xref: /freebsd/crypto/openssl/ssl/statem/extensions_cust.c (revision fe75646a0234a261c0013bf1840fdac4acaf0cec)
1 /*
2  * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /* Custom extension utility functions */
11 
12 #include <openssl/ct.h>
13 #include "../ssl_local.h"
14 #include "internal/cryptlib.h"
15 #include "statem_local.h"
16 
17 typedef struct {
18     void *add_arg;
19     custom_ext_add_cb add_cb;
20     custom_ext_free_cb free_cb;
21 } custom_ext_add_cb_wrap;
22 
23 typedef struct {
24     void *parse_arg;
25     custom_ext_parse_cb parse_cb;
26 } custom_ext_parse_cb_wrap;
27 
28 /*
29  * Provide thin wrapper callbacks which convert new style arguments to old style
30  */
31 static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,
32                                       unsigned int context,
33                                       const unsigned char **out,
34                                       size_t *outlen, X509 *x, size_t chainidx,
35                                       int *al, void *add_arg)
36 {
37     custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
38 
39     if (add_cb_wrap->add_cb == NULL)
40         return 1;
41 
42     return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,
43                                add_cb_wrap->add_arg);
44 }
45 
46 static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,
47                                         unsigned int context,
48                                         const unsigned char *out, void *add_arg)
49 {
50     custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
51 
52     if (add_cb_wrap->free_cb == NULL)
53         return;
54 
55     add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);
56 }
57 
58 static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
59                                         unsigned int context,
60                                         const unsigned char *in,
61                                         size_t inlen, X509 *x, size_t chainidx,
62                                         int *al, void *parse_arg)
63 {
64     custom_ext_parse_cb_wrap *parse_cb_wrap =
65         (custom_ext_parse_cb_wrap *)parse_arg;
66 
67     if (parse_cb_wrap->parse_cb == NULL)
68         return 1;
69 
70     return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
71                                    parse_cb_wrap->parse_arg);
72 }
73 
74 /*
75  * Find a custom extension from the list. The |role| param is there to
76  * support the legacy API where custom extensions for client and server could
77  * be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we
78  * are trying to find a method relevant to the server, ENDPOINT_CLIENT for the
79  * client, or ENDPOINT_BOTH for either
80  */
81 custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
82                                    ENDPOINT role, unsigned int ext_type,
83                                    size_t *idx)
84 {
85     size_t i;
86     custom_ext_method *meth = exts->meths;
87 
88     for (i = 0; i < exts->meths_count; i++, meth++) {
89         if (ext_type == meth->ext_type
90                 && (role == ENDPOINT_BOTH || role == meth->role
91                     || meth->role == ENDPOINT_BOTH)) {
92             if (idx != NULL)
93                 *idx = i;
94             return meth;
95         }
96     }
97     return NULL;
98 }
99 
100 /*
101  * Initialise custom extensions flags to indicate neither sent nor received.
102  */
103 void custom_ext_init(custom_ext_methods *exts)
104 {
105     size_t i;
106     custom_ext_method *meth = exts->meths;
107 
108     for (i = 0; i < exts->meths_count; i++, meth++)
109         meth->ext_flags = 0;
110 }
111 
112 /* Pass received custom extension data to the application for parsing. */
113 int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
114                      const unsigned char *ext_data, size_t ext_size, X509 *x,
115                      size_t chainidx)
116 {
117     int al;
118     custom_ext_methods *exts = &s->cert->custext;
119     custom_ext_method *meth;
120     ENDPOINT role = ENDPOINT_BOTH;
121 
122     if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)
123         role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;
124 
125     meth = custom_ext_find(exts, role, ext_type, NULL);
126     /* If not found return success */
127     if (!meth)
128         return 1;
129 
130     /* Check if extension is defined for our protocol. If not, skip */
131     if (!extension_is_relevant(s, meth->context, context))
132         return 1;
133 
134     if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
135                     | SSL_EXT_TLS1_3_SERVER_HELLO
136                     | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
137         /*
138          * If it's ServerHello or EncryptedExtensions we can't have any
139          * extensions not sent in ClientHello.
140          */
141         if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
142             SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
143             return 0;
144         }
145     }
146 
147     /*
148      * Extensions received in the ClientHello or CertificateRequest are marked
149      * with the SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent
150      * extensions in the response messages
151      */
152     if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST))
153             != 0)
154         meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
155 
156     /* If no parse function set return success */
157     if (!meth->parse_cb)
158         return 1;
159 
160     if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx,
161                        &al, meth->parse_arg) <= 0) {
162         SSLfatal(s, al, SSL_R_BAD_EXTENSION);
163         return 0;
164     }
165 
166     return 1;
167 }
168 
169 /*
170  * Request custom extension data from the application and add to the return
171  * buffer.
172  */
173 int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
174                    int maxversion)
175 {
176     custom_ext_methods *exts = &s->cert->custext;
177     custom_ext_method *meth;
178     size_t i;
179     int al;
180 
181     for (i = 0; i < exts->meths_count; i++) {
182         const unsigned char *out = NULL;
183         size_t outlen = 0;
184 
185         meth = exts->meths + i;
186 
187         if (!should_add_extension(s, meth->context, context, maxversion))
188             continue;
189 
190         if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
191                         | SSL_EXT_TLS1_3_SERVER_HELLO
192                         | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
193                         | SSL_EXT_TLS1_3_CERTIFICATE
194                         | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
195             /* Only send extensions present in ClientHello/CertificateRequest */
196             if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
197                 continue;
198         }
199         /*
200          * We skip it if the callback is absent - except for a ClientHello where
201          * we add an empty extension.
202          */
203         if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)
204             continue;
205 
206         if (meth->add_cb != NULL) {
207             int cb_retval = meth->add_cb(s, meth->ext_type, context, &out,
208                                          &outlen, x, chainidx, &al,
209                                          meth->add_arg);
210 
211             if (cb_retval < 0) {
212                 SSLfatal(s, al, SSL_R_CALLBACK_FAILED);
213                 return 0;       /* error */
214             }
215             if (cb_retval == 0)
216                 continue;       /* skip this extension */
217         }
218 
219         if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
220                 || !WPACKET_start_sub_packet_u16(pkt)
221                 || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
222                 || !WPACKET_close(pkt)) {
223             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
224             return 0;
225         }
226         if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
227             /*
228              * We can't send duplicates: code logic should prevent this.
229              */
230             if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
231                 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
232                 return 0;
233             }
234             /*
235              * Indicate extension has been sent: this is both a sanity check to
236              * ensure we don't send duplicate extensions and indicates that it
237              * is not an error if the extension is present in ServerHello.
238              */
239             meth->ext_flags |= SSL_EXT_FLAG_SENT;
240         }
241         if (meth->free_cb != NULL)
242             meth->free_cb(s, meth->ext_type, context, out, meth->add_arg);
243     }
244     return 1;
245 }
246 
247 /* Copy the flags from src to dst for any extensions that exist in both */
248 int custom_exts_copy_flags(custom_ext_methods *dst,
249                            const custom_ext_methods *src)
250 {
251     size_t i;
252     custom_ext_method *methsrc = src->meths;
253 
254     for (i = 0; i < src->meths_count; i++, methsrc++) {
255         custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
256                                                      methsrc->ext_type, NULL);
257 
258         if (methdst == NULL)
259             continue;
260 
261         methdst->ext_flags = methsrc->ext_flags;
262     }
263 
264     return 1;
265 }
266 
267 /* Copy table of custom extensions */
268 int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
269 {
270     size_t i;
271     int err = 0;
272 
273     if (src->meths_count > 0) {
274         dst->meths =
275             OPENSSL_memdup(src->meths,
276                            sizeof(*src->meths) * src->meths_count);
277         if (dst->meths == NULL)
278             return 0;
279         dst->meths_count = src->meths_count;
280 
281         for (i = 0; i < src->meths_count; i++) {
282             custom_ext_method *methsrc = src->meths + i;
283             custom_ext_method *methdst = dst->meths + i;
284 
285             if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
286                 continue;
287 
288             /*
289              * We have found an old style API wrapper. We need to copy the
290              * arguments too.
291              */
292 
293             if (err) {
294                 methdst->add_arg = NULL;
295                 methdst->parse_arg = NULL;
296                 continue;
297             }
298 
299             methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
300                                               sizeof(custom_ext_add_cb_wrap));
301             methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
302                                             sizeof(custom_ext_parse_cb_wrap));
303 
304             if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
305                 err = 1;
306         }
307     }
308 
309     if (err) {
310         custom_exts_free(dst);
311         return 0;
312     }
313 
314     return 1;
315 }
316 
317 void custom_exts_free(custom_ext_methods *exts)
318 {
319     size_t i;
320     custom_ext_method *meth;
321 
322     for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
323         if (meth->add_cb != custom_ext_add_old_cb_wrap)
324             continue;
325 
326         /* Old style API wrapper. Need to free the arguments too */
327         OPENSSL_free(meth->add_arg);
328         OPENSSL_free(meth->parse_arg);
329     }
330     OPENSSL_free(exts->meths);
331 }
332 
333 /* Return true if a client custom extension exists, false otherwise */
334 int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
335 {
336     return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,
337                            NULL) != NULL;
338 }
339 
340 static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role,
341                                  unsigned int ext_type,
342                                  unsigned int context,
343                                  SSL_custom_ext_add_cb_ex add_cb,
344                                  SSL_custom_ext_free_cb_ex free_cb,
345                                  void *add_arg,
346                                  SSL_custom_ext_parse_cb_ex parse_cb,
347                                  void *parse_arg)
348 {
349     custom_ext_methods *exts = &ctx->cert->custext;
350     custom_ext_method *meth, *tmp;
351 
352     /*
353      * Check application error: if add_cb is not set free_cb will never be
354      * called.
355      */
356     if (add_cb == NULL && free_cb != NULL)
357         return 0;
358 
359 #ifndef OPENSSL_NO_CT
360     /*
361      * We don't want applications registering callbacks for SCT extensions
362      * whilst simultaneously using the built-in SCT validation features, as
363      * these two things may not play well together.
364      */
365     if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp
366             && (context & SSL_EXT_CLIENT_HELLO) != 0
367             && SSL_CTX_ct_is_enabled(ctx))
368         return 0;
369 #endif
370 
371     /*
372      * Don't add if extension supported internally, but make exception
373      * for extension types that previously were not supported, but now are.
374      */
375     if (SSL_extension_supported(ext_type)
376             && ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
377         return 0;
378 
379     /* Extension type must fit in 16 bits */
380     if (ext_type > 0xffff)
381         return 0;
382     /* Search for duplicate */
383     if (custom_ext_find(exts, role, ext_type, NULL))
384         return 0;
385     tmp = OPENSSL_realloc(exts->meths,
386                           (exts->meths_count + 1) * sizeof(custom_ext_method));
387     if (tmp == NULL)
388         return 0;
389 
390     exts->meths = tmp;
391     meth = exts->meths + exts->meths_count;
392     memset(meth, 0, sizeof(*meth));
393     meth->role = role;
394     meth->context = context;
395     meth->parse_cb = parse_cb;
396     meth->add_cb = add_cb;
397     meth->free_cb = free_cb;
398     meth->ext_type = ext_type;
399     meth->add_arg = add_arg;
400     meth->parse_arg = parse_arg;
401     exts->meths_count++;
402     return 1;
403 }
404 
405 static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
406                               unsigned int ext_type,
407                               unsigned int context,
408                               custom_ext_add_cb add_cb,
409                               custom_ext_free_cb free_cb,
410                               void *add_arg,
411                               custom_ext_parse_cb parse_cb, void *parse_arg)
412 {
413     custom_ext_add_cb_wrap *add_cb_wrap
414         = OPENSSL_malloc(sizeof(*add_cb_wrap));
415     custom_ext_parse_cb_wrap *parse_cb_wrap
416         = OPENSSL_malloc(sizeof(*parse_cb_wrap));
417     int ret;
418 
419     if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
420         OPENSSL_free(add_cb_wrap);
421         OPENSSL_free(parse_cb_wrap);
422         return 0;
423     }
424 
425     add_cb_wrap->add_arg = add_arg;
426     add_cb_wrap->add_cb = add_cb;
427     add_cb_wrap->free_cb = free_cb;
428     parse_cb_wrap->parse_arg = parse_arg;
429     parse_cb_wrap->parse_cb = parse_cb;
430 
431     ret = add_custom_ext_intern(ctx, role, ext_type,
432                                 context,
433                                 custom_ext_add_old_cb_wrap,
434                                 custom_ext_free_old_cb_wrap,
435                                 add_cb_wrap,
436                                 custom_ext_parse_old_cb_wrap,
437                                 parse_cb_wrap);
438 
439     if (!ret) {
440         OPENSSL_free(add_cb_wrap);
441         OPENSSL_free(parse_cb_wrap);
442     }
443 
444     return ret;
445 }
446 
447 /* Application level functions to add the old custom extension callbacks */
448 int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
449                                   custom_ext_add_cb add_cb,
450                                   custom_ext_free_cb free_cb,
451                                   void *add_arg,
452                                   custom_ext_parse_cb parse_cb, void *parse_arg)
453 {
454     return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,
455                               SSL_EXT_TLS1_2_AND_BELOW_ONLY
456                               | SSL_EXT_CLIENT_HELLO
457                               | SSL_EXT_TLS1_2_SERVER_HELLO
458                               | SSL_EXT_IGNORE_ON_RESUMPTION,
459                               add_cb, free_cb, add_arg, parse_cb, parse_arg);
460 }
461 
462 int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
463                                   custom_ext_add_cb add_cb,
464                                   custom_ext_free_cb free_cb,
465                                   void *add_arg,
466                                   custom_ext_parse_cb parse_cb, void *parse_arg)
467 {
468     return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,
469                               SSL_EXT_TLS1_2_AND_BELOW_ONLY
470                               | SSL_EXT_CLIENT_HELLO
471                               | SSL_EXT_TLS1_2_SERVER_HELLO
472                               | SSL_EXT_IGNORE_ON_RESUMPTION,
473                               add_cb, free_cb, add_arg, parse_cb, parse_arg);
474 }
475 
476 int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
477                            unsigned int context,
478                            SSL_custom_ext_add_cb_ex add_cb,
479                            SSL_custom_ext_free_cb_ex free_cb,
480                            void *add_arg,
481                            SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)
482 {
483     return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb,
484                                  free_cb, add_arg, parse_cb, parse_arg);
485 }
486 
487 int SSL_extension_supported(unsigned int ext_type)
488 {
489     switch (ext_type) {
490         /* Internally supported extensions. */
491     case TLSEXT_TYPE_application_layer_protocol_negotiation:
492     case TLSEXT_TYPE_ec_point_formats:
493     case TLSEXT_TYPE_supported_groups:
494     case TLSEXT_TYPE_key_share:
495 #ifndef OPENSSL_NO_NEXTPROTONEG
496     case TLSEXT_TYPE_next_proto_neg:
497 #endif
498     case TLSEXT_TYPE_padding:
499     case TLSEXT_TYPE_renegotiate:
500     case TLSEXT_TYPE_max_fragment_length:
501     case TLSEXT_TYPE_server_name:
502     case TLSEXT_TYPE_session_ticket:
503     case TLSEXT_TYPE_signature_algorithms:
504 #ifndef OPENSSL_NO_SRP
505     case TLSEXT_TYPE_srp:
506 #endif
507 #ifndef OPENSSL_NO_OCSP
508     case TLSEXT_TYPE_status_request:
509 #endif
510 #ifndef OPENSSL_NO_CT
511     case TLSEXT_TYPE_signed_certificate_timestamp:
512 #endif
513 #ifndef OPENSSL_NO_SRTP
514     case TLSEXT_TYPE_use_srtp:
515 #endif
516     case TLSEXT_TYPE_encrypt_then_mac:
517     case TLSEXT_TYPE_supported_versions:
518     case TLSEXT_TYPE_extended_master_secret:
519     case TLSEXT_TYPE_psk_kex_modes:
520     case TLSEXT_TYPE_cookie:
521     case TLSEXT_TYPE_early_data:
522     case TLSEXT_TYPE_certificate_authorities:
523     case TLSEXT_TYPE_psk:
524     case TLSEXT_TYPE_post_handshake_auth:
525         return 1;
526     default:
527         return 0;
528     }
529 }
530