2
0

extensions_cust.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552
  1. /*
  2. * Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Custom extension utility functions */
  10. #include <openssl/ct.h>
  11. #include "../ssl_local.h"
  12. #include "internal/cryptlib.h"
  13. #include "statem_local.h"
  14. typedef struct {
  15. void *add_arg;
  16. custom_ext_add_cb add_cb;
  17. custom_ext_free_cb free_cb;
  18. } custom_ext_add_cb_wrap;
  19. typedef struct {
  20. void *parse_arg;
  21. custom_ext_parse_cb parse_cb;
  22. } custom_ext_parse_cb_wrap;
  23. /*
  24. * Provide thin wrapper callbacks which convert new style arguments to old style
  25. */
  26. static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,
  27. unsigned int context,
  28. const unsigned char **out,
  29. size_t *outlen, X509 *x, size_t chainidx,
  30. int *al, void *add_arg)
  31. {
  32. custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
  33. if (add_cb_wrap->add_cb == NULL)
  34. return 1;
  35. return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,
  36. add_cb_wrap->add_arg);
  37. }
  38. static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,
  39. unsigned int context,
  40. const unsigned char *out, void *add_arg)
  41. {
  42. custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
  43. if (add_cb_wrap->free_cb == NULL)
  44. return;
  45. add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);
  46. }
  47. static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
  48. unsigned int context,
  49. const unsigned char *in,
  50. size_t inlen, X509 *x, size_t chainidx,
  51. int *al, void *parse_arg)
  52. {
  53. custom_ext_parse_cb_wrap *parse_cb_wrap =
  54. (custom_ext_parse_cb_wrap *)parse_arg;
  55. if (parse_cb_wrap->parse_cb == NULL)
  56. return 1;
  57. return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
  58. parse_cb_wrap->parse_arg);
  59. }
  60. /*
  61. * Find a custom extension from the list. The |role| param is there to
  62. * support the legacy API where custom extensions for client and server could
  63. * be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we
  64. * are trying to find a method relevant to the server, ENDPOINT_CLIENT for the
  65. * client, or ENDPOINT_BOTH for either
  66. */
  67. custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
  68. ENDPOINT role, unsigned int ext_type,
  69. size_t *idx)
  70. {
  71. size_t i;
  72. custom_ext_method *meth = exts->meths;
  73. for (i = 0; i < exts->meths_count; i++, meth++) {
  74. if (ext_type == meth->ext_type
  75. && (role == ENDPOINT_BOTH || role == meth->role
  76. || meth->role == ENDPOINT_BOTH)) {
  77. if (idx != NULL)
  78. *idx = i;
  79. return meth;
  80. }
  81. }
  82. return NULL;
  83. }
  84. /*
  85. * Initialise custom extensions flags to indicate neither sent nor received.
  86. */
  87. void custom_ext_init(custom_ext_methods *exts)
  88. {
  89. size_t i;
  90. custom_ext_method *meth = exts->meths;
  91. for (i = 0; i < exts->meths_count; i++, meth++)
  92. meth->ext_flags = 0;
  93. }
  94. /* Pass received custom extension data to the application for parsing. */
  95. int custom_ext_parse(SSL_CONNECTION *s, unsigned int context,
  96. unsigned int ext_type,
  97. const unsigned char *ext_data, size_t ext_size, X509 *x,
  98. size_t chainidx)
  99. {
  100. int al = 0;
  101. custom_ext_methods *exts = &s->cert->custext;
  102. custom_ext_method *meth;
  103. ENDPOINT role = ENDPOINT_BOTH;
  104. if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)
  105. role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;
  106. meth = custom_ext_find(exts, role, ext_type, NULL);
  107. /* If not found return success */
  108. if (!meth)
  109. return 1;
  110. /* Check if extension is defined for our protocol. If not, skip */
  111. if (!extension_is_relevant(s, meth->context, context))
  112. return 1;
  113. if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
  114. | SSL_EXT_TLS1_3_SERVER_HELLO
  115. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
  116. /*
  117. * If it's ServerHello or EncryptedExtensions we can't have any
  118. * extensions not sent in ClientHello.
  119. */
  120. if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
  121. SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
  122. return 0;
  123. }
  124. }
  125. /*
  126. * Extensions received in the ClientHello or CertificateRequest are marked
  127. * with the SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent
  128. * extensions in the response messages
  129. */
  130. if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST))
  131. != 0)
  132. meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
  133. /* If no parse function set return success */
  134. if (meth->parse_cb == NULL)
  135. return 1;
  136. if (meth->parse_cb(SSL_CONNECTION_GET_SSL(s), ext_type, context, ext_data,
  137. ext_size, x, chainidx, &al, meth->parse_arg) <= 0) {
  138. SSLfatal(s, al, SSL_R_BAD_EXTENSION);
  139. return 0;
  140. }
  141. return 1;
  142. }
  143. /*
  144. * Request custom extension data from the application and add to the return
  145. * buffer.
  146. */
  147. int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x,
  148. size_t chainidx, int maxversion)
  149. {
  150. custom_ext_methods *exts = &s->cert->custext;
  151. custom_ext_method *meth;
  152. size_t i;
  153. int al;
  154. int for_comp = (context & SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION) != 0;
  155. for (i = 0; i < exts->meths_count; i++) {
  156. const unsigned char *out = NULL;
  157. size_t outlen = 0;
  158. meth = exts->meths + i;
  159. if (!should_add_extension(s, meth->context, context, maxversion))
  160. continue;
  161. if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
  162. | SSL_EXT_TLS1_3_SERVER_HELLO
  163. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
  164. | SSL_EXT_TLS1_3_CERTIFICATE
  165. | SSL_EXT_TLS1_3_RAW_PUBLIC_KEY
  166. | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
  167. /* Only send extensions present in ClientHello/CertificateRequest */
  168. if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
  169. continue;
  170. }
  171. /*
  172. * We skip it if the callback is absent - except for a ClientHello where
  173. * we add an empty extension.
  174. */
  175. if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)
  176. continue;
  177. if (meth->add_cb != NULL) {
  178. int cb_retval = meth->add_cb(SSL_CONNECTION_GET_SSL(s),
  179. meth->ext_type, context, &out,
  180. &outlen, x, chainidx, &al,
  181. meth->add_arg);
  182. if (cb_retval < 0) {
  183. if (!for_comp)
  184. SSLfatal(s, al, SSL_R_CALLBACK_FAILED);
  185. return 0; /* error */
  186. }
  187. if (cb_retval == 0)
  188. continue; /* skip this extension */
  189. }
  190. if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
  191. || !WPACKET_start_sub_packet_u16(pkt)
  192. || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
  193. || !WPACKET_close(pkt)) {
  194. if (meth->free_cb != NULL)
  195. meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context,
  196. out, meth->add_arg);
  197. if (!for_comp)
  198. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  199. return 0;
  200. }
  201. if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
  202. /*
  203. * We can't send duplicates: code logic should prevent this.
  204. */
  205. if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
  206. if (meth->free_cb != NULL)
  207. meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type,
  208. context, out, meth->add_arg);
  209. if (!for_comp)
  210. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  211. return 0;
  212. }
  213. /*
  214. * Indicate extension has been sent: this is both a sanity check to
  215. * ensure we don't send duplicate extensions and indicates that it
  216. * is not an error if the extension is present in ServerHello.
  217. */
  218. meth->ext_flags |= SSL_EXT_FLAG_SENT;
  219. }
  220. if (meth->free_cb != NULL)
  221. meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context,
  222. out, meth->add_arg);
  223. }
  224. return 1;
  225. }
  226. /* Copy the flags from src to dst for any extensions that exist in both */
  227. int custom_exts_copy_flags(custom_ext_methods *dst,
  228. const custom_ext_methods *src)
  229. {
  230. size_t i;
  231. custom_ext_method *methsrc = src->meths;
  232. for (i = 0; i < src->meths_count; i++, methsrc++) {
  233. custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
  234. methsrc->ext_type, NULL);
  235. if (methdst == NULL)
  236. continue;
  237. methdst->ext_flags = methsrc->ext_flags;
  238. }
  239. return 1;
  240. }
  241. /* Copy table of custom extensions */
  242. int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
  243. {
  244. size_t i;
  245. int err = 0;
  246. if (src->meths_count > 0) {
  247. dst->meths =
  248. OPENSSL_memdup(src->meths,
  249. sizeof(*src->meths) * src->meths_count);
  250. if (dst->meths == NULL)
  251. return 0;
  252. dst->meths_count = src->meths_count;
  253. for (i = 0; i < src->meths_count; i++) {
  254. custom_ext_method *methsrc = src->meths + i;
  255. custom_ext_method *methdst = dst->meths + i;
  256. if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
  257. continue;
  258. /*
  259. * We have found an old style API wrapper. We need to copy the
  260. * arguments too.
  261. */
  262. if (err) {
  263. methdst->add_arg = NULL;
  264. methdst->parse_arg = NULL;
  265. continue;
  266. }
  267. methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
  268. sizeof(custom_ext_add_cb_wrap));
  269. methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
  270. sizeof(custom_ext_parse_cb_wrap));
  271. if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
  272. err = 1;
  273. }
  274. }
  275. if (err) {
  276. custom_exts_free(dst);
  277. return 0;
  278. }
  279. return 1;
  280. }
  281. void custom_exts_free(custom_ext_methods *exts)
  282. {
  283. size_t i;
  284. custom_ext_method *meth;
  285. for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
  286. if (meth->add_cb != custom_ext_add_old_cb_wrap)
  287. continue;
  288. /* Old style API wrapper. Need to free the arguments too */
  289. OPENSSL_free(meth->add_arg);
  290. OPENSSL_free(meth->parse_arg);
  291. }
  292. OPENSSL_free(exts->meths);
  293. exts->meths = NULL;
  294. exts->meths_count = 0;
  295. }
  296. /* Return true if a client custom extension exists, false otherwise */
  297. int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
  298. {
  299. return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,
  300. NULL) != NULL;
  301. }
  302. int ossl_tls_add_custom_ext_intern(SSL_CTX *ctx, custom_ext_methods *exts,
  303. ENDPOINT role, unsigned int ext_type,
  304. unsigned int context,
  305. SSL_custom_ext_add_cb_ex add_cb,
  306. SSL_custom_ext_free_cb_ex free_cb,
  307. void *add_arg,
  308. SSL_custom_ext_parse_cb_ex parse_cb,
  309. void *parse_arg)
  310. {
  311. custom_ext_method *meth, *tmp;
  312. /*
  313. * Check application error: if add_cb is not set free_cb will never be
  314. * called.
  315. */
  316. if (add_cb == NULL && free_cb != NULL)
  317. return 0;
  318. if (exts == NULL)
  319. exts = &ctx->cert->custext;
  320. #ifndef OPENSSL_NO_CT
  321. /*
  322. * We don't want applications registering callbacks for SCT extensions
  323. * whilst simultaneously using the built-in SCT validation features, as
  324. * these two things may not play well together.
  325. */
  326. if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp
  327. && (context & SSL_EXT_CLIENT_HELLO) != 0
  328. && ctx != NULL
  329. && SSL_CTX_ct_is_enabled(ctx))
  330. return 0;
  331. #endif
  332. /*
  333. * Don't add if extension supported internally, but make exception
  334. * for extension types that previously were not supported, but now are.
  335. */
  336. if (SSL_extension_supported(ext_type)
  337. && ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
  338. return 0;
  339. /* Extension type must fit in 16 bits */
  340. if (ext_type > 0xffff)
  341. return 0;
  342. /* Search for duplicate */
  343. if (custom_ext_find(exts, role, ext_type, NULL))
  344. return 0;
  345. tmp = OPENSSL_realloc(exts->meths,
  346. (exts->meths_count + 1) * sizeof(custom_ext_method));
  347. if (tmp == NULL)
  348. return 0;
  349. exts->meths = tmp;
  350. meth = exts->meths + exts->meths_count;
  351. memset(meth, 0, sizeof(*meth));
  352. meth->role = role;
  353. meth->context = context;
  354. meth->parse_cb = parse_cb;
  355. meth->add_cb = add_cb;
  356. meth->free_cb = free_cb;
  357. meth->ext_type = ext_type;
  358. meth->add_arg = add_arg;
  359. meth->parse_arg = parse_arg;
  360. exts->meths_count++;
  361. return 1;
  362. }
  363. static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
  364. unsigned int ext_type,
  365. unsigned int context,
  366. custom_ext_add_cb add_cb,
  367. custom_ext_free_cb free_cb,
  368. void *add_arg,
  369. custom_ext_parse_cb parse_cb, void *parse_arg)
  370. {
  371. custom_ext_add_cb_wrap *add_cb_wrap
  372. = OPENSSL_malloc(sizeof(*add_cb_wrap));
  373. custom_ext_parse_cb_wrap *parse_cb_wrap
  374. = OPENSSL_malloc(sizeof(*parse_cb_wrap));
  375. int ret;
  376. if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
  377. OPENSSL_free(add_cb_wrap);
  378. OPENSSL_free(parse_cb_wrap);
  379. return 0;
  380. }
  381. add_cb_wrap->add_arg = add_arg;
  382. add_cb_wrap->add_cb = add_cb;
  383. add_cb_wrap->free_cb = free_cb;
  384. parse_cb_wrap->parse_arg = parse_arg;
  385. parse_cb_wrap->parse_cb = parse_cb;
  386. ret = ossl_tls_add_custom_ext_intern(ctx, NULL, role, ext_type,
  387. context,
  388. custom_ext_add_old_cb_wrap,
  389. custom_ext_free_old_cb_wrap,
  390. add_cb_wrap,
  391. custom_ext_parse_old_cb_wrap,
  392. parse_cb_wrap);
  393. if (!ret) {
  394. OPENSSL_free(add_cb_wrap);
  395. OPENSSL_free(parse_cb_wrap);
  396. }
  397. return ret;
  398. }
  399. /* Application level functions to add the old custom extension callbacks */
  400. int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  401. custom_ext_add_cb add_cb,
  402. custom_ext_free_cb free_cb,
  403. void *add_arg,
  404. custom_ext_parse_cb parse_cb, void *parse_arg)
  405. {
  406. return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,
  407. SSL_EXT_TLS1_2_AND_BELOW_ONLY
  408. | SSL_EXT_CLIENT_HELLO
  409. | SSL_EXT_TLS1_2_SERVER_HELLO
  410. | SSL_EXT_IGNORE_ON_RESUMPTION,
  411. add_cb, free_cb, add_arg, parse_cb, parse_arg);
  412. }
  413. int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  414. custom_ext_add_cb add_cb,
  415. custom_ext_free_cb free_cb,
  416. void *add_arg,
  417. custom_ext_parse_cb parse_cb, void *parse_arg)
  418. {
  419. return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,
  420. SSL_EXT_TLS1_2_AND_BELOW_ONLY
  421. | SSL_EXT_CLIENT_HELLO
  422. | SSL_EXT_TLS1_2_SERVER_HELLO
  423. | SSL_EXT_IGNORE_ON_RESUMPTION,
  424. add_cb, free_cb, add_arg, parse_cb, parse_arg);
  425. }
  426. int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
  427. unsigned int context,
  428. SSL_custom_ext_add_cb_ex add_cb,
  429. SSL_custom_ext_free_cb_ex free_cb,
  430. void *add_arg,
  431. SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)
  432. {
  433. return ossl_tls_add_custom_ext_intern(ctx, NULL, ENDPOINT_BOTH, ext_type,
  434. context, add_cb, free_cb, add_arg,
  435. parse_cb, parse_arg);
  436. }
  437. int SSL_extension_supported(unsigned int ext_type)
  438. {
  439. switch (ext_type) {
  440. /* Internally supported extensions. */
  441. case TLSEXT_TYPE_application_layer_protocol_negotiation:
  442. case TLSEXT_TYPE_ec_point_formats:
  443. case TLSEXT_TYPE_supported_groups:
  444. case TLSEXT_TYPE_key_share:
  445. #ifndef OPENSSL_NO_NEXTPROTONEG
  446. case TLSEXT_TYPE_next_proto_neg:
  447. #endif
  448. case TLSEXT_TYPE_padding:
  449. case TLSEXT_TYPE_renegotiate:
  450. case TLSEXT_TYPE_max_fragment_length:
  451. case TLSEXT_TYPE_server_name:
  452. case TLSEXT_TYPE_session_ticket:
  453. case TLSEXT_TYPE_signature_algorithms:
  454. #ifndef OPENSSL_NO_SRP
  455. case TLSEXT_TYPE_srp:
  456. #endif
  457. #ifndef OPENSSL_NO_OCSP
  458. case TLSEXT_TYPE_status_request:
  459. #endif
  460. #ifndef OPENSSL_NO_CT
  461. case TLSEXT_TYPE_signed_certificate_timestamp:
  462. #endif
  463. #ifndef OPENSSL_NO_SRTP
  464. case TLSEXT_TYPE_use_srtp:
  465. #endif
  466. case TLSEXT_TYPE_encrypt_then_mac:
  467. case TLSEXT_TYPE_supported_versions:
  468. case TLSEXT_TYPE_extended_master_secret:
  469. case TLSEXT_TYPE_psk_kex_modes:
  470. case TLSEXT_TYPE_cookie:
  471. case TLSEXT_TYPE_early_data:
  472. case TLSEXT_TYPE_certificate_authorities:
  473. case TLSEXT_TYPE_psk:
  474. case TLSEXT_TYPE_post_handshake_auth:
  475. case TLSEXT_TYPE_compress_certificate:
  476. case TLSEXT_TYPE_client_cert_type:
  477. case TLSEXT_TYPE_server_cert_type:
  478. return 1;
  479. default:
  480. return 0;
  481. }
  482. }