1 /* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <openssl/ssl.h>
16
17 #include <assert.h>
18 #include <string.h>
19
20 #include <openssl/bytestring.h>
21 #include <openssl/err.h>
22 #include <openssl/mem.h>
23 #include <openssl/stack.h>
24
25 #include "internal.h"
26
27
SSL_CUSTOM_EXTENSION_free(SSL_CUSTOM_EXTENSION * custom_extension)28 void SSL_CUSTOM_EXTENSION_free(SSL_CUSTOM_EXTENSION *custom_extension) {
29 OPENSSL_free(custom_extension);
30 }
31
custom_ext_find(STACK_OF (SSL_CUSTOM_EXTENSION)* stack,unsigned * out_index,uint16_t value)32 static const SSL_CUSTOM_EXTENSION *custom_ext_find(
33 STACK_OF(SSL_CUSTOM_EXTENSION) *stack,
34 unsigned *out_index, uint16_t value) {
35 for (size_t i = 0; i < sk_SSL_CUSTOM_EXTENSION_num(stack); i++) {
36 const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);
37 if (ext->value == value) {
38 if (out_index != NULL) {
39 *out_index = i;
40 }
41 return ext;
42 }
43 }
44
45 return NULL;
46 }
47
48 /* default_add_callback is used as the |add_callback| when the user doesn't
49 * provide one. For servers, it does nothing while, for clients, it causes an
50 * empty extension to be included. */
default_add_callback(SSL * ssl,unsigned extension_value,const uint8_t ** out,size_t * out_len,int * out_alert_value,void * add_arg)51 static int default_add_callback(SSL *ssl, unsigned extension_value,
52 const uint8_t **out, size_t *out_len,
53 int *out_alert_value, void *add_arg) {
54 if (ssl->server) {
55 return 0;
56 }
57 *out_len = 0;
58 return 1;
59 }
60
custom_ext_add_hello(SSL_HANDSHAKE * hs,CBB * extensions)61 static int custom_ext_add_hello(SSL_HANDSHAKE *hs, CBB *extensions) {
62 SSL *const ssl = hs->ssl;
63 STACK_OF(SSL_CUSTOM_EXTENSION) *stack = ssl->ctx->client_custom_extensions;
64 if (ssl->server) {
65 stack = ssl->ctx->server_custom_extensions;
66 }
67
68 if (stack == NULL) {
69 return 1;
70 }
71
72 if (ssl->cert->enable_early_data) {
73 /* TODO(svaldez): Support Custom Extensions with 0-RTT. For now the caller
74 * is expected not to configure both together.
75 * https://crbug.com/boringssl/173. */
76 OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
77 return 0;
78 }
79
80 for (size_t i = 0; i < sk_SSL_CUSTOM_EXTENSION_num(stack); i++) {
81 const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);
82
83 if (ssl->server &&
84 !(hs->custom_extensions.received & (1u << i))) {
85 /* Servers cannot echo extensions that the client didn't send. */
86 continue;
87 }
88
89 const uint8_t *contents;
90 size_t contents_len;
91 int alert = SSL_AD_DECODE_ERROR;
92 CBB contents_cbb;
93
94 switch (ext->add_callback(ssl, ext->value, &contents, &contents_len, &alert,
95 ext->add_arg)) {
96 case 1:
97 if (!CBB_add_u16(extensions, ext->value) ||
98 !CBB_add_u16_length_prefixed(extensions, &contents_cbb) ||
99 !CBB_add_bytes(&contents_cbb, contents, contents_len) ||
100 !CBB_flush(extensions)) {
101 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
102 ERR_add_error_dataf("extension %u", (unsigned) ext->value);
103 if (ext->free_callback && 0 < contents_len) {
104 ext->free_callback(ssl, ext->value, contents, ext->add_arg);
105 }
106 return 0;
107 }
108
109 if (ext->free_callback && 0 < contents_len) {
110 ext->free_callback(ssl, ext->value, contents, ext->add_arg);
111 }
112
113 if (!ssl->server) {
114 assert((hs->custom_extensions.sent & (1u << i)) == 0);
115 hs->custom_extensions.sent |= (1u << i);
116 }
117 break;
118
119 case 0:
120 break;
121
122 default:
123 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
124 OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
125 ERR_add_error_dataf("extension %u", (unsigned) ext->value);
126 return 0;
127 }
128 }
129
130 return 1;
131 }
132
custom_ext_add_clienthello(SSL_HANDSHAKE * hs,CBB * extensions)133 int custom_ext_add_clienthello(SSL_HANDSHAKE *hs, CBB *extensions) {
134 return custom_ext_add_hello(hs, extensions);
135 }
136
custom_ext_parse_serverhello(SSL_HANDSHAKE * hs,int * out_alert,uint16_t value,const CBS * extension)137 int custom_ext_parse_serverhello(SSL_HANDSHAKE *hs, int *out_alert,
138 uint16_t value, const CBS *extension) {
139 SSL *const ssl = hs->ssl;
140 unsigned index;
141 const SSL_CUSTOM_EXTENSION *ext =
142 custom_ext_find(ssl->ctx->client_custom_extensions, &index, value);
143
144 if (/* Unknown extensions are not allowed in a ServerHello. */
145 ext == NULL ||
146 /* Also, if we didn't send the extension, that's also unacceptable. */
147 !(hs->custom_extensions.sent & (1u << index))) {
148 OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
149 ERR_add_error_dataf("extension %u", (unsigned)value);
150 *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
151 return 0;
152 }
153
154 if (ext->parse_callback != NULL &&
155 !ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),
156 out_alert, ext->parse_arg)) {
157 OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
158 ERR_add_error_dataf("extension %u", (unsigned)ext->value);
159 return 0;
160 }
161
162 return 1;
163 }
164
custom_ext_parse_clienthello(SSL_HANDSHAKE * hs,int * out_alert,uint16_t value,const CBS * extension)165 int custom_ext_parse_clienthello(SSL_HANDSHAKE *hs, int *out_alert,
166 uint16_t value, const CBS *extension) {
167 SSL *const ssl = hs->ssl;
168 unsigned index;
169 const SSL_CUSTOM_EXTENSION *ext =
170 custom_ext_find(ssl->ctx->server_custom_extensions, &index, value);
171
172 if (ext == NULL) {
173 return 1;
174 }
175
176 assert((hs->custom_extensions.received & (1u << index)) == 0);
177 hs->custom_extensions.received |= (1u << index);
178
179 if (ext->parse_callback &&
180 !ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),
181 out_alert, ext->parse_arg)) {
182 OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
183 ERR_add_error_dataf("extension %u", (unsigned)ext->value);
184 return 0;
185 }
186
187 return 1;
188 }
189
custom_ext_add_serverhello(SSL_HANDSHAKE * hs,CBB * extensions)190 int custom_ext_add_serverhello(SSL_HANDSHAKE *hs, CBB *extensions) {
191 return custom_ext_add_hello(hs, extensions);
192 }
193
194 /* MAX_NUM_CUSTOM_EXTENSIONS is the maximum number of custom extensions that
195 * can be set on an |SSL_CTX|. It's determined by the size of the bitset used
196 * to track when an extension has been sent. */
197 #define MAX_NUM_CUSTOM_EXTENSIONS \
198 (sizeof(((SSL_HANDSHAKE *)NULL)->custom_extensions.sent) * 8)
199
custom_ext_append(STACK_OF (SSL_CUSTOM_EXTENSION)** stack,unsigned extension_value,SSL_custom_ext_add_cb add_cb,SSL_custom_ext_free_cb free_cb,void * add_arg,SSL_custom_ext_parse_cb parse_cb,void * parse_arg)200 static int custom_ext_append(STACK_OF(SSL_CUSTOM_EXTENSION) **stack,
201 unsigned extension_value,
202 SSL_custom_ext_add_cb add_cb,
203 SSL_custom_ext_free_cb free_cb, void *add_arg,
204 SSL_custom_ext_parse_cb parse_cb,
205 void *parse_arg) {
206 if (add_cb == NULL ||
207 0xffff < extension_value ||
208 SSL_extension_supported(extension_value) ||
209 /* Specifying a free callback without an add callback is nonsensical
210 * and an error. */
211 (*stack != NULL &&
212 (MAX_NUM_CUSTOM_EXTENSIONS <= sk_SSL_CUSTOM_EXTENSION_num(*stack) ||
213 custom_ext_find(*stack, NULL, extension_value) != NULL))) {
214 return 0;
215 }
216
217 SSL_CUSTOM_EXTENSION *ext =
218 (SSL_CUSTOM_EXTENSION *)OPENSSL_malloc(sizeof(SSL_CUSTOM_EXTENSION));
219 if (ext == NULL) {
220 return 0;
221 }
222 ext->add_callback = add_cb;
223 ext->add_arg = add_arg;
224 ext->free_callback = free_cb;
225 ext->parse_callback = parse_cb;
226 ext->parse_arg = parse_arg;
227 ext->value = extension_value;
228
229 if (*stack == NULL) {
230 *stack = sk_SSL_CUSTOM_EXTENSION_new_null();
231 if (*stack == NULL) {
232 SSL_CUSTOM_EXTENSION_free(ext);
233 return 0;
234 }
235 }
236
237 if (!sk_SSL_CUSTOM_EXTENSION_push(*stack, ext)) {
238 SSL_CUSTOM_EXTENSION_free(ext);
239 if (sk_SSL_CUSTOM_EXTENSION_num(*stack) == 0) {
240 sk_SSL_CUSTOM_EXTENSION_free(*stack);
241 *stack = NULL;
242 }
243 return 0;
244 }
245
246 return 1;
247 }
248
SSL_CTX_add_client_custom_ext(SSL_CTX * ctx,unsigned extension_value,SSL_custom_ext_add_cb add_cb,SSL_custom_ext_free_cb free_cb,void * add_arg,SSL_custom_ext_parse_cb parse_cb,void * parse_arg)249 int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned extension_value,
250 SSL_custom_ext_add_cb add_cb,
251 SSL_custom_ext_free_cb free_cb, void *add_arg,
252 SSL_custom_ext_parse_cb parse_cb,
253 void *parse_arg) {
254 return custom_ext_append(&ctx->client_custom_extensions, extension_value,
255 add_cb ? add_cb : default_add_callback, free_cb,
256 add_arg, parse_cb, parse_arg);
257 }
258
SSL_CTX_add_server_custom_ext(SSL_CTX * ctx,unsigned extension_value,SSL_custom_ext_add_cb add_cb,SSL_custom_ext_free_cb free_cb,void * add_arg,SSL_custom_ext_parse_cb parse_cb,void * parse_arg)259 int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned extension_value,
260 SSL_custom_ext_add_cb add_cb,
261 SSL_custom_ext_free_cb free_cb, void *add_arg,
262 SSL_custom_ext_parse_cb parse_cb,
263 void *parse_arg) {
264 return custom_ext_append(&ctx->server_custom_extensions, extension_value,
265 add_cb ? add_cb : default_add_callback, free_cb,
266 add_arg, parse_cb, parse_arg);
267 }
268