1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ssl/t1_lib.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom/* ==================================================================== 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 61221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Redistribution and use in source and binary forms, with or without 62221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * modification, are permitted provided that the following conditions 63221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * are met: 64221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 65221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 1. Redistributions of source code must retain the above copyright 66221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * notice, this list of conditions and the following disclaimer. 67221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 68221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 2. Redistributions in binary form must reproduce the above copyright 69221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * notice, this list of conditions and the following disclaimer in 70221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * the documentation and/or other materials provided with the 71221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * distribution. 72221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 73221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 3. All advertising materials mentioning features or use of this 74221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * software must display the following acknowledgment: 75221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * "This product includes software developed by the OpenSSL Project 76221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 78221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * endorse or promote products derived from this software without 80221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * prior written permission. For written permission, please contact 81221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * openssl-core@openssl.org. 82221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 83221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 5. Products derived from this software may not be called "OpenSSL" 84221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * nor may "OpenSSL" appear in their names without prior written 85221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * permission of the OpenSSL Project. 86221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 87221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 6. Redistributions of any form whatsoever must retain the following 88221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * acknowledgment: 89221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * "This product includes software developed by the OpenSSL Project 90221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 92221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * OF THE POSSIBILITY OF SUCH DAMAGE. 104221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ==================================================================== 105221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 106221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * This product includes cryptographic software written by Eric Young 107221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * (eay@cryptsoft.com). This product includes software written by Tim 108221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Hudson (tjh@cryptsoft.com). 109221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 110221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/evp.h> 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/hmac.h> 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/ocsp.h> 117392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include <openssl/rand.h> 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "ssl_locl.h" 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *sess_id, int sesslen, 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION **psess); 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSSL3_ENC_METHOD TLSv1_enc_data={ 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_enc, 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_mac, 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_setup_key_block, 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_generate_master_secret, 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_change_cipher_state, 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_final_finish_mac, 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project TLS1_FINISH_MAC_LENGTH, 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_cert_verify_mac, 137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_alert_code, 140392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tls1_export_keying_material, 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project }; 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectlong tls1_default_timeout(void) 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 2 hours, the 24 hours mentioned in the TLSv1 spec 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * is way too long for http, the cache would over fill */ 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(60*60*2); 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint tls1_new(SSL *s) 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl3_new(s)) return(0); 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl_clear(s); 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid tls1_free(SSL *s) 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 159221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_TLSEXT 160221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_session_ticket) 161221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 162221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->tlsext_session_ticket); 163221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 164221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_TLSEXT */ 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_free(s); 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid tls1_clear(SSL *s) 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_clear(s); 171392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->version = s->method->version; 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 174221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 175392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 176221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int nid_list[] = 177221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 178221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect163k1, /* sect163k1 (1) */ 179221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect163r1, /* sect163r1 (2) */ 180221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect163r2, /* sect163r2 (3) */ 181221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect193r1, /* sect193r1 (4) */ 182221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect193r2, /* sect193r2 (5) */ 183221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect233k1, /* sect233k1 (6) */ 184221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect233r1, /* sect233r1 (7) */ 185221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect239k1, /* sect239k1 (8) */ 186221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect283k1, /* sect283k1 (9) */ 187221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect283r1, /* sect283r1 (10) */ 188221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect409k1, /* sect409k1 (11) */ 189221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect409r1, /* sect409r1 (12) */ 190221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect571k1, /* sect571k1 (13) */ 191221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect571r1, /* sect571r1 (14) */ 192221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp160k1, /* secp160k1 (15) */ 193221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp160r1, /* secp160r1 (16) */ 194221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp160r2, /* secp160r2 (17) */ 195221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp192k1, /* secp192k1 (18) */ 196221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_X9_62_prime192v1, /* secp192r1 (19) */ 197221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp224k1, /* secp224k1 (20) */ 198221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp224r1, /* secp224r1 (21) */ 199221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp256k1, /* secp256k1 (22) */ 200221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_X9_62_prime256v1, /* secp256r1 (23) */ 201221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp384r1, /* secp384r1 (24) */ 202221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp521r1 /* secp521r1 (25) */ 203221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom }; 204392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 205392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic int pref_list[] = 206392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 207392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect571r1, /* sect571r1 (14) */ 208392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect571k1, /* sect571k1 (13) */ 209392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_secp521r1, /* secp521r1 (25) */ 210392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect409k1, /* sect409k1 (11) */ 211392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect409r1, /* sect409r1 (12) */ 212392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_secp384r1, /* secp384r1 (24) */ 213392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect283k1, /* sect283k1 (9) */ 214392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect283r1, /* sect283r1 (10) */ 215392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_secp256k1, /* secp256k1 (22) */ 216392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_X9_62_prime256v1, /* secp256r1 (23) */ 217392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect239k1, /* sect239k1 (8) */ 218392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect233k1, /* sect233k1 (6) */ 219392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect233r1, /* sect233r1 (7) */ 220392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_secp224k1, /* secp224k1 (20) */ 221392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_secp224r1, /* secp224r1 (21) */ 222392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect193r1, /* sect193r1 (4) */ 223392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect193r2, /* sect193r2 (5) */ 224392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_secp192k1, /* secp192k1 (18) */ 225392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_X9_62_prime192v1, /* secp192r1 (19) */ 226392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect163k1, /* sect163k1 (1) */ 227392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect163r1, /* sect163r1 (2) */ 228392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_sect163r2, /* sect163r2 (3) */ 229392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_secp160k1, /* secp160k1 (15) */ 230392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_secp160r1, /* secp160r1 (16) */ 231392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NID_secp160r2, /* secp160r2 (17) */ 232392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom }; 233392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 234221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint tls1_ec_curve_id2nid(int curve_id) 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 236221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ 237221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((curve_id < 1) || ((unsigned int)curve_id > 238221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(nid_list)/sizeof(nid_list[0]))) 239221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 240221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return nid_list[curve_id-1]; 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 243221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint tls1_ec_nid2curve_id(int nid) 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 245221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ 246221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom switch (nid) 247221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 248221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect163k1: /* sect163k1 (1) */ 249221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 250221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect163r1: /* sect163r1 (2) */ 251221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 2; 252221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect163r2: /* sect163r2 (3) */ 253221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 3; 254221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect193r1: /* sect193r1 (4) */ 255221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 4; 256221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect193r2: /* sect193r2 (5) */ 257221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 5; 258221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect233k1: /* sect233k1 (6) */ 259221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 6; 260221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect233r1: /* sect233r1 (7) */ 261221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 7; 262221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect239k1: /* sect239k1 (8) */ 263221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 8; 264221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect283k1: /* sect283k1 (9) */ 265221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 9; 266221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect283r1: /* sect283r1 (10) */ 267221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 10; 268221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect409k1: /* sect409k1 (11) */ 269221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 11; 270221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect409r1: /* sect409r1 (12) */ 271221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 12; 272221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect571k1: /* sect571k1 (13) */ 273221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 13; 274221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect571r1: /* sect571r1 (14) */ 275221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 14; 276221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp160k1: /* secp160k1 (15) */ 277221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 15; 278221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp160r1: /* secp160r1 (16) */ 279221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 16; 280221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp160r2: /* secp160r2 (17) */ 281221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 17; 282221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp192k1: /* secp192k1 (18) */ 283221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 18; 284221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_X9_62_prime192v1: /* secp192r1 (19) */ 285221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 19; 286221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp224k1: /* secp224k1 (20) */ 287221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 20; 288221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp224r1: /* secp224r1 (21) */ 289221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 21; 290221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp256k1: /* secp256k1 (22) */ 291221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 22; 292221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_X9_62_prime256v1: /* secp256r1 (23) */ 293221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 23; 294221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp384r1: /* secp384r1 (24) */ 295221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 24; 296221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp521r1: /* secp521r1 (25) */ 297221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 25; 298221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom default: 299221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 300221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 302221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 305392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 306392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* List of supported signature algorithms and hashes. Should make this 307392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * customisable at some point, for now include everything we support. 308392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 309392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 310392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_NO_RSA 311392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#define tlsext_sigalg_rsa(md) /* */ 312392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#else 313392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa, 314392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 315392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 316392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_NO_DSA 317392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#define tlsext_sigalg_dsa(md) /* */ 318392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#else 319392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa, 320392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 321392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 322392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_NO_ECDSA 323392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#define tlsext_sigalg_ecdsa(md) /* */ 324392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#else 325392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa, 326392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 327392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 328392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#define tlsext_sigalg(md) \ 329392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tlsext_sigalg_rsa(md) \ 330392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tlsext_sigalg_dsa(md) \ 331392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tlsext_sigalg_ecdsa(md) 332392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 333392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic unsigned char tls12_sigalgs[] = { 334392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SHA512 335392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tlsext_sigalg(TLSEXT_hash_sha512) 336392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tlsext_sigalg(TLSEXT_hash_sha384) 337392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 338392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SHA256 339392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tlsext_sigalg(TLSEXT_hash_sha256) 340392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tlsext_sigalg(TLSEXT_hash_sha224) 341392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 342392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SHA 343392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tlsext_sigalg(TLSEXT_hash_sha1) 344392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 345392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_MD5 346392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tlsext_sigalg_rsa(TLSEXT_hash_md5) 347392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 348392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom}; 349392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 350392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint tls12_get_req_sig_algs(SSL *s, unsigned char *p) 351392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 352392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom size_t slen = sizeof(tls12_sigalgs); 353392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_FIPS 354392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* If FIPS mode don't include MD5 which is last */ 355392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (FIPS_mode()) 356392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom slen -= 2; 357392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 358392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (p) 359392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom memcpy(p, tls12_sigalgs, slen); 360392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return (int)slen; 361392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 362392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectunsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) 364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int extdatalen=0; 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *ret = p; 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 36898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* don't add extensions for SSLv3 unless doing secure renegotiation */ 36998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->client_version == SSL3_VERSION 37098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom && !s->s3->send_connection_binding) 37198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return p; 37298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret+=2; 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret>=limit) return NULL; /* this really never occurs, but ... */ 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_hostname != NULL) 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Add TLS extension servername to the Client Hello message */ 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long size_str; 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long lenmax; 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* check for enough space. 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 4 for the servername type and entension length 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2 for servernamelist length 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1 for the hostname type 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2 for hostname length 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project + hostname length 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((lenmax = limit - ret - 9) < 0 392221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* extension type and length */ 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_server_name,ret); 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(size_str+5,ret); 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* length of servername list */ 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(size_str+3,ret); 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* hostname type, length and hostname */ 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name; 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(size_str,ret); 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(ret, s->tlsext_hostname, size_str); 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret+=size_str; 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 408221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 40998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Add RI if renegotiating */ 410392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->renegotiate) 41198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 41298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int el; 41398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 41498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) 41598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 41698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 41798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 41898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 41998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 42098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if((limit - p - 4 - el) < 0) return NULL; 42198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 42298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(TLSEXT_TYPE_renegotiate,ret); 42398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(el,ret); 42498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 42598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) 42698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 42798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 42898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 42998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 43098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 43198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ret += el; 43298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 43398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 434392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 435392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Add SRP username if there is one */ 436392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.login != NULL) 437392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { /* Add TLS extension SRP username to the Client Hello message */ 438392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 439392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int login_len = strlen(s->srp_ctx.login); 440392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (login_len > 255 || login_len == 0) 441392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 442392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 443392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return NULL; 444392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 445392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 446392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* check for enough space. 447392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 4 for the srp type type and entension length 448392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1 for the srp user identity 449392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom + srp user identity length 450392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 451392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((limit - ret - 5 - login_len) < 0) return NULL; 452392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 453392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* fill in the extension */ 454392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(TLSEXT_TYPE_srp,ret); 455392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(login_len+1,ret); 456392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (*ret++) = (unsigned char) login_len; 457392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom memcpy(ret, s->srp_ctx.login, login_len); 458392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ret+=login_len; 459392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 460392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 461392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 462221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 463221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL && 464221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 465221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 466221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Add TLS extension ECPointFormats to the ClientHello message */ 467221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long lenmax; 468221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 469221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((lenmax = limit - ret - 5) < 0) return NULL; 470221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; 471221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > 255) 472221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 473221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 474221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 475221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 476221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 477221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_ec_point_formats,ret); 478221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ecpointformatlist_length + 1,ret); 479221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; 480221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 481221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=s->tlsext_ecpointformatlist_length; 482221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 483221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist != NULL && 484221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 485221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 486221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Add TLS extension EllipticCurves to the ClientHello message */ 487221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long lenmax; 488221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 489221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((lenmax = limit - ret - 6) < 0) return NULL; 490221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL; 491221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist_length > 65532) 492221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 493221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 494221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 495221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 496221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 497221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_elliptic_curves,ret); 498221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ellipticcurvelist_length + 2, ret); 499221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 500221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for 501221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * elliptic_curve_list, but the examples use two bytes. 502221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html 503221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * resolves this to two bytes. 504221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 505221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ellipticcurvelist_length, ret); 506221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); 507221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=s->tlsext_ellipticcurvelist_length; 508221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 509221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 510221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ticklen; 51498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!s->new_session && s->session && s->session->tlsext_tick) 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ticklen = s->session->tlsext_ticklen; 516221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (s->session && s->tlsext_session_ticket && 517221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_session_ticket->data) 518221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 519221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ticklen = s->tlsext_session_ticket->length; 520221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_tick = OPENSSL_malloc(ticklen); 521221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!s->session->tlsext_tick) 522221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 523221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(s->session->tlsext_tick, 524221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_session_ticket->data, 525221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ticklen); 526221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_ticklen = ticklen; 527221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ticklen = 0; 530221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ticklen == 0 && s->tlsext_session_ticket && 531221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_session_ticket->data == NULL) 532221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto skip_ext; 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check for enough room 2 for extension type, 2 for len 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * rest for ticket 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 536221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 4 - ticklen) < 0) return NULL; 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_session_ticket,ret); 538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(ticklen,ret); 539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ticklen) 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(ret, s->session->tlsext_tick, ticklen); 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret += ticklen; 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 545221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom skip_ext: 546221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 547ed2ff7a80ea0924de67b50fde0f0b3272e2f89a8Brian Carlstrom if (TLS1_get_client_version(s) >= TLS1_2_VERSION) 548392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 549392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6) 550392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return NULL; 551392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(TLSEXT_TYPE_signature_algorithms,ret); 552392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(sizeof(tls12_sigalgs) + 2, ret); 553392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(sizeof(tls12_sigalgs), ret); 554392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs)); 555392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ret += sizeof(tls12_sigalgs); 556392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 557392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 558221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 559221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL && 560221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 561221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 562221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t col = s->s3->client_opaque_prf_input_len; 563221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 564221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 6 - col < 0)) 565221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 566221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (col > 0xFFFD) /* can't happen */ 567221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 568221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 569221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_opaque_prf_input, ret); 570221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(col + 2, ret); 571221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(col, ret); 572221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->s3->client_opaque_prf_input, col); 573221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret += col; 574221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 575221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 57798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && 57898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->version != DTLS1_VERSION) 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long extlen, idlen, itmp; 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID *id; 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project idlen = 0; 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project itmp = i2d_OCSP_RESPID(id, NULL); 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (itmp <= 0) 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project idlen += itmp + 2; 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_exts) 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extlen < 0) 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extlen = 0; 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL; 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_status_request, ret); 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extlen + idlen > 0xFFF0) 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extlen + idlen + 5, ret); 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(ret++) = TLSEXT_STATUSTYPE_ocsp; 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(idlen, ret); 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* save position of id len */ 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *q = ret; 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* skip over id len */ 616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret += 2; 617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project itmp = i2d_OCSP_RESPID(id, &ret); 618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* write id len */ 619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(itmp, q); 620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extlen, ret); 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extlen > 0) 623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); 624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 626392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_HEARTBEATS 627392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Add Heartbeat extension */ 628392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(TLSEXT_TYPE_heartbeat,ret); 629392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(1,ret); 630392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Set mode: 631392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 1: peer may send requests 632392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2: peer not allowed to send requests 633392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 634392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS) 635392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS; 636392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 637392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *(ret++) = SSL_TLSEXT_HB_ENABLED; 638392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 639392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 640bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 641bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) 642bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 643bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* The client advertises an emtpy extension to indicate its 644bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * support for Next Protocol Negotiation */ 645bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (limit - ret - 4 < 0) 646bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return NULL; 647bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(TLSEXT_TYPE_next_proto_neg,ret); 648bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(0,ret); 649bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 650bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 651bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 652392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(SSL_get_srtp_profiles(s)) 653392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 654392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int el; 655392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 656392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0); 657392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 658392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if((limit - p - 4 - el) < 0) return NULL; 659392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 660392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(TLSEXT_TYPE_use_srtp,ret); 661392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(el,ret); 662392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 663392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) 664392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 665392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 666392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return NULL; 667392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 668392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ret += el; 669392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 670392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((extdatalen = ret-p-2)== 0) 672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return p; 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extdatalen,p); 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectunsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int extdatalen=0; 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *ret = p; 682bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 683bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen int next_proto_neg_seen; 684bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 68698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* don't add extensions for SSLv3, unless doing secure renegotiation */ 68798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) 68898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return p; 68998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret+=2; 691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret>=limit) return NULL; /* this really never occurs, but ... */ 692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 695221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 4) < 0) return NULL; 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_server_name,ret); 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(0,ret); 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 70098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 70198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(s->s3->send_connection_binding) 70298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 70398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int el; 70498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 70598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) 70698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 70798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 70898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 70998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 71098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 71198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if((limit - p - 4 - el) < 0) return NULL; 71298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 71398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(TLSEXT_TYPE_renegotiate,ret); 71498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(el,ret); 71598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 71698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) 71798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 71898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 71998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 72098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 72198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 72298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ret += el; 72398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 724221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 725221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 726221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL && 727221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 728221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 729221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Add TLS extension ECPointFormats to the ServerHello message */ 730221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long lenmax; 731221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 732221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((lenmax = limit - ret - 5) < 0) return NULL; 733221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; 734221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > 255) 735221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 736221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 737221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 738221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 739221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 740221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_ec_point_formats,ret); 741221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ecpointformatlist_length + 1,ret); 742221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; 743221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 744221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=s->tlsext_ecpointformatlist_length; 745221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 746221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 747221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Currently the server should not respond with a SupportedCurves extension */ 748221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 749221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ticket_expected 751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) 752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 753221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 4) < 0) return NULL; 754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_session_ticket,ret); 755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(0,ret); 756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_status_expected) 759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((long)(limit - ret - 4) < 0) return NULL; 761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_status_request,ret); 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(0,ret); 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 765221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 766221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input != NULL && 767221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 768221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 769221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t sol = s->s3->server_opaque_prf_input_len; 770221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 771221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 6 - sol) < 0) 772221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 773221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (sol > 0xFFFD) /* can't happen */ 774221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 775221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 776221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_opaque_prf_input, ret); 777221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(sol + 2, ret); 778221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(sol, ret); 779221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->s3->server_opaque_prf_input, sol); 780221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret += sol; 781221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 782221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 783392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 784392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(s->srtp_profile) 785392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 786392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int el; 787392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 788392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0); 789392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 790392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if((limit - p - 4 - el) < 0) return NULL; 791392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 792392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(TLSEXT_TYPE_use_srtp,ret); 793392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(el,ret); 794392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 795392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) 796392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 797392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 798392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return NULL; 799392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 800392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ret+=el; 801392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 802392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 803221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) 804221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) 805221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { const unsigned char cryptopro_ext[36] = { 806221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0xfd, 0xe8, /*65000*/ 807221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x00, 0x20, /*32 bytes length*/ 808221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, 809221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, 810221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, 811221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17}; 812221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (limit-ret<36) return NULL; 813221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret,cryptopro_ext,36); 814221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=36; 815221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 816221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 817221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 818392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_HEARTBEATS 819392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Add Heartbeat extension if we've received one */ 820392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) 821392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 822392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(TLSEXT_TYPE_heartbeat,ret); 823392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(1,ret); 824392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Set mode: 825392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 1: peer may send requests 826392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2: peer not allowed to send requests 827392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 828392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS) 829392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS; 830392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 831392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *(ret++) = SSL_TLSEXT_HB_ENABLED; 832392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 833392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 834392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 835392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 836bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 837bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen next_proto_neg_seen = s->s3->next_proto_neg_seen; 838bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->s3->next_proto_neg_seen = 0; 839bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) 840bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 841bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen const unsigned char *npa; 842bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned int npalen; 843bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen int r; 844bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 845bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg); 846bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (r == SSL_TLSEXT_ERR_OK) 847bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 848bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if ((long)(limit - ret - 4 - npalen) < 0) return NULL; 849bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(TLSEXT_TYPE_next_proto_neg,ret); 850bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(npalen,ret); 851bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen memcpy(ret, npa, npalen); 852bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen ret += npalen; 853bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->s3->next_proto_neg_seen = 1; 854bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 855bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 856bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 857bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((extdatalen = ret-p-2)== 0) 859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return p; 860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extdatalen,p); 862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short type; 868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short size; 869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short len; 870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *data = *p; 87198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int renegotiate_seen = 0; 872392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int sigalg_seen = 0; 87398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done = 0; 875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_type = -1; 876392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_NEXTPROTONEG 877392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->s3->next_proto_neg_seen = 0; 878392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 879392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 880392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_HEARTBEATS 881392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | 882392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_TLSEXT_HB_DONT_SEND_REQUESTS); 883392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data >= (d+n-2)) 88698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,len); 888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data > (d+n-len)) 89098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (data <= (d+n-4)) 893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,type); 895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,size); 896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data+size > (d+n)) 89898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 899221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 900221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"Received extension type %d size %d\n",type,size); 901221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_debug_cb) 903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_cb(s, 0, type, data, size, 904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_arg); 905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* The servername extension is treated as follows: 906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - Only the hostname type is supported with a maximum length of 255. 908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - The servername is rejected if too long or if it contains zeros, 909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project in which case an fatal alert is generated. 910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - The servername field is maintained together with the session cache. 911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - When a session is resumed, the servername call back invoked in order 912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project to allow the application to position itself to the right context. 913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - The servername is acknowledged if it is new for a session or when 914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project it is identical to a previously used for the same session. 915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project Applications can control the behaviour. They can at any time 916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project set a 'desirable' servername for a new SSL object. This can be the 917656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case for example with HTTPS when a Host: header field is received and 918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a renegotiation is requested. In this case, a possible servername 919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project presented in the new client hello is only acknowledged if it matches 920656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project the value of the Host: field. 921656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if they provide for changing an explicit servername context for the session, 923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i.e. when the session has been established with a servername extension. 924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - On session reconnect, the servername extension may be absent. 925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project*/ 927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == TLSEXT_TYPE_server_name) 929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *sdata; 931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int servname_type; 932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int dsize; 933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (size < 2) 935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,dsize); 940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size -= 2; 941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize > size ) 942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdata = data; 948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (dsize > 3) 949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project servname_type = *(sdata++); 951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(sdata,len); 952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsize -= 3; 953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len > dsize) 955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->servername_done == 0) 960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (servname_type) 961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_NAMETYPE_host_name: 96343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (!s->hit) 964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 96543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if(s->session->tlsext_hostname) 96643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 96743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 96843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 96943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 97043c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (len > TLSEXT_MAXLEN_host_name) 971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNRECOGNIZED_NAME; 973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 97543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) 97643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 97743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 97843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 97943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->session->tlsext_hostname, sdata, len); 981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_hostname[len]='\0'; 982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (strlen(s->session->tlsext_hostname) != len) { 983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s->session->tlsext_hostname); 984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_hostname = NULL; 985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNRECOGNIZED_NAME; 986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done = 1; 989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 99243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->servername_done = s->session->tlsext_hostname 99343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom && strlen(s->session->tlsext_hostname) == len 994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; 995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsize -= len; 1003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize != 0) 1005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1011392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 1012392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (type == TLSEXT_TYPE_srp) 1013392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1014392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (size <= 0 || ((len = data[0])) != (size -1)) 1015392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1016392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1017392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 1018392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1019392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.login != NULL) 1020392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1021392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1022392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 1023392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1024392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((s->srp_ctx.login = OPENSSL_malloc(len+1)) == NULL) 1025392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 1026392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom memcpy(s->srp_ctx.login, &data[1], len); 1027392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.login[len]='\0'; 1028392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1029392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (strlen(s->srp_ctx.login) != len) 1030392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1031392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1032392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 1033392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1034392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1035392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1036221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1037221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1038221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_ec_point_formats && 1039221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 1040221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1041221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 1042221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int ecpointformatlist_length = *(sdata++); 1043221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1044221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ecpointformatlist_length != size - 1) 1045221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1046221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 1047221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1048221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 104943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (!s->hit) 1050221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 105143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if(s->session->tlsext_ecpointformatlist) 105243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 1053976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom OPENSSL_free(s->session->tlsext_ecpointformatlist); 1054976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom s->session->tlsext_ecpointformatlist = NULL; 105543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 105643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ecpointformatlist_length = 0; 105743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) 105843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 105943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 106043c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 106143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 106243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; 106343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); 1064221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1065221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 1066221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); 1067221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sdata = s->session->tlsext_ecpointformatlist; 1068221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 1069221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"%i ",*(sdata++)); 1070221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"\n"); 1071221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1072221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1073221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_elliptic_curves && 1074221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 1075221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1076221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 1077221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int ellipticcurvelist_length = (*(sdata++) << 8); 1078221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ellipticcurvelist_length += (*(sdata++)); 1079221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1080221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ellipticcurvelist_length != size - 2) 1081221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1082221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 1083221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1084221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 108543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (!s->hit) 1086221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 108743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if(s->session->tlsext_ellipticcurvelist) 108843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 108943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 109043c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 109143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 109243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ellipticcurvelist_length = 0; 109343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) 109443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 109543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 109643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 109743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 109843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; 109943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); 1100221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1101221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 1102221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); 1103221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sdata = s->session->tlsext_ellipticcurvelist; 1104221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++) 1105221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"%i ",*(sdata++)); 1106221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"\n"); 1107221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1108221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1109221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1110221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1111221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_opaque_prf_input && 1112221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 1113221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1114221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 1115221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1116221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (size < 2) 1117221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1118221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1119221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1120221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1121221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n2s(sdata, s->s3->client_opaque_prf_input_len); 1122221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input_len != size - 2) 1123221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1124221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1125221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1126221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1127221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1128221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1129221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->client_opaque_prf_input); 1130221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input_len == 0) 1131221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 1132221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 1133221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); 1134221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input == NULL) 1135221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1136221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 1137221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1138221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1139221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1140221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1141221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_session_ticket) 1142221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1143221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tls_session_ticket_ext_cb && 1144221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) 1145221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1146221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 1147221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1148221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1149221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 115098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_renegotiate) 115198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 115298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) 115398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 115498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom renegotiate_seen = 1; 115598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 1156392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (type == TLSEXT_TYPE_signature_algorithms) 1157392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1158392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int dsize; 1159392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (sigalg_seen || size < 2) 1160392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1161392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1162392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 1163392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1164392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sigalg_seen = 1; 1165392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n2s(data,dsize); 1166392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom size -= 2; 1167392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (dsize != size || dsize & 1) 1168392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1169392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1170392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 1171392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1172392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!tls1_process_sigalgs(s, data, dsize)) 1173392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1174392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1175392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 1176392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1177392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 117898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_status_request && 117998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) 1180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (size < 5) 1183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_type = *data++; 1189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size--; 1190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) 1191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *sdata; 1193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int dsize; 1194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Read in responder_id_list */ 1195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,dsize); 1196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size -= 2; 1197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize > size ) 1198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (dsize > 0) 1203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID *id; 1205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int idsize; 1206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize < 4) 1207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data, idsize); 1212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsize -= 2 + idsize; 121381c4de7869b646592127e952cda763abf8305069Brian Carlstrom size -= 2 + idsize; 1214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize < 0) 1215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdata = data; 1220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project data += idsize; 1221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = d2i_OCSP_RESPID(NULL, 1222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &sdata, idsize); 1223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!id) 1224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data != sdata) 1229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID_free(id); 1231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->tlsext_ocsp_ids 1235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && !(s->tlsext_ocsp_ids = 1236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_OCSP_RESPID_new_null())) 1237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID_free(id); 1239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_INTERNAL_ERROR; 1240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_OCSP_RESPID_push( 1243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_ids, id)) 1244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID_free(id); 1246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_INTERNAL_ERROR; 1247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Read in request_extensions */ 125281c4de7869b646592127e952cda763abf8305069Brian Carlstrom if (size < 2) 125381c4de7869b646592127e952cda763abf8305069Brian Carlstrom { 125481c4de7869b646592127e952cda763abf8305069Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 125581c4de7869b646592127e952cda763abf8305069Brian Carlstrom return 0; 125681c4de7869b646592127e952cda763abf8305069Brian Carlstrom } 1257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,dsize); 1258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size -= 2; 125981c4de7869b646592127e952cda763abf8305069Brian Carlstrom if (dsize != size) 1260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdata = data; 1265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize > 0) 1266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 12677b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom if (s->tlsext_ocsp_exts) 12687b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom { 12697b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 12707b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom X509_EXTENSION_free); 12717b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom } 12727b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom 1273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_exts = 1274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d2i_X509_EXTENSIONS(NULL, 1275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &sdata, dsize); 1276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->tlsext_ocsp_exts 1277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || (data + dsize != sdata)) 1278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We don't know what to do with any other type 1285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * so ignore it. 1286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_type = -1; 1289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1290392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_HEARTBEATS 1291392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (type == TLSEXT_TYPE_heartbeat) 1292392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1293392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom switch(data[0]) 1294392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1295392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case 0x01: /* Client allows us to send HB requests */ 1296392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED; 1297392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 1298392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case 0x02: /* Client doesn't accept HB requests */ 1299392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED; 1300392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS; 1301392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 1302392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom default: *al = SSL_AD_ILLEGAL_PARAMETER; 1303392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 1304392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1305392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1306392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1307bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 1308bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen else if (type == TLSEXT_TYPE_next_proto_neg && 1309392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->s3->tmp.finish_md_len == 0) 1310bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1311bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* We shouldn't accept this extension on a 1312bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * renegotiation. 1313bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1314bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * s->new_session will be set on renegotiation, but we 1315bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * probably shouldn't rely that it couldn't be set on 1316bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * the initial renegotation too in certain cases (when 1317bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * there's some other reason to disallow resuming an 1318bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * earlier session -- the current code won't be doing 1319bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * anything like that, but this might change). 1320bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1321bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * A valid sign that there's been a previous handshake 1322bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * in this connection is if s->s3->tmp.finish_md_len > 1323bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 0. (We are talking about a check that will happen 1324bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * in the Hello protocol round, well before a new 1325bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * Finished message could have been computed.) */ 1326bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->s3->next_proto_neg_seen = 1; 1327bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1328bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 132998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* session ticket processed earlier */ 1331392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (type == TLSEXT_TYPE_use_srtp) 1332392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1333392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(ssl_parse_clienthello_use_srtp_ext(s, data, size, 1334392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom al)) 1335392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 1336392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1337392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1338221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom data+=size; 1339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1340221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *p = data; 134298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 134398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ri_check: 134498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 134598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Need RI if renegotiating */ 134698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1347392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!renegotiate_seen && s->renegotiate && 134898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) 134998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 135098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom *al = SSL_AD_HANDSHAKE_FAILURE; 135198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, 135298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 135398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 135498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 135598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1359bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 1360bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No 1361bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * elements of zero length are allowed and the set of elements must exactly fill 1362bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * the length of the block. */ 1363392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic char ssl_next_proto_validate(unsigned char *d, unsigned len) 1364bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1365bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned int off = 0; 1366bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1367bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen while (off < len) 1368bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1369bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (d[off] == 0) 1370bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1371bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen off += d[off]; 1372bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen off++; 1373bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1374bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1375bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return off == len; 1376bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1377bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 1378bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 1380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 138143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom unsigned short length; 1382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short type; 1383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short size; 1384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *data = *p; 1385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int tlsext_servername = 0; 138698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int renegotiate_seen = 0; 1387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1388392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_NEXTPROTONEG 1389392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->s3->next_proto_neg_seen = 0; 1390392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1391392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1392392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_HEARTBEATS 1393392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | 1394392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_TLSEXT_HB_DONT_SEND_REQUESTS); 1395392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1396392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data >= (d+n-2)) 139898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 1399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 140043c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom n2s(data,length); 140143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (data+length != d+n) 140243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 140343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 140443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 140543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 1406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while(data <= (d+n-4)) 1408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,type); 1410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,size); 1411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data+size > (d+n)) 141398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 1414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_debug_cb) 1416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_cb(s, 1, type, data, size, 1417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_arg); 1418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == TLSEXT_TYPE_server_name) 1420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_hostname == NULL || size > 0) 1422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNRECOGNIZED_NAME; 1424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlsext_servername = 1; 1427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1428221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1429221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1430221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_ec_point_formats && 1431221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 1432221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1433221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 1434221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int ecpointformatlist_length = *(sdata++); 1435221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1436221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ecpointformatlist_length != size - 1) 1437221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1438221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 1439221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1440221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1441221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_ecpointformatlist_length = 0; 1442221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); 1443221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) 1444221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1445221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 1446221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1447221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1448221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; 1449221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); 1450221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 1451221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist "); 1452221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sdata = s->session->tlsext_ecpointformatlist; 1453221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 1454221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"%i ",*(sdata++)); 1455221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"\n"); 1456221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1457221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1458221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1459221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (type == TLSEXT_TYPE_session_ticket) 1461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1462221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tls_session_ticket_ext_cb && 1463221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) 1464221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1465221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 1466221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1467221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((SSL_get_options(s) & SSL_OP_NO_TICKET) 1469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || (size > 0)) 1470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNSUPPORTED_EXTENSION; 1472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ticket_expected = 1; 1475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1476221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1477221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_opaque_prf_input && 1478221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 1479221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1480221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 1481221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1482221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (size < 2) 1483221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1484221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1485221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1486221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1487221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n2s(sdata, s->s3->server_opaque_prf_input_len); 1488221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input_len != size - 2) 1489221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1490221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1491221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1492221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1493221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1494221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1495221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->server_opaque_prf_input); 1496221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input_len == 0) 1497221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 1498221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 1499221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len); 1500221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1501221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input == NULL) 1502221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1503221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 1504221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1505221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1506221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1507221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 150898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_status_request && 150998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->version != DTLS1_VERSION) 1510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* MUST be empty and only sent if we've requested 1512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * a status request message. 1513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->tlsext_status_type == -1) || (size > 0)) 1515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNSUPPORTED_EXTENSION; 1517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Set flag to expect CertificateStatus message */ 1520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 1; 1521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1522bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 1523392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (type == TLSEXT_TYPE_next_proto_neg && 1524392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->s3->tmp.finish_md_len == 0) 1525bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1526bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned char *selected; 1527bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned char selected_len; 1528bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1529bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* We must have requested it. */ 1530bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if ((s->ctx->next_proto_select_cb == NULL)) 1531bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1532bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_UNSUPPORTED_EXTENSION; 1533bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1534bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1535bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* The data must be valid */ 1536bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (!ssl_next_proto_validate(data, size)) 1537bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1538bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_DECODE_ERROR; 1539bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1540bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1541bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) 1542bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1543bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_INTERNAL_ERROR; 1544bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1545bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1546bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->next_proto_negotiated = OPENSSL_malloc(selected_len); 1547bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (!s->next_proto_negotiated) 1548bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1549bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_INTERNAL_ERROR; 1550bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1551bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1552bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen memcpy(s->next_proto_negotiated, selected, selected_len); 1553bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->next_proto_negotiated_len = selected_len; 1554392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->s3->next_proto_neg_seen = 1; 1555bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1556bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 155798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_renegotiate) 155898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 155998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) 156098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 156198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom renegotiate_seen = 1; 156298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 1563392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_HEARTBEATS 1564392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (type == TLSEXT_TYPE_heartbeat) 1565392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1566392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom switch(data[0]) 1567392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1568392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case 0x01: /* Server allows us to send HB requests */ 1569392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED; 1570392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 1571392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case 0x02: /* Server doesn't accept HB requests */ 1572392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED; 1573392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS; 1574392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 1575392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom default: *al = SSL_AD_ILLEGAL_PARAMETER; 1576392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 1577392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1578392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1579392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1580392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (type == TLSEXT_TYPE_use_srtp) 1581392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1582392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(ssl_parse_serverhello_use_srtp_ext(s, data, size, 1583392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom al)) 1584392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 1585392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1586392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project data+=size; 1588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data != d+n) 1591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->hit && tlsext_servername == 1) 1597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_hostname) 1599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->tlsext_hostname == NULL) 1601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname); 1603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->session->tlsext_hostname) 1604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_UNRECOGNIZED_NAME; 1606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *p = data; 161898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 161998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ri_check: 162098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 162198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Determine if we need to see RI. Strictly speaking if we want to 162298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * avoid an attack we should *always* see RI even on initial server 162398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * hello because the client doesn't see any renegotiation during an 162498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * attack. However this would mean we could not connect to any server 162598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * which doesn't support RI so for the immediate future tolerate RI 162698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * absence on initial connect only. 162798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom */ 162898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!renegotiate_seen 162998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT) 163098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) 163198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 163298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom *al = SSL_AD_HANDSHAKE_FAILURE; 163398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, 163498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 163598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 163698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 163798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1641221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1642221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint ssl_prepare_clienthello_tlsext(SSL *s) 1643221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1644221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1645221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats 1646221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * and elliptic curves we support. 1647221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1648221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int using_ecc = 0; 1649221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int i; 1650221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *j; 1651221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_k, alg_a; 1652221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s); 1653221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1654221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) 1655221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1656221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); 1657221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1658221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_k = c->algorithm_mkey; 1659221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_a = c->algorithm_auth; 1660221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA))) 1661221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1662221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom using_ecc = 1; 1663221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 1664221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1665221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1666392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom using_ecc = using_ecc && (s->version >= TLS1_VERSION); 1667221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (using_ecc) 1668221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1669221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); 1670221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) 1671221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1672221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1673221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1674221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1675221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist_length = 3; 1676221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; 1677221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1678221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1679221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1680221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ 1681221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist); 1682392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2; 1683221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) 1684221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1685221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ellipticcurvelist_length = 0; 1686221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1687221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1688221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1689392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i < 1690392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sizeof(pref_list)/sizeof(pref_list[0]); i++) 1691392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1692392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int id = tls1_ec_nid2curve_id(pref_list[i]); 1693392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(id,j); 1694392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1695221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1696221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1697221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1698221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1699221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1700221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int r = 1; 1701221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1702221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->ctx->tlsext_opaque_prf_input_callback != 0) 1703221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1704221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); 1705221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!r) 1706221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1707221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1708221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1709221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input != NULL) 1710221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1711221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1712221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->client_opaque_prf_input); 1713221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1714221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input_len == 0) 1715221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 1716221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 1717221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); 1718221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input == NULL) 1719221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1720221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1721221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1722221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1723221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; 1724221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1725221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1726221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (r == 2) 1727221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* at callback's request, insist on receiving an appropriate server opaque PRF input */ 1728221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; 1729221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1730221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1731221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1732221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 1733221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1734221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1735221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint ssl_prepare_serverhello_tlsext(SSL *s) 1736221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1737221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1738221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If we are server and using an ECC cipher suite, send the point formats we support 1739221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * if the client sent us an ECPointsFormat extension. Note that the server is not 1740221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * supposed to send an EllipticCurves extension. 1741221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1742221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1743221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1744221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1745221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); 1746221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); 1747221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1748221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (using_ecc) 1749221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1750221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); 1751221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) 1752221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1753221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1754221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1755221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1756221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist_length = 3; 1757221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; 1758221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1759221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1760221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1761221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1762221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1763221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 1764221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1765221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_check_clienthello_tlsext(SSL *s) 1767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=SSL_TLSEXT_ERR_NOACK; 1769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int al = SSL_AD_UNRECOGNIZED_NAME; 1770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1771221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1772221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* The handling of the ECPointFormats extension is done elsewhere, namely in 1773221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ssl3_choose_cipher in s3_lib.c. 1774221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1775221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* The handling of the EllipticCurves extension is done elsewhere, namely in 1776221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ssl3_choose_cipher in s3_lib.c. 1777221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1778221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1779221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 1781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); 1782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If status request then ask callback what to do. 1786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Note: this must be called after servername callbacks in case 1787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the certificate has changed. 1788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1789221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) 1790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int r; 1792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (r) 1794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We don't want to send a status request response */ 1796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_NOACK: 1797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 0; 1798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* status request response should be sent */ 1800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_OK: 1801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_resp) 1802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 1; 1803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 0; 1805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* something bad happened */ 1807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_FATAL: 1808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_INTERNAL_ERROR; 1810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 0; 1815221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1816221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1817221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1818221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* This sort of belongs into ssl_prepare_serverhello_tlsext(), 1819221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * but we might be sending an alert in response to the client hello, 1820221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * so this has to happen here in ssl_check_clienthello_tlsext(). */ 1821221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1822221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int r = 1; 1823221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1824221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->ctx->tlsext_opaque_prf_input_callback != 0) 1825221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1826221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); 1827221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!r) 1828221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1829221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1830221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_INTERNAL_ERROR; 1831221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1832221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1833221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1834221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1835221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1836221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->server_opaque_prf_input); 1837221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = NULL; 1838221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1839221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input != NULL) 1840221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1841221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL && 1842221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) 1843221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1844221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* can only use this extension if we have a server opaque PRF input 1845221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * of the same length as the client opaque PRF input! */ 1846221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1847221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input_len == 0) 1848221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 1849221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 1850221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); 1851221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input == NULL) 1852221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1853221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1854221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_INTERNAL_ERROR; 1855221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1856221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1857221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; 1858221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1859221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1860221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1861221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (r == 2 && s->s3->server_opaque_prf_input == NULL) 1862221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1863221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* The callback wants to enforce use of the extension, 1864221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * but we can't do that with the client opaque PRF input; 1865221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * abort the handshake. 1866221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1867221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1868221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_HANDSHAKE_FAILURE; 1869221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1870221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1871221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1872221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1873221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom err: 1874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (ret) 1875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_FATAL: 1877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,al); 1878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_WARNING: 1881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_WARNING,al); 1882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_NOACK: 1885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done=0; 1886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 1887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_check_serverhello_tlsext(SSL *s) 1892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=SSL_TLSEXT_ERR_NOACK; 1894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int al = SSL_AD_UNRECOGNIZED_NAME; 1895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1896221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1897976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom /* If we are client and using an elliptic curve cryptography cipher 1898976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom * suite, then if server returns an EC point formats lists extension 1899976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom * it must contain uncompressed. 1900221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1901221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1902221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1903221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 1904976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && 1905221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) 1906221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1907221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* we are using an ECC cipher */ 1908221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t i; 1909221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *list; 1910221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int found_uncompressed = 0; 1911221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom list = s->session->tlsext_ecpointformatlist; 1912221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 1913221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1914221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) 1915221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1916221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom found_uncompressed = 1; 1917221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 1918221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1919221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1920221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!found_uncompressed) 1921221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1922221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); 1923221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1924221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1925221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1926221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_OK; 1927221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1928221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 1930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); 1931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1934221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1935221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input_len > 0) 1936221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1937221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs. 1938221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * So first verify that we really have a value from the server too. */ 1939221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1940221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input == NULL) 1941221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1942221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1943221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_HANDSHAKE_FAILURE; 1944221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1945221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1946221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Anytime the server *has* sent an opaque PRF input, we need to check 1947221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * that we have a client opaque PRF input of the same size. */ 1948221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input == NULL || 1949221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) 1950221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1951221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1952221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_ILLEGAL_PARAMETER; 1953221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1954221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1955221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1956221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If we've requested certificate status and we wont get one 1958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * tell the callback 1959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) 1961221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom && s->ctx && s->ctx->tlsext_status_cb) 1962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int r; 1964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Set resp to NULL, resplen to -1 so callback knows 1965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * there is no response. 1966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_resp) 1968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s->tlsext_ocsp_resp); 1970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_resp = NULL; 1971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_resplen = -1; 1973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r == 0) 1975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 1977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r < 0) 1980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_INTERNAL_ERROR; 1982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (ret) 1987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_FATAL: 1989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,al); 1990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_WARNING: 1993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_WARNING,al); 1994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_NOACK: 1997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done=0; 1998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 1999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 2000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2003392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* Since the server cache lookup is done early on in the processing of the 2004392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ClientHello, and other operations depend on the result, we need to handle 2005392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * any TLS session ticket extension at the same time. 2006392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2007392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * session_id: points at the session ID in the ClientHello. This code will 2008392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * read past the end of this in order to parse out the session ticket 2009392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * extension, if any. 2010392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * len: the length of the session ID. 2011392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * limit: a pointer to the first byte after the ClientHello. 2012392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ret: (output) on return, if a ticket was decrypted, then this is set to 2013392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * point to the resulting session. 2014392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2015392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * If s->tls_session_secret_cb is set then we are expecting a pre-shared key 2016392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ciphersuite, in which case we have no use for session tickets and one will 2017392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * never be decrypted, nor will s->tlsext_ticket_expected be set to 1. 2018392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2019392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Returns: 2020392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * -1: fatal error, either from parsing or decrypting the ticket. 2021392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 0: no ticket was found (or was ignored, based on settings). 2022392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 1: a zero length extension was found, indicating that the client supports 2023392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * session tickets but doesn't currently have one to offer. 2024392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2: either s->tls_session_secret_cb was set, or a ticket was offered but 2025392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * couldn't be decrypted because of a non-fatal error. 2026392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 3: a ticket was successfully decrypted and *ret was set. 2027392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2028392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Side effects: 2029392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Sets s->tlsext_ticket_expected to 1 if the server will have to issue 2030392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * a new session ticket to the client because the client indicated support 2031392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * (and s->tls_session_secret_cb is NULL) but the client either doesn't have 2032392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * a session ticket or we couldn't use the one it gave us, or if 2033392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket. 2034392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Otherwise, s->tlsext_ticket_expected is set to 0. 2035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint tls1_process_ticket(SSL *s, unsigned char *session_id, int len, 2037392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const unsigned char *limit, SSL_SESSION **ret) 2038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Point after session ID in client hello */ 2040656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *p = session_id + len; 2041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short i; 2042e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu 2043392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *ret = NULL; 2044392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_ticket_expected = 0; 2045392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2046e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu /* If tickets disabled behave as if no ticket present 2047392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * to permit stateful resumption. 2048392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 2049e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (SSL_get_options(s) & SSL_OP_NO_TICKET) 2050392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 2051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->version <= SSL3_VERSION) || !limit) 2052392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 2053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p >= limit) 2054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 205598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Skip past DTLS cookie */ 205698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) 205798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 205898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom i = *(p++); 205998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom p+= i; 206098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (p >= limit) 206198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return -1; 206298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 2063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Skip past cipher list */ 2064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, i); 2065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+= i; 2066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p >= limit) 2067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 2068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Skip past compression algorithm list */ 2069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = *(p++); 2070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p += i; 2071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p > limit) 2072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 2073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Now at start of extensions */ 2074656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p + 2) >= limit) 2075392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 2076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, i); 2077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while ((p + 4) <= limit) 2078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short type, size; 2080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, type); 2081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, size); 2082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p + size > limit) 2083392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 2084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == TLSEXT_TYPE_session_ticket) 2085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2086392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int r; 2087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (size == 0) 2088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2089392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* The client will accept a ticket but doesn't 2090392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * currently have one. */ 2091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ticket_expected = 1; 2092392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 2093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2094221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tls_session_secret_cb) 2095221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2096392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Indicate that the ticket couldn't be 2097392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * decrypted rather than generating the session 2098392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * from ticket now, trigger abbreviated 2099392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * handshake based on external mechanism to 2100392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * calculate the master secret later. */ 2101392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 2; 2102392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2103392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom r = tls_decrypt_ticket(s, p, size, session_id, len, ret); 2104392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom switch (r) 2105392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2106392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case 2: /* ticket couldn't be decrypted */ 2107392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_ticket_expected = 1; 2108392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 2; 2109392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case 3: /* ticket was decrypted */ 2110392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return r; 2111392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case 4: /* ticket decrypted but need to renew */ 2112392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_ticket_expected = 1; 2113392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 3; 2114392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom default: /* fatal error */ 2115392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 2116221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p += size; 2119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2120392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 2121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2123392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* tls_decrypt_ticket attempts to decrypt a session ticket. 2124392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2125392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * etick: points to the body of the session ticket extension. 2126392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * eticklen: the length of the session tickets extenion. 2127392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * sess_id: points at the session ID. 2128392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * sesslen: the length of the session ID. 2129392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * psess: (output) on return, if a ticket was decrypted, then this is set to 2130392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * point to the resulting session. 2131392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2132392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Returns: 2133392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * -1: fatal error, either from parsing or decrypting the ticket. 2134392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2: the ticket couldn't be decrypted. 2135392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 3: a ticket was successfully decrypted and *psess was set. 2136392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 4: same as 3, but the ticket needs to be renewed. 2137392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 2138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, 2139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *sess_id, int sesslen, 2140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION **psess) 2141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION *sess; 2143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *sdec; 2144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *p; 2145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int slen, mlen, renew_ticket = 0; 2146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char tick_hmac[EVP_MAX_MD_SIZE]; 2147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_CTX hctx; 2148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX ctx; 214998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_CTX *tctx = s->initial_ctx; 2150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Need at least keyname + iv + some encrypted data */ 2151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (eticklen < 48) 2152392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 2; 2153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Initialize session ticket encryption and HMAC contexts */ 2154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_CTX_init(&hctx); 2155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_init(&ctx); 215698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (tctx->tlsext_ticket_key_cb) 2157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *nctick = (unsigned char *)etick; 215998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, 2160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ctx, &hctx, 0); 2161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv < 0) 2162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 2163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == 0) 2164392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 2; 2165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == 2) 2166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project renew_ticket = 1; 2167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check key name matches */ 217198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) 2172392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 2; 217398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, 2174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlsext_tick_md(), NULL); 2175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, 217698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom tctx->tlsext_tick_aes_key, etick + 16); 2177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Attempt to process session ticket, first conduct sanity and 2179392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * integrity checks on ticket. 2180392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 2181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project mlen = HMAC_size(&hctx); 2182221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (mlen < 0) 2183221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2184221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_CIPHER_CTX_cleanup(&ctx); 2185221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 2186221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project eticklen -= mlen; 2188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check HMAC of encrypted ticket */ 2189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_Update(&hctx, etick, eticklen); 2190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_Final(&hctx, tick_hmac, NULL); 2191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_CTX_cleanup(&hctx); 2192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (memcmp(tick_hmac, etick + eticklen, mlen)) 2193392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 2; 2194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Attempt to decrypt session data */ 2195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Move p after IV to start of encrypted ticket, update length */ 2196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); 2197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); 2198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdec = OPENSSL_malloc(eticklen); 2199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sdec) 2200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_cleanup(&ctx); 2202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 2203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); 2205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) 2206392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 2; 2207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project slen += mlen; 2208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_cleanup(&ctx); 2209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = sdec; 2210392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sess = d2i_SSL_SESSION(NULL, &p, slen); 2212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(sdec); 2213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sess) 2214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2215392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* The session ID, if non-empty, is used by some clients to 2216392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * detect that the ticket has been accepted. So we copy it to 2217392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * the session structure. If it is empty set length to zero 2218392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * as required by standard. 2219392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 2220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sesslen) 2221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(sess->session_id, sess_id, sesslen); 2222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sess->session_id_length = sesslen; 2223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *psess = sess; 2224392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (renew_ticket) 2225392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 4; 2226392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 2227392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 3; 2228392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2229392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ERR_clear_error(); 2230392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* For session parse failure, indicate that we need to send a new 2231392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ticket. */ 2232392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 2; 2233392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2234392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2235392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* Tables to translate from NIDs to TLS v1.2 ids */ 2236392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2237392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromtypedef struct 2238392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2239392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int nid; 2240392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int id; 2241392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } tls12_lookup; 2242392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2243392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic tls12_lookup tls12_md[] = { 2244392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_MD5 2245392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom {NID_md5, TLSEXT_hash_md5}, 2246392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2247392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SHA 2248392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom {NID_sha1, TLSEXT_hash_sha1}, 2249392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2250392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SHA256 2251392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom {NID_sha224, TLSEXT_hash_sha224}, 2252392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom {NID_sha256, TLSEXT_hash_sha256}, 2253392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2254392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SHA512 2255392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom {NID_sha384, TLSEXT_hash_sha384}, 2256392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom {NID_sha512, TLSEXT_hash_sha512} 2257392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2258392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom}; 2259392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2260392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic tls12_lookup tls12_sig[] = { 2261392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_RSA 2262392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom {EVP_PKEY_RSA, TLSEXT_signature_rsa}, 2263392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2264392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_DSA 2265392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom {EVP_PKEY_DSA, TLSEXT_signature_dsa}, 2266392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2267392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_ECDSA 2268392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom {EVP_PKEY_EC, TLSEXT_signature_ecdsa} 2269392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2270392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom}; 2271392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2272392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic int tls12_find_id(int nid, tls12_lookup *table, size_t tlen) 2273392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2274392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom size_t i; 2275392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom for (i = 0; i < tlen; i++) 2276392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2277392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (table[i].nid == nid) 2278392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return table[i].id; 2279392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2280392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 2281392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2282392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#if 0 2283392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic int tls12_find_nid(int id, tls12_lookup *table, size_t tlen) 2284392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2285392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom size_t i; 2286392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom for (i = 0; i < tlen; i++) 2287392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2288392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (table[i].id == id) 2289392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return table[i].nid; 2290392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2291392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 2292392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2293392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2294392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2295392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md) 2296392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2297392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int sig_id, md_id; 2298392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!md) 2299392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 2300392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom md_id = tls12_find_id(EVP_MD_type(md), tls12_md, 2301392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sizeof(tls12_md)/sizeof(tls12_lookup)); 2302392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (md_id == -1) 2303392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 2304392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sig_id = tls12_get_sigid(pk); 2305392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (sig_id == -1) 2306392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 2307392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p[0] = (unsigned char)md_id; 2308392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p[1] = (unsigned char)sig_id; 2309392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 2310392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2311392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2312392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint tls12_get_sigid(const EVP_PKEY *pk) 2313392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2314392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return tls12_find_id(pk->type, tls12_sig, 2315392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sizeof(tls12_sig)/sizeof(tls12_lookup)); 2316392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2317392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2318392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromconst EVP_MD *tls12_get_hash(unsigned char hash_alg) 2319392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2320392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom switch(hash_alg) 2321392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2322392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_MD5 2323392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_hash_md5: 2324392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_FIPS 2325392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (FIPS_mode()) 2326392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return NULL; 2327392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2328392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return EVP_md5(); 2329392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2330392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SHA 2331392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_hash_sha1: 2332392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return EVP_sha1(); 2333392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2334392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SHA256 2335392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_hash_sha224: 2336392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return EVP_sha224(); 2337392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2338392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_hash_sha256: 2339392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return EVP_sha256(); 2340392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2341392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SHA512 2342392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_hash_sha384: 2343392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return EVP_sha384(); 2344392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2345392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_hash_sha512: 2346392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return EVP_sha512(); 2347392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2348392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom default: 2349392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return NULL; 2350392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2351392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2352392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2353392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2354392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* Set preferred digest for each key type */ 2355392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2356392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) 2357392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2358392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int i, idx; 2359392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const EVP_MD *md; 2360392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom CERT *c = s->cert; 2361392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Extension ignored for TLS versions below 1.2 */ 2362392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (TLS1_get_version(s) < TLS1_2_VERSION) 2363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 2364392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Should never happen */ 2365392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!c) 2366392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 2367392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2368392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL; 2369392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; 2370392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; 2371392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom c->pkeys[SSL_PKEY_ECC].digest = NULL; 2372392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2373392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom for (i = 0; i < dsize; i += 2) 2374392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2375392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned char hash_alg = data[i], sig_alg = data[i+1]; 2376392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2377392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom switch(sig_alg) 2378392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2379392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_RSA 2380392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_signature_rsa: 2381392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom idx = SSL_PKEY_RSA_SIGN; 2382392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 2383392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2384392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_DSA 2385392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_signature_dsa: 2386392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom idx = SSL_PKEY_DSA_SIGN; 2387392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 2388392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2389392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_ECDSA 2390392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_signature_ecdsa: 2391392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom idx = SSL_PKEY_ECC; 2392392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 2393392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2394392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom default: 2395392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom continue; 2396392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2397392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2398392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (c->pkeys[idx].digest == NULL) 2399392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2400392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom md = tls12_get_hash(hash_alg); 2401392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (md) 2402392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2403392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom c->pkeys[idx].digest = md; 2404392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (idx == SSL_PKEY_RSA_SIGN) 2405392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom c->pkeys[SSL_PKEY_RSA_ENC].digest = md; 2406392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2407392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2408392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2410392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2411392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2412392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Set any remaining keys to default values. NOTE: if alg is not 2413392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * supported it stays as NULL. 2414392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 2415392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_DSA 2416392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) 2417392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); 2418392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2419392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_RSA 2420392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) 2421392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2422392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); 2423392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); 2424392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2425392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2426392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_ECDSA 2427392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!c->pkeys[SSL_PKEY_ECC].digest) 2428392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); 2429392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2430392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 2431392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2432392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2433392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2434392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2435392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_HEARTBEATS 2436392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint 2437392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromtls1_process_heartbeat(SSL *s) 2438392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2439392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned char *p = &s->s3->rrec.data[0], *pl; 2440392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned short hbtype; 2441392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned int payload; 2442392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned int padding = 16; /* Use minimum padding */ 2443392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2444392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Read type and payload length first */ 2445392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom hbtype = *p++; 2446392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n2s(p, payload); 2447392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom pl = p; 2448392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2449392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->msg_callback) 2450392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, 2451392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom &s->s3->rrec.data[0], s->s3->rrec.length, 2452392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s, s->msg_callback_arg); 2453392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2454392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (hbtype == TLS1_HB_REQUEST) 2455392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2456392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned char *buffer, *bp; 2457392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int r; 2458392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2459392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Allocate memory for the response, size is 1 bytes 2460392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * message type, plus 2 bytes payload length, plus 2461392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * payload, plus padding 2462392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 2463392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom buffer = OPENSSL_malloc(1 + 2 + payload + padding); 2464392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom bp = buffer; 2465392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2466392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Enter response type, length and copy payload */ 2467392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *bp++ = TLS1_HB_RESPONSE; 2468392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(payload, bp); 2469392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom memcpy(bp, pl, payload); 2470392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom bp += payload; 2471392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Random padding */ 2472392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom RAND_pseudo_bytes(bp, padding); 2473392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2474392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); 2475392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2476392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (r >= 0 && s->msg_callback) 2477392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, 2478392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom buffer, 3 + payload + padding, 2479392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s, s->msg_callback_arg); 2480392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2481392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_free(buffer); 2482392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2483392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (r < 0) 2484392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return r; 2485392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2486392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (hbtype == TLS1_HB_RESPONSE) 2487392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2488392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned int seq; 2489392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2490392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* We only send sequence numbers (2 bytes unsigned int), 2491392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * and 16 random bytes, so we just try to read the 2492392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * sequence number */ 2493392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n2s(pl, seq); 2494392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2495392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (payload == 18 && seq == s->tlsext_hb_seq) 2496392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2497392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_hb_seq++; 2498392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_hb_pending = 0; 2499392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2500392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2501392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 2503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2505392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint 2506392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromtls1_heartbeat(SSL *s) 2507392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2508392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned char *buf, *p; 2509392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int ret; 2510392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned int payload = 18; /* Sequence number + random bytes */ 2511392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned int padding = 16; /* Use minimum padding */ 2512392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2513392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Only send if peer supports and accepts HB requests... */ 2514392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) || 2515392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) 2516392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2517392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT); 2518392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 2519392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2520392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2521392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* ...and there is none in flight yet... */ 2522392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->tlsext_hb_pending) 2523392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2524392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING); 2525392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 2526392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2527392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2528392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* ...and no handshake in progress. */ 2529392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (SSL_in_init(s) || s->in_handshake) 2530392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2531392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE); 2532392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 2533392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2534392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2535392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Check if padding is too long, payload and padding 2536392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * must not exceed 2^14 - 3 = 16381 bytes in total. 2537392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 2538392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_assert(payload + padding <= 16381); 2539392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2540392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Create HeartBeat message, we just use a sequence number 2541392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * as payload to distuingish different messages and add 2542392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * some random stuff. 2543392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * - Message Type, 1 byte 2544392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * - Payload Length, 2 bytes (unsigned int) 2545392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * - Payload, the sequence number (2 bytes uint) 2546392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * - Payload, random bytes (16 bytes uint) 2547392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * - Padding 2548392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 2549392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom buf = OPENSSL_malloc(1 + 2 + payload + padding); 2550392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p = buf; 2551392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Message Type */ 2552392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *p++ = TLS1_HB_REQUEST; 2553392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Payload length (18 bytes here) */ 2554392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(payload, p); 2555392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Sequence number */ 2556392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(s->tlsext_hb_seq, p); 2557392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* 16 random bytes */ 2558392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom RAND_pseudo_bytes(p, 16); 2559392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p += 16; 2560392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Random padding */ 2561392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom RAND_pseudo_bytes(p, padding); 2562392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2563392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); 2564392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (ret >= 0) 2565392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2566392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->msg_callback) 2567392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, 2568392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom buf, 3 + payload + padding, 2569392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s, s->msg_callback_arg); 2570392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2571392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_hb_pending = 1; 2572392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2573392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2574392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_free(buf); 2575392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2576392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return ret; 2577392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2579