]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/ssl_asn1.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ssl: modify libssl so that it uses OSSL_TIME
[thirdparty/openssl.git] / ssl / ssl_asn1.c
CommitLineData
846e33c7 1/*
0789c7d8 2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
c80149d9 3 * Copyright 2005 Nokia. All rights reserved.
d02b48c6 4 *
2c18d164 5 * Licensed under the Apache License 2.0 (the "License"). You may not use
846e33c7
RS		 6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
d02b48c6 9 */
846e33c7 10
d02b48c6
RE		 11#include <stdio.h>
12#include <stdlib.h>
706457b7 13#include "ssl_local.h"
64f11ee8 14#include <openssl/asn1t.h>
b1fe6ca1 15#include <openssl/x509.h>
d02b48c6 16
cc5b6a03 17typedef struct {
66ecfb54
RL		 18 uint32_t version;
19 int32_t ssl_version;
cc5b6a03
DSH		 20 ASN1_OCTET_STRING *cipher;
21 ASN1_OCTET_STRING *comp_id;
22 ASN1_OCTET_STRING *master_key;
23 ASN1_OCTET_STRING *session_id;
cc5b6a03 24 ASN1_OCTET_STRING *key_arg;
66ecfb54
RL		 25 int64_t time;
26 int64_t timeout;
cc5b6a03
DSH		 27 X509 *peer;
28 ASN1_OCTET_STRING *session_id_context;
66ecfb54 29 int32_t verify_result;
cc5b6a03 30 ASN1_OCTET_STRING *tlsext_hostname;
66ecfb54
RL		 31 uint64_t tlsext_tick_lifetime_hint;
32 uint32_t tlsext_tick_age_add;
cc5b6a03 33 ASN1_OCTET_STRING *tlsext_tick;
e2010b20 34#ifndef OPENSSL_NO_PSK
cc5b6a03
DSH		 35 ASN1_OCTET_STRING *psk_identity_hint;
36 ASN1_OCTET_STRING *psk_identity;
37#endif
edc032b5 38#ifndef OPENSSL_NO_SRP
cc5b6a03
DSH		 39 ASN1_OCTET_STRING *srp_username;
40#endif
66ecfb54 41 uint64_t flags;
5d5b3fba 42 uint32_t max_early_data;
f6370040 43 ASN1_OCTET_STRING *alpn_selected;
cf72c757 44 uint32_t tlsext_max_fragment_len_mode;
df0fed9a 45 ASN1_OCTET_STRING *ticket_appdata;
aa6bd216 46 uint32_t kex_group;
0f113f3e 47} SSL_SESSION_ASN1;
d02b48c6 48
cc5b6a03 49ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
9612e157
RL		 50 ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32),
51 ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32),
cc5b6a03
DSH		 52 ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
53 ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
54 ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
cc5b6a03 55 ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
9612e157
RL		 56 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1),
57 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2),
cc5b6a03
DSH		 58 ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3),
59 ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4),
9612e157 60 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
cc5b6a03 61 ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6),
cc5b6a03
DSH		 62#ifndef OPENSSL_NO_PSK
63 ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7),
64 ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8),
65#endif
9612e157 66 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
cc5b6a03 67 ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10),
cc5b6a03
DSH		 68 ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11),
69#ifndef OPENSSL_NO_SRP
70 ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
71#endif
9612e157
RL		 72 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13),
73 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14),
74 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15),
9b6a8254 75 ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16),
6cf2dbd9 76 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17),
aa6bd216
BK		 77 ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18),
78 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, kex_group, UINT32, 19)
df2ee0e2 79} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
cc5b6a03
DSH		 80
81IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
82
83/* Utility functions for i2d_SSL_SESSION */
84
85/* Initialise OCTET STRING from buffer and length */
86
87static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
9fdcc21f 88 const unsigned char *data, size_t len)
cc5b6a03 89{
9fdcc21f 90 os->data = (unsigned char *)data; /* justified cast: data is not modified */
348240c6 91 os->length = (int)len;
cc5b6a03
DSH		 92 os->flags = 0;
93 *dest = os;
94}
95
96/* Initialise OCTET STRING from string */
97static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
9fdcc21f 98 const char *data)
cc5b6a03
DSH		 99{
100 if (data != NULL)
9fdcc21f 101 ssl_session_oinit(dest, os, (const unsigned char *)data, strlen(data));
cc5b6a03
DSH		 102 else
103 *dest = NULL;
104}
105
9fdcc21f 106int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp)
0f113f3e 107{
cc5b6a03
DSH		 108
109 SSL_SESSION_ASN1 as;
110
111 ASN1_OCTET_STRING cipher;
112 unsigned char cipher_data[2];
113 ASN1_OCTET_STRING master_key, session_id, sid_ctx;
114
115#ifndef OPENSSL_NO_COMP
116 ASN1_OCTET_STRING comp_id;
117 unsigned char comp_id_data;
118#endif
cc5b6a03 119 ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
edc032b5 120#ifndef OPENSSL_NO_SRP
cc5b6a03
DSH		 121 ASN1_OCTET_STRING srp_username;
122#endif
cc5b6a03
DSH		 123#ifndef OPENSSL_NO_PSK
124 ASN1_OCTET_STRING psk_identity, psk_identity_hint;
367eb1f1 125#endif
f6370040 126 ASN1_OCTET_STRING alpn_selected;
df0fed9a 127 ASN1_OCTET_STRING ticket_appdata;
cc5b6a03 128
0f113f3e 129 long l;
0f113f3e
MC		 130
131 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
cc5b6a03
DSH		 132 return 0;
133
134 memset(&as, 0, sizeof(as));
135
136 as.version = SSL_SESSION_ASN1_VERSION;
137 as.ssl_version = in->ssl_version;
0f113f3e 138
aa6bd216
BK		 139 as.kex_group = in->kex_group;
140
0f113f3e
MC		 141 if (in->cipher == NULL)
142 l = in->cipher_id;
143 else
144 l = in->cipher->id;
cc5b6a03
DSH		 145 cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff;
146 cipher_data[1] = ((unsigned char)(l)) & 0xff;
147
148 ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2);
d02b48c6 149
9de014a7 150#ifndef OPENSSL_NO_COMP
0f113f3e 151 if (in->compress_meth) {
cc5b6a03
DSH		 152 comp_id_data = (unsigned char)in->compress_meth;
153 ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1);
0f113f3e 154 }
9de014a7
DSH		 155#endif
156
cc5b6a03
DSH		 157 ssl_session_oinit(&as.master_key, &master_key,
158 in->master_key, in->master_key_length);
d02b48c6 159
cc5b6a03
DSH		 160 ssl_session_oinit(&as.session_id, &session_id,
161 in->session_id, in->session_id_length);
b4cadc6e 162
cc5b6a03
DSH		 163 ssl_session_oinit(&as.session_id_context, &sid_ctx,
164 in->sid_ctx, in->sid_ctx_length);
0f113f3e 165
f0131dc0
P		 166 as.time = (int64_t)ossl_time_to_time_t(in->time);
167 as.timeout = (int64_t)ossl_time2seconds(in->timeout);
cc5b6a03 168 as.verify_result = in->verify_result;
0f113f3e 169
cc5b6a03 170 as.peer = in->peer;
0f113f3e 171
cc5b6a03 172 ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname,
aff8c126
RS		 173 in->ext.hostname);
174 if (in->ext.tick) {
cc5b6a03 175 ssl_session_oinit(&as.tlsext_tick, &tlsext_tick,
aff8c126 176 in->ext.tick, in->ext.ticklen);
0f113f3e 177 }
aff8c126
RS		 178 if (in->ext.tick_lifetime_hint > 0)
179 as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint;
fc24f0bf 180 as.tlsext_tick_age_add = in->ext.tick_age_add;
ddac1974 181#ifndef OPENSSL_NO_PSK
cc5b6a03
DSH		 182 ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint,
183 in->psk_identity_hint);
184 ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity);
0f113f3e 185#endif /* OPENSSL_NO_PSK */
edc032b5 186#ifndef OPENSSL_NO_SRP
cc5b6a03 187 ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username);
0f113f3e
MC		 188#endif /* OPENSSL_NO_SRP */
189
cc5b6a03 190 as.flags = in->flags;
5d5b3fba 191 as.max_early_data = in->ext.max_early_data;
6f152a15 192
f6370040
MC		 193 if (in->ext.alpn_selected == NULL)
194 as.alpn_selected = NULL;
195 else
196 ssl_session_oinit(&as.alpn_selected, &alpn_selected,
197 in->ext.alpn_selected, in->ext.alpn_selected_len);
198
cf72c757
F		 199 as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode;
200
df0fed9a
TS		 201 if (in->ticket_appdata == NULL)
202 as.ticket_appdata = NULL;
203 else
204 ssl_session_oinit(&as.ticket_appdata, &ticket_appdata,
205 in->ticket_appdata, in->ticket_appdata_len);
206
cc5b6a03 207 return i2d_SSL_SESSION_ASN1(&as, pp);
d02b48c6 208
cc5b6a03 209}
0f113f3e 210
cc5b6a03 211/* Utility functions for d2i_SSL_SESSION */
0f113f3e 212
7644a9ae 213/* OPENSSL_strndup an OCTET STRING */
cc5b6a03
DSH		 214
215static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
216{
b548a1f1
RS		 217 OPENSSL_free(*pdst);
218 *pdst = NULL;
cc5b6a03
DSH		 219 if (src == NULL)
220 return 1;
7644a9ae 221 *pdst = OPENSSL_strndup((char *)src->data, src->length);
cc5b6a03
DSH		 222 if (*pdst == NULL)
223 return 0;
224 return 1;
225}
226
227/* Copy an OCTET STRING, return error if it exceeds maximum length */
228
ec60ccc1
MC		 229static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
230 ASN1_OCTET_STRING *src, size_t maxlen)
cc5b6a03 231{
72a509f9 232 if (src == NULL || src->length == 0) {
cc5b6a03
DSH		 233 *pdstlen = 0;
234 return 1;
235 }
ec60ccc1 236 if (src->length < 0 || src->length > (int)maxlen)
cc5b6a03
DSH		 237 return 0;
238 memcpy(dst, src->data, src->length);
239 *pdstlen = src->length;
240 return 1;
0f113f3e 241}
d02b48c6 242
41a15c4f 243SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
0f113f3e
MC		 244 long length)
245{
0f113f3e 246 long id;
ec60ccc1 247 size_t tmpl;
cc5b6a03
DSH		 248 const unsigned char *p = *pp;
249 SSL_SESSION_ASN1 *as = NULL;
250 SSL_SESSION *ret = NULL;
251
252 as = d2i_SSL_SESSION_ASN1(NULL, &p, length);
253 /* ASN.1 code returns suitable error */
254 if (as == NULL)
255 goto err;
0f113f3e 256
12a765a5 257 if (a == NULL || *a == NULL) {
cc5b6a03
DSH		 258 ret = SSL_SESSION_new();
259 if (ret == NULL)
0f113f3e 260 goto err;
0f113f3e 261 } else {
cc5b6a03
DSH		 262 ret = *a;
263 }
264
265 if (as->version != SSL_SESSION_ASN1_VERSION) {
6849b73c 266 ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_SSL_VERSION);
0f113f3e
MC		 267 goto err;
268 }
269
cc5b6a03
DSH		 270 if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR
271 && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR
272 && as->ssl_version != DTLS1_BAD_VER) {
6849b73c 273 ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_SSL_VERSION);
cc5b6a03
DSH		 274 goto err;
275 }
0f113f3e 276
cc5b6a03 277 ret->ssl_version = (int)as->ssl_version;
0f113f3e 278
aa6bd216
BK		 279 ret->kex_group = as->kex_group;
280
cc5b6a03 281 if (as->cipher->length != 2) {
6849b73c 282 ERR_raise(ERR_LIB_SSL, SSL_R_CIPHER_CODE_WRONG_LENGTH);
cc5b6a03
DSH		 283 goto err;
284 }
0f113f3e 285
a0179d0a
BE		 286 id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L)
287 | (unsigned long)as->cipher->data[1];
0f113f3e 288
cc5b6a03 289 ret->cipher_id = id;
534a43ff
MC		 290 ret->cipher = ssl3_get_cipher_by_id(id);
291 if (ret->cipher == NULL)
292 goto err;
0f113f3e 293
cc5b6a03
DSH		 294 if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length,
295 as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH))
296 goto err;
297
298 if (!ssl_session_memcpy(ret->master_key, &tmpl,
4ff1a526 299 as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH))
cc5b6a03
DSH		 300 goto err;
301
302 ret->master_key_length = tmpl;
98fa4fe8 303
cc5b6a03 304 if (as->time != 0)
f0131dc0 305 ret->time = ossl_time_from_time_t(as->time);
cc5b6a03 306 else
f0131dc0 307 ret->time = ossl_time_now();
0f113f3e 308
cc5b6a03 309 if (as->timeout != 0)
f0131dc0 310 ret->timeout = ossl_seconds2time(as->timeout);
cc5b6a03 311 else
f0131dc0 312 ret->timeout = ossl_seconds2time(3);
25959e04 313 ssl_session_calculate_timeout(ret);
0f113f3e 314
cc5b6a03
DSH		 315 X509_free(ret->peer);
316 ret->peer = as->peer;
317 as->peer = NULL;
0f113f3e 318
cc5b6a03
DSH		 319 if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length,
320 as->session_id_context, SSL_MAX_SID_CTX_LENGTH))
321 goto err;
0f113f3e 322
cc5b6a03
DSH		 323 /* NB: this defaults to zero which is X509_V_OK */
324 ret->verify_result = as->verify_result;
b1fe6ca1 325
aff8c126 326 if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname))
cc5b6a03 327 goto err;
ed3883d2 328
ddac1974 329#ifndef OPENSSL_NO_PSK
cc5b6a03
DSH		 330 if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint))
331 goto err;
332 if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity))
333 goto err;
334#endif
ddac1974 335
802127e8 336 ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint;
fc24f0bf 337 ret->ext.tick_age_add = as->tlsext_tick_age_add;
27232cc3
MC		 338 OPENSSL_free(ret->ext.tick);
339 if (as->tlsext_tick != NULL) {
aff8c126
RS		 340 ret->ext.tick = as->tlsext_tick->data;
341 ret->ext.ticklen = as->tlsext_tick->length;
cc5b6a03
DSH		 342 as->tlsext_tick->data = NULL;
343 } else {
aff8c126 344 ret->ext.tick = NULL;
cc5b6a03 345 }
9de014a7 346#ifndef OPENSSL_NO_COMP
cc5b6a03
DSH		 347 if (as->comp_id) {
348 if (as->comp_id->length != 1) {
6849b73c 349 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
cc5b6a03
DSH		 350 goto err;
351 }
352 ret->compress_meth = as->comp_id->data[0];
353 } else {
354 ret->compress_meth = 0;
0f113f3e 355 }
9de014a7 356#endif
ddac1974 357
edc032b5 358#ifndef OPENSSL_NO_SRP
cc5b6a03
DSH		 359 if (!ssl_session_strndup(&ret->srp_username, as->srp_username))
360 goto err;
0f113f3e 361#endif /* OPENSSL_NO_SRP */
cc5b6a03 362 /* Flags defaults to zero which is fine */
802127e8 363 ret->flags = (int32_t)as->flags;
5d5b3fba 364 ret->ext.max_early_data = as->max_early_data;
cc5b6a03 365
27232cc3 366 OPENSSL_free(ret->ext.alpn_selected);
f6370040 367 if (as->alpn_selected != NULL) {
27232cc3 368 ret->ext.alpn_selected = as->alpn_selected->data;
f6370040 369 ret->ext.alpn_selected_len = as->alpn_selected->length;
27232cc3 370 as->alpn_selected->data = NULL;
f6370040
MC		 371 } else {
372 ret->ext.alpn_selected = NULL;
373 ret->ext.alpn_selected_len = 0;
374 }
375
cf72c757
F		 376 ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode;
377
27232cc3 378 OPENSSL_free(ret->ticket_appdata);
df0fed9a
TS		 379 if (as->ticket_appdata != NULL) {
380 ret->ticket_appdata = as->ticket_appdata->data;
381 ret->ticket_appdata_len = as->ticket_appdata->length;
382 as->ticket_appdata->data = NULL;
383 } else {
384 ret->ticket_appdata = NULL;
385 ret->ticket_appdata_len = 0;
386 }
387
cc5b6a03
DSH		 388 M_ASN1_free_of(as, SSL_SESSION_ASN1);
389
390 if ((a != NULL) && (*a == NULL))
391 *a = ret;
392 *pp = p;
393 return ret;
394
a230b26e 395 err:
cc5b6a03
DSH		 396 M_ASN1_free_of(as, SSL_SESSION_ASN1);
397 if ((a == NULL) || (*a != ret))
398 SSL_SESSION_free(ret);
399 return NULL;
0f113f3e 400}
A mirror of the official openssl repository