extensions_cust.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529
  1. /*
  2. * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Custom extension utility functions */
  10. #include <openssl/ct.h>
  11. #include "../ssl_local.h"
  12. #include "internal/cryptlib.h"
  13. #include "statem_local.h"
  14. typedef struct {
  15. void *add_arg;
  16. custom_ext_add_cb add_cb;
  17. custom_ext_free_cb free_cb;
  18. } custom_ext_add_cb_wrap;
  19. typedef struct {
  20. void *parse_arg;
  21. custom_ext_parse_cb parse_cb;
  22. } custom_ext_parse_cb_wrap;
  23. /*
  24. * Provide thin wrapper callbacks which convert new style arguments to old style
  25. */
  26. static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,
  27. unsigned int context,
  28. const unsigned char **out,
  29. size_t *outlen, X509 *x, size_t chainidx,
  30. int *al, void *add_arg)
  31. {
  32. custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
  33. if (add_cb_wrap->add_cb == NULL)
  34. return 1;
  35. return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,
  36. add_cb_wrap->add_arg);
  37. }
  38. static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,
  39. unsigned int context,
  40. const unsigned char *out, void *add_arg)
  41. {
  42. custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
  43. if (add_cb_wrap->free_cb == NULL)
  44. return;
  45. add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);
  46. }
  47. static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
  48. unsigned int context,
  49. const unsigned char *in,
  50. size_t inlen, X509 *x, size_t chainidx,
  51. int *al, void *parse_arg)
  52. {
  53. custom_ext_parse_cb_wrap *parse_cb_wrap =
  54. (custom_ext_parse_cb_wrap *)parse_arg;
  55. if (parse_cb_wrap->parse_cb == NULL)
  56. return 1;
  57. return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
  58. parse_cb_wrap->parse_arg);
  59. }
  60. /*
  61. * Find a custom extension from the list. The |role| param is there to
  62. * support the legacy API where custom extensions for client and server could
  63. * be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we
  64. * are trying to find a method relevant to the server, ENDPOINT_CLIENT for the
  65. * client, or ENDPOINT_BOTH for either
  66. */
  67. custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
  68. ENDPOINT role, unsigned int ext_type,
  69. size_t *idx)
  70. {
  71. size_t i;
  72. custom_ext_method *meth = exts->meths;
  73. for (i = 0; i < exts->meths_count; i++, meth++) {
  74. if (ext_type == meth->ext_type
  75. && (role == ENDPOINT_BOTH || role == meth->role
  76. || meth->role == ENDPOINT_BOTH)) {
  77. if (idx != NULL)
  78. *idx = i;
  79. return meth;
  80. }
  81. }
  82. return NULL;
  83. }
  84. /*
  85. * Initialise custom extensions flags to indicate neither sent nor received.
  86. */
  87. void custom_ext_init(custom_ext_methods *exts)
  88. {
  89. size_t i;
  90. custom_ext_method *meth = exts->meths;
  91. for (i = 0; i < exts->meths_count; i++, meth++)
  92. meth->ext_flags = 0;
  93. }
  94. /* Pass received custom extension data to the application for parsing. */
  95. int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
  96. const unsigned char *ext_data, size_t ext_size, X509 *x,
  97. size_t chainidx)
  98. {
  99. int al;
  100. custom_ext_methods *exts = &s->cert->custext;
  101. custom_ext_method *meth;
  102. ENDPOINT role = ENDPOINT_BOTH;
  103. if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)
  104. role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;
  105. meth = custom_ext_find(exts, role, ext_type, NULL);
  106. /* If not found return success */
  107. if (!meth)
  108. return 1;
  109. /* Check if extension is defined for our protocol. If not, skip */
  110. if (!extension_is_relevant(s, meth->context, context))
  111. return 1;
  112. if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
  113. | SSL_EXT_TLS1_3_SERVER_HELLO
  114. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
  115. /*
  116. * If it's ServerHello or EncryptedExtensions we can't have any
  117. * extensions not sent in ClientHello.
  118. */
  119. if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
  120. SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
  121. return 0;
  122. }
  123. }
  124. /*
  125. * Extensions received in the ClientHello or CertificateRequest are marked
  126. * with the SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent
  127. * extensions in the response messages
  128. */
  129. if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST))
  130. != 0)
  131. meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
  132. /* If no parse function set return success */
  133. if (!meth->parse_cb)
  134. return 1;
  135. if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx,
  136. &al, meth->parse_arg) <= 0) {
  137. SSLfatal(s, al, SSL_R_BAD_EXTENSION);
  138. return 0;
  139. }
  140. return 1;
  141. }
  142. /*
  143. * Request custom extension data from the application and add to the return
  144. * buffer.
  145. */
  146. int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
  147. int maxversion)
  148. {
  149. custom_ext_methods *exts = &s->cert->custext;
  150. custom_ext_method *meth;
  151. size_t i;
  152. int al;
  153. for (i = 0; i < exts->meths_count; i++) {
  154. const unsigned char *out = NULL;
  155. size_t outlen = 0;
  156. meth = exts->meths + i;
  157. if (!should_add_extension(s, meth->context, context, maxversion))
  158. continue;
  159. if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
  160. | SSL_EXT_TLS1_3_SERVER_HELLO
  161. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
  162. | SSL_EXT_TLS1_3_CERTIFICATE
  163. | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
  164. /* Only send extensions present in ClientHello/CertificateRequest */
  165. if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
  166. continue;
  167. }
  168. /*
  169. * We skip it if the callback is absent - except for a ClientHello where
  170. * we add an empty extension.
  171. */
  172. if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)
  173. continue;
  174. if (meth->add_cb != NULL) {
  175. int cb_retval = meth->add_cb(s, meth->ext_type, context, &out,
  176. &outlen, x, chainidx, &al,
  177. meth->add_arg);
  178. if (cb_retval < 0) {
  179. SSLfatal(s, al, SSL_R_CALLBACK_FAILED);
  180. return 0; /* error */
  181. }
  182. if (cb_retval == 0)
  183. continue; /* skip this extension */
  184. }
  185. if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
  186. || !WPACKET_start_sub_packet_u16(pkt)
  187. || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
  188. || !WPACKET_close(pkt)) {
  189. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  190. return 0;
  191. }
  192. if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
  193. /*
  194. * We can't send duplicates: code logic should prevent this.
  195. */
  196. if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
  197. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  198. return 0;
  199. }
  200. /*
  201. * Indicate extension has been sent: this is both a sanity check to
  202. * ensure we don't send duplicate extensions and indicates that it
  203. * is not an error if the extension is present in ServerHello.
  204. */
  205. meth->ext_flags |= SSL_EXT_FLAG_SENT;
  206. }
  207. if (meth->free_cb != NULL)
  208. meth->free_cb(s, meth->ext_type, context, out, meth->add_arg);
  209. }
  210. return 1;
  211. }
  212. /* Copy the flags from src to dst for any extensions that exist in both */
  213. int custom_exts_copy_flags(custom_ext_methods *dst,
  214. const custom_ext_methods *src)
  215. {
  216. size_t i;
  217. custom_ext_method *methsrc = src->meths;
  218. for (i = 0; i < src->meths_count; i++, methsrc++) {
  219. custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
  220. methsrc->ext_type, NULL);
  221. if (methdst == NULL)
  222. continue;
  223. methdst->ext_flags = methsrc->ext_flags;
  224. }
  225. return 1;
  226. }
  227. /* Copy table of custom extensions */
  228. int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
  229. {
  230. size_t i;
  231. int err = 0;
  232. if (src->meths_count > 0) {
  233. dst->meths =
  234. OPENSSL_memdup(src->meths,
  235. sizeof(*src->meths) * src->meths_count);
  236. if (dst->meths == NULL)
  237. return 0;
  238. dst->meths_count = src->meths_count;
  239. for (i = 0; i < src->meths_count; i++) {
  240. custom_ext_method *methsrc = src->meths + i;
  241. custom_ext_method *methdst = dst->meths + i;
  242. if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
  243. continue;
  244. /*
  245. * We have found an old style API wrapper. We need to copy the
  246. * arguments too.
  247. */
  248. if (err) {
  249. methdst->add_arg = NULL;
  250. methdst->parse_arg = NULL;
  251. continue;
  252. }
  253. methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
  254. sizeof(custom_ext_add_cb_wrap));
  255. methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
  256. sizeof(custom_ext_parse_cb_wrap));
  257. if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
  258. err = 1;
  259. }
  260. }
  261. if (err) {
  262. custom_exts_free(dst);
  263. return 0;
  264. }
  265. return 1;
  266. }
  267. void custom_exts_free(custom_ext_methods *exts)
  268. {
  269. size_t i;
  270. custom_ext_method *meth;
  271. for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
  272. if (meth->add_cb != custom_ext_add_old_cb_wrap)
  273. continue;
  274. /* Old style API wrapper. Need to free the arguments too */
  275. OPENSSL_free(meth->add_arg);
  276. OPENSSL_free(meth->parse_arg);
  277. }
  278. OPENSSL_free(exts->meths);
  279. }
  280. /* Return true if a client custom extension exists, false otherwise */
  281. int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
  282. {
  283. return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,
  284. NULL) != NULL;
  285. }
  286. static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role,
  287. unsigned int ext_type,
  288. unsigned int context,
  289. SSL_custom_ext_add_cb_ex add_cb,
  290. SSL_custom_ext_free_cb_ex free_cb,
  291. void *add_arg,
  292. SSL_custom_ext_parse_cb_ex parse_cb,
  293. void *parse_arg)
  294. {
  295. custom_ext_methods *exts = &ctx->cert->custext;
  296. custom_ext_method *meth, *tmp;
  297. /*
  298. * Check application error: if add_cb is not set free_cb will never be
  299. * called.
  300. */
  301. if (add_cb == NULL && free_cb != NULL)
  302. return 0;
  303. #ifndef OPENSSL_NO_CT
  304. /*
  305. * We don't want applications registering callbacks for SCT extensions
  306. * whilst simultaneously using the built-in SCT validation features, as
  307. * these two things may not play well together.
  308. */
  309. if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp
  310. && (context & SSL_EXT_CLIENT_HELLO) != 0
  311. && SSL_CTX_ct_is_enabled(ctx))
  312. return 0;
  313. #endif
  314. /*
  315. * Don't add if extension supported internally, but make exception
  316. * for extension types that previously were not supported, but now are.
  317. */
  318. if (SSL_extension_supported(ext_type)
  319. && ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
  320. return 0;
  321. /* Extension type must fit in 16 bits */
  322. if (ext_type > 0xffff)
  323. return 0;
  324. /* Search for duplicate */
  325. if (custom_ext_find(exts, role, ext_type, NULL))
  326. return 0;
  327. tmp = OPENSSL_realloc(exts->meths,
  328. (exts->meths_count + 1) * sizeof(custom_ext_method));
  329. if (tmp == NULL)
  330. return 0;
  331. exts->meths = tmp;
  332. meth = exts->meths + exts->meths_count;
  333. memset(meth, 0, sizeof(*meth));
  334. meth->role = role;
  335. meth->context = context;
  336. meth->parse_cb = parse_cb;
  337. meth->add_cb = add_cb;
  338. meth->free_cb = free_cb;
  339. meth->ext_type = ext_type;
  340. meth->add_arg = add_arg;
  341. meth->parse_arg = parse_arg;
  342. exts->meths_count++;
  343. return 1;
  344. }
  345. static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
  346. unsigned int ext_type,
  347. unsigned int context,
  348. custom_ext_add_cb add_cb,
  349. custom_ext_free_cb free_cb,
  350. void *add_arg,
  351. custom_ext_parse_cb parse_cb, void *parse_arg)
  352. {
  353. custom_ext_add_cb_wrap *add_cb_wrap
  354. = OPENSSL_malloc(sizeof(*add_cb_wrap));
  355. custom_ext_parse_cb_wrap *parse_cb_wrap
  356. = OPENSSL_malloc(sizeof(*parse_cb_wrap));
  357. int ret;
  358. if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
  359. OPENSSL_free(add_cb_wrap);
  360. OPENSSL_free(parse_cb_wrap);
  361. return 0;
  362. }
  363. add_cb_wrap->add_arg = add_arg;
  364. add_cb_wrap->add_cb = add_cb;
  365. add_cb_wrap->free_cb = free_cb;
  366. parse_cb_wrap->parse_arg = parse_arg;
  367. parse_cb_wrap->parse_cb = parse_cb;
  368. ret = add_custom_ext_intern(ctx, role, ext_type,
  369. context,
  370. custom_ext_add_old_cb_wrap,
  371. custom_ext_free_old_cb_wrap,
  372. add_cb_wrap,
  373. custom_ext_parse_old_cb_wrap,
  374. parse_cb_wrap);
  375. if (!ret) {
  376. OPENSSL_free(add_cb_wrap);
  377. OPENSSL_free(parse_cb_wrap);
  378. }
  379. return ret;
  380. }
  381. /* Application level functions to add the old custom extension callbacks */
  382. int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  383. custom_ext_add_cb add_cb,
  384. custom_ext_free_cb free_cb,
  385. void *add_arg,
  386. custom_ext_parse_cb parse_cb, void *parse_arg)
  387. {
  388. return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,
  389. SSL_EXT_TLS1_2_AND_BELOW_ONLY
  390. | SSL_EXT_CLIENT_HELLO
  391. | SSL_EXT_TLS1_2_SERVER_HELLO
  392. | SSL_EXT_IGNORE_ON_RESUMPTION,
  393. add_cb, free_cb, add_arg, parse_cb, parse_arg);
  394. }
  395. int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  396. custom_ext_add_cb add_cb,
  397. custom_ext_free_cb free_cb,
  398. void *add_arg,
  399. custom_ext_parse_cb parse_cb, void *parse_arg)
  400. {
  401. return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,
  402. SSL_EXT_TLS1_2_AND_BELOW_ONLY
  403. | SSL_EXT_CLIENT_HELLO
  404. | SSL_EXT_TLS1_2_SERVER_HELLO
  405. | SSL_EXT_IGNORE_ON_RESUMPTION,
  406. add_cb, free_cb, add_arg, parse_cb, parse_arg);
  407. }
  408. int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  409. unsigned int context,
  410. SSL_custom_ext_add_cb_ex add_cb,
  411. SSL_custom_ext_free_cb_ex free_cb,
  412. void *add_arg,
  413. SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)
  414. {
  415. return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb,
  416. free_cb, add_arg, parse_cb, parse_arg);
  417. }
  418. int SSL_extension_supported(unsigned int ext_type)
  419. {
  420. switch (ext_type) {
  421. /* Internally supported extensions. */
  422. case TLSEXT_TYPE_application_layer_protocol_negotiation:
  423. case TLSEXT_TYPE_ec_point_formats:
  424. case TLSEXT_TYPE_supported_groups:
  425. case TLSEXT_TYPE_key_share:
  426. #ifndef OPENSSL_NO_NEXTPROTONEG
  427. case TLSEXT_TYPE_next_proto_neg:
  428. #endif
  429. case TLSEXT_TYPE_padding:
  430. case TLSEXT_TYPE_renegotiate:
  431. case TLSEXT_TYPE_max_fragment_length:
  432. case TLSEXT_TYPE_server_name:
  433. case TLSEXT_TYPE_session_ticket:
  434. case TLSEXT_TYPE_signature_algorithms:
  435. #ifndef OPENSSL_NO_SRP
  436. case TLSEXT_TYPE_srp:
  437. #endif
  438. #ifndef OPENSSL_NO_OCSP
  439. case TLSEXT_TYPE_status_request:
  440. #endif
  441. #ifndef OPENSSL_NO_CT
  442. case TLSEXT_TYPE_signed_certificate_timestamp:
  443. #endif
  444. #ifndef OPENSSL_NO_SRTP
  445. case TLSEXT_TYPE_use_srtp:
  446. #endif
  447. case TLSEXT_TYPE_encrypt_then_mac:
  448. case TLSEXT_TYPE_supported_versions:
  449. case TLSEXT_TYPE_extended_master_secret:
  450. case TLSEXT_TYPE_psk_kex_modes:
  451. case TLSEXT_TYPE_cookie:
  452. case TLSEXT_TYPE_early_data:
  453. case TLSEXT_TYPE_certificate_authorities:
  454. case TLSEXT_TYPE_psk:
  455. case TLSEXT_TYPE_post_handshake_auth:
  456. return 1;
  457. default:
  458. return 0;
  459. }
  460. }