1 | /*
|
---|
2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
---|
3 | * Copyright 2005 Nokia. All rights reserved.
|
---|
4 | *
|
---|
5 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
6 | * this file except in compliance with the License. You can obtain a copy
|
---|
7 | * in the file LICENSE in the source distribution or at
|
---|
8 | * https://www.openssl.org/source/license.html
|
---|
9 | */
|
---|
10 |
|
---|
11 | #include <stdio.h>
|
---|
12 | #include <stdlib.h>
|
---|
13 | #include "ssl_local.h"
|
---|
14 | #include <openssl/asn1t.h>
|
---|
15 | #include <openssl/x509.h>
|
---|
16 |
|
---|
17 | typedef struct {
|
---|
18 | uint32_t version;
|
---|
19 | int32_t ssl_version;
|
---|
20 | ASN1_OCTET_STRING *cipher;
|
---|
21 | ASN1_OCTET_STRING *comp_id;
|
---|
22 | ASN1_OCTET_STRING *master_key;
|
---|
23 | ASN1_OCTET_STRING *session_id;
|
---|
24 | ASN1_OCTET_STRING *key_arg;
|
---|
25 | int64_t time;
|
---|
26 | int64_t timeout;
|
---|
27 | X509 *peer;
|
---|
28 | ASN1_OCTET_STRING *session_id_context;
|
---|
29 | int32_t verify_result;
|
---|
30 | ASN1_OCTET_STRING *tlsext_hostname;
|
---|
31 | uint64_t tlsext_tick_lifetime_hint;
|
---|
32 | uint32_t tlsext_tick_age_add;
|
---|
33 | ASN1_OCTET_STRING *tlsext_tick;
|
---|
34 | #ifndef OPENSSL_NO_PSK
|
---|
35 | ASN1_OCTET_STRING *psk_identity_hint;
|
---|
36 | ASN1_OCTET_STRING *psk_identity;
|
---|
37 | #endif
|
---|
38 | #ifndef OPENSSL_NO_SRP
|
---|
39 | ASN1_OCTET_STRING *srp_username;
|
---|
40 | #endif
|
---|
41 | uint64_t flags;
|
---|
42 | uint32_t max_early_data;
|
---|
43 | ASN1_OCTET_STRING *alpn_selected;
|
---|
44 | uint32_t tlsext_max_fragment_len_mode;
|
---|
45 | ASN1_OCTET_STRING *ticket_appdata;
|
---|
46 | } SSL_SESSION_ASN1;
|
---|
47 |
|
---|
48 | ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
|
---|
49 | ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32),
|
---|
50 | ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32),
|
---|
51 | ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
|
---|
52 | ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
|
---|
53 | ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
|
---|
54 | ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
|
---|
55 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1),
|
---|
56 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2),
|
---|
57 | ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3),
|
---|
58 | ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4),
|
---|
59 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
|
---|
60 | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6),
|
---|
61 | #ifndef OPENSSL_NO_PSK
|
---|
62 | ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7),
|
---|
63 | ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8),
|
---|
64 | #endif
|
---|
65 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
|
---|
66 | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10),
|
---|
67 | ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11),
|
---|
68 | #ifndef OPENSSL_NO_SRP
|
---|
69 | ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
|
---|
70 | #endif
|
---|
71 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13),
|
---|
72 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14),
|
---|
73 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15),
|
---|
74 | ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16),
|
---|
75 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17),
|
---|
76 | ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18)
|
---|
77 | } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
|
---|
78 |
|
---|
79 | IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
|
---|
80 |
|
---|
81 | /* Utility functions for i2d_SSL_SESSION */
|
---|
82 |
|
---|
83 | /* Initialise OCTET STRING from buffer and length */
|
---|
84 |
|
---|
85 | static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
|
---|
86 | unsigned char *data, size_t len)
|
---|
87 | {
|
---|
88 | os->data = data;
|
---|
89 | os->length = (int)len;
|
---|
90 | os->flags = 0;
|
---|
91 | *dest = os;
|
---|
92 | }
|
---|
93 |
|
---|
94 | /* Initialise OCTET STRING from string */
|
---|
95 | static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
|
---|
96 | char *data)
|
---|
97 | {
|
---|
98 | if (data != NULL)
|
---|
99 | ssl_session_oinit(dest, os, (unsigned char *)data, strlen(data));
|
---|
100 | else
|
---|
101 | *dest = NULL;
|
---|
102 | }
|
---|
103 |
|
---|
104 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
|
---|
105 | {
|
---|
106 |
|
---|
107 | SSL_SESSION_ASN1 as;
|
---|
108 |
|
---|
109 | ASN1_OCTET_STRING cipher;
|
---|
110 | unsigned char cipher_data[2];
|
---|
111 | ASN1_OCTET_STRING master_key, session_id, sid_ctx;
|
---|
112 |
|
---|
113 | #ifndef OPENSSL_NO_COMP
|
---|
114 | ASN1_OCTET_STRING comp_id;
|
---|
115 | unsigned char comp_id_data;
|
---|
116 | #endif
|
---|
117 | ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
|
---|
118 | #ifndef OPENSSL_NO_SRP
|
---|
119 | ASN1_OCTET_STRING srp_username;
|
---|
120 | #endif
|
---|
121 | #ifndef OPENSSL_NO_PSK
|
---|
122 | ASN1_OCTET_STRING psk_identity, psk_identity_hint;
|
---|
123 | #endif
|
---|
124 | ASN1_OCTET_STRING alpn_selected;
|
---|
125 | ASN1_OCTET_STRING ticket_appdata;
|
---|
126 |
|
---|
127 | long l;
|
---|
128 |
|
---|
129 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
|
---|
130 | return 0;
|
---|
131 |
|
---|
132 | memset(&as, 0, sizeof(as));
|
---|
133 |
|
---|
134 | as.version = SSL_SESSION_ASN1_VERSION;
|
---|
135 | as.ssl_version = in->ssl_version;
|
---|
136 |
|
---|
137 | if (in->cipher == NULL)
|
---|
138 | l = in->cipher_id;
|
---|
139 | else
|
---|
140 | l = in->cipher->id;
|
---|
141 | cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff;
|
---|
142 | cipher_data[1] = ((unsigned char)(l)) & 0xff;
|
---|
143 |
|
---|
144 | ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2);
|
---|
145 |
|
---|
146 | #ifndef OPENSSL_NO_COMP
|
---|
147 | if (in->compress_meth) {
|
---|
148 | comp_id_data = (unsigned char)in->compress_meth;
|
---|
149 | ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1);
|
---|
150 | }
|
---|
151 | #endif
|
---|
152 |
|
---|
153 | ssl_session_oinit(&as.master_key, &master_key,
|
---|
154 | in->master_key, in->master_key_length);
|
---|
155 |
|
---|
156 | ssl_session_oinit(&as.session_id, &session_id,
|
---|
157 | in->session_id, in->session_id_length);
|
---|
158 |
|
---|
159 | ssl_session_oinit(&as.session_id_context, &sid_ctx,
|
---|
160 | in->sid_ctx, in->sid_ctx_length);
|
---|
161 |
|
---|
162 | as.time = in->time;
|
---|
163 | as.timeout = in->timeout;
|
---|
164 | as.verify_result = in->verify_result;
|
---|
165 |
|
---|
166 | as.peer = in->peer;
|
---|
167 |
|
---|
168 | ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname,
|
---|
169 | in->ext.hostname);
|
---|
170 | if (in->ext.tick) {
|
---|
171 | ssl_session_oinit(&as.tlsext_tick, &tlsext_tick,
|
---|
172 | in->ext.tick, in->ext.ticklen);
|
---|
173 | }
|
---|
174 | if (in->ext.tick_lifetime_hint > 0)
|
---|
175 | as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint;
|
---|
176 | as.tlsext_tick_age_add = in->ext.tick_age_add;
|
---|
177 | #ifndef OPENSSL_NO_PSK
|
---|
178 | ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint,
|
---|
179 | in->psk_identity_hint);
|
---|
180 | ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity);
|
---|
181 | #endif /* OPENSSL_NO_PSK */
|
---|
182 | #ifndef OPENSSL_NO_SRP
|
---|
183 | ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username);
|
---|
184 | #endif /* OPENSSL_NO_SRP */
|
---|
185 |
|
---|
186 | as.flags = in->flags;
|
---|
187 | as.max_early_data = in->ext.max_early_data;
|
---|
188 |
|
---|
189 | if (in->ext.alpn_selected == NULL)
|
---|
190 | as.alpn_selected = NULL;
|
---|
191 | else
|
---|
192 | ssl_session_oinit(&as.alpn_selected, &alpn_selected,
|
---|
193 | in->ext.alpn_selected, in->ext.alpn_selected_len);
|
---|
194 |
|
---|
195 | as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode;
|
---|
196 |
|
---|
197 | if (in->ticket_appdata == NULL)
|
---|
198 | as.ticket_appdata = NULL;
|
---|
199 | else
|
---|
200 | ssl_session_oinit(&as.ticket_appdata, &ticket_appdata,
|
---|
201 | in->ticket_appdata, in->ticket_appdata_len);
|
---|
202 |
|
---|
203 | return i2d_SSL_SESSION_ASN1(&as, pp);
|
---|
204 |
|
---|
205 | }
|
---|
206 |
|
---|
207 | /* Utility functions for d2i_SSL_SESSION */
|
---|
208 |
|
---|
209 | /* OPENSSL_strndup an OCTET STRING */
|
---|
210 |
|
---|
211 | static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
|
---|
212 | {
|
---|
213 | OPENSSL_free(*pdst);
|
---|
214 | *pdst = NULL;
|
---|
215 | if (src == NULL)
|
---|
216 | return 1;
|
---|
217 | *pdst = OPENSSL_strndup((char *)src->data, src->length);
|
---|
218 | if (*pdst == NULL)
|
---|
219 | return 0;
|
---|
220 | return 1;
|
---|
221 | }
|
---|
222 |
|
---|
223 | /* Copy an OCTET STRING, return error if it exceeds maximum length */
|
---|
224 |
|
---|
225 | static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
|
---|
226 | ASN1_OCTET_STRING *src, size_t maxlen)
|
---|
227 | {
|
---|
228 | if (src == NULL) {
|
---|
229 | *pdstlen = 0;
|
---|
230 | return 1;
|
---|
231 | }
|
---|
232 | if (src->length < 0 || src->length > (int)maxlen)
|
---|
233 | return 0;
|
---|
234 | memcpy(dst, src->data, src->length);
|
---|
235 | *pdstlen = src->length;
|
---|
236 | return 1;
|
---|
237 | }
|
---|
238 |
|
---|
239 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
|
---|
240 | long length)
|
---|
241 | {
|
---|
242 | long id;
|
---|
243 | size_t tmpl;
|
---|
244 | const unsigned char *p = *pp;
|
---|
245 | SSL_SESSION_ASN1 *as = NULL;
|
---|
246 | SSL_SESSION *ret = NULL;
|
---|
247 |
|
---|
248 | as = d2i_SSL_SESSION_ASN1(NULL, &p, length);
|
---|
249 | /* ASN.1 code returns suitable error */
|
---|
250 | if (as == NULL)
|
---|
251 | goto err;
|
---|
252 |
|
---|
253 | if (!a || !*a) {
|
---|
254 | ret = SSL_SESSION_new();
|
---|
255 | if (ret == NULL)
|
---|
256 | goto err;
|
---|
257 | } else {
|
---|
258 | ret = *a;
|
---|
259 | }
|
---|
260 |
|
---|
261 | if (as->version != SSL_SESSION_ASN1_VERSION) {
|
---|
262 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
|
---|
263 | goto err;
|
---|
264 | }
|
---|
265 |
|
---|
266 | if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR
|
---|
267 | && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR
|
---|
268 | && as->ssl_version != DTLS1_BAD_VER) {
|
---|
269 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
|
---|
270 | goto err;
|
---|
271 | }
|
---|
272 |
|
---|
273 | ret->ssl_version = (int)as->ssl_version;
|
---|
274 |
|
---|
275 | if (as->cipher->length != 2) {
|
---|
276 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH);
|
---|
277 | goto err;
|
---|
278 | }
|
---|
279 |
|
---|
280 | id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L)
|
---|
281 | | (unsigned long)as->cipher->data[1];
|
---|
282 |
|
---|
283 | ret->cipher_id = id;
|
---|
284 | ret->cipher = ssl3_get_cipher_by_id(id);
|
---|
285 | if (ret->cipher == NULL)
|
---|
286 | goto err;
|
---|
287 |
|
---|
288 | if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length,
|
---|
289 | as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH))
|
---|
290 | goto err;
|
---|
291 |
|
---|
292 | if (!ssl_session_memcpy(ret->master_key, &tmpl,
|
---|
293 | as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH))
|
---|
294 | goto err;
|
---|
295 |
|
---|
296 | ret->master_key_length = tmpl;
|
---|
297 |
|
---|
298 | if (as->time != 0)
|
---|
299 | ret->time = (long)as->time;
|
---|
300 | else
|
---|
301 | ret->time = (long)time(NULL);
|
---|
302 |
|
---|
303 | if (as->timeout != 0)
|
---|
304 | ret->timeout = (long)as->timeout;
|
---|
305 | else
|
---|
306 | ret->timeout = 3;
|
---|
307 |
|
---|
308 | X509_free(ret->peer);
|
---|
309 | ret->peer = as->peer;
|
---|
310 | as->peer = NULL;
|
---|
311 |
|
---|
312 | if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length,
|
---|
313 | as->session_id_context, SSL_MAX_SID_CTX_LENGTH))
|
---|
314 | goto err;
|
---|
315 |
|
---|
316 | /* NB: this defaults to zero which is X509_V_OK */
|
---|
317 | ret->verify_result = as->verify_result;
|
---|
318 |
|
---|
319 | if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname))
|
---|
320 | goto err;
|
---|
321 |
|
---|
322 | #ifndef OPENSSL_NO_PSK
|
---|
323 | if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint))
|
---|
324 | goto err;
|
---|
325 | if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity))
|
---|
326 | goto err;
|
---|
327 | #endif
|
---|
328 |
|
---|
329 | ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint;
|
---|
330 | ret->ext.tick_age_add = as->tlsext_tick_age_add;
|
---|
331 | OPENSSL_free(ret->ext.tick);
|
---|
332 | if (as->tlsext_tick != NULL) {
|
---|
333 | ret->ext.tick = as->tlsext_tick->data;
|
---|
334 | ret->ext.ticklen = as->tlsext_tick->length;
|
---|
335 | as->tlsext_tick->data = NULL;
|
---|
336 | } else {
|
---|
337 | ret->ext.tick = NULL;
|
---|
338 | }
|
---|
339 | #ifndef OPENSSL_NO_COMP
|
---|
340 | if (as->comp_id) {
|
---|
341 | if (as->comp_id->length != 1) {
|
---|
342 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH);
|
---|
343 | goto err;
|
---|
344 | }
|
---|
345 | ret->compress_meth = as->comp_id->data[0];
|
---|
346 | } else {
|
---|
347 | ret->compress_meth = 0;
|
---|
348 | }
|
---|
349 | #endif
|
---|
350 |
|
---|
351 | #ifndef OPENSSL_NO_SRP
|
---|
352 | if (!ssl_session_strndup(&ret->srp_username, as->srp_username))
|
---|
353 | goto err;
|
---|
354 | #endif /* OPENSSL_NO_SRP */
|
---|
355 | /* Flags defaults to zero which is fine */
|
---|
356 | ret->flags = (int32_t)as->flags;
|
---|
357 | ret->ext.max_early_data = as->max_early_data;
|
---|
358 |
|
---|
359 | OPENSSL_free(ret->ext.alpn_selected);
|
---|
360 | if (as->alpn_selected != NULL) {
|
---|
361 | ret->ext.alpn_selected = as->alpn_selected->data;
|
---|
362 | ret->ext.alpn_selected_len = as->alpn_selected->length;
|
---|
363 | as->alpn_selected->data = NULL;
|
---|
364 | } else {
|
---|
365 | ret->ext.alpn_selected = NULL;
|
---|
366 | ret->ext.alpn_selected_len = 0;
|
---|
367 | }
|
---|
368 |
|
---|
369 | ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode;
|
---|
370 |
|
---|
371 | OPENSSL_free(ret->ticket_appdata);
|
---|
372 | if (as->ticket_appdata != NULL) {
|
---|
373 | ret->ticket_appdata = as->ticket_appdata->data;
|
---|
374 | ret->ticket_appdata_len = as->ticket_appdata->length;
|
---|
375 | as->ticket_appdata->data = NULL;
|
---|
376 | } else {
|
---|
377 | ret->ticket_appdata = NULL;
|
---|
378 | ret->ticket_appdata_len = 0;
|
---|
379 | }
|
---|
380 |
|
---|
381 | M_ASN1_free_of(as, SSL_SESSION_ASN1);
|
---|
382 |
|
---|
383 | if ((a != NULL) && (*a == NULL))
|
---|
384 | *a = ret;
|
---|
385 | *pp = p;
|
---|
386 | return ret;
|
---|
387 |
|
---|
388 | err:
|
---|
389 | M_ASN1_free_of(as, SSL_SESSION_ASN1);
|
---|
390 | if ((a == NULL) || (*a != ret))
|
---|
391 | SSL_SESSION_free(ret);
|
---|
392 | return NULL;
|
---|
393 | }
|
---|