1 /*
2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright 2005 Nokia. All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include "ssl_local.h"
14 #include <openssl/asn1t.h>
15 #include <openssl/x509.h>
16
17 typedef struct {
18 uint32_t version;
19 int32_t ssl_version;
20 ASN1_OCTET_STRING *cipher;
21 ASN1_OCTET_STRING *comp_id;
22 ASN1_OCTET_STRING *master_key;
23 ASN1_OCTET_STRING *session_id;
24 ASN1_OCTET_STRING *key_arg;
25 int64_t time;
26 int64_t timeout;
27 X509 *peer;
28 ASN1_OCTET_STRING *session_id_context;
29 int32_t verify_result;
30 ASN1_OCTET_STRING *tlsext_hostname;
31 uint64_t tlsext_tick_lifetime_hint;
32 uint32_t tlsext_tick_age_add;
33 ASN1_OCTET_STRING *tlsext_tick;
34 #ifndef OPENSSL_NO_PSK
35 ASN1_OCTET_STRING *psk_identity_hint;
36 ASN1_OCTET_STRING *psk_identity;
37 #endif
38 #ifndef OPENSSL_NO_SRP
39 ASN1_OCTET_STRING *srp_username;
40 #endif
41 uint64_t flags;
42 uint32_t max_early_data;
43 ASN1_OCTET_STRING *alpn_selected;
44 uint32_t tlsext_max_fragment_len_mode;
45 ASN1_OCTET_STRING *ticket_appdata;
46 uint32_t kex_group;
47 } SSL_SESSION_ASN1;
48
49 ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
50 ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32),
51 ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32),
52 ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
53 ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
54 ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
55 ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
56 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1),
57 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2),
58 ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3),
59 ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4),
60 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
61 ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6),
62 #ifndef OPENSSL_NO_PSK
63 ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7),
64 ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8),
65 #endif
66 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
67 ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10),
68 ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11),
69 #ifndef OPENSSL_NO_SRP
70 ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
71 #endif
72 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13),
73 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14),
74 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15),
75 ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16),
76 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17),
77 ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18),
78 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, kex_group, UINT32, 19)
79 } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
80
81 IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
82
83 /* Utility functions for i2d_SSL_SESSION */
84
85 /* Initialise OCTET STRING from buffer and length */
86
87 static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
88 const unsigned char *data, size_t len)
89 {
90 os->data = (unsigned char *)data; /* justified cast: data is not modified */
91 os->length = (int)len;
92 os->flags = 0;
93 *dest = os;
94 }
95
96 /* Initialise OCTET STRING from string */
ssl_session_sinit(ASN1_OCTET_STRING ** dest,ASN1_OCTET_STRING * os,const char * data)97 static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
98 const char *data)
99 {
100 if (data != NULL)
101 ssl_session_oinit(dest, os, (const unsigned char *)data, strlen(data));
102 else
103 *dest = NULL;
104 }
105
i2d_SSL_SESSION(const SSL_SESSION * in,unsigned char ** pp)106 int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp)
107 {
108
109 SSL_SESSION_ASN1 as;
110
111 ASN1_OCTET_STRING cipher;
112 unsigned char cipher_data[2];
113 ASN1_OCTET_STRING master_key, session_id, sid_ctx;
114
115 #ifndef OPENSSL_NO_COMP
116 ASN1_OCTET_STRING comp_id;
117 unsigned char comp_id_data;
118 #endif
119 ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
120 #ifndef OPENSSL_NO_SRP
121 ASN1_OCTET_STRING srp_username;
122 #endif
123 #ifndef OPENSSL_NO_PSK
124 ASN1_OCTET_STRING psk_identity, psk_identity_hint;
125 #endif
126 ASN1_OCTET_STRING alpn_selected;
127 ASN1_OCTET_STRING ticket_appdata;
128
129 long l;
130
131 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
132 return 0;
133
134 memset(&as, 0, sizeof(as));
135
136 as.version = SSL_SESSION_ASN1_VERSION;
137 as.ssl_version = in->ssl_version;
138
139 as.kex_group = in->kex_group;
140
141 if (in->cipher == NULL)
142 l = in->cipher_id;
143 else
144 l = in->cipher->id;
145 cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff;
146 cipher_data[1] = ((unsigned char)(l)) & 0xff;
147
148 ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2);
149
150 #ifndef OPENSSL_NO_COMP
151 if (in->compress_meth) {
152 comp_id_data = (unsigned char)in->compress_meth;
153 ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1);
154 }
155 #endif
156
157 ssl_session_oinit(&as.master_key, &master_key,
158 in->master_key, in->master_key_length);
159
160 ssl_session_oinit(&as.session_id, &session_id,
161 in->session_id, in->session_id_length);
162
163 ssl_session_oinit(&as.session_id_context, &sid_ctx,
164 in->sid_ctx, in->sid_ctx_length);
165
166 as.time = (int64_t)in->time;
167 as.timeout = (int64_t)in->timeout;
168 as.verify_result = in->verify_result;
169
170 as.peer = in->peer;
171
172 ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname,
173 in->ext.hostname);
174 if (in->ext.tick) {
175 ssl_session_oinit(&as.tlsext_tick, &tlsext_tick,
176 in->ext.tick, in->ext.ticklen);
177 }
178 if (in->ext.tick_lifetime_hint > 0)
179 as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint;
180 as.tlsext_tick_age_add = in->ext.tick_age_add;
181 #ifndef OPENSSL_NO_PSK
182 ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint,
183 in->psk_identity_hint);
184 ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity);
185 #endif /* OPENSSL_NO_PSK */
186 #ifndef OPENSSL_NO_SRP
187 ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username);
188 #endif /* OPENSSL_NO_SRP */
189
190 as.flags = in->flags;
191 as.max_early_data = in->ext.max_early_data;
192
193 if (in->ext.alpn_selected == NULL)
194 as.alpn_selected = NULL;
195 else
196 ssl_session_oinit(&as.alpn_selected, &alpn_selected,
197 in->ext.alpn_selected, in->ext.alpn_selected_len);
198
199 as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode;
200
201 if (in->ticket_appdata == NULL)
202 as.ticket_appdata = NULL;
203 else
204 ssl_session_oinit(&as.ticket_appdata, &ticket_appdata,
205 in->ticket_appdata, in->ticket_appdata_len);
206
207 return i2d_SSL_SESSION_ASN1(&as, pp);
208
209 }
210
211 /* Utility functions for d2i_SSL_SESSION */
212
213 /* OPENSSL_strndup an OCTET STRING */
214
ssl_session_strndup(char ** pdst,ASN1_OCTET_STRING * src)215 static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
216 {
217 OPENSSL_free(*pdst);
218 *pdst = NULL;
219 if (src == NULL)
220 return 1;
221 *pdst = OPENSSL_strndup((char *)src->data, src->length);
222 if (*pdst == NULL)
223 return 0;
224 return 1;
225 }
226
227 /* Copy an OCTET STRING, return error if it exceeds maximum length */
228
ssl_session_memcpy(unsigned char * dst,size_t * pdstlen,ASN1_OCTET_STRING * src,size_t maxlen)229 static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
230 ASN1_OCTET_STRING *src, size_t maxlen)
231 {
232 if (src == NULL || src->length == 0) {
233 *pdstlen = 0;
234 return 1;
235 }
236 if (src->length < 0 || src->length > (int)maxlen)
237 return 0;
238 memcpy(dst, src->data, src->length);
239 *pdstlen = src->length;
240 return 1;
241 }
242
d2i_SSL_SESSION(SSL_SESSION ** a,const unsigned char ** pp,long length)243 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
244 long length)
245 {
246 long id;
247 size_t tmpl;
248 const unsigned char *p = *pp;
249 SSL_SESSION_ASN1 *as = NULL;
250 SSL_SESSION *ret = NULL;
251
252 as = d2i_SSL_SESSION_ASN1(NULL, &p, length);
253 /* ASN.1 code returns suitable error */
254 if (as == NULL)
255 goto err;
256
257 if (a == NULL || *a == NULL) {
258 ret = SSL_SESSION_new();
259 if (ret == NULL)
260 goto err;
261 } else {
262 ret = *a;
263 }
264
265 if (as->version != SSL_SESSION_ASN1_VERSION) {
266 ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_SSL_VERSION);
267 goto err;
268 }
269
270 if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR
271 && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR
272 && as->ssl_version != DTLS1_BAD_VER) {
273 ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_SSL_VERSION);
274 goto err;
275 }
276
277 ret->ssl_version = (int)as->ssl_version;
278
279 ret->kex_group = as->kex_group;
280
281 if (as->cipher->length != 2) {
282 ERR_raise(ERR_LIB_SSL, SSL_R_CIPHER_CODE_WRONG_LENGTH);
283 goto err;
284 }
285
286 id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L)
287 | (unsigned long)as->cipher->data[1];
288
289 ret->cipher_id = id;
290 ret->cipher = ssl3_get_cipher_by_id(id);
291 if (ret->cipher == NULL)
292 goto err;
293
294 if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length,
295 as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH))
296 goto err;
297
298 if (!ssl_session_memcpy(ret->master_key, &tmpl,
299 as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH))
300 goto err;
301
302 ret->master_key_length = tmpl;
303
304 if (as->time != 0)
305 ret->time = (time_t)as->time;
306 else
307 ret->time = time(NULL);
308
309 if (as->timeout != 0)
310 ret->timeout = (time_t)as->timeout;
311 else
312 ret->timeout = 3;
313 ssl_session_calculate_timeout(ret);
314
315 X509_free(ret->peer);
316 ret->peer = as->peer;
317 as->peer = NULL;
318
319 if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length,
320 as->session_id_context, SSL_MAX_SID_CTX_LENGTH))
321 goto err;
322
323 /* NB: this defaults to zero which is X509_V_OK */
324 ret->verify_result = as->verify_result;
325
326 if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname))
327 goto err;
328
329 #ifndef OPENSSL_NO_PSK
330 if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint))
331 goto err;
332 if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity))
333 goto err;
334 #endif
335
336 ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint;
337 ret->ext.tick_age_add = as->tlsext_tick_age_add;
338 OPENSSL_free(ret->ext.tick);
339 if (as->tlsext_tick != NULL) {
340 ret->ext.tick = as->tlsext_tick->data;
341 ret->ext.ticklen = as->tlsext_tick->length;
342 as->tlsext_tick->data = NULL;
343 } else {
344 ret->ext.tick = NULL;
345 }
346 #ifndef OPENSSL_NO_COMP
347 if (as->comp_id) {
348 if (as->comp_id->length != 1) {
349 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
350 goto err;
351 }
352 ret->compress_meth = as->comp_id->data[0];
353 } else {
354 ret->compress_meth = 0;
355 }
356 #endif
357
358 #ifndef OPENSSL_NO_SRP
359 if (!ssl_session_strndup(&ret->srp_username, as->srp_username))
360 goto err;
361 #endif /* OPENSSL_NO_SRP */
362 /* Flags defaults to zero which is fine */
363 ret->flags = (int32_t)as->flags;
364 ret->ext.max_early_data = as->max_early_data;
365
366 OPENSSL_free(ret->ext.alpn_selected);
367 if (as->alpn_selected != NULL) {
368 ret->ext.alpn_selected = as->alpn_selected->data;
369 ret->ext.alpn_selected_len = as->alpn_selected->length;
370 as->alpn_selected->data = NULL;
371 } else {
372 ret->ext.alpn_selected = NULL;
373 ret->ext.alpn_selected_len = 0;
374 }
375
376 ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode;
377
378 OPENSSL_free(ret->ticket_appdata);
379 if (as->ticket_appdata != NULL) {
380 ret->ticket_appdata = as->ticket_appdata->data;
381 ret->ticket_appdata_len = as->ticket_appdata->length;
382 as->ticket_appdata->data = NULL;
383 } else {
384 ret->ticket_appdata = NULL;
385 ret->ticket_appdata_len = 0;
386 }
387
388 M_ASN1_free_of(as, SSL_SESSION_ASN1);
389
390 if ((a != NULL) && (*a == NULL))
391 *a = ret;
392 *pp = p;
393 return ret;
394
395 err:
396 M_ASN1_free_of(as, SSL_SESSION_ASN1);
397 if ((a == NULL) || (*a != ret))
398 SSL_SESSION_free(ret);
399 return NULL;
400 }
401