2
0

extensions_cust.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537
  1. /*
  2. * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Custom extension utility functions */
  10. #include <openssl/ct.h>
  11. #include "../ssl_local.h"
  12. #include "internal/cryptlib.h"
  13. #include "statem_local.h"
  14. typedef struct {
  15. void *add_arg;
  16. custom_ext_add_cb add_cb;
  17. custom_ext_free_cb free_cb;
  18. } custom_ext_add_cb_wrap;
  19. typedef struct {
  20. void *parse_arg;
  21. custom_ext_parse_cb parse_cb;
  22. } custom_ext_parse_cb_wrap;
  23. /*
  24. * Provide thin wrapper callbacks which convert new style arguments to old style
  25. */
  26. static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,
  27. unsigned int context,
  28. const unsigned char **out,
  29. size_t *outlen, X509 *x, size_t chainidx,
  30. int *al, void *add_arg)
  31. {
  32. custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
  33. if (add_cb_wrap->add_cb == NULL)
  34. return 1;
  35. return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,
  36. add_cb_wrap->add_arg);
  37. }
  38. static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,
  39. unsigned int context,
  40. const unsigned char *out, void *add_arg)
  41. {
  42. custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
  43. if (add_cb_wrap->free_cb == NULL)
  44. return;
  45. add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);
  46. }
  47. static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
  48. unsigned int context,
  49. const unsigned char *in,
  50. size_t inlen, X509 *x, size_t chainidx,
  51. int *al, void *parse_arg)
  52. {
  53. custom_ext_parse_cb_wrap *parse_cb_wrap =
  54. (custom_ext_parse_cb_wrap *)parse_arg;
  55. if (parse_cb_wrap->parse_cb == NULL)
  56. return 1;
  57. return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
  58. parse_cb_wrap->parse_arg);
  59. }
  60. /*
  61. * Find a custom extension from the list. The |role| param is there to
  62. * support the legacy API where custom extensions for client and server could
  63. * be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we
  64. * are trying to find a method relevant to the server, ENDPOINT_CLIENT for the
  65. * client, or ENDPOINT_BOTH for either
  66. */
  67. custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
  68. ENDPOINT role, unsigned int ext_type,
  69. size_t *idx)
  70. {
  71. size_t i;
  72. custom_ext_method *meth = exts->meths;
  73. for (i = 0; i < exts->meths_count; i++, meth++) {
  74. if (ext_type == meth->ext_type
  75. && (role == ENDPOINT_BOTH || role == meth->role
  76. || meth->role == ENDPOINT_BOTH)) {
  77. if (idx != NULL)
  78. *idx = i;
  79. return meth;
  80. }
  81. }
  82. return NULL;
  83. }
  84. /*
  85. * Initialise custom extensions flags to indicate neither sent nor received.
  86. */
  87. void custom_ext_init(custom_ext_methods *exts)
  88. {
  89. size_t i;
  90. custom_ext_method *meth = exts->meths;
  91. for (i = 0; i < exts->meths_count; i++, meth++)
  92. meth->ext_flags = 0;
  93. }
  94. /* Pass received custom extension data to the application for parsing. */
  95. int custom_ext_parse(SSL_CONNECTION *s, unsigned int context,
  96. unsigned int ext_type,
  97. const unsigned char *ext_data, size_t ext_size, X509 *x,
  98. size_t chainidx)
  99. {
  100. int al;
  101. custom_ext_methods *exts = &s->cert->custext;
  102. custom_ext_method *meth;
  103. ENDPOINT role = ENDPOINT_BOTH;
  104. if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)
  105. role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;
  106. meth = custom_ext_find(exts, role, ext_type, NULL);
  107. /* If not found return success */
  108. if (!meth)
  109. return 1;
  110. /* Check if extension is defined for our protocol. If not, skip */
  111. if (!extension_is_relevant(s, meth->context, context))
  112. return 1;
  113. if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
  114. | SSL_EXT_TLS1_3_SERVER_HELLO
  115. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
  116. /*
  117. * If it's ServerHello or EncryptedExtensions we can't have any
  118. * extensions not sent in ClientHello.
  119. */
  120. if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
  121. SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
  122. return 0;
  123. }
  124. }
  125. /*
  126. * Extensions received in the ClientHello or CertificateRequest are marked
  127. * with the SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent
  128. * extensions in the response messages
  129. */
  130. if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST))
  131. != 0)
  132. meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
  133. /* If no parse function set return success */
  134. if (meth->parse_cb == NULL)
  135. return 1;
  136. if (meth->parse_cb(SSL_CONNECTION_GET_SSL(s), ext_type, context, ext_data,
  137. ext_size, x, chainidx, &al, meth->parse_arg) <= 0) {
  138. SSLfatal(s, al, SSL_R_BAD_EXTENSION);
  139. return 0;
  140. }
  141. return 1;
  142. }
  143. /*
  144. * Request custom extension data from the application and add to the return
  145. * buffer.
  146. */
  147. int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x,
  148. size_t chainidx, int maxversion)
  149. {
  150. custom_ext_methods *exts = &s->cert->custext;
  151. custom_ext_method *meth;
  152. size_t i;
  153. int al;
  154. int for_comp = (context & SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION) != 0;
  155. for (i = 0; i < exts->meths_count; i++) {
  156. const unsigned char *out = NULL;
  157. size_t outlen = 0;
  158. meth = exts->meths + i;
  159. if (!should_add_extension(s, meth->context, context, maxversion))
  160. continue;
  161. if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
  162. | SSL_EXT_TLS1_3_SERVER_HELLO
  163. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
  164. | SSL_EXT_TLS1_3_CERTIFICATE
  165. | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
  166. /* Only send extensions present in ClientHello/CertificateRequest */
  167. if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
  168. continue;
  169. }
  170. /*
  171. * We skip it if the callback is absent - except for a ClientHello where
  172. * we add an empty extension.
  173. */
  174. if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)
  175. continue;
  176. if (meth->add_cb != NULL) {
  177. int cb_retval = meth->add_cb(SSL_CONNECTION_GET_SSL(s),
  178. meth->ext_type, context, &out,
  179. &outlen, x, chainidx, &al,
  180. meth->add_arg);
  181. if (cb_retval < 0) {
  182. if (!for_comp)
  183. SSLfatal(s, al, SSL_R_CALLBACK_FAILED);
  184. return 0; /* error */
  185. }
  186. if (cb_retval == 0)
  187. continue; /* skip this extension */
  188. }
  189. if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
  190. || !WPACKET_start_sub_packet_u16(pkt)
  191. || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
  192. || !WPACKET_close(pkt)) {
  193. if (!for_comp)
  194. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  195. return 0;
  196. }
  197. if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
  198. /*
  199. * We can't send duplicates: code logic should prevent this.
  200. */
  201. if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
  202. if (!for_comp)
  203. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  204. return 0;
  205. }
  206. /*
  207. * Indicate extension has been sent: this is both a sanity check to
  208. * ensure we don't send duplicate extensions and indicates that it
  209. * is not an error if the extension is present in ServerHello.
  210. */
  211. meth->ext_flags |= SSL_EXT_FLAG_SENT;
  212. }
  213. if (meth->free_cb != NULL)
  214. meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context,
  215. out, meth->add_arg);
  216. }
  217. return 1;
  218. }
  219. /* Copy the flags from src to dst for any extensions that exist in both */
  220. int custom_exts_copy_flags(custom_ext_methods *dst,
  221. const custom_ext_methods *src)
  222. {
  223. size_t i;
  224. custom_ext_method *methsrc = src->meths;
  225. for (i = 0; i < src->meths_count; i++, methsrc++) {
  226. custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
  227. methsrc->ext_type, NULL);
  228. if (methdst == NULL)
  229. continue;
  230. methdst->ext_flags = methsrc->ext_flags;
  231. }
  232. return 1;
  233. }
  234. /* Copy table of custom extensions */
  235. int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
  236. {
  237. size_t i;
  238. int err = 0;
  239. if (src->meths_count > 0) {
  240. dst->meths =
  241. OPENSSL_memdup(src->meths,
  242. sizeof(*src->meths) * src->meths_count);
  243. if (dst->meths == NULL)
  244. return 0;
  245. dst->meths_count = src->meths_count;
  246. for (i = 0; i < src->meths_count; i++) {
  247. custom_ext_method *methsrc = src->meths + i;
  248. custom_ext_method *methdst = dst->meths + i;
  249. if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
  250. continue;
  251. /*
  252. * We have found an old style API wrapper. We need to copy the
  253. * arguments too.
  254. */
  255. if (err) {
  256. methdst->add_arg = NULL;
  257. methdst->parse_arg = NULL;
  258. continue;
  259. }
  260. methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
  261. sizeof(custom_ext_add_cb_wrap));
  262. methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
  263. sizeof(custom_ext_parse_cb_wrap));
  264. if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
  265. err = 1;
  266. }
  267. }
  268. if (err) {
  269. custom_exts_free(dst);
  270. return 0;
  271. }
  272. return 1;
  273. }
  274. void custom_exts_free(custom_ext_methods *exts)
  275. {
  276. size_t i;
  277. custom_ext_method *meth;
  278. for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
  279. if (meth->add_cb != custom_ext_add_old_cb_wrap)
  280. continue;
  281. /* Old style API wrapper. Need to free the arguments too */
  282. OPENSSL_free(meth->add_arg);
  283. OPENSSL_free(meth->parse_arg);
  284. }
  285. OPENSSL_free(exts->meths);
  286. }
  287. /* Return true if a client custom extension exists, false otherwise */
  288. int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
  289. {
  290. return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,
  291. NULL) != NULL;
  292. }
  293. static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role,
  294. unsigned int ext_type,
  295. unsigned int context,
  296. SSL_custom_ext_add_cb_ex add_cb,
  297. SSL_custom_ext_free_cb_ex free_cb,
  298. void *add_arg,
  299. SSL_custom_ext_parse_cb_ex parse_cb,
  300. void *parse_arg)
  301. {
  302. custom_ext_methods *exts = &ctx->cert->custext;
  303. custom_ext_method *meth, *tmp;
  304. /*
  305. * Check application error: if add_cb is not set free_cb will never be
  306. * called.
  307. */
  308. if (add_cb == NULL && free_cb != NULL)
  309. return 0;
  310. #ifndef OPENSSL_NO_CT
  311. /*
  312. * We don't want applications registering callbacks for SCT extensions
  313. * whilst simultaneously using the built-in SCT validation features, as
  314. * these two things may not play well together.
  315. */
  316. if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp
  317. && (context & SSL_EXT_CLIENT_HELLO) != 0
  318. && SSL_CTX_ct_is_enabled(ctx))
  319. return 0;
  320. #endif
  321. /*
  322. * Don't add if extension supported internally, but make exception
  323. * for extension types that previously were not supported, but now are.
  324. */
  325. if (SSL_extension_supported(ext_type)
  326. && ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
  327. return 0;
  328. /* Extension type must fit in 16 bits */
  329. if (ext_type > 0xffff)
  330. return 0;
  331. /* Search for duplicate */
  332. if (custom_ext_find(exts, role, ext_type, NULL))
  333. return 0;
  334. tmp = OPENSSL_realloc(exts->meths,
  335. (exts->meths_count + 1) * sizeof(custom_ext_method));
  336. if (tmp == NULL)
  337. return 0;
  338. exts->meths = tmp;
  339. meth = exts->meths + exts->meths_count;
  340. memset(meth, 0, sizeof(*meth));
  341. meth->role = role;
  342. meth->context = context;
  343. meth->parse_cb = parse_cb;
  344. meth->add_cb = add_cb;
  345. meth->free_cb = free_cb;
  346. meth->ext_type = ext_type;
  347. meth->add_arg = add_arg;
  348. meth->parse_arg = parse_arg;
  349. exts->meths_count++;
  350. return 1;
  351. }
  352. static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
  353. unsigned int ext_type,
  354. unsigned int context,
  355. custom_ext_add_cb add_cb,
  356. custom_ext_free_cb free_cb,
  357. void *add_arg,
  358. custom_ext_parse_cb parse_cb, void *parse_arg)
  359. {
  360. custom_ext_add_cb_wrap *add_cb_wrap
  361. = OPENSSL_malloc(sizeof(*add_cb_wrap));
  362. custom_ext_parse_cb_wrap *parse_cb_wrap
  363. = OPENSSL_malloc(sizeof(*parse_cb_wrap));
  364. int ret;
  365. if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
  366. OPENSSL_free(add_cb_wrap);
  367. OPENSSL_free(parse_cb_wrap);
  368. return 0;
  369. }
  370. add_cb_wrap->add_arg = add_arg;
  371. add_cb_wrap->add_cb = add_cb;
  372. add_cb_wrap->free_cb = free_cb;
  373. parse_cb_wrap->parse_arg = parse_arg;
  374. parse_cb_wrap->parse_cb = parse_cb;
  375. ret = add_custom_ext_intern(ctx, role, ext_type,
  376. context,
  377. custom_ext_add_old_cb_wrap,
  378. custom_ext_free_old_cb_wrap,
  379. add_cb_wrap,
  380. custom_ext_parse_old_cb_wrap,
  381. parse_cb_wrap);
  382. if (!ret) {
  383. OPENSSL_free(add_cb_wrap);
  384. OPENSSL_free(parse_cb_wrap);
  385. }
  386. return ret;
  387. }
  388. /* Application level functions to add the old custom extension callbacks */
  389. int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  390. custom_ext_add_cb add_cb,
  391. custom_ext_free_cb free_cb,
  392. void *add_arg,
  393. custom_ext_parse_cb parse_cb, void *parse_arg)
  394. {
  395. return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,
  396. SSL_EXT_TLS1_2_AND_BELOW_ONLY
  397. | SSL_EXT_CLIENT_HELLO
  398. | SSL_EXT_TLS1_2_SERVER_HELLO
  399. | SSL_EXT_IGNORE_ON_RESUMPTION,
  400. add_cb, free_cb, add_arg, parse_cb, parse_arg);
  401. }
  402. int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  403. custom_ext_add_cb add_cb,
  404. custom_ext_free_cb free_cb,
  405. void *add_arg,
  406. custom_ext_parse_cb parse_cb, void *parse_arg)
  407. {
  408. return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,
  409. SSL_EXT_TLS1_2_AND_BELOW_ONLY
  410. | SSL_EXT_CLIENT_HELLO
  411. | SSL_EXT_TLS1_2_SERVER_HELLO
  412. | SSL_EXT_IGNORE_ON_RESUMPTION,
  413. add_cb, free_cb, add_arg, parse_cb, parse_arg);
  414. }
  415. int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  416. unsigned int context,
  417. SSL_custom_ext_add_cb_ex add_cb,
  418. SSL_custom_ext_free_cb_ex free_cb,
  419. void *add_arg,
  420. SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)
  421. {
  422. return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb,
  423. free_cb, add_arg, parse_cb, parse_arg);
  424. }
  425. int SSL_extension_supported(unsigned int ext_type)
  426. {
  427. switch (ext_type) {
  428. /* Internally supported extensions. */
  429. case TLSEXT_TYPE_application_layer_protocol_negotiation:
  430. case TLSEXT_TYPE_ec_point_formats:
  431. case TLSEXT_TYPE_supported_groups:
  432. case TLSEXT_TYPE_key_share:
  433. #ifndef OPENSSL_NO_NEXTPROTONEG
  434. case TLSEXT_TYPE_next_proto_neg:
  435. #endif
  436. case TLSEXT_TYPE_padding:
  437. case TLSEXT_TYPE_renegotiate:
  438. case TLSEXT_TYPE_max_fragment_length:
  439. case TLSEXT_TYPE_server_name:
  440. case TLSEXT_TYPE_session_ticket:
  441. case TLSEXT_TYPE_signature_algorithms:
  442. #ifndef OPENSSL_NO_SRP
  443. case TLSEXT_TYPE_srp:
  444. #endif
  445. #ifndef OPENSSL_NO_OCSP
  446. case TLSEXT_TYPE_status_request:
  447. #endif
  448. #ifndef OPENSSL_NO_CT
  449. case TLSEXT_TYPE_signed_certificate_timestamp:
  450. #endif
  451. #ifndef OPENSSL_NO_SRTP
  452. case TLSEXT_TYPE_use_srtp:
  453. #endif
  454. case TLSEXT_TYPE_encrypt_then_mac:
  455. case TLSEXT_TYPE_supported_versions:
  456. case TLSEXT_TYPE_extended_master_secret:
  457. case TLSEXT_TYPE_psk_kex_modes:
  458. case TLSEXT_TYPE_cookie:
  459. case TLSEXT_TYPE_early_data:
  460. case TLSEXT_TYPE_certificate_authorities:
  461. case TLSEXT_TYPE_psk:
  462. case TLSEXT_TYPE_post_handshake_auth:
  463. case TLSEXT_TYPE_compress_certificate:
  464. return 1;
  465. default:
  466. return 0;
  467. }
  468. }