Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 2bd1917866c6a20fbf0e3170ad4c7bfea51a404b / . / ssl / custom_extensions.c
blob: 10fbfc8f011d08b99682318510110e3b22b09b6c [file] [log] [blame]
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
David Benjamin9e4e01e2015-09-15 01:48:04 -0400[diff] [blame]15#include <openssl/ssl.h>
16
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]17#include <assert.h>
18#include <string.h>
19
David Benjamin9e4e01e2015-09-15 01:48:04 -0400[diff] [blame]20#include <openssl/bytestring.h>
21#include <openssl/err.h>
22#include <openssl/mem.h>
23#include <openssl/stack.h>
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]24
25#include "internal.h"
26
27
28void SSL_CUSTOM_EXTENSION_free(SSL_CUSTOM_EXTENSION *custom_extension) {
29 OPENSSL_free(custom_extension);
30}
31
32static const SSL_CUSTOM_EXTENSION *custom_ext_find(
33 STACK_OF(SSL_CUSTOM_EXTENSION) *stack,
34 unsigned *out_index, uint16_t value) {
David Benjamin54091232016-09-05 12:47:25 -0400[diff] [blame]35 for (size_t i = 0; i < sk_SSL_CUSTOM_EXTENSION_num(stack); i++) {
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]36 const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);
37 if (ext->value == value) {
38 if (out_index != NULL) {
39 *out_index = i;
40 }
41 return ext;
42 }
43 }
44
45 return NULL;
46}
47
48/* default_add_callback is used as the |add_callback| when the user doesn't
49 * provide one. For servers, it does nothing while, for clients, it causes an
50 * empty extension to be included. */
51static int default_add_callback(SSL *ssl, unsigned extension_value,
52 const uint8_t **out, size_t *out_len,
53 int *out_alert_value, void *add_arg) {
54 if (ssl->server) {
55 return 0;
56 }
57 *out_len = 0;
58 return 1;
59}
60
David Benjamin2bd19172016-11-17 16:47:15 +0900[diff] [blame^]61static int custom_ext_add_hello(SSL_HANDSHAKE *hs, CBB *extensions) {
62 SSL *const ssl = hs->ssl;
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]63 STACK_OF(SSL_CUSTOM_EXTENSION) *stack = ssl->ctx->client_custom_extensions;
64 if (ssl->server) {
65 stack = ssl->ctx->server_custom_extensions;
66 }
67
68 if (stack == NULL) {
69 return 1;
70 }
71
David Benjamin54091232016-09-05 12:47:25 -0400[diff] [blame]72 for (size_t i = 0; i < sk_SSL_CUSTOM_EXTENSION_num(stack); i++) {
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]73 const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);
74
75 if (ssl->server &&
David Benjamin2bd19172016-11-17 16:47:15 +0900[diff] [blame^]76 !(hs->custom_extensions.received & (1u << i))) {
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]77 /* Servers cannot echo extensions that the client didn't send. */
78 continue;
79 }
80
81 const uint8_t *contents;
82 size_t contents_len;
83 int alert = SSL_AD_DECODE_ERROR;
84 CBB contents_cbb;
85
86 switch (ext->add_callback(ssl, ext->value, &contents, &contents_len, &alert,
87 ext->add_arg)) {
88 case 1:
89 if (!CBB_add_u16(extensions, ext->value) ||
90 !CBB_add_u16_length_prefixed(extensions, &contents_cbb) ||
91 !CBB_add_bytes(&contents_cbb, contents, contents_len) ||
92 !CBB_flush(extensions)) {
93 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
Adam Langleyfbbef122016-11-17 12:55:14 -0800[diff] [blame]94 ERR_add_error_dataf("extension %u", (unsigned) ext->value);
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]95 if (ext->free_callback && 0 < contents_len) {
96 ext->free_callback(ssl, ext->value, contents, ext->add_arg);
97 }
98 return 0;
99 }
100
101 if (ext->free_callback && 0 < contents_len) {
102 ext->free_callback(ssl, ext->value, contents, ext->add_arg);
103 }
104
105 if (!ssl->server) {
David Benjamin2bd19172016-11-17 16:47:15 +0900[diff] [blame^]106 assert((hs->custom_extensions.sent & (1u << i)) == 0);
107 hs->custom_extensions.sent |= (1u << i);
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]108 }
109 break;
110
111 case 0:
112 break;
113
114 default:
115 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
116 OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
Adam Langleyfbbef122016-11-17 12:55:14 -0800[diff] [blame]117 ERR_add_error_dataf("extension %u", (unsigned) ext->value);
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]118 return 0;
119 }
120 }
121
122 return 1;
123}
124
David Benjamin2bd19172016-11-17 16:47:15 +0900[diff] [blame^]125int custom_ext_add_clienthello(SSL_HANDSHAKE *hs, CBB *extensions) {
126 return custom_ext_add_hello(hs, extensions);
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]127}
128
David Benjamin2bd19172016-11-17 16:47:15 +0900[diff] [blame^]129int custom_ext_parse_serverhello(SSL_HANDSHAKE *hs, int *out_alert,
130 uint16_t value, const CBS *extension) {
131 SSL *const ssl = hs->ssl;
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]132 unsigned index;
133 const SSL_CUSTOM_EXTENSION *ext =
134 custom_ext_find(ssl->ctx->client_custom_extensions, &index, value);
135
136 if (/* Unknown extensions are not allowed in a ServerHello. */
137 ext == NULL ||
138 /* Also, if we didn't send the extension, that's also unacceptable. */
David Benjamin2bd19172016-11-17 16:47:15 +0900[diff] [blame^]139 !(hs->custom_extensions.sent & (1u << index))) {
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]140 OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
Adam Langleyfbbef122016-11-17 12:55:14 -0800[diff] [blame]141 ERR_add_error_dataf("extension %u", (unsigned)value);
David Benjamin0c40a962016-08-01 12:05:50 -0400[diff] [blame]142 *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]143 return 0;
144 }
145
146 if (ext->parse_callback != NULL &&
147 !ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),
148 out_alert, ext->parse_arg)) {
149 OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
Adam Langleyfbbef122016-11-17 12:55:14 -0800[diff] [blame]150 ERR_add_error_dataf("extension %u", (unsigned)ext->value);
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]151 return 0;
152 }
153
154 return 1;
155}
156
David Benjamin2bd19172016-11-17 16:47:15 +0900[diff] [blame^]157int custom_ext_parse_clienthello(SSL_HANDSHAKE *hs, int *out_alert,
158 uint16_t value, const CBS *extension) {
159 SSL *const ssl = hs->ssl;
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]160 unsigned index;
161 const SSL_CUSTOM_EXTENSION *ext =
162 custom_ext_find(ssl->ctx->server_custom_extensions, &index, value);
163
164 if (ext == NULL) {
165 return 1;
166 }
167
David Benjamin2bd19172016-11-17 16:47:15 +0900[diff] [blame^]168 assert((hs->custom_extensions.received & (1u << index)) == 0);
169 hs->custom_extensions.received |= (1u << index);
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]170
171 if (ext->parse_callback &&
172 !ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),
173 out_alert, ext->parse_arg)) {
174 OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
Adam Langleyfbbef122016-11-17 12:55:14 -0800[diff] [blame]175 ERR_add_error_dataf("extension %u", (unsigned)ext->value);
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]176 return 0;
177 }
178
179 return 1;
180}
181
David Benjamin2bd19172016-11-17 16:47:15 +0900[diff] [blame^]182int custom_ext_add_serverhello(SSL_HANDSHAKE *hs, CBB *extensions) {
183 return custom_ext_add_hello(hs, extensions);
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]184}
185
186/* MAX_NUM_CUSTOM_EXTENSIONS is the maximum number of custom extensions that
187 * can be set on an |SSL_CTX|. It's determined by the size of the bitset used
188 * to track when an extension has been sent. */
189#define MAX_NUM_CUSTOM_EXTENSIONS \
David Benjaminf5d2cd02016-10-06 19:39:20 -0400[diff] [blame]190 (sizeof(((SSL_HANDSHAKE *)NULL)->custom_extensions.sent) * 8)
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]191
192static int custom_ext_append(STACK_OF(SSL_CUSTOM_EXTENSION) **stack,
193 unsigned extension_value,
194 SSL_custom_ext_add_cb add_cb,
195 SSL_custom_ext_free_cb free_cb, void *add_arg,
196 SSL_custom_ext_parse_cb parse_cb,
197 void *parse_arg) {
198 if (add_cb == NULL ||
199 0xffff < extension_value ||
200 SSL_extension_supported(extension_value) ||
201 /* Specifying a free callback without an add callback is nonsensical
202 * and an error. */
203 (*stack != NULL &&
204 (MAX_NUM_CUSTOM_EXTENSIONS <= sk_SSL_CUSTOM_EXTENSION_num(*stack) ||
205 custom_ext_find(*stack, NULL, extension_value) != NULL))) {
206 return 0;
207 }
208
209 SSL_CUSTOM_EXTENSION *ext = OPENSSL_malloc(sizeof(SSL_CUSTOM_EXTENSION));
210 if (ext == NULL) {
211 return 0;
212 }
213 ext->add_callback = add_cb;
214 ext->add_arg = add_arg;
215 ext->free_callback = free_cb;
216 ext->parse_callback = parse_cb;
217 ext->parse_arg = parse_arg;
218 ext->value = extension_value;
219
220 if (*stack == NULL) {
221 *stack = sk_SSL_CUSTOM_EXTENSION_new_null();
222 if (*stack == NULL) {
223 SSL_CUSTOM_EXTENSION_free(ext);
224 return 0;
225 }
226 }
227
228 if (!sk_SSL_CUSTOM_EXTENSION_push(*stack, ext)) {
229 SSL_CUSTOM_EXTENSION_free(ext);
230 if (sk_SSL_CUSTOM_EXTENSION_num(*stack) == 0) {
231 sk_SSL_CUSTOM_EXTENSION_free(*stack);
232 *stack = NULL;
233 }
234 return 0;
235 }
236
237 return 1;
238}
239
240int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned extension_value,
241 SSL_custom_ext_add_cb add_cb,
242 SSL_custom_ext_free_cb free_cb, void *add_arg,
243 SSL_custom_ext_parse_cb parse_cb,
244 void *parse_arg) {
245 return custom_ext_append(&ctx->client_custom_extensions, extension_value,
246 add_cb ? add_cb : default_add_callback, free_cb,
247 add_arg, parse_cb, parse_arg);
248}
249
250int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned extension_value,
251 SSL_custom_ext_add_cb add_cb,
252 SSL_custom_ext_free_cb free_cb, void *add_arg,
253 SSL_custom_ext_parse_cb parse_cb,
254 void *parse_arg) {
255 return custom_ext_append(&ctx->server_custom_extensions, extension_value,
256 add_cb ? add_cb : default_add_callback, free_cb,
257 add_arg, parse_cb, parse_arg);
258}