]>
Commit | Line | Data |
---|---|---|
846e33c7 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
d02b48c6 | 3 | * |
846e33c7 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 | 8 | */ |
846e33c7 | 9 | |
ddac1974 NL |
10 | /* ==================================================================== |
11 | * Copyright 2005 Nokia. All rights reserved. | |
12 | * | |
13 | * The portions of the attached software ("Contribution") is developed by | |
14 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | |
15 | * license. | |
16 | * | |
17 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | |
18 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | |
19 | * support (see RFC 4279) to OpenSSL. | |
20 | * | |
21 | * No patent licenses or other rights except those expressly stated in | |
22 | * the OpenSSL open source license shall be deemed granted or received | |
23 | * expressly, by implication, estoppel, or otherwise. | |
24 | * | |
25 | * No assurances are provided by Nokia that the Contribution does not | |
26 | * infringe the patent or other intellectual property rights of any third | |
27 | * party or that the license provides you with all the necessary rights | |
28 | * to make use of the Contribution. | |
29 | * | |
30 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | |
31 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | |
32 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | |
33 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | |
34 | * OTHERWISE. | |
35 | */ | |
d02b48c6 RE |
36 | |
37 | #include <stdio.h> | |
38 | #include <stdlib.h> | |
7b63c0fa | 39 | #include "ssl_locl.h" |
cc5b6a03 | 40 | #include <openssl/asn1t.h> |
b1fe6ca1 | 41 | #include <openssl/x509.h> |
d02b48c6 | 42 | |
cc5b6a03 DSH |
43 | typedef struct { |
44 | long version; | |
45 | long ssl_version; | |
46 | ASN1_OCTET_STRING *cipher; | |
47 | ASN1_OCTET_STRING *comp_id; | |
48 | ASN1_OCTET_STRING *master_key; | |
49 | ASN1_OCTET_STRING *session_id; | |
cc5b6a03 DSH |
50 | ASN1_OCTET_STRING *key_arg; |
51 | long time; | |
52 | long timeout; | |
53 | X509 *peer; | |
54 | ASN1_OCTET_STRING *session_id_context; | |
55 | long verify_result; | |
cc5b6a03 DSH |
56 | ASN1_OCTET_STRING *tlsext_hostname; |
57 | long tlsext_tick_lifetime_hint; | |
58 | ASN1_OCTET_STRING *tlsext_tick; | |
e2010b20 | 59 | #ifndef OPENSSL_NO_PSK |
cc5b6a03 DSH |
60 | ASN1_OCTET_STRING *psk_identity_hint; |
61 | ASN1_OCTET_STRING *psk_identity; | |
62 | #endif | |
edc032b5 | 63 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 DSH |
64 | ASN1_OCTET_STRING *srp_username; |
65 | #endif | |
66 | long flags; | |
0f113f3e | 67 | } SSL_SESSION_ASN1; |
d02b48c6 | 68 | |
cc5b6a03 DSH |
69 | ASN1_SEQUENCE(SSL_SESSION_ASN1) = { |
70 | ASN1_SIMPLE(SSL_SESSION_ASN1, version, LONG), | |
71 | ASN1_SIMPLE(SSL_SESSION_ASN1, ssl_version, LONG), | |
72 | ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING), | |
73 | ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING), | |
74 | ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING), | |
cc5b6a03 DSH |
75 | ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0), |
76 | ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZLONG, 1), | |
77 | ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZLONG, 2), | |
78 | ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3), | |
79 | ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4), | |
80 | ASN1_EXP_OPT(SSL_SESSION_ASN1, verify_result, ZLONG, 5), | |
cc5b6a03 | 81 | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6), |
cc5b6a03 DSH |
82 | #ifndef OPENSSL_NO_PSK |
83 | ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7), | |
84 | ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8), | |
85 | #endif | |
cc5b6a03 DSH |
86 | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZLONG, 9), |
87 | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10), | |
cc5b6a03 DSH |
88 | ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11), |
89 | #ifndef OPENSSL_NO_SRP | |
90 | ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12), | |
91 | #endif | |
92 | ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13) | |
df2ee0e2 | 93 | } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) |
cc5b6a03 DSH |
94 | |
95 | IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) | |
96 | ||
97 | /* Utility functions for i2d_SSL_SESSION */ | |
98 | ||
99 | /* Initialise OCTET STRING from buffer and length */ | |
100 | ||
101 | static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, | |
102 | unsigned char *data, size_t len) | |
103 | { | |
104 | os->data = data; | |
348240c6 | 105 | os->length = (int)len; |
cc5b6a03 DSH |
106 | os->flags = 0; |
107 | *dest = os; | |
108 | } | |
109 | ||
110 | /* Initialise OCTET STRING from string */ | |
111 | static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, | |
112 | char *data) | |
113 | { | |
114 | if (data != NULL) | |
115 | ssl_session_oinit(dest, os, (unsigned char *)data, strlen(data)); | |
116 | else | |
117 | *dest = NULL; | |
118 | } | |
119 | ||
6b691a5c | 120 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) |
0f113f3e | 121 | { |
cc5b6a03 DSH |
122 | |
123 | SSL_SESSION_ASN1 as; | |
124 | ||
125 | ASN1_OCTET_STRING cipher; | |
126 | unsigned char cipher_data[2]; | |
127 | ASN1_OCTET_STRING master_key, session_id, sid_ctx; | |
128 | ||
129 | #ifndef OPENSSL_NO_COMP | |
130 | ASN1_OCTET_STRING comp_id; | |
131 | unsigned char comp_id_data; | |
132 | #endif | |
133 | ||
cc5b6a03 | 134 | ASN1_OCTET_STRING tlsext_hostname, tlsext_tick; |
cc5b6a03 | 135 | |
edc032b5 | 136 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 DSH |
137 | ASN1_OCTET_STRING srp_username; |
138 | #endif | |
139 | ||
140 | #ifndef OPENSSL_NO_PSK | |
141 | ASN1_OCTET_STRING psk_identity, psk_identity_hint; | |
367eb1f1 | 142 | #endif |
cc5b6a03 | 143 | |
0f113f3e | 144 | long l; |
0f113f3e MC |
145 | |
146 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) | |
cc5b6a03 DSH |
147 | return 0; |
148 | ||
149 | memset(&as, 0, sizeof(as)); | |
150 | ||
151 | as.version = SSL_SESSION_ASN1_VERSION; | |
152 | as.ssl_version = in->ssl_version; | |
0f113f3e MC |
153 | |
154 | if (in->cipher == NULL) | |
155 | l = in->cipher_id; | |
156 | else | |
157 | l = in->cipher->id; | |
cc5b6a03 DSH |
158 | cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff; |
159 | cipher_data[1] = ((unsigned char)(l)) & 0xff; | |
160 | ||
161 | ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2); | |
d02b48c6 | 162 | |
9de014a7 | 163 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 164 | if (in->compress_meth) { |
cc5b6a03 DSH |
165 | comp_id_data = (unsigned char)in->compress_meth; |
166 | ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1); | |
0f113f3e | 167 | } |
9de014a7 DSH |
168 | #endif |
169 | ||
cc5b6a03 DSH |
170 | ssl_session_oinit(&as.master_key, &master_key, |
171 | in->master_key, in->master_key_length); | |
d02b48c6 | 172 | |
cc5b6a03 DSH |
173 | ssl_session_oinit(&as.session_id, &session_id, |
174 | in->session_id, in->session_id_length); | |
b4cadc6e | 175 | |
cc5b6a03 DSH |
176 | ssl_session_oinit(&as.session_id_context, &sid_ctx, |
177 | in->sid_ctx, in->sid_ctx_length); | |
0f113f3e | 178 | |
cc5b6a03 DSH |
179 | as.time = in->time; |
180 | as.timeout = in->timeout; | |
181 | as.verify_result = in->verify_result; | |
0f113f3e | 182 | |
cc5b6a03 | 183 | as.peer = in->peer; |
0f113f3e | 184 | |
cc5b6a03 DSH |
185 | ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname, |
186 | in->tlsext_hostname); | |
0f113f3e | 187 | if (in->tlsext_tick) { |
cc5b6a03 DSH |
188 | ssl_session_oinit(&as.tlsext_tick, &tlsext_tick, |
189 | in->tlsext_tick, in->tlsext_ticklen); | |
0f113f3e | 190 | } |
cc5b6a03 DSH |
191 | if (in->tlsext_tick_lifetime_hint > 0) |
192 | as.tlsext_tick_lifetime_hint = in->tlsext_tick_lifetime_hint; | |
ddac1974 | 193 | #ifndef OPENSSL_NO_PSK |
cc5b6a03 DSH |
194 | ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint, |
195 | in->psk_identity_hint); | |
196 | ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity); | |
0f113f3e | 197 | #endif /* OPENSSL_NO_PSK */ |
edc032b5 | 198 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 | 199 | ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username); |
0f113f3e MC |
200 | #endif /* OPENSSL_NO_SRP */ |
201 | ||
cc5b6a03 | 202 | as.flags = in->flags; |
6f152a15 | 203 | |
cc5b6a03 | 204 | return i2d_SSL_SESSION_ASN1(&as, pp); |
d02b48c6 | 205 | |
cc5b6a03 | 206 | } |
0f113f3e | 207 | |
cc5b6a03 | 208 | /* Utility functions for d2i_SSL_SESSION */ |
0f113f3e | 209 | |
7644a9ae | 210 | /* OPENSSL_strndup an OCTET STRING */ |
cc5b6a03 DSH |
211 | |
212 | static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) | |
213 | { | |
b548a1f1 RS |
214 | OPENSSL_free(*pdst); |
215 | *pdst = NULL; | |
cc5b6a03 DSH |
216 | if (src == NULL) |
217 | return 1; | |
7644a9ae | 218 | *pdst = OPENSSL_strndup((char *)src->data, src->length); |
cc5b6a03 DSH |
219 | if (*pdst == NULL) |
220 | return 0; | |
221 | return 1; | |
222 | } | |
223 | ||
224 | /* Copy an OCTET STRING, return error if it exceeds maximum length */ | |
225 | ||
ec60ccc1 MC |
226 | static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, |
227 | ASN1_OCTET_STRING *src, size_t maxlen) | |
cc5b6a03 DSH |
228 | { |
229 | if (src == NULL) { | |
230 | *pdstlen = 0; | |
231 | return 1; | |
232 | } | |
ec60ccc1 | 233 | if (src->length < 0 || src->length > (int)maxlen) |
cc5b6a03 DSH |
234 | return 0; |
235 | memcpy(dst, src->data, src->length); | |
236 | *pdstlen = src->length; | |
237 | return 1; | |
0f113f3e | 238 | } |
d02b48c6 | 239 | |
41a15c4f | 240 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
0f113f3e MC |
241 | long length) |
242 | { | |
0f113f3e | 243 | long id; |
ec60ccc1 | 244 | size_t tmpl; |
cc5b6a03 DSH |
245 | const unsigned char *p = *pp; |
246 | SSL_SESSION_ASN1 *as = NULL; | |
247 | SSL_SESSION *ret = NULL; | |
248 | ||
249 | as = d2i_SSL_SESSION_ASN1(NULL, &p, length); | |
250 | /* ASN.1 code returns suitable error */ | |
251 | if (as == NULL) | |
252 | goto err; | |
0f113f3e | 253 | |
cc5b6a03 DSH |
254 | if (!a || !*a) { |
255 | ret = SSL_SESSION_new(); | |
256 | if (ret == NULL) | |
0f113f3e | 257 | goto err; |
0f113f3e | 258 | } else { |
cc5b6a03 DSH |
259 | ret = *a; |
260 | } | |
261 | ||
262 | if (as->version != SSL_SESSION_ASN1_VERSION) { | |
263 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION); | |
0f113f3e MC |
264 | goto err; |
265 | } | |
266 | ||
cc5b6a03 DSH |
267 | if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR |
268 | && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR | |
269 | && as->ssl_version != DTLS1_BAD_VER) { | |
270 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); | |
271 | goto err; | |
272 | } | |
0f113f3e | 273 | |
cc5b6a03 | 274 | ret->ssl_version = (int)as->ssl_version; |
0f113f3e | 275 | |
cc5b6a03 DSH |
276 | if (as->cipher->length != 2) { |
277 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH); | |
278 | goto err; | |
279 | } | |
0f113f3e | 280 | |
cc5b6a03 DSH |
281 | p = as->cipher->data; |
282 | id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; | |
0f113f3e | 283 | |
cc5b6a03 DSH |
284 | ret->cipher = NULL; |
285 | ret->cipher_id = id; | |
0f113f3e | 286 | |
cc5b6a03 DSH |
287 | if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length, |
288 | as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH)) | |
289 | goto err; | |
290 | ||
291 | if (!ssl_session_memcpy(ret->master_key, &tmpl, | |
292 | as->master_key, SSL_MAX_MASTER_KEY_LENGTH)) | |
293 | goto err; | |
294 | ||
295 | ret->master_key_length = tmpl; | |
98fa4fe8 | 296 | |
cc5b6a03 DSH |
297 | if (as->time != 0) |
298 | ret->time = as->time; | |
299 | else | |
0f113f3e MC |
300 | ret->time = (unsigned long)time(NULL); |
301 | ||
cc5b6a03 DSH |
302 | if (as->timeout != 0) |
303 | ret->timeout = as->timeout; | |
304 | else | |
0f113f3e MC |
305 | ret->timeout = 3; |
306 | ||
cc5b6a03 DSH |
307 | X509_free(ret->peer); |
308 | ret->peer = as->peer; | |
309 | as->peer = NULL; | |
0f113f3e | 310 | |
cc5b6a03 DSH |
311 | if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length, |
312 | as->session_id_context, SSL_MAX_SID_CTX_LENGTH)) | |
313 | goto err; | |
0f113f3e | 314 | |
cc5b6a03 DSH |
315 | /* NB: this defaults to zero which is X509_V_OK */ |
316 | ret->verify_result = as->verify_result; | |
b1fe6ca1 | 317 | |
cc5b6a03 DSH |
318 | if (!ssl_session_strndup(&ret->tlsext_hostname, as->tlsext_hostname)) |
319 | goto err; | |
ed3883d2 | 320 | |
ddac1974 | 321 | #ifndef OPENSSL_NO_PSK |
cc5b6a03 DSH |
322 | if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint)) |
323 | goto err; | |
324 | if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity)) | |
325 | goto err; | |
326 | #endif | |
ddac1974 | 327 | |
cc5b6a03 DSH |
328 | ret->tlsext_tick_lifetime_hint = as->tlsext_tick_lifetime_hint; |
329 | if (as->tlsext_tick) { | |
330 | ret->tlsext_tick = as->tlsext_tick->data; | |
331 | ret->tlsext_ticklen = as->tlsext_tick->length; | |
332 | as->tlsext_tick->data = NULL; | |
333 | } else { | |
0f113f3e | 334 | ret->tlsext_tick = NULL; |
cc5b6a03 | 335 | } |
9de014a7 | 336 | #ifndef OPENSSL_NO_COMP |
cc5b6a03 DSH |
337 | if (as->comp_id) { |
338 | if (as->comp_id->length != 1) { | |
339 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH); | |
340 | goto err; | |
341 | } | |
342 | ret->compress_meth = as->comp_id->data[0]; | |
343 | } else { | |
344 | ret->compress_meth = 0; | |
0f113f3e | 345 | } |
9de014a7 | 346 | #endif |
ddac1974 | 347 | |
edc032b5 | 348 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 DSH |
349 | if (!ssl_session_strndup(&ret->srp_username, as->srp_username)) |
350 | goto err; | |
0f113f3e | 351 | #endif /* OPENSSL_NO_SRP */ |
cc5b6a03 DSH |
352 | /* Flags defaults to zero which is fine */ |
353 | ret->flags = as->flags; | |
354 | ||
355 | M_ASN1_free_of(as, SSL_SESSION_ASN1); | |
356 | ||
357 | if ((a != NULL) && (*a == NULL)) | |
358 | *a = ret; | |
359 | *pp = p; | |
360 | return ret; | |
361 | ||
a230b26e | 362 | err: |
cc5b6a03 DSH |
363 | M_ASN1_free_of(as, SSL_SESSION_ASN1); |
364 | if ((a == NULL) || (*a != ret)) | |
365 | SSL_SESSION_free(ret); | |
366 | return NULL; | |
0f113f3e | 367 | } |