1 /* 2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright 2005 Nokia. All rights reserved. 4 * 5 * Licensed under the OpenSSL license (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11 #include <stdio.h> 12 #include <stdlib.h> 13 #include "ssl_local.h" 14 #include <openssl/asn1t.h> 15 #include <openssl/x509.h> 16 17 typedef struct { 18 uint32_t version; 19 int32_t ssl_version; 20 ASN1_OCTET_STRING *cipher; 21 ASN1_OCTET_STRING *comp_id; 22 ASN1_OCTET_STRING *master_key; 23 ASN1_OCTET_STRING *session_id; 24 ASN1_OCTET_STRING *key_arg; 25 int64_t time; 26 int64_t timeout; 27 X509 *peer; 28 ASN1_OCTET_STRING *session_id_context; 29 int32_t verify_result; 30 ASN1_OCTET_STRING *tlsext_hostname; 31 uint64_t tlsext_tick_lifetime_hint; 32 uint32_t tlsext_tick_age_add; 33 ASN1_OCTET_STRING *tlsext_tick; 34 #ifndef OPENSSL_NO_PSK 35 ASN1_OCTET_STRING *psk_identity_hint; 36 ASN1_OCTET_STRING *psk_identity; 37 #endif 38 #ifndef OPENSSL_NO_SRP 39 ASN1_OCTET_STRING *srp_username; 40 #endif 41 uint64_t flags; 42 uint32_t max_early_data; 43 ASN1_OCTET_STRING *alpn_selected; 44 uint32_t tlsext_max_fragment_len_mode; 45 ASN1_OCTET_STRING *ticket_appdata; 46 } SSL_SESSION_ASN1; 47 48 ASN1_SEQUENCE(SSL_SESSION_ASN1) = { 49 ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32), 50 ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32), 51 ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING), 52 ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING), 53 ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING), 54 ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0), 55 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1), 56 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2), 57 ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3), 58 ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4), 59 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5), 60 ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6), 61 #ifndef OPENSSL_NO_PSK 62 ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7), 63 ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8), 64 #endif 65 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9), 66 ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10), 67 ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11), 68 #ifndef OPENSSL_NO_SRP 69 ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12), 70 #endif 71 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13), 72 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14), 73 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15), 74 ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16), 75 ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17), 76 ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18) 77 } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) 78 79 IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) 80 81 /* Utility functions for i2d_SSL_SESSION */ 82 83 /* Initialise OCTET STRING from buffer and length */ 84 85 static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, 86 unsigned char *data, size_t len) 87 { 88 os->data = data; 89 os->length = (int)len; 90 os->flags = 0; 91 *dest = os; 92 } 93 94 /* Initialise OCTET STRING from string */ 95 static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, 96 char *data) 97 { 98 if (data != NULL) 99 ssl_session_oinit(dest, os, (unsigned char *)data, strlen(data)); 100 else 101 *dest = NULL; 102 } 103 104 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) 105 { 106 107 SSL_SESSION_ASN1 as; 108 109 ASN1_OCTET_STRING cipher; 110 unsigned char cipher_data[2]; 111 ASN1_OCTET_STRING master_key, session_id, sid_ctx; 112 113 #ifndef OPENSSL_NO_COMP 114 ASN1_OCTET_STRING comp_id; 115 unsigned char comp_id_data; 116 #endif 117 ASN1_OCTET_STRING tlsext_hostname, tlsext_tick; 118 #ifndef OPENSSL_NO_SRP 119 ASN1_OCTET_STRING srp_username; 120 #endif 121 #ifndef OPENSSL_NO_PSK 122 ASN1_OCTET_STRING psk_identity, psk_identity_hint; 123 #endif 124 ASN1_OCTET_STRING alpn_selected; 125 ASN1_OCTET_STRING ticket_appdata; 126 127 long l; 128 129 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) 130 return 0; 131 132 memset(&as, 0, sizeof(as)); 133 134 as.version = SSL_SESSION_ASN1_VERSION; 135 as.ssl_version = in->ssl_version; 136 137 if (in->cipher == NULL) 138 l = in->cipher_id; 139 else 140 l = in->cipher->id; 141 cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff; 142 cipher_data[1] = ((unsigned char)(l)) & 0xff; 143 144 ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2); 145 146 #ifndef OPENSSL_NO_COMP 147 if (in->compress_meth) { 148 comp_id_data = (unsigned char)in->compress_meth; 149 ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1); 150 } 151 #endif 152 153 ssl_session_oinit(&as.master_key, &master_key, 154 in->master_key, in->master_key_length); 155 156 ssl_session_oinit(&as.session_id, &session_id, 157 in->session_id, in->session_id_length); 158 159 ssl_session_oinit(&as.session_id_context, &sid_ctx, 160 in->sid_ctx, in->sid_ctx_length); 161 162 as.time = in->time; 163 as.timeout = in->timeout; 164 as.verify_result = in->verify_result; 165 166 as.peer = in->peer; 167 168 ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname, 169 in->ext.hostname); 170 if (in->ext.tick) { 171 ssl_session_oinit(&as.tlsext_tick, &tlsext_tick, 172 in->ext.tick, in->ext.ticklen); 173 } 174 if (in->ext.tick_lifetime_hint > 0) 175 as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint; 176 as.tlsext_tick_age_add = in->ext.tick_age_add; 177 #ifndef OPENSSL_NO_PSK 178 ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint, 179 in->psk_identity_hint); 180 ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity); 181 #endif /* OPENSSL_NO_PSK */ 182 #ifndef OPENSSL_NO_SRP 183 ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username); 184 #endif /* OPENSSL_NO_SRP */ 185 186 as.flags = in->flags; 187 as.max_early_data = in->ext.max_early_data; 188 189 if (in->ext.alpn_selected == NULL) 190 as.alpn_selected = NULL; 191 else 192 ssl_session_oinit(&as.alpn_selected, &alpn_selected, 193 in->ext.alpn_selected, in->ext.alpn_selected_len); 194 195 as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode; 196 197 if (in->ticket_appdata == NULL) 198 as.ticket_appdata = NULL; 199 else 200 ssl_session_oinit(&as.ticket_appdata, &ticket_appdata, 201 in->ticket_appdata, in->ticket_appdata_len); 202 203 return i2d_SSL_SESSION_ASN1(&as, pp); 204 205 } 206 207 /* Utility functions for d2i_SSL_SESSION */ 208 209 /* OPENSSL_strndup an OCTET STRING */ 210 211 static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) 212 { 213 OPENSSL_free(*pdst); 214 *pdst = NULL; 215 if (src == NULL) 216 return 1; 217 *pdst = OPENSSL_strndup((char *)src->data, src->length); 218 if (*pdst == NULL) 219 return 0; 220 return 1; 221 } 222 223 /* Copy an OCTET STRING, return error if it exceeds maximum length */ 224 225 static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, 226 ASN1_OCTET_STRING *src, size_t maxlen) 227 { 228 if (src == NULL) { 229 *pdstlen = 0; 230 return 1; 231 } 232 if (src->length < 0 || src->length > (int)maxlen) 233 return 0; 234 memcpy(dst, src->data, src->length); 235 *pdstlen = src->length; 236 return 1; 237 } 238 239 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 240 long length) 241 { 242 long id; 243 size_t tmpl; 244 const unsigned char *p = *pp; 245 SSL_SESSION_ASN1 *as = NULL; 246 SSL_SESSION *ret = NULL; 247 248 as = d2i_SSL_SESSION_ASN1(NULL, &p, length); 249 /* ASN.1 code returns suitable error */ 250 if (as == NULL) 251 goto err; 252 253 if (!a || !*a) { 254 ret = SSL_SESSION_new(); 255 if (ret == NULL) 256 goto err; 257 } else { 258 ret = *a; 259 } 260 261 if (as->version != SSL_SESSION_ASN1_VERSION) { 262 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION); 263 goto err; 264 } 265 266 if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR 267 && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR 268 && as->ssl_version != DTLS1_BAD_VER) { 269 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); 270 goto err; 271 } 272 273 ret->ssl_version = (int)as->ssl_version; 274 275 if (as->cipher->length != 2) { 276 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH); 277 goto err; 278 } 279 280 id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L) 281 | (unsigned long)as->cipher->data[1]; 282 283 ret->cipher_id = id; 284 ret->cipher = ssl3_get_cipher_by_id(id); 285 if (ret->cipher == NULL) 286 goto err; 287 288 if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length, 289 as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH)) 290 goto err; 291 292 if (!ssl_session_memcpy(ret->master_key, &tmpl, 293 as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH)) 294 goto err; 295 296 ret->master_key_length = tmpl; 297 298 if (as->time != 0) 299 ret->time = (long)as->time; 300 else 301 ret->time = (long)time(NULL); 302 303 if (as->timeout != 0) 304 ret->timeout = (long)as->timeout; 305 else 306 ret->timeout = 3; 307 308 X509_free(ret->peer); 309 ret->peer = as->peer; 310 as->peer = NULL; 311 312 if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length, 313 as->session_id_context, SSL_MAX_SID_CTX_LENGTH)) 314 goto err; 315 316 /* NB: this defaults to zero which is X509_V_OK */ 317 ret->verify_result = as->verify_result; 318 319 if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname)) 320 goto err; 321 322 #ifndef OPENSSL_NO_PSK 323 if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint)) 324 goto err; 325 if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity)) 326 goto err; 327 #endif 328 329 ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint; 330 ret->ext.tick_age_add = as->tlsext_tick_age_add; 331 OPENSSL_free(ret->ext.tick); 332 if (as->tlsext_tick != NULL) { 333 ret->ext.tick = as->tlsext_tick->data; 334 ret->ext.ticklen = as->tlsext_tick->length; 335 as->tlsext_tick->data = NULL; 336 } else { 337 ret->ext.tick = NULL; 338 } 339 #ifndef OPENSSL_NO_COMP 340 if (as->comp_id) { 341 if (as->comp_id->length != 1) { 342 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH); 343 goto err; 344 } 345 ret->compress_meth = as->comp_id->data[0]; 346 } else { 347 ret->compress_meth = 0; 348 } 349 #endif 350 351 #ifndef OPENSSL_NO_SRP 352 if (!ssl_session_strndup(&ret->srp_username, as->srp_username)) 353 goto err; 354 #endif /* OPENSSL_NO_SRP */ 355 /* Flags defaults to zero which is fine */ 356 ret->flags = (int32_t)as->flags; 357 ret->ext.max_early_data = as->max_early_data; 358 359 OPENSSL_free(ret->ext.alpn_selected); 360 if (as->alpn_selected != NULL) { 361 ret->ext.alpn_selected = as->alpn_selected->data; 362 ret->ext.alpn_selected_len = as->alpn_selected->length; 363 as->alpn_selected->data = NULL; 364 } else { 365 ret->ext.alpn_selected = NULL; 366 ret->ext.alpn_selected_len = 0; 367 } 368 369 ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode; 370 371 OPENSSL_free(ret->ticket_appdata); 372 if (as->ticket_appdata != NULL) { 373 ret->ticket_appdata = as->ticket_appdata->data; 374 ret->ticket_appdata_len = as->ticket_appdata->length; 375 as->ticket_appdata->data = NULL; 376 } else { 377 ret->ticket_appdata = NULL; 378 ret->ticket_appdata_len = 0; 379 } 380 381 M_ASN1_free_of(as, SSL_SESSION_ASN1); 382 383 if ((a != NULL) && (*a == NULL)) 384 *a = ret; 385 *pp = p; 386 return ret; 387 388 err: 389 M_ASN1_free_of(as, SSL_SESSION_ASN1); 390 if ((a == NULL) || (*a != ret)) 391 SSL_SESSION_free(ret); 392 return NULL; 393 } 394