/src/openssl/ssl/ssl_asn1.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * Copyright 2005 Nokia. All rights reserved. |
4 | | * |
5 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
6 | | * this file except in compliance with the License. You can obtain a copy |
7 | | * in the file LICENSE in the source distribution or at |
8 | | * https://www.openssl.org/source/license.html |
9 | | */ |
10 | | |
11 | | #include <stdio.h> |
12 | | #include <stdlib.h> |
13 | | #include "ssl_local.h" |
14 | | #include <openssl/asn1t.h> |
15 | | #include <openssl/encoder.h> |
16 | | #include <openssl/x509.h> |
17 | | |
18 | | #include <crypto/asn1.h> |
19 | | |
20 | | typedef struct { |
21 | | uint32_t version; |
22 | | int32_t ssl_version; |
23 | | ASN1_OCTET_STRING *cipher; |
24 | | ASN1_OCTET_STRING *comp_id; |
25 | | ASN1_OCTET_STRING *master_key; |
26 | | ASN1_OCTET_STRING *session_id; |
27 | | ASN1_OCTET_STRING *key_arg; |
28 | | int64_t time; |
29 | | int64_t timeout; |
30 | | X509 *peer; |
31 | | ASN1_OCTET_STRING *session_id_context; |
32 | | int32_t verify_result; |
33 | | ASN1_OCTET_STRING *tlsext_hostname; |
34 | | uint64_t tlsext_tick_lifetime_hint; |
35 | | uint32_t tlsext_tick_age_add; |
36 | | ASN1_OCTET_STRING *tlsext_tick; |
37 | | #ifndef OPENSSL_NO_PSK |
38 | | ASN1_OCTET_STRING *psk_identity_hint; |
39 | | ASN1_OCTET_STRING *psk_identity; |
40 | | #endif |
41 | | #ifndef OPENSSL_NO_SRP |
42 | | ASN1_OCTET_STRING *srp_username; |
43 | | #endif |
44 | | uint64_t flags; |
45 | | uint32_t max_early_data; |
46 | | ASN1_OCTET_STRING *alpn_selected; |
47 | | uint32_t tlsext_max_fragment_len_mode; |
48 | | ASN1_OCTET_STRING *ticket_appdata; |
49 | | uint32_t kex_group; |
50 | | ASN1_OCTET_STRING *peer_rpk; |
51 | | } SSL_SESSION_ASN1; |
52 | | |
53 | | ASN1_SEQUENCE(SSL_SESSION_ASN1) = { |
54 | | ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32), |
55 | | ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32), |
56 | | ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING), |
57 | | ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING), |
58 | | ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING), |
59 | | ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0), |
60 | | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1), |
61 | | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2), |
62 | | ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3), |
63 | | ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4), |
64 | | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5), |
65 | | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6), |
66 | | #ifndef OPENSSL_NO_PSK |
67 | | ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7), |
68 | | ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8), |
69 | | #endif |
70 | | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9), |
71 | | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10), |
72 | | ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11), |
73 | | #ifndef OPENSSL_NO_SRP |
74 | | ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12), |
75 | | #endif |
76 | | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13), |
77 | | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14), |
78 | | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15), |
79 | | ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16), |
80 | | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17), |
81 | | ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18), |
82 | | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, kex_group, UINT32, 19), |
83 | | ASN1_EXP_OPT(SSL_SESSION_ASN1, peer_rpk, ASN1_OCTET_STRING, 20) |
84 | 0 | } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) |
85 | 0 |
|
86 | 0 | IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) |
87 | 0 |
|
88 | 0 | /* Utility functions for i2d_SSL_SESSION */ |
89 | 0 |
|
90 | 0 | /* Initialise OCTET STRING from buffer and length */ |
91 | 0 |
|
92 | 0 | static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, |
93 | 0 | const unsigned char *data, size_t len) |
94 | 0 | { |
95 | 0 | os->data = (unsigned char *)data; /* justified cast: data is not modified */ |
96 | 0 | os->length = (int)len; |
97 | 0 | os->flags = 0; |
98 | 0 | *dest = os; |
99 | 0 | } |
100 | | |
101 | | /* Initialise OCTET STRING from string */ |
102 | | static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, |
103 | | const char *data) |
104 | 0 | { |
105 | 0 | if (data != NULL) |
106 | 0 | ssl_session_oinit(dest, os, (const unsigned char *)data, strlen(data)); |
107 | 0 | else |
108 | 0 | *dest = NULL; |
109 | 0 | } |
110 | | |
111 | | int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp) |
112 | 0 | { |
113 | |
|
114 | 0 | SSL_SESSION_ASN1 as; |
115 | |
|
116 | 0 | ASN1_OCTET_STRING cipher; |
117 | 0 | unsigned char cipher_data[2]; |
118 | 0 | ASN1_OCTET_STRING master_key, session_id, sid_ctx; |
119 | |
|
120 | 0 | #ifndef OPENSSL_NO_COMP |
121 | 0 | ASN1_OCTET_STRING comp_id; |
122 | 0 | unsigned char comp_id_data; |
123 | 0 | #endif |
124 | 0 | ASN1_OCTET_STRING tlsext_hostname, tlsext_tick; |
125 | 0 | #ifndef OPENSSL_NO_SRP |
126 | 0 | ASN1_OCTET_STRING srp_username; |
127 | 0 | #endif |
128 | 0 | #ifndef OPENSSL_NO_PSK |
129 | 0 | ASN1_OCTET_STRING psk_identity, psk_identity_hint; |
130 | 0 | #endif |
131 | 0 | ASN1_OCTET_STRING alpn_selected; |
132 | 0 | ASN1_OCTET_STRING ticket_appdata; |
133 | 0 | ASN1_OCTET_STRING peer_rpk; |
134 | |
|
135 | 0 | long l; |
136 | 0 | int ret; |
137 | |
|
138 | 0 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) |
139 | 0 | return 0; |
140 | | |
141 | 0 | memset(&as, 0, sizeof(as)); |
142 | |
|
143 | 0 | as.version = SSL_SESSION_ASN1_VERSION; |
144 | 0 | as.ssl_version = in->ssl_version; |
145 | |
|
146 | 0 | as.kex_group = in->kex_group; |
147 | |
|
148 | 0 | if (in->cipher == NULL) |
149 | 0 | l = in->cipher_id; |
150 | 0 | else |
151 | 0 | l = in->cipher->id; |
152 | 0 | cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff; |
153 | 0 | cipher_data[1] = ((unsigned char)(l)) & 0xff; |
154 | |
|
155 | 0 | ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2); |
156 | |
|
157 | 0 | #ifndef OPENSSL_NO_COMP |
158 | 0 | if (in->compress_meth) { |
159 | 0 | comp_id_data = (unsigned char)in->compress_meth; |
160 | 0 | ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1); |
161 | 0 | } |
162 | 0 | #endif |
163 | |
|
164 | 0 | ssl_session_oinit(&as.master_key, &master_key, |
165 | 0 | in->master_key, in->master_key_length); |
166 | |
|
167 | 0 | ssl_session_oinit(&as.session_id, &session_id, |
168 | 0 | in->session_id, in->session_id_length); |
169 | |
|
170 | 0 | ssl_session_oinit(&as.session_id_context, &sid_ctx, |
171 | 0 | in->sid_ctx, in->sid_ctx_length); |
172 | |
|
173 | 0 | as.time = (int64_t)ossl_time_to_time_t(in->time); |
174 | 0 | as.timeout = (int64_t)ossl_time2seconds(in->timeout); |
175 | 0 | as.verify_result = in->verify_result; |
176 | |
|
177 | 0 | as.peer = in->peer; |
178 | |
|
179 | 0 | as.peer_rpk = NULL; |
180 | 0 | peer_rpk.data = NULL; |
181 | 0 | if (in->peer_rpk != NULL) { |
182 | 0 | peer_rpk.length = i2d_PUBKEY(in->peer_rpk, &peer_rpk.data); |
183 | 0 | if (peer_rpk.length > 0 && peer_rpk.data != NULL) |
184 | 0 | as.peer_rpk = &peer_rpk; |
185 | 0 | } |
186 | |
|
187 | 0 | ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname, |
188 | 0 | in->ext.hostname); |
189 | 0 | if (in->ext.tick) { |
190 | 0 | ssl_session_oinit(&as.tlsext_tick, &tlsext_tick, |
191 | 0 | in->ext.tick, in->ext.ticklen); |
192 | 0 | } |
193 | 0 | if (in->ext.tick_lifetime_hint > 0) |
194 | 0 | as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint; |
195 | 0 | as.tlsext_tick_age_add = in->ext.tick_age_add; |
196 | 0 | #ifndef OPENSSL_NO_PSK |
197 | 0 | ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint, |
198 | 0 | in->psk_identity_hint); |
199 | 0 | ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity); |
200 | 0 | #endif /* OPENSSL_NO_PSK */ |
201 | 0 | #ifndef OPENSSL_NO_SRP |
202 | 0 | ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username); |
203 | 0 | #endif /* OPENSSL_NO_SRP */ |
204 | |
|
205 | 0 | as.flags = in->flags; |
206 | 0 | as.max_early_data = in->ext.max_early_data; |
207 | |
|
208 | 0 | if (in->ext.alpn_selected == NULL) |
209 | 0 | as.alpn_selected = NULL; |
210 | 0 | else |
211 | 0 | ssl_session_oinit(&as.alpn_selected, &alpn_selected, |
212 | 0 | in->ext.alpn_selected, in->ext.alpn_selected_len); |
213 | |
|
214 | 0 | as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode; |
215 | |
|
216 | 0 | if (in->ticket_appdata == NULL) |
217 | 0 | as.ticket_appdata = NULL; |
218 | 0 | else |
219 | 0 | ssl_session_oinit(&as.ticket_appdata, &ticket_appdata, |
220 | 0 | in->ticket_appdata, in->ticket_appdata_len); |
221 | |
|
222 | 0 | ret = i2d_SSL_SESSION_ASN1(&as, pp); |
223 | 0 | OPENSSL_free(peer_rpk.data); |
224 | 0 | return ret; |
225 | 0 | } |
226 | | |
227 | | /* Utility functions for d2i_SSL_SESSION */ |
228 | | |
229 | | /* OPENSSL_strndup an OCTET STRING */ |
230 | | |
231 | | static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) |
232 | 0 | { |
233 | 0 | OPENSSL_free(*pdst); |
234 | 0 | *pdst = NULL; |
235 | 0 | if (src == NULL) |
236 | 0 | return 1; |
237 | 0 | *pdst = OPENSSL_strndup((char *)src->data, src->length); |
238 | 0 | if (*pdst == NULL) |
239 | 0 | return 0; |
240 | 0 | return 1; |
241 | 0 | } |
242 | | |
243 | | /* Copy an OCTET STRING, return error if it exceeds maximum length */ |
244 | | |
245 | | static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, |
246 | | ASN1_OCTET_STRING *src, size_t maxlen) |
247 | 0 | { |
248 | 0 | if (src == NULL || src->length == 0) { |
249 | 0 | *pdstlen = 0; |
250 | 0 | return 1; |
251 | 0 | } |
252 | 0 | if (src->length < 0 || src->length > (int)maxlen) |
253 | 0 | return 0; |
254 | 0 | memcpy(dst, src->data, src->length); |
255 | 0 | *pdstlen = src->length; |
256 | 0 | return 1; |
257 | 0 | } |
258 | | |
259 | | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
260 | | long length) |
261 | 0 | { |
262 | 0 | return d2i_SSL_SESSION_ex(a, pp, length, NULL, NULL); |
263 | 0 | } |
264 | | SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp, |
265 | | long length, OSSL_LIB_CTX *libctx, |
266 | | const char *propq) |
267 | 0 | { |
268 | 0 | long id; |
269 | 0 | size_t tmpl; |
270 | 0 | const unsigned char *p = *pp; |
271 | 0 | SSL_SESSION_ASN1 *as = NULL; |
272 | 0 | SSL_SESSION *ret = NULL; |
273 | |
|
274 | 0 | as = d2i_SSL_SESSION_ASN1(NULL, &p, length); |
275 | | /* ASN.1 code returns suitable error */ |
276 | 0 | if (as == NULL) |
277 | 0 | goto err; |
278 | | |
279 | 0 | if (a == NULL || *a == NULL) { |
280 | 0 | ret = SSL_SESSION_new(); |
281 | 0 | if (ret == NULL) |
282 | 0 | goto err; |
283 | 0 | } else { |
284 | 0 | ret = *a; |
285 | 0 | } |
286 | | |
287 | 0 | if (as->version != SSL_SESSION_ASN1_VERSION) { |
288 | 0 | ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_SSL_VERSION); |
289 | 0 | goto err; |
290 | 0 | } |
291 | | |
292 | 0 | if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR |
293 | 0 | && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR |
294 | 0 | && as->ssl_version != DTLS1_BAD_VER) { |
295 | 0 | ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_SSL_VERSION); |
296 | 0 | goto err; |
297 | 0 | } |
298 | | |
299 | 0 | ret->ssl_version = (int)as->ssl_version; |
300 | |
|
301 | 0 | ret->kex_group = as->kex_group; |
302 | |
|
303 | 0 | if (as->cipher->length != 2) { |
304 | 0 | ERR_raise(ERR_LIB_SSL, SSL_R_CIPHER_CODE_WRONG_LENGTH); |
305 | 0 | goto err; |
306 | 0 | } |
307 | | |
308 | 0 | id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L) |
309 | 0 | | (unsigned long)as->cipher->data[1]; |
310 | |
|
311 | 0 | ret->cipher_id = id; |
312 | 0 | ret->cipher = ssl3_get_cipher_by_id(id); |
313 | 0 | if (ret->cipher == NULL) |
314 | 0 | goto err; |
315 | | |
316 | 0 | if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length, |
317 | 0 | as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH)) |
318 | 0 | goto err; |
319 | | |
320 | 0 | if (!ssl_session_memcpy(ret->master_key, &tmpl, |
321 | 0 | as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH)) |
322 | 0 | goto err; |
323 | | |
324 | 0 | ret->master_key_length = tmpl; |
325 | |
|
326 | 0 | if (as->time != 0) |
327 | 0 | ret->time = ossl_time_from_time_t(as->time); |
328 | 0 | else |
329 | 0 | ret->time = ossl_time_now(); |
330 | |
|
331 | 0 | if (as->timeout != 0) |
332 | 0 | ret->timeout = ossl_seconds2time(as->timeout); |
333 | 0 | else |
334 | 0 | ret->timeout = ossl_seconds2time(3); |
335 | 0 | ssl_session_calculate_timeout(ret); |
336 | |
|
337 | 0 | X509_free(ret->peer); |
338 | 0 | ret->peer = as->peer; |
339 | 0 | as->peer = NULL; |
340 | |
|
341 | 0 | EVP_PKEY_free(ret->peer_rpk); |
342 | 0 | ret->peer_rpk = NULL; |
343 | 0 | if (as->peer_rpk != NULL) { |
344 | 0 | const unsigned char *data = as->peer_rpk->data; |
345 | | |
346 | | /* |
347 | | * |data| is incremented; we don't want to lose original ptr |
348 | | */ |
349 | 0 | ret->peer_rpk = d2i_PUBKEY_ex(NULL, &data, as->peer_rpk->length, libctx, propq); |
350 | 0 | if (ret->peer_rpk == NULL) |
351 | 0 | goto err; |
352 | 0 | } |
353 | | |
354 | 0 | if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length, |
355 | 0 | as->session_id_context, SSL_MAX_SID_CTX_LENGTH)) |
356 | 0 | goto err; |
357 | | |
358 | | /* NB: this defaults to zero which is X509_V_OK */ |
359 | 0 | ret->verify_result = as->verify_result; |
360 | |
|
361 | 0 | if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname)) |
362 | 0 | goto err; |
363 | | |
364 | 0 | #ifndef OPENSSL_NO_PSK |
365 | 0 | if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint)) |
366 | 0 | goto err; |
367 | 0 | if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity)) |
368 | 0 | goto err; |
369 | 0 | #endif |
370 | | |
371 | 0 | ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint; |
372 | 0 | ret->ext.tick_age_add = as->tlsext_tick_age_add; |
373 | 0 | OPENSSL_free(ret->ext.tick); |
374 | 0 | if (as->tlsext_tick != NULL) { |
375 | 0 | ret->ext.tick = as->tlsext_tick->data; |
376 | 0 | ret->ext.ticklen = as->tlsext_tick->length; |
377 | 0 | as->tlsext_tick->data = NULL; |
378 | 0 | } else { |
379 | 0 | ret->ext.tick = NULL; |
380 | 0 | } |
381 | 0 | #ifndef OPENSSL_NO_COMP |
382 | 0 | if (as->comp_id) { |
383 | 0 | if (as->comp_id->length != 1) { |
384 | 0 | ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); |
385 | 0 | goto err; |
386 | 0 | } |
387 | 0 | ret->compress_meth = as->comp_id->data[0]; |
388 | 0 | } else { |
389 | 0 | ret->compress_meth = 0; |
390 | 0 | } |
391 | 0 | #endif |
392 | | |
393 | 0 | #ifndef OPENSSL_NO_SRP |
394 | 0 | if (!ssl_session_strndup(&ret->srp_username, as->srp_username)) |
395 | 0 | goto err; |
396 | 0 | #endif /* OPENSSL_NO_SRP */ |
397 | | /* Flags defaults to zero which is fine */ |
398 | 0 | ret->flags = (int32_t)as->flags; |
399 | 0 | ret->ext.max_early_data = as->max_early_data; |
400 | |
|
401 | 0 | OPENSSL_free(ret->ext.alpn_selected); |
402 | 0 | if (as->alpn_selected != NULL) { |
403 | 0 | ret->ext.alpn_selected = as->alpn_selected->data; |
404 | 0 | ret->ext.alpn_selected_len = as->alpn_selected->length; |
405 | 0 | as->alpn_selected->data = NULL; |
406 | 0 | } else { |
407 | 0 | ret->ext.alpn_selected = NULL; |
408 | 0 | ret->ext.alpn_selected_len = 0; |
409 | 0 | } |
410 | |
|
411 | 0 | ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode; |
412 | |
|
413 | 0 | OPENSSL_free(ret->ticket_appdata); |
414 | 0 | if (as->ticket_appdata != NULL) { |
415 | 0 | ret->ticket_appdata = as->ticket_appdata->data; |
416 | 0 | ret->ticket_appdata_len = as->ticket_appdata->length; |
417 | 0 | as->ticket_appdata->data = NULL; |
418 | 0 | } else { |
419 | 0 | ret->ticket_appdata = NULL; |
420 | 0 | ret->ticket_appdata_len = 0; |
421 | 0 | } |
422 | |
|
423 | 0 | M_ASN1_free_of(as, SSL_SESSION_ASN1); |
424 | |
|
425 | 0 | if ((a != NULL) && (*a == NULL)) |
426 | 0 | *a = ret; |
427 | 0 | *pp = p; |
428 | 0 | return ret; |
429 | | |
430 | 0 | err: |
431 | 0 | M_ASN1_free_of(as, SSL_SESSION_ASN1); |
432 | 0 | if ((a == NULL) || (*a != ret)) |
433 | 0 | SSL_SESSION_free(ret); |
434 | | return NULL; |
435 | 0 | } |