22 19:33:42 +08:00
|
|
|
if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
|
2022-08-30 05:00:07 +08:00
|
|
|
if (!for_comp)
|
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2017-05-22 19:33:42 +08:00
|
|
|
return 0;
|
|
|
|
}
|
2017-04-05 18:59:23 +08:00
|
|
|
/*
|
|
|
|
* Indicate extension has been sent: this is both a sanity check to
|
|
|
|
* ensure we don't send duplicate extensions and indicates that it
|
|
|
|
* is not an error if the extension is present in ServerHello.
|
|
|
|
*/
|
|
|
|
meth->ext_flags |= SSL_EXT_FLAG_SENT;
|
|
|
|
}
|
2017-04-07 17:56:59 +08:00
|
|
|
if (meth->free_cb != NULL)
|
2022-06-20 23:11:28 +08:00
|
|
|
meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context,
|
|
|
|
out, meth->add_arg);
|
2016-08-04 03:57:52 +08:00
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2017-05-10 18:28:53 +08:00
|
|
|
/* Copy the flags from src to dst for any extensions that exist in both */
|
|
|
|
int custom_exts_copy_flags(custom_ext_methods *dst,
|
|
|
|
const custom_ext_methods *src)
|
|
|
|
{
|
|
|
|
size_t i;
|
|
|
|
custom_ext_method *methsrc = src->meths;
|
|
|
|
|
|
|
|
for (i = 0; i < src->meths_count; i++, methsrc++) {
|
|
|
|
custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
|
|
|
|
methsrc->ext_type, NULL);
|
|
|
|
|
|
|
|
if (methdst == NULL)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
methdst->ext_flags = methsrc->ext_flags;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2014-08-10 19:08:08 +08:00
|
|
|
/* Copy table of custom extensions */
|
|
|
|
int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2017-04-05 18:59:23 +08:00
|
|
|
size_t i;
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
if (src->meths_count > 0) {
|
2015-01-22 11:40:55 +08:00
|
|
|
dst->meths =
|
Rename some BUF_xxx to OPENSSL_xxx
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-17 05:12:24 +08:00
|
|
|
OPENSSL_memdup(src->meths,
|
2017-04-07 17:56:59 +08:00
|
|
|
sizeof(*src->meths) * src->meths_count);
|
2015-01-22 11:40:55 +08:00
|
|
|
if (dst->meths == NULL)
|
|
|
|
return 0;
|
|
|
|
dst->meths_count = src->meths_count;
|
2017-04-05 18:59:23 +08:00
|
|
|
|
|
|
|
for (i = 0; i < src->meths_count; i++) {
|
|
|
|
custom_ext_method *methsrc = src->meths + i;
|
|
|
|
custom_ext_method *methdst = dst->meths + i;
|
|
|
|
|
|
|
|
if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We have found an old style API wrapper. We need to copy the
|
|
|
|
* arguments too.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (err) {
|
|
|
|
methdst->add_arg = NULL;
|
|
|
|
methdst->parse_arg = NULL;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
|
|
|
|
sizeof(custom_ext_add_cb_wrap));
|
|
|
|
methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
|
|
|
|
sizeof(custom_ext_parse_cb_wrap));
|
|
|
|
|
|
|
|
if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
|
|
|
|
err = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (err) {
|
|
|
|
custom_exts_free(dst);
|
|
|
|
return 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2017-04-05 18:59:23 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
|
|
|
}
|
2014-08-10 19:08:08 +08:00
|
|
|
|
|
|
|
void custom_exts_free(custom_ext_methods *exts)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2017-04-05 18:59:23 +08:00
|
|
|
size_t i;
|
2017-04-07 17:56:59 +08:00
|
|
|
custom_ext_method *meth;
|
2017-04-05 18:59:23 +08:00
|
|
|
|
2017-04-07 17:56:59 +08:00
|
|
|
for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
|
2017-04-05 18:59:23 +08:00
|
|
|
if (meth->add_cb != custom_ext_add_old_cb_wrap)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* Old style API wrapper. Need to free the arguments too */
|
|
|
|
OPENSSL_free(meth->add_arg);
|
|
|
|
OPENSSL_free(meth->parse_arg);
|
|
|
|
}
|
2015-05-01 22:02:07 +08:00
|
|
|
OPENSSL_free(exts->meths);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2014-08-10 19:08:08 +08:00
|
|
|
|
2017-04-05 18:59:23 +08:00
|
|
|
/* Return true if a client custom extension exists, false otherwise */
|
|
|
|
int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2017-04-07 18:20:00 +08:00
|
|
|
return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,
|
|
|
|
NULL) != NULL;
|
2017-04-05 18:59:23 +08:00
|
|
|
}
|
|
|
|
|
2022-11-14 23:29:38 +08:00
|
|
|
int ossl_tls_add_custom_ext_intern(SSL_CTX *ctx, custom_ext_methods *exts,
|
|
|
|
ENDPOINT role, unsigned int ext_type,
|
|
|
|
unsigned int context,
|
|
|
|
SSL_custom_ext_add_cb_ex add_cb,
|
|
|
|
SSL_custom_ext_free_cb_ex free_cb,
|
|
|
|
void *add_arg,
|
|
|
|
SSL_custom_ext_parse_cb_ex parse_cb,
|
|
|
|
void *parse_arg)
|
2017-04-05 18:59:23 +08:00
|
|
|
{
|
2016-05-12 04:14:57 +08:00
|
|
|
custom_ext_method *meth, *tmp;
|
2017-04-05 18:59:23 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
/*
|
|
|
|
* Check application error: if add_cb is not set free_cb will never be
|
|
|
|
* called.
|
|
|
|
*/
|
2017-04-07 17:56:59 +08:00
|
|
|
if (add_cb == NULL && free_cb != NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
2017-04-05 18:59:23 +08:00
|
|
|
|
2022-11-14 23:29:38 +08:00
|
|
|
if (exts == NULL)
|
|
|
|
exts = &ctx->cert->custext;
|
|
|
|
|
2017-04-05 18:59:23 +08:00
|
|
|
#ifndef OPENSSL_NO_CT
|
|
|
|
/*
|
|
|
|
* We don't want applications registering callbacks for SCT extensions
|
|
|
|
* whilst simultaneously using the built-in SCT validation features, as
|
|
|
|
* these two things may not play well together.
|
|
|
|
*/
|
|
|
|
if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp
|
|
|
|
&& (context & SSL_EXT_CLIENT_HELLO) != 0
|
2022-11-14 23:29:38 +08:00
|
|
|
&& ctx != NULL
|
2017-04-05 18:59:23 +08:00
|
|
|
&& SSL_CTX_ct_is_enabled(ctx))
|
|
|
|
return 0;
|
|
|
|
#endif
|
|
|
|
|
2016-03-04 00:19:23 +08:00
|
|
|
/*
|
|
|
|
* Don't add if extension supported internally, but make exception
|
|
|
|
* for extension types that previously were not supported, but now are.
|
|
|
|
*/
|
2017-04-05 18:59:23 +08:00
|
|
|
if (SSL_extension_supported(ext_type)
|
|
|
|
&& ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
2017-04-05 18:59:23 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
/* Extension type must fit in 16 bits */
|
|
|
|
if (ext_type > 0xffff)
|
|
|
|
return 0;
|
|
|
|
/* Search for duplicate */
|
2017-04-07 18:20:00 +08:00
|
|
|
if (custom_ext_find(exts, role, ext_type, NULL))
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
2016-05-12 04:14:57 +08:00
|
|
|
tmp = OPENSSL_realloc(exts->meths,
|
|
|
|
(exts->meths_count + 1) * sizeof(custom_ext_method));
|
2017-02-15 18:36:17 +08:00
|
|
|
if (tmp == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
2014-08-10 19:08:08 +08:00
|
|
|
|
2016-05-12 04:14:57 +08:00
|
|
|
exts->meths = tmp;
|
2015-01-22 11:40:55 +08:00
|
|
|
meth = exts->meths + exts->meths_count;
|
2015-05-05 06:00:15 +08:00
|
|
|
memset(meth, 0, sizeof(*meth));
|
2017-04-07 18:20:00 +08:00
|
|
|
meth->role = role;
|
2017-04-05 18:59:23 +08:00
|
|
|
meth->context = context;
|
2015-01-22 11:40:55 +08:00
|
|
|
meth->parse_cb = parse_cb;
|
|
|
|
meth->add_cb = add_cb;
|
|
|
|
meth->free_cb = free_cb;
|
|
|
|
meth->ext_type = ext_type;
|
|
|
|
meth->add_arg = add_arg;
|
|
|
|
meth->parse_arg = parse_arg;
|
|
|
|
exts->meths_count++;
|
|
|
|
return 1;
|
|
|
|
}
|
2014-08-10 19:08:08 +08:00
|
|
|
|
2017-04-07 18:20:00 +08:00
|
|
|
static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
|
|
|
|
unsigned int ext_type,
|
2017-04-05 18:59:23 +08:00
|
|
|
unsigned int context,
|
|
|
|
custom_ext_add_cb add_cb,
|
|
|
|
custom_ext_free_cb free_cb,
|
|
|
|
void *add_arg,
|
|
|
|
custom_ext_parse_cb parse_cb, void *parse_arg)
|
2016-03-04 00:19:23 +08:00
|
|
|
{
|
2017-04-05 18:59:23 +08:00
|
|
|
custom_ext_add_cb_wrap *add_cb_wrap
|
2017-04-07 17:56:59 +08:00
|
|
|
= OPENSSL_malloc(sizeof(*add_cb_wrap));
|
2017-04-05 18:59:23 +08:00
|
|
|
custom_ext_parse_cb_wrap *parse_cb_wrap
|
2017-04-07 17:56:59 +08:00
|
|
|
= OPENSSL_malloc(sizeof(*parse_cb_wrap));
|
2017-04-05 18:59:23 +08:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
|
|
|
|
OPENSSL_free(add_cb_wrap);
|
|
|
|
OPENSSL_free(parse_cb_wrap);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
add_cb_wrap->add_arg = add_arg;
|
|
|
|
add_cb_wrap->add_cb = add_cb;
|
|
|
|
add_cb_wrap->free_cb = free_cb;
|
|
|
|
parse_cb_wrap->parse_arg = parse_arg;
|
|
|
|
parse_cb_wrap->parse_cb = parse_cb;
|
|
|
|
|
2022-11-14 23:29:38 +08:00
|
|
|
ret = ossl_tls_add_custom_ext_intern(ctx, NULL, role, ext_type,
|
|
|
|
context,
|
|
|
|
custom_ext_add_old_cb_wrap,
|
|
|
|
custom_ext_free_old_cb_wrap,
|
|
|
|
add_cb_wrap,
|
|
|
|
custom_ext_parse_old_cb_wrap,
|
|
|
|
parse_cb_wrap);
|
2017-04-05 18:59:23 +08:00
|
|
|
|
|
|
|
if (!ret) {
|
|
|
|
OPENSSL_free(add_cb_wrap);
|
|
|
|
OPENSSL_free(parse_cb_wrap);
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
2016-03-04 00:19:23 +08:00
|
|
|
}
|
|
|
|
|
2017-04-05 18:59:23 +08:00
|
|
|
/* Application level functions to add the old custom extension callbacks */
|
2014-08-19 20:54:38 +08:00
|
|
|
int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
|
2015-01-22 11:40:55 +08:00
|
|
|
custom_ext_add_cb add_cb,
|
|
|
|
custom_ext_free_cb free_cb,
|
2014-08-19 21:02:50 +08:00
|
|
|
void *add_arg,
|
2016-08-06 01:03:17 +08:00
|
|
|
custom_ext_parse_cb parse_cb, void *parse_arg)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2017-04-07 18:20:00 +08:00
|
|
|
return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,
|
2017-04-05 18:59:23 +08:00
|
|
|
SSL_EXT_TLS1_2_AND_BELOW_ONLY
|
|
|
|
| SSL_EXT_CLIENT_HELLO
|
|
|
|
| SSL_EXT_TLS1_2_SERVER_HELLO
|
|
|
|
| SSL_EXT_IGNORE_ON_RESUMPTION,
|
|
|
|
add_cb, free_cb, add_arg, parse_cb, parse_arg);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2014-08-10 19:08:08 +08:00
|
|
|
|
2014-08-19 20:54:38 +08:00
|
|
|
int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
|
2015-01-22 11:40:55 +08:00
|
|
|
custom_ext_add_cb add_cb,
|
|
|
|
custom_ext_free_cb free_cb,
|
2014-08-19 21:02:50 +08:00
|
|
|
void *add_arg,
|
2016-08-06 01:03:17 +08:00
|
|
|
custom_ext_parse_cb parse_cb, void *parse_arg)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2017-04-07 18:20:00 +08:00
|
|
|
return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,
|
2017-04-05 18:59:23 +08:00
|
|
|
SSL_EXT_TLS1_2_AND_BELOW_ONLY
|
|
|
|
| SSL_EXT_CLIENT_HELLO
|
|
|
|
| SSL_EXT_TLS1_2_SERVER_HELLO
|
|
|
|
| SSL_EXT_IGNORE_ON_RESUMPTION,
|
|
|
|
add_cb, free_cb, add_arg, parse_cb, parse_arg);
|
|
|
|
}
|
|
|
|
|
|
|
|
int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
|
|
|
|
unsigned int context,
|
2017-04-07 18:04:38 +08:00
|
|
|
SSL_custom_ext_add_cb_ex add_cb,
|
|
|
|
SSL_custom_ext_free_cb_ex free_cb,
|
2017-04-05 18:59:23 +08:00
|
|
|
void *add_arg,
|
2017-04-07 18:04:38 +08:00
|
|
|
SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)
|
2017-04-05 18:59:23 +08:00
|
|
|
{
|
2022-11-14 23:29:38 +08:00
|
|
|
return ossl_tls_add_custom_ext_intern(ctx, NULL, ENDPOINT_BOTH, ext_type,
|
|
|
|
context, add_cb, free_cb, add_arg,
|
|
|
|
parse_cb, parse_arg);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2014-08-19 20:33:51 +08:00
|
|
|
|
|
|
|
int SSL_extension_supported(unsigned int ext_type)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
switch (ext_type) {
|
|
|
|
/* Internally supported extensions. */
|
|
|
|
case TLSEXT_TYPE_application_layer_protocol_negotiation:
|
|
|
|
case TLSEXT_TYPE_ec_point_formats:
|
2016-11-09 22:51:06 +08:00
|
|
|
case TLSEXT_TYPE_supported_groups:
|
2017-03-31 07:26:23 +08:00
|
|
|
case TLSEXT_TYPE_key_share:
|
2016-04-11 18:41:19 +08:00
|
|
|
#ifndef OPENSSL_NO_NEXTPROTONEG
|
2015-01-22 11:40:55 +08:00
|
|
|
case TLSEXT_TYPE_next_proto_neg:
|
2016-04-11 18:41:19 +08:00
|
|
|
#endif
|
2015-01-22 11:40:55 +08:00
|
|
|
case TLSEXT_TYPE_padding:
|
|
|
|
case TLSEXT_TYPE_renegotiate:
|
2017-11-06 00:46:48 +08:00
|
|
|
case TLSEXT_TYPE_max_fragment_length:
|
2015-01-22 11:40:55 +08:00
|
|
|
case TLSEXT_TYPE_server_name:
|
|
|
|
case TLSEXT_TYPE_session_ticket:
|
|
|
|
case TLSEXT_TYPE_signature_algorithms:
|
2017-03-31 07:26:23 +08:00
|
|
|
#ifndef OPENSSL_NO_SRP
|
2015-01-22 11:40:55 +08:00
|
|
|
case TLSEXT_TYPE_srp:
|
2017-03-31 07:26:23 +08:00
|
|
|
#endif
|
|
|
|
#ifndef OPENSSL_NO_OCSP
|
2015-01-22 11:40:55 +08:00
|
|
|
case TLSEXT_TYPE_status_request:
|
2017-03-31 07:26:23 +08:00
|
|
|
#endif
|
|
|
|
#ifndef OPENSSL_NO_CT
|
2016-03-04 00:19:23 +08:00
|
|
|
case TLSEXT_TYPE_signed_certificate_timestamp:
|
2017-03-31 07:26:23 +08:00
|
|
|
#endif
|
|
|
|
#ifndef OPENSSL_NO_SRTP
|
2015-01-22 11:40:55 +08:00
|
|
|
case TLSEXT_TYPE_use_srtp:
|
2015-05-15 17:49:56 +08:00
|
|
|
#endif
|
2017-03-31 07:26:23 +08:00
|
|
|
case TLSEXT_TYPE_encrypt_then_mac:
|
2016-11-24 19:13:35 +08:00
|
|
|
case TLSEXT_TYPE_supported_versions:
|
|
|
|
case TLSEXT_TYPE_extended_master_secret:
|
2017-03-31 07:26:23 +08:00
|
|
|
case TLSEXT_TYPE_psk_kex_modes:
|
|
|
|
case TLSEXT_TYPE_cookie:
|
|
|
|
case TLSEXT_TYPE_early_data:
|
|
|
|
case TLSEXT_TYPE_certificate_authorities:
|
|
|
|
case TLSEXT_TYPE_psk:
|
Add TLSv1.3 post-handshake authentication (PHA)
Add SSL_verify_client_post_handshake() for servers to initiate PHA
Add SSL_force_post_handshake_auth() for clients that don't have certificates
initially configured, but use a certificate callback.
Update SSL_CTX_set_verify()/SSL_set_verify() mode:
* Add SSL_VERIFY_POST_HANDSHAKE to postpone client authentication until after
the initial handshake.
* Update SSL_VERIFY_CLIENT_ONCE now only sends out one CertRequest regardless
of when the certificate authentication takes place; either initial handshake,
re-negotiation, or post-handshake authentication.
Add 'RequestPostHandshake' and 'RequirePostHandshake' SSL_CONF options that
add the SSL_VERIFY_POST_HANDSHAKE to the 'Request' and 'Require' options
Add support to s_client:
* Enabled automatically when cert is configured
* Can be forced enabled via -force_pha
Add support to s_server:
* Use 'c' to invoke PHA in s_server
* Remove some dead code
Update documentation
Update unit tests:
* Illegal use of PHA extension
* TLSv1.3 certificate tests
DTLS and TLS behave ever-so-slightly differently. So, when DTLS1.3 is
implemented, it's PHA support state machine may need to be different.
Add a TODO and a #error
Update handshake context to deal with PHA.
The handshake context for TLSv1.3 post-handshake auth is up through the
ClientFinish message, plus the CertificateRequest message. Subsequent
Certificate, CertificateVerify, and Finish messages are based on this
handshake context (not the Certificate message per se, but it's included
after the hash). KeyUpdate, NewSessionTicket, and prior Certificate
Request messages are not included in post-handshake authentication.
After the ClientFinished message is processed, save off the digest state
for future post-handshake authentication. When post-handshake auth occurs,
copy over the saved handshake context into the "main" handshake digest.
This effectively discards the any KeyUpdate or NewSessionTicket messages
and any prior post-handshake authentication.
This, of course, assumes that the ID-22 did not mean to include any
previous post-handshake authentication into the new handshake transcript.
This is implied by section 4.4.1 that lists messages only up to the
first ClientFinished.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4964)
2017-12-19 05:52:28 +08:00
|
|
|
case TLSEXT_TYPE_post_handshake_auth:
|
2021-08-10 04:56:50 +08:00
|
|
|
case TLSEXT_TYPE_compress_certificate:
|
2021-01-28 03:23:33 +08:00
|
|
|
case TLSEXT_TYPE_client_cert_type:
|
|
|
|
case TLSEXT_TYPE_server_cert_type:
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|