extensions_cust.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532
  1. /*
  2. * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Custom extension utility functions */
  10. #include <openssl/ct.h>
  11. #include "../ssl_local.h"
  12. #include "internal/cryptlib.h"
  13. #include "statem_local.h"
  14. typedef struct {
  15. void *add_arg;
  16. custom_ext_add_cb add_cb;
  17. custom_ext_free_cb free_cb;
  18. } custom_ext_add_cb_wrap;
  19. typedef struct {
  20. void *parse_arg;
  21. custom_ext_parse_cb parse_cb;
  22. } custom_ext_parse_cb_wrap;
  23. /*
  24. * Provide thin wrapper callbacks which convert new style arguments to old style
  25. */
  26. static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,
  27. unsigned int context,
  28. const unsigned char **out,
  29. size_t *outlen, X509 *x, size_t chainidx,
  30. int *al, void *add_arg)
  31. {
  32. custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
  33. if (add_cb_wrap->add_cb == NULL)
  34. return 1;
  35. return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,
  36. add_cb_wrap->add_arg);
  37. }
  38. static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,
  39. unsigned int context,
  40. const unsigned char *out, void *add_arg)
  41. {
  42. custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
  43. if (add_cb_wrap->free_cb == NULL)
  44. return;
  45. add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);
  46. }
  47. static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
  48. unsigned int context,
  49. const unsigned char *in,
  50. size_t inlen, X509 *x, size_t chainidx,
  51. int *al, void *parse_arg)
  52. {
  53. custom_ext_parse_cb_wrap *parse_cb_wrap =
  54. (custom_ext_parse_cb_wrap *)parse_arg;
  55. if (parse_cb_wrap->parse_cb == NULL)
  56. return 1;
  57. return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
  58. parse_cb_wrap->parse_arg);
  59. }
  60. /*
  61. * Find a custom extension from the list. The |role| param is there to
  62. * support the legacy API where custom extensions for client and server could
  63. * be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we
  64. * are trying to find a method relevant to the server, ENDPOINT_CLIENT for the
  65. * client, or ENDPOINT_BOTH for either
  66. */
  67. custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
  68. ENDPOINT role, unsigned int ext_type,
  69. size_t *idx)
  70. {
  71. size_t i;
  72. custom_ext_method *meth = exts->meths;
  73. for (i = 0; i < exts->meths_count; i++, meth++) {
  74. if (ext_type == meth->ext_type
  75. && (role == ENDPOINT_BOTH || role == meth->role
  76. || meth->role == ENDPOINT_BOTH)) {
  77. if (idx != NULL)
  78. *idx = i;
  79. return meth;
  80. }
  81. }
  82. return NULL;
  83. }
  84. /*
  85. * Initialise custom extensions flags to indicate neither sent nor received.
  86. */
  87. void custom_ext_init(custom_ext_methods *exts)
  88. {
  89. size_t i;
  90. custom_ext_method *meth = exts->meths;
  91. for (i = 0; i < exts->meths_count; i++, meth++)
  92. meth->ext_flags = 0;
  93. }
  94. /* Pass received custom extension data to the application for parsing. */
  95. int custom_ext_parse(SSL_CONNECTION *s, unsigned int context,
  96. unsigned int ext_type,
  97. const unsigned char *ext_data, size_t ext_size, X509 *x,
  98. size_t chainidx)
  99. {
  100. int al;
  101. custom_ext_methods *exts = &s->cert->custext;
  102. custom_ext_method *meth;
  103. ENDPOINT role = ENDPOINT_BOTH;
  104. if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)
  105. role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;
  106. meth = custom_ext_find(exts, role, ext_type, NULL);
  107. /* If not found return success */
  108. if (!meth)
  109. return 1;
  110. /* Check if extension is defined for our protocol. If not, skip */
  111. if (!extension_is_relevant(s, meth->context, context))
  112. return 1;
  113. if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
  114. | SSL_EXT_TLS1_3_SERVER_HELLO
  115. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
  116. /*
  117. * If it's ServerHello or EncryptedExtensions we can't have any
  118. * extensions not sent in ClientHello.
  119. */
  120. if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
  121. SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
  122. return 0;
  123. }
  124. }
  125. /*
  126. * Extensions received in the ClientHello or CertificateRequest are marked
  127. * with the SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent
  128. * extensions in the response messages
  129. */
  130. if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST))
  131. != 0)
  132. meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
  133. /* If no parse function set return success */
  134. if (meth->parse_cb == NULL)
  135. return 1;
  136. if (meth->parse_cb(SSL_CONNECTION_GET_SSL(s), ext_type, context, ext_data,
  137. ext_size, x, chainidx, &al, meth->parse_arg) <= 0) {
  138. SSLfatal(s, al, SSL_R_BAD_EXTENSION);
  139. return 0;
  140. }
  141. return 1;
  142. }
  143. /*
  144. * Request custom extension data from the application and add to the return
  145. * buffer.
  146. */
  147. int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x,
  148. size_t chainidx, int maxversion)
  149. {
  150. custom_ext_methods *exts = &s->cert->custext;
  151. custom_ext_method *meth;
  152. size_t i;
  153. int al;
  154. for (i = 0; i < exts->meths_count; i++) {
  155. const unsigned char *out = NULL;
  156. size_t outlen = 0;
  157. meth = exts->meths + i;
  158. if (!should_add_extension(s, meth->context, context, maxversion))
  159. continue;
  160. if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
  161. | SSL_EXT_TLS1_3_SERVER_HELLO
  162. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
  163. | SSL_EXT_TLS1_3_CERTIFICATE
  164. | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
  165. /* Only send extensions present in ClientHello/CertificateRequest */
  166. if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
  167. continue;
  168. }
  169. /*
  170. * We skip it if the callback is absent - except for a ClientHello where
  171. * we add an empty extension.
  172. */
  173. if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)
  174. continue;
  175. if (meth->add_cb != NULL) {
  176. int cb_retval = meth->add_cb(SSL_CONNECTION_GET_SSL(s),
  177. meth->ext_type, context, &out,
  178. &outlen, x, chainidx, &al,
  179. meth->add_arg);
  180. if (cb_retval < 0) {
  181. SSLfatal(s, al, SSL_R_CALLBACK_FAILED);
  182. return 0; /* error */
  183. }
  184. if (cb_retval == 0)
  185. continue; /* skip this extension */
  186. }
  187. if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
  188. || !WPACKET_start_sub_packet_u16(pkt)
  189. || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
  190. || !WPACKET_close(pkt)) {
  191. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  192. return 0;
  193. }
  194. if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
  195. /*
  196. * We can't send duplicates: code logic should prevent this.
  197. */
  198. if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
  199. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  200. return 0;
  201. }
  202. /*
  203. * Indicate extension has been sent: this is both a sanity check to
  204. * ensure we don't send duplicate extensions and indicates that it
  205. * is not an error if the extension is present in ServerHello.
  206. */
  207. meth->ext_flags |= SSL_EXT_FLAG_SENT;
  208. }
  209. if (meth->free_cb != NULL)
  210. meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context,
  211. out, meth->add_arg);
  212. }
  213. return 1;
  214. }
  215. /* Copy the flags from src to dst for any extensions that exist in both */
  216. int custom_exts_copy_flags(custom_ext_methods *dst,
  217. const custom_ext_methods *src)
  218. {
  219. size_t i;
  220. custom_ext_method *methsrc = src->meths;
  221. for (i = 0; i < src->meths_count; i++, methsrc++) {
  222. custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
  223. methsrc->ext_type, NULL);
  224. if (methdst == NULL)
  225. continue;
  226. methdst->ext_flags = methsrc->ext_flags;
  227. }
  228. return 1;
  229. }
  230. /* Copy table of custom extensions */
  231. int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
  232. {
  233. size_t i;
  234. int err = 0;
  235. if (src->meths_count > 0) {
  236. dst->meths =
  237. OPENSSL_memdup(src->meths,
  238. sizeof(*src->meths) * src->meths_count);
  239. if (dst->meths == NULL)
  240. return 0;
  241. dst->meths_count = src->meths_count;
  242. for (i = 0; i < src->meths_count; i++) {
  243. custom_ext_method *methsrc = src->meths + i;
  244. custom_ext_method *methdst = dst->meths + i;
  245. if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
  246. continue;
  247. /*
  248. * We have found an old style API wrapper. We need to copy the
  249. * arguments too.
  250. */
  251. if (err) {
  252. methdst->add_arg = NULL;
  253. methdst->parse_arg = NULL;
  254. continue;
  255. }
  256. methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
  257. sizeof(custom_ext_add_cb_wrap));
  258. methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
  259. sizeof(custom_ext_parse_cb_wrap));
  260. if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
  261. err = 1;
  262. }
  263. }
  264. if (err) {
  265. custom_exts_free(dst);
  266. return 0;
  267. }
  268. return 1;
  269. }
  270. void custom_exts_free(custom_ext_methods *exts)
  271. {
  272. size_t i;
  273. custom_ext_method *meth;
  274. for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
  275. if (meth->add_cb != custom_ext_add_old_cb_wrap)
  276. continue;
  277. /* Old style API wrapper. Need to free the arguments too */
  278. OPENSSL_free(meth->add_arg);
  279. OPENSSL_free(meth->parse_arg);
  280. }
  281. OPENSSL_free(exts->meths);
  282. }
  283. /* Return true if a client custom extension exists, false otherwise */
  284. int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
  285. {
  286. return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,
  287. NULL) != NULL;
  288. }
  289. static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role,
  290. unsigned int ext_type,
  291. unsigned int context,
  292. SSL_custom_ext_add_cb_ex add_cb,
  293. SSL_custom_ext_free_cb_ex free_cb,
  294. void *add_arg,
  295. SSL_custom_ext_parse_cb_ex parse_cb,
  296. void *parse_arg)
  297. {
  298. custom_ext_methods *exts = &ctx->cert->custext;
  299. custom_ext_method *meth, *tmp;
  300. /*
  301. * Check application error: if add_cb is not set free_cb will never be
  302. * called.
  303. */
  304. if (add_cb == NULL && free_cb != NULL)
  305. return 0;
  306. #ifndef OPENSSL_NO_CT
  307. /*
  308. * We don't want applications registering callbacks for SCT extensions
  309. * whilst simultaneously using the built-in SCT validation features, as
  310. * these two things may not play well together.
  311. */
  312. if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp
  313. && (context & SSL_EXT_CLIENT_HELLO) != 0
  314. && SSL_CTX_ct_is_enabled(ctx))
  315. return 0;
  316. #endif
  317. /*
  318. * Don't add if extension supported internally, but make exception
  319. * for extension types that previously were not supported, but now are.
  320. */
  321. if (SSL_extension_supported(ext_type)
  322. && ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
  323. return 0;
  324. /* Extension type must fit in 16 bits */
  325. if (ext_type > 0xffff)
  326. return 0;
  327. /* Search for duplicate */
  328. if (custom_ext_find(exts, role, ext_type, NULL))
  329. return 0;
  330. tmp = OPENSSL_realloc(exts->meths,
  331. (exts->meths_count + 1) * sizeof(custom_ext_method));
  332. if (tmp == NULL)
  333. return 0;
  334. exts->meths = tmp;
  335. meth = exts->meths + exts->meths_count;
  336. memset(meth, 0, sizeof(*meth));
  337. meth->role = role;
  338. meth->context = context;
  339. meth->parse_cb = parse_cb;
  340. meth->add_cb = add_cb;
  341. meth->free_cb = free_cb;
  342. meth->ext_type = ext_type;
  343. meth->add_arg = add_arg;
  344. meth->parse_arg = parse_arg;
  345. exts->meths_count++;
  346. return 1;
  347. }
  348. static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
  349. unsigned int ext_type,
  350. unsigned int context,
  351. custom_ext_add_cb add_cb,
  352. custom_ext_free_cb free_cb,
  353. void *add_arg,
  354. custom_ext_parse_cb parse_cb, void *parse_arg)
  355. {
  356. custom_ext_add_cb_wrap *add_cb_wrap
  357. = OPENSSL_malloc(sizeof(*add_cb_wrap));
  358. custom_ext_parse_cb_wrap *parse_cb_wrap
  359. = OPENSSL_malloc(sizeof(*parse_cb_wrap));
  360. int ret;
  361. if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
  362. OPENSSL_free(add_cb_wrap);
  363. OPENSSL_free(parse_cb_wrap);
  364. return 0;
  365. }
  366. add_cb_wrap->add_arg = add_arg;
  367. add_cb_wrap->add_cb = add_cb;
  368. add_cb_wrap->free_cb = free_cb;
  369. parse_cb_wrap->parse_arg = parse_arg;
  370. parse_cb_wrap->parse_cb = parse_cb;
  371. ret = add_custom_ext_intern(ctx, role, ext_type,
  372. context,
  373. custom_ext_add_old_cb_wrap,
  374. custom_ext_free_old_cb_wrap,
  375. add_cb_wrap,
  376. custom_ext_parse_old_cb_wrap,
  377. parse_cb_wrap);
  378. if (!ret) {
  379. OPENSSL_free(add_cb_wrap);
  380. OPENSSL_free(parse_cb_wrap);
  381. }
  382. return ret;
  383. }
  384. /* Application level functions to add the old custom extension callbacks */
  385. int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  386. custom_ext_add_cb add_cb,
  387. custom_ext_free_cb free_cb,
  388. void *add_arg,
  389. custom_ext_parse_cb parse_cb, void *parse_arg)
  390. {
  391. return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,
  392. SSL_EXT_TLS1_2_AND_BELOW_ONLY
  393. | SSL_EXT_CLIENT_HELLO
  394. | SSL_EXT_TLS1_2_SERVER_HELLO
  395. | SSL_EXT_IGNORE_ON_RESUMPTION,
  396. add_cb, free_cb, add_arg, parse_cb, parse_arg);
  397. }
  398. int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  399. custom_ext_add_cb add_cb,
  400. custom_ext_free_cb free_cb,
  401. void *add_arg,
  402. custom_ext_parse_cb parse_cb, void *parse_arg)
  403. {
  404. return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,
  405. SSL_EXT_TLS1_2_AND_BELOW_ONLY
  406. | SSL_EXT_CLIENT_HELLO
  407. | SSL_EXT_TLS1_2_SERVER_HELLO
  408. | SSL_EXT_IGNORE_ON_RESUMPTION,
  409. add_cb, free_cb, add_arg, parse_cb, parse_arg);
  410. }
  411. int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  412. unsigned int context,
  413. SSL_custom_ext_add_cb_ex add_cb,
  414. SSL_custom_ext_free_cb_ex free_cb,
  415. void *add_arg,
  416. SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)
  417. {
  418. return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb,
  419. free_cb, add_arg, parse_cb, parse_arg);
  420. }
  421. int SSL_extension_supported(unsigned int ext_type)
  422. {
  423. switch (ext_type) {
  424. /* Internally supported extensions. */
  425. case TLSEXT_TYPE_application_layer_protocol_negotiation:
  426. case TLSEXT_TYPE_ec_point_formats:
  427. case TLSEXT_TYPE_supported_groups:
  428. case TLSEXT_TYPE_key_share:
  429. #ifndef OPENSSL_NO_NEXTPROTONEG
  430. case TLSEXT_TYPE_next_proto_neg:
  431. #endif
  432. case TLSEXT_TYPE_padding:
  433. case TLSEXT_TYPE_renegotiate:
  434. case TLSEXT_TYPE_max_fragment_length:
  435. case TLSEXT_TYPE_server_name:
  436. case TLSEXT_TYPE_session_ticket:
  437. case TLSEXT_TYPE_signature_algorithms:
  438. #ifndef OPENSSL_NO_SRP
  439. case TLSEXT_TYPE_srp:
  440. #endif
  441. #ifndef OPENSSL_NO_OCSP
  442. case TLSEXT_TYPE_status_request:
  443. #endif
  444. #ifndef OPENSSL_NO_CT
  445. case TLSEXT_TYPE_signed_certificate_timestamp:
  446. #endif
  447. #ifndef OPENSSL_NO_SRTP
  448. case TLSEXT_TYPE_use_srtp:
  449. #endif
  450. case TLSEXT_TYPE_encrypt_then_mac:
  451. case TLSEXT_TYPE_supported_versions:
  452. case TLSEXT_TYPE_extended_master_secret:
  453. case TLSEXT_TYPE_psk_kex_modes:
  454. case TLSEXT_TYPE_cookie:
  455. case TLSEXT_TYPE_early_data:
  456. case TLSEXT_TYPE_certificate_authorities:
  457. case TLSEXT_TYPE_psk:
  458. case TLSEXT_TYPE_post_handshake_auth:
  459. return 1;
  460. default:
  461. return 0;
  462. }
  463. }