extensions_cust.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533
  1. /*
  2. * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Custom extension utility functions */
  10. #include <openssl/ct.h>
  11. #include "../ssl_locl.h"
  12. #include "internal/cryptlib.h"
  13. #include "statem_locl.h"
  14. typedef struct {
  15. void *add_arg;
  16. custom_ext_add_cb add_cb;
  17. custom_ext_free_cb free_cb;
  18. } custom_ext_add_cb_wrap;
  19. typedef struct {
  20. void *parse_arg;
  21. custom_ext_parse_cb parse_cb;
  22. } custom_ext_parse_cb_wrap;
  23. /*
  24. * Provide thin wrapper callbacks which convert new style arguments to old style
  25. */
  26. static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,
  27. unsigned int context,
  28. const unsigned char **out,
  29. size_t *outlen, X509 *x, size_t chainidx,
  30. int *al, void *add_arg)
  31. {
  32. custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
  33. if (add_cb_wrap->add_cb == NULL)
  34. return 1;
  35. return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,
  36. add_cb_wrap->add_arg);
  37. }
  38. static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,
  39. unsigned int context,
  40. const unsigned char *out, void *add_arg)
  41. {
  42. custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
  43. if (add_cb_wrap->free_cb == NULL)
  44. return;
  45. add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);
  46. }
  47. static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
  48. unsigned int context,
  49. const unsigned char *in,
  50. size_t inlen, X509 *x, size_t chainidx,
  51. int *al, void *parse_arg)
  52. {
  53. custom_ext_parse_cb_wrap *parse_cb_wrap =
  54. (custom_ext_parse_cb_wrap *)parse_arg;
  55. if (parse_cb_wrap->parse_cb == NULL)
  56. return 1;
  57. return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
  58. parse_cb_wrap->parse_arg);
  59. }
  60. /*
  61. * Find a custom extension from the list. The |role| param is there to
  62. * support the legacy API where custom extensions for client and server could
  63. * be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we
  64. * are trying to find a method relevant to the server, ENDPOINT_CLIENT for the
  65. * client, or ENDPOINT_BOTH for either
  66. */
  67. custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
  68. ENDPOINT role, unsigned int ext_type,
  69. size_t *idx)
  70. {
  71. size_t i;
  72. custom_ext_method *meth = exts->meths;
  73. for (i = 0; i < exts->meths_count; i++, meth++) {
  74. if (ext_type == meth->ext_type
  75. && (role == ENDPOINT_BOTH || role == meth->role
  76. || meth->role == ENDPOINT_BOTH)) {
  77. if (idx != NULL)
  78. *idx = i;
  79. return meth;
  80. }
  81. }
  82. return NULL;
  83. }
  84. /*
  85. * Initialise custom extensions flags to indicate neither sent nor received.
  86. */
  87. void custom_ext_init(custom_ext_methods *exts)
  88. {
  89. size_t i;
  90. custom_ext_method *meth = exts->meths;
  91. for (i = 0; i < exts->meths_count; i++, meth++)
  92. meth->ext_flags = 0;
  93. }
  94. /* Pass received custom extension data to the application for parsing. */
  95. int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
  96. const unsigned char *ext_data, size_t ext_size, X509 *x,
  97. size_t chainidx)
  98. {
  99. int al;
  100. custom_ext_methods *exts = &s->cert->custext;
  101. custom_ext_method *meth;
  102. ENDPOINT role = ENDPOINT_BOTH;
  103. if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)
  104. role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;
  105. meth = custom_ext_find(exts, role, ext_type, NULL);
  106. /* If not found return success */
  107. if (!meth)
  108. return 1;
  109. /* Check if extension is defined for our protocol. If not, skip */
  110. if (!extension_is_relevant(s, meth->context, context))
  111. return 1;
  112. if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
  113. | SSL_EXT_TLS1_3_SERVER_HELLO
  114. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
  115. /*
  116. * If it's ServerHello or EncryptedExtensions we can't have any
  117. * extensions not sent in ClientHello.
  118. */
  119. if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
  120. SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_CUSTOM_EXT_PARSE,
  121. SSL_R_BAD_EXTENSION);
  122. return 0;
  123. }
  124. }
  125. /*
  126. * Extensions received in the ClientHello are marked with the
  127. * SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent
  128. * extensions in the ServerHello/EncryptedExtensions message
  129. */
  130. if ((context & SSL_EXT_CLIENT_HELLO) != 0)
  131. meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
  132. /* If no parse function set return success */
  133. if (!meth->parse_cb)
  134. return 1;
  135. if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx,
  136. &al, meth->parse_arg) <= 0) {
  137. SSLfatal(s, al, SSL_F_CUSTOM_EXT_PARSE, SSL_R_BAD_EXTENSION);
  138. return 0;
  139. }
  140. return 1;
  141. }
  142. /*
  143. * Request custom extension data from the application and add to the return
  144. * buffer.
  145. */
  146. int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
  147. int maxversion)
  148. {
  149. custom_ext_methods *exts = &s->cert->custext;
  150. custom_ext_method *meth;
  151. size_t i;
  152. int al;
  153. for (i = 0; i < exts->meths_count; i++) {
  154. const unsigned char *out = NULL;
  155. size_t outlen = 0;
  156. meth = exts->meths + i;
  157. if (!should_add_extension(s, meth->context, context, maxversion))
  158. continue;
  159. if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
  160. | SSL_EXT_TLS1_3_SERVER_HELLO
  161. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
  162. | SSL_EXT_TLS1_3_CERTIFICATE
  163. | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
  164. /* Only send extensions present in ClientHello. */
  165. if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
  166. continue;
  167. }
  168. /*
  169. * We skip it if the callback is absent - except for a ClientHello where
  170. * we add an empty extension.
  171. */
  172. if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)
  173. continue;
  174. if (meth->add_cb != NULL) {
  175. int cb_retval = meth->add_cb(s, meth->ext_type, context, &out,
  176. &outlen, x, chainidx, &al,
  177. meth->add_arg);
  178. if (cb_retval < 0) {
  179. SSLfatal(s, al, SSL_F_CUSTOM_EXT_ADD, SSL_R_CALLBACK_FAILED);
  180. return 0; /* error */
  181. }
  182. if (cb_retval == 0)
  183. continue; /* skip this extension */
  184. }
  185. if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
  186. || !WPACKET_start_sub_packet_u16(pkt)
  187. || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
  188. || !WPACKET_close(pkt)) {
  189. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,
  190. ERR_R_INTERNAL_ERROR);
  191. return 0;
  192. }
  193. if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
  194. /*
  195. * We can't send duplicates: code logic should prevent this.
  196. */
  197. if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
  198. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,
  199. ERR_R_INTERNAL_ERROR);
  200. return 0;
  201. }
  202. /*
  203. * Indicate extension has been sent: this is both a sanity check to
  204. * ensure we don't send duplicate extensions and indicates that it
  205. * is not an error if the extension is present in ServerHello.
  206. */
  207. meth->ext_flags |= SSL_EXT_FLAG_SENT;
  208. }
  209. if (meth->free_cb != NULL)
  210. meth->free_cb(s, meth->ext_type, context, out, meth->add_arg);
  211. }
  212. return 1;
  213. }
  214. /* Copy the flags from src to dst for any extensions that exist in both */
  215. int custom_exts_copy_flags(custom_ext_methods *dst,
  216. const custom_ext_methods *src)
  217. {
  218. size_t i;
  219. custom_ext_method *methsrc = src->meths;
  220. for (i = 0; i < src->meths_count; i++, methsrc++) {
  221. custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
  222. methsrc->ext_type, NULL);
  223. if (methdst == NULL)
  224. continue;
  225. methdst->ext_flags = methsrc->ext_flags;
  226. }
  227. return 1;
  228. }
  229. /* Copy table of custom extensions */
  230. int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
  231. {
  232. size_t i;
  233. int err = 0;
  234. if (src->meths_count > 0) {
  235. dst->meths =
  236. OPENSSL_memdup(src->meths,
  237. sizeof(*src->meths) * src->meths_count);
  238. if (dst->meths == NULL)
  239. return 0;
  240. dst->meths_count = src->meths_count;
  241. for (i = 0; i < src->meths_count; i++) {
  242. custom_ext_method *methsrc = src->meths + i;
  243. custom_ext_method *methdst = dst->meths + i;
  244. if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
  245. continue;
  246. /*
  247. * We have found an old style API wrapper. We need to copy the
  248. * arguments too.
  249. */
  250. if (err) {
  251. methdst->add_arg = NULL;
  252. methdst->parse_arg = NULL;
  253. continue;
  254. }
  255. methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
  256. sizeof(custom_ext_add_cb_wrap));
  257. methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
  258. sizeof(custom_ext_parse_cb_wrap));
  259. if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
  260. err = 1;
  261. }
  262. }
  263. if (err) {
  264. custom_exts_free(dst);
  265. return 0;
  266. }
  267. return 1;
  268. }
  269. void custom_exts_free(custom_ext_methods *exts)
  270. {
  271. size_t i;
  272. custom_ext_method *meth;
  273. for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
  274. if (meth->add_cb != custom_ext_add_old_cb_wrap)
  275. continue;
  276. /* Old style API wrapper. Need to free the arguments too */
  277. OPENSSL_free(meth->add_arg);
  278. OPENSSL_free(meth->parse_arg);
  279. }
  280. OPENSSL_free(exts->meths);
  281. }
  282. /* Return true if a client custom extension exists, false otherwise */
  283. int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
  284. {
  285. return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,
  286. NULL) != NULL;
  287. }
  288. static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role,
  289. unsigned int ext_type,
  290. unsigned int context,
  291. SSL_custom_ext_add_cb_ex add_cb,
  292. SSL_custom_ext_free_cb_ex free_cb,
  293. void *add_arg,
  294. SSL_custom_ext_parse_cb_ex parse_cb,
  295. void *parse_arg)
  296. {
  297. custom_ext_methods *exts = &ctx->cert->custext;
  298. custom_ext_method *meth, *tmp;
  299. /*
  300. * Check application error: if add_cb is not set free_cb will never be
  301. * called.
  302. */
  303. if (add_cb == NULL && free_cb != NULL)
  304. return 0;
  305. #ifndef OPENSSL_NO_CT
  306. /*
  307. * We don't want applications registering callbacks for SCT extensions
  308. * whilst simultaneously using the built-in SCT validation features, as
  309. * these two things may not play well together.
  310. */
  311. if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp
  312. && (context & SSL_EXT_CLIENT_HELLO) != 0
  313. && SSL_CTX_ct_is_enabled(ctx))
  314. return 0;
  315. #endif
  316. /*
  317. * Don't add if extension supported internally, but make exception
  318. * for extension types that previously were not supported, but now are.
  319. */
  320. if (SSL_extension_supported(ext_type)
  321. && ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
  322. return 0;
  323. /* Extension type must fit in 16 bits */
  324. if (ext_type > 0xffff)
  325. return 0;
  326. /* Search for duplicate */
  327. if (custom_ext_find(exts, role, ext_type, NULL))
  328. return 0;
  329. tmp = OPENSSL_realloc(exts->meths,
  330. (exts->meths_count + 1) * sizeof(custom_ext_method));
  331. if (tmp == NULL)
  332. return 0;
  333. exts->meths = tmp;
  334. meth = exts->meths + exts->meths_count;
  335. memset(meth, 0, sizeof(*meth));
  336. meth->role = role;
  337. meth->context = context;
  338. meth->parse_cb = parse_cb;
  339. meth->add_cb = add_cb;
  340. meth->free_cb = free_cb;
  341. meth->ext_type = ext_type;
  342. meth->add_arg = add_arg;
  343. meth->parse_arg = parse_arg;
  344. exts->meths_count++;
  345. return 1;
  346. }
  347. static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
  348. unsigned int ext_type,
  349. unsigned int context,
  350. custom_ext_add_cb add_cb,
  351. custom_ext_free_cb free_cb,
  352. void *add_arg,
  353. custom_ext_parse_cb parse_cb, void *parse_arg)
  354. {
  355. custom_ext_add_cb_wrap *add_cb_wrap
  356. = OPENSSL_malloc(sizeof(*add_cb_wrap));
  357. custom_ext_parse_cb_wrap *parse_cb_wrap
  358. = OPENSSL_malloc(sizeof(*parse_cb_wrap));
  359. int ret;
  360. if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
  361. OPENSSL_free(add_cb_wrap);
  362. OPENSSL_free(parse_cb_wrap);
  363. return 0;
  364. }
  365. add_cb_wrap->add_arg = add_arg;
  366. add_cb_wrap->add_cb = add_cb;
  367. add_cb_wrap->free_cb = free_cb;
  368. parse_cb_wrap->parse_arg = parse_arg;
  369. parse_cb_wrap->parse_cb = parse_cb;
  370. ret = add_custom_ext_intern(ctx, role, ext_type,
  371. context,
  372. custom_ext_add_old_cb_wrap,
  373. custom_ext_free_old_cb_wrap,
  374. add_cb_wrap,
  375. custom_ext_parse_old_cb_wrap,
  376. parse_cb_wrap);
  377. if (!ret) {
  378. OPENSSL_free(add_cb_wrap);
  379. OPENSSL_free(parse_cb_wrap);
  380. }
  381. return ret;
  382. }
  383. /* Application level functions to add the old custom extension callbacks */
  384. int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  385. custom_ext_add_cb add_cb,
  386. custom_ext_free_cb free_cb,
  387. void *add_arg,
  388. custom_ext_parse_cb parse_cb, void *parse_arg)
  389. {
  390. return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,
  391. SSL_EXT_TLS1_2_AND_BELOW_ONLY
  392. | SSL_EXT_CLIENT_HELLO
  393. | SSL_EXT_TLS1_2_SERVER_HELLO
  394. | SSL_EXT_IGNORE_ON_RESUMPTION,
  395. add_cb, free_cb, add_arg, parse_cb, parse_arg);
  396. }
  397. int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  398. custom_ext_add_cb add_cb,
  399. custom_ext_free_cb free_cb,
  400. void *add_arg,
  401. custom_ext_parse_cb parse_cb, void *parse_arg)
  402. {
  403. return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,
  404. SSL_EXT_TLS1_2_AND_BELOW_ONLY
  405. | SSL_EXT_CLIENT_HELLO
  406. | SSL_EXT_TLS1_2_SERVER_HELLO
  407. | SSL_EXT_IGNORE_ON_RESUMPTION,
  408. add_cb, free_cb, add_arg, parse_cb, parse_arg);
  409. }
  410. int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  411. unsigned int context,
  412. SSL_custom_ext_add_cb_ex add_cb,
  413. SSL_custom_ext_free_cb_ex free_cb,
  414. void *add_arg,
  415. SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)
  416. {
  417. return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb,
  418. free_cb, add_arg, parse_cb, parse_arg);
  419. }
  420. int SSL_extension_supported(unsigned int ext_type)
  421. {
  422. switch (ext_type) {
  423. /* Internally supported extensions. */
  424. case TLSEXT_TYPE_application_layer_protocol_negotiation:
  425. #ifndef OPENSSL_NO_EC
  426. case TLSEXT_TYPE_ec_point_formats:
  427. case TLSEXT_TYPE_supported_groups:
  428. case TLSEXT_TYPE_key_share:
  429. #endif
  430. #ifndef OPENSSL_NO_NEXTPROTONEG
  431. case TLSEXT_TYPE_next_proto_neg:
  432. #endif
  433. case TLSEXT_TYPE_padding:
  434. case TLSEXT_TYPE_renegotiate:
  435. case TLSEXT_TYPE_max_fragment_length:
  436. case TLSEXT_TYPE_server_name:
  437. case TLSEXT_TYPE_session_ticket:
  438. case TLSEXT_TYPE_signature_algorithms:
  439. #ifndef OPENSSL_NO_SRP
  440. case TLSEXT_TYPE_srp:
  441. #endif
  442. #ifndef OPENSSL_NO_OCSP
  443. case TLSEXT_TYPE_status_request:
  444. #endif
  445. #ifndef OPENSSL_NO_CT
  446. case TLSEXT_TYPE_signed_certificate_timestamp:
  447. #endif
  448. #ifndef OPENSSL_NO_SRTP
  449. case TLSEXT_TYPE_use_srtp:
  450. #endif
  451. case TLSEXT_TYPE_encrypt_then_mac:
  452. case TLSEXT_TYPE_supported_versions:
  453. case TLSEXT_TYPE_extended_master_secret:
  454. case TLSEXT_TYPE_psk_kex_modes:
  455. case TLSEXT_TYPE_cookie:
  456. case TLSEXT_TYPE_early_data:
  457. case TLSEXT_TYPE_certificate_authorities:
  458. case TLSEXT_TYPE_psk:
  459. case TLSEXT_TYPE_post_handshake_auth:
  460. return 1;
  461. default:
  462. return 0;
  463. }
  464. }