1 /* 2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright 2005 Nokia. All rights reserved. 4 * 5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11 #include <stdio.h> 12 #include <stdlib.h> 13 #include "ssl_local.h" 14 #include <openssl/asn1t.h> 15 #include <openssl/x509.h> 16 17 typedef struct { 18 uint32_t version; 19 int32_t ssl_version; 20 ASN1_OCTET_STRING *cipher; 21 ASN1_OCTET_STRING *comp_id; 22 ASN1_OCTET_STRING *master_key; 23 ASN1_OCTET_STRING *session_id; 24 ASN1_OCTET_STRING *key_arg; 25 int64_t time; 26 int64_t timeout; 27 X509 *peer; 28 ASN1_OCTET_STRING *session_id_context; 29 int32_t verify_result; 30 ASN1_OCTET_STRING *tlsext_hostname; 31 uint64_t tlsext_tick_lifetime_hint; 32 uint32_t tlsext_tick_age_add; 33 ASN1_OCTET_STRING *tlsext_tick; 34 #ifndef OPENSSL_NO_PSK 35 ASN1_OCTET_STRING *psk_identity_hint; 36 ASN1_OCTET_STRING *psk_identity; 37 #endif 38 #ifndef OPENSSL_NO_SRP 39 ASN1_OCTET_STRING *srp_username; 40 #endif 41 uint64_t flags; 42 uint32_t max_early_data; 43 ASN1_OCTET_STRING *alpn_selected; 44 uint32_t tlsext_max_fragment_len_mode; 45 ASN1_OCTET_STRING *ticket_appdata; 46 uint32_t kex_group; 47 } SSL_SESSION_ASN1; 48 49 ASN1_SEQUENCE(SSL_SESSION_ASN1) = { 50 ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32), 51 ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32), 52 ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING), 53 ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING), 54 ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING), 55 ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0), 56 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1), 57 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2), 58 ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3), 59 ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4), 60 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5), 61 ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6), 62 #ifndef OPENSSL_NO_PSK 63 ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7), 64 ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8), 65 #endif 66 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9), 67 ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10), 68 ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11), 69 #ifndef OPENSSL_NO_SRP 70 ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12), 71 #endif 72 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13), 73 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14), 74 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15), 75 ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16), 76 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17), 77 ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18), 78 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, kex_group, UINT32, 19) 79 } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) 80 81 IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) 82 83 /* Utility functions for i2d_SSL_SESSION */ 84 85 /* Initialise OCTET STRING from buffer and length */ 86 87 static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, 88 const unsigned char *data, size_t len) 89 { 90 os->data = (unsigned char *)data; /* justified cast: data is not modified */ 91 os->length = (int)len; 92 os->flags = 0; 93 *dest = os; 94 } 95 96 /* Initialise OCTET STRING from string */ 97 static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, 98 const char *data) 99 { 100 if (data != NULL) 101 ssl_session_oinit(dest, os, (const unsigned char *)data, strlen(data)); 102 else 103 *dest = NULL; 104 } 105 106 int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp) 107 { 108 109 SSL_SESSION_ASN1 as; 110 111 ASN1_OCTET_STRING cipher; 112 unsigned char cipher_data[2]; 113 ASN1_OCTET_STRING master_key, session_id, sid_ctx; 114 115 #ifndef OPENSSL_NO_COMP 116 ASN1_OCTET_STRING comp_id; 117 unsigned char comp_id_data; 118 #endif 119 ASN1_OCTET_STRING tlsext_hostname, tlsext_tick; 120 #ifndef OPENSSL_NO_SRP 121 ASN1_OCTET_STRING srp_username; 122 #endif 123 #ifndef OPENSSL_NO_PSK 124 ASN1_OCTET_STRING psk_identity, psk_identity_hint; 125 #endif 126 ASN1_OCTET_STRING alpn_selected; 127 ASN1_OCTET_STRING ticket_appdata; 128 129 long l; 130 131 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) 132 return 0; 133 134 memset(&as, 0, sizeof(as)); 135 136 as.version = SSL_SESSION_ASN1_VERSION; 137 as.ssl_version = in->ssl_version; 138 139 as.kex_group = in->kex_group; 140 141 if (in->cipher == NULL) 142 l = in->cipher_id; 143 else 144 l = in->cipher->id; 145 cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff; 146 cipher_data[1] = ((unsigned char)(l)) & 0xff; 147 148 ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2); 149 150 #ifndef OPENSSL_NO_COMP 151 if (in->compress_meth) { 152 comp_id_data = (unsigned char)in->compress_meth; 153 ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1); 154 } 155 #endif 156 157 ssl_session_oinit(&as.master_key, &master_key, 158 in->master_key, in->master_key_length); 159 160 ssl_session_oinit(&as.session_id, &session_id, 161 in->session_id, in->session_id_length); 162 163 ssl_session_oinit(&as.session_id_context, &sid_ctx, 164 in->sid_ctx, in->sid_ctx_length); 165 166 as.time = (int64_t)in->time; 167 as.timeout = (int64_t)in->timeout; 168 as.verify_result = in->verify_result; 169 170 as.peer = in->peer; 171 172 ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname, 173 in->ext.hostname); 174 if (in->ext.tick) { 175 ssl_session_oinit(&as.tlsext_tick, &tlsext_tick, 176 in->ext.tick, in->ext.ticklen); 177 } 178 if (in->ext.tick_lifetime_hint > 0) 179 as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint; 180 as.tlsext_tick_age_add = in->ext.tick_age_add; 181 #ifndef OPENSSL_NO_PSK 182 ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint, 183 in->psk_identity_hint); 184 ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity); 185 #endif /* OPENSSL_NO_PSK */ 186 #ifndef OPENSSL_NO_SRP 187 ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username); 188 #endif /* OPENSSL_NO_SRP */ 189 190 as.flags = in->flags; 191 as.max_early_data = in->ext.max_early_data; 192 193 if (in->ext.alpn_selected == NULL) 194 as.alpn_selected = NULL; 195 else 196 ssl_session_oinit(&as.alpn_selected, &alpn_selected, 197 in->ext.alpn_selected, in->ext.alpn_selected_len); 198 199 as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode; 200 201 if (in->ticket_appdata == NULL) 202 as.ticket_appdata = NULL; 203 else 204 ssl_session_oinit(&as.ticket_appdata, &ticket_appdata, 205 in->ticket_appdata, in->ticket_appdata_len); 206 207 return i2d_SSL_SESSION_ASN1(&as, pp); 208 209 } 210 211 /* Utility functions for d2i_SSL_SESSION */ 212 213 /* OPENSSL_strndup an OCTET STRING */ 214 215 static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) 216 { 217 OPENSSL_free(*pdst); 218 *pdst = NULL; 219 if (src == NULL) 220 return 1; 221 *pdst = OPENSSL_strndup((char *)src->data, src->length); 222 if (*pdst == NULL) 223 return 0; 224 return 1; 225 } 226 227 /* Copy an OCTET STRING, return error if it exceeds maximum length */ 228 229 static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, 230 ASN1_OCTET_STRING *src, size_t maxlen) 231 { 232 if (src == NULL || src->length == 0) { 233 *pdstlen = 0; 234 return 1; 235 } 236 if (src->length < 0 || src->length > (int)maxlen) 237 return 0; 238 memcpy(dst, src->data, src->length); 239 *pdstlen = src->length; 240 return 1; 241 } 242 243 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 244 long length) 245 { 246 long id; 247 size_t tmpl; 248 const unsigned char *p = *pp; 249 SSL_SESSION_ASN1 *as = NULL; 250 SSL_SESSION *ret = NULL; 251 252 as = d2i_SSL_SESSION_ASN1(NULL, &p, length); 253 /* ASN.1 code returns suitable error */ 254 if (as == NULL) 255 goto err; 256 257 if (a == NULL || *a == NULL) { 258 ret = SSL_SESSION_new(); 259 if (ret == NULL) 260 goto err; 261 } else { 262 ret = *a; 263 } 264 265 if (as->version != SSL_SESSION_ASN1_VERSION) { 266 ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_SSL_VERSION); 267 goto err; 268 } 269 270 if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR 271 && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR 272 && as->ssl_version != DTLS1_BAD_VER) { 273 ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_SSL_VERSION); 274 goto err; 275 } 276 277 ret->ssl_version = (int)as->ssl_version; 278 279 ret->kex_group = as->kex_group; 280 281 if (as->cipher->length != 2) { 282 ERR_raise(ERR_LIB_SSL, SSL_R_CIPHER_CODE_WRONG_LENGTH); 283 goto err; 284 } 285 286 id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L) 287 | (unsigned long)as->cipher->data[1]; 288 289 ret->cipher_id = id; 290 ret->cipher = ssl3_get_cipher_by_id(id); 291 if (ret->cipher == NULL) 292 goto err; 293 294 if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length, 295 as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH)) 296 goto err; 297 298 if (!ssl_session_memcpy(ret->master_key, &tmpl, 299 as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH)) 300 goto err; 301 302 ret->master_key_length = tmpl; 303 304 if (as->time != 0) 305 ret->time = (time_t)as->time; 306 else 307 ret->time = time(NULL); 308 309 if (as->timeout != 0) 310 ret->timeout = (time_t)as->timeout; 311 else 312 ret->timeout = 3; 313 ssl_session_calculate_timeout(ret); 314 315 X509_free(ret->peer); 316 ret->peer = as->peer; 317 as->peer = NULL; 318 319 if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length, 320 as->session_id_context, SSL_MAX_SID_CTX_LENGTH)) 321 goto err; 322 323 /* NB: this defaults to zero which is X509_V_OK */ 324 ret->verify_result = as->verify_result; 325 326 if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname)) 327 goto err; 328 329 #ifndef OPENSSL_NO_PSK 330 if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint)) 331 goto err; 332 if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity)) 333 goto err; 334 #endif 335 336 ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint; 337 ret->ext.tick_age_add = as->tlsext_tick_age_add; 338 OPENSSL_free(ret->ext.tick); 339 if (as->tlsext_tick != NULL) { 340 ret->ext.tick = as->tlsext_tick->data; 341 ret->ext.ticklen = as->tlsext_tick->length; 342 as->tlsext_tick->data = NULL; 343 } else { 344 ret->ext.tick = NULL; 345 } 346 #ifndef OPENSSL_NO_COMP 347 if (as->comp_id) { 348 if (as->comp_id->length != 1) { 349 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); 350 goto err; 351 } 352 ret->compress_meth = as->comp_id->data[0]; 353 } else { 354 ret->compress_meth = 0; 355 } 356 #endif 357 358 #ifndef OPENSSL_NO_SRP 359 if (!ssl_session_strndup(&ret->srp_username, as->srp_username)) 360 goto err; 361 #endif /* OPENSSL_NO_SRP */ 362 /* Flags defaults to zero which is fine */ 363 ret->flags = (int32_t)as->flags; 364 ret->ext.max_early_data = as->max_early_data; 365 366 OPENSSL_free(ret->ext.alpn_selected); 367 if (as->alpn_selected != NULL) { 368 ret->ext.alpn_selected = as->alpn_selected->data; 369 ret->ext.alpn_selected_len = as->alpn_selected->length; 370 as->alpn_selected->data = NULL; 371 } else { 372 ret->ext.alpn_selected = NULL; 373 ret->ext.alpn_selected_len = 0; 374 } 375 376 ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode; 377 378 OPENSSL_free(ret->ticket_appdata); 379 if (as->ticket_appdata != NULL) { 380 ret->ticket_appdata = as->ticket_appdata->data; 381 ret->ticket_appdata_len = as->ticket_appdata->length; 382 as->ticket_appdata->data = NULL; 383 } else { 384 ret->ticket_appdata = NULL; 385 ret->ticket_appdata_len = 0; 386 } 387 388 M_ASN1_free_of(as, SSL_SESSION_ASN1); 389 390 if ((a != NULL) && (*a == NULL)) 391 *a = ret; 392 *pp = p; 393 return ret; 394 395 err: 396 M_ASN1_free_of(as, SSL_SESSION_ASN1); 397 if ((a == NULL) || (*a != ret)) 398 SSL_SESSION_free(ret); 399 return NULL; 400 } 401