t1_lib.c revision 7b476c43f6a45574eb34697244b592e7b09f05a3
1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ssl/t1_lib.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom/* ==================================================================== 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 61221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Redistribution and use in source and binary forms, with or without 62221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * modification, are permitted provided that the following conditions 63221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * are met: 64221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 65221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 1. Redistributions of source code must retain the above copyright 66221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * notice, this list of conditions and the following disclaimer. 67221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 68221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 2. Redistributions in binary form must reproduce the above copyright 69221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * notice, this list of conditions and the following disclaimer in 70221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * the documentation and/or other materials provided with the 71221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * distribution. 72221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 73221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 3. All advertising materials mentioning features or use of this 74221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * software must display the following acknowledgment: 75221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * "This product includes software developed by the OpenSSL Project 76221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 78221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * endorse or promote products derived from this software without 80221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * prior written permission. For written permission, please contact 81221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * openssl-core@openssl.org. 82221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 83221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 5. Products derived from this software may not be called "OpenSSL" 84221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * nor may "OpenSSL" appear in their names without prior written 85221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * permission of the OpenSSL Project. 86221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 87221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 6. Redistributions of any form whatsoever must retain the following 88221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * acknowledgment: 89221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * "This product includes software developed by the OpenSSL Project 90221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 92221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * OF THE POSSIBILITY OF SUCH DAMAGE. 104221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ==================================================================== 105221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 106221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * This product includes cryptographic software written by Eric Young 107221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * (eay@cryptsoft.com). This product includes software written by Tim 108221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Hudson (tjh@cryptsoft.com). 109221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 110221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/evp.h> 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/hmac.h> 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/ocsp.h> 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "ssl_locl.h" 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *sess_id, int sesslen, 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION **psess); 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSSL3_ENC_METHOD TLSv1_enc_data={ 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_enc, 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_mac, 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_setup_key_block, 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_generate_master_secret, 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_change_cipher_state, 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_final_finish_mac, 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project TLS1_FINISH_MAC_LENGTH, 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_cert_verify_mac, 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, 137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_alert_code, 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project }; 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectlong tls1_default_timeout(void) 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 2 hours, the 24 hours mentioned in the TLSv1 spec 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * is way too long for http, the cache would over fill */ 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(60*60*2); 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint tls1_new(SSL *s) 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl3_new(s)) return(0); 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl_clear(s); 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid tls1_free(SSL *s) 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 157221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_TLSEXT 158221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_session_ticket) 159221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 160221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->tlsext_session_ticket); 161221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 162221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_TLSEXT */ 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_free(s); 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid tls1_clear(SSL *s) 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_clear(s); 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=TLS1_VERSION; 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 172221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 173221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int nid_list[] = 174221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 175221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect163k1, /* sect163k1 (1) */ 176221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect163r1, /* sect163r1 (2) */ 177221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect163r2, /* sect163r2 (3) */ 178221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect193r1, /* sect193r1 (4) */ 179221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect193r2, /* sect193r2 (5) */ 180221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect233k1, /* sect233k1 (6) */ 181221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect233r1, /* sect233r1 (7) */ 182221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect239k1, /* sect239k1 (8) */ 183221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect283k1, /* sect283k1 (9) */ 184221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect283r1, /* sect283r1 (10) */ 185221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect409k1, /* sect409k1 (11) */ 186221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect409r1, /* sect409r1 (12) */ 187221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect571k1, /* sect571k1 (13) */ 188221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect571r1, /* sect571r1 (14) */ 189221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp160k1, /* secp160k1 (15) */ 190221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp160r1, /* secp160r1 (16) */ 191221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp160r2, /* secp160r2 (17) */ 192221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp192k1, /* secp192k1 (18) */ 193221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_X9_62_prime192v1, /* secp192r1 (19) */ 194221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp224k1, /* secp224k1 (20) */ 195221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp224r1, /* secp224r1 (21) */ 196221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp256k1, /* secp256k1 (22) */ 197221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_X9_62_prime256v1, /* secp256r1 (23) */ 198221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp384r1, /* secp384r1 (24) */ 199221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp521r1 /* secp521r1 (25) */ 200221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom }; 201221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 202221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint tls1_ec_curve_id2nid(int curve_id) 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 204221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ 205221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((curve_id < 1) || ((unsigned int)curve_id > 206221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(nid_list)/sizeof(nid_list[0]))) 207221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 208221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return nid_list[curve_id-1]; 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 211221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint tls1_ec_nid2curve_id(int nid) 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 213221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ 214221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom switch (nid) 215221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 216221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect163k1: /* sect163k1 (1) */ 217221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 218221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect163r1: /* sect163r1 (2) */ 219221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 2; 220221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect163r2: /* sect163r2 (3) */ 221221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 3; 222221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect193r1: /* sect193r1 (4) */ 223221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 4; 224221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect193r2: /* sect193r2 (5) */ 225221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 5; 226221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect233k1: /* sect233k1 (6) */ 227221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 6; 228221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect233r1: /* sect233r1 (7) */ 229221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 7; 230221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect239k1: /* sect239k1 (8) */ 231221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 8; 232221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect283k1: /* sect283k1 (9) */ 233221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 9; 234221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect283r1: /* sect283r1 (10) */ 235221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 10; 236221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect409k1: /* sect409k1 (11) */ 237221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 11; 238221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect409r1: /* sect409r1 (12) */ 239221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 12; 240221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect571k1: /* sect571k1 (13) */ 241221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 13; 242221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect571r1: /* sect571r1 (14) */ 243221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 14; 244221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp160k1: /* secp160k1 (15) */ 245221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 15; 246221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp160r1: /* secp160r1 (16) */ 247221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 16; 248221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp160r2: /* secp160r2 (17) */ 249221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 17; 250221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp192k1: /* secp192k1 (18) */ 251221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 18; 252221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_X9_62_prime192v1: /* secp192r1 (19) */ 253221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 19; 254221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp224k1: /* secp224k1 (20) */ 255221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 20; 256221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp224r1: /* secp224r1 (21) */ 257221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 21; 258221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp256k1: /* secp256k1 (22) */ 259221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 22; 260221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_X9_62_prime256v1: /* secp256r1 (23) */ 261221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 23; 262221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp384r1: /* secp384r1 (24) */ 263221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 24; 264221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp521r1: /* secp521r1 (25) */ 265221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 25; 266221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom default: 267221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 268221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 270221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectunsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int extdatalen=0; 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *ret = p; 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 27898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* don't add extensions for SSLv3 unless doing secure renegotiation */ 27998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->client_version == SSL3_VERSION 28098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom && !s->s3->send_connection_binding) 28198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return p; 28298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret+=2; 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret>=limit) return NULL; /* this really never occurs, but ... */ 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_hostname != NULL) 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Add TLS extension servername to the Client Hello message */ 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long size_str; 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long lenmax; 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* check for enough space. 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 4 for the servername type and entension length 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2 for servernamelist length 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1 for the hostname type 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2 for hostname length 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project + hostname length 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((lenmax = limit - ret - 9) < 0 302221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* extension type and length */ 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_server_name,ret); 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(size_str+5,ret); 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* length of servername list */ 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(size_str+3,ret); 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* hostname type, length and hostname */ 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name; 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(size_str,ret); 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(ret, s->tlsext_hostname, size_str); 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret+=size_str; 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 318221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 31998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Add RI if renegotiating */ 32098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->new_session) 32198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 32298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int el; 32398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 32498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) 32598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 32698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 32798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 32898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 32998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 33098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if((limit - p - 4 - el) < 0) return NULL; 33198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 33298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(TLSEXT_TYPE_renegotiate,ret); 33398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(el,ret); 33498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 33598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) 33698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 33798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 33898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 33998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 34098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 34198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ret += el; 34298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 34398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 344221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 345221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL && 346221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 347221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 348221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Add TLS extension ECPointFormats to the ClientHello message */ 349221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long lenmax; 350221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 351221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((lenmax = limit - ret - 5) < 0) return NULL; 352221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; 353221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > 255) 354221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 355221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 356221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 357221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 358221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 359221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_ec_point_formats,ret); 360221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ecpointformatlist_length + 1,ret); 361221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; 362221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 363221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=s->tlsext_ecpointformatlist_length; 364221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 365221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist != NULL && 366221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 367221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 368221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Add TLS extension EllipticCurves to the ClientHello message */ 369221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long lenmax; 370221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 371221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((lenmax = limit - ret - 6) < 0) return NULL; 372221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL; 373221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist_length > 65532) 374221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 375221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 376221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 377221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 378221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 379221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_elliptic_curves,ret); 380221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ellipticcurvelist_length + 2, ret); 381221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 382221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for 383221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * elliptic_curve_list, but the examples use two bytes. 384221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html 385221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * resolves this to two bytes. 386221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 387221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ellipticcurvelist_length, ret); 388221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); 389221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=s->tlsext_ellipticcurvelist_length; 390221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 391221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 392221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ticklen; 39698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!s->new_session && s->session && s->session->tlsext_tick) 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ticklen = s->session->tlsext_ticklen; 398221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (s->session && s->tlsext_session_ticket && 399221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_session_ticket->data) 400221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 401221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ticklen = s->tlsext_session_ticket->length; 402221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_tick = OPENSSL_malloc(ticklen); 403221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!s->session->tlsext_tick) 404221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 405221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(s->session->tlsext_tick, 406221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_session_ticket->data, 407221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ticklen); 408221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_ticklen = ticklen; 409221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ticklen = 0; 412221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ticklen == 0 && s->tlsext_session_ticket && 413221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_session_ticket->data == NULL) 414221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto skip_ext; 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check for enough room 2 for extension type, 2 for len 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * rest for ticket 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 418221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 4 - ticklen) < 0) return NULL; 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_session_ticket,ret); 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(ticklen,ret); 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ticklen) 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(ret, s->session->tlsext_tick, ticklen); 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret += ticklen; 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 427221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom skip_ext: 428221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 429221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 430221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL && 431221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 432221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 433221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t col = s->s3->client_opaque_prf_input_len; 434221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 435221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 6 - col < 0)) 436221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 437221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (col > 0xFFFD) /* can't happen */ 438221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 439221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 440221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_opaque_prf_input, ret); 441221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(col + 2, ret); 442221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(col, ret); 443221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->s3->client_opaque_prf_input, col); 444221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret += col; 445221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 446221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 44898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && 44998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->version != DTLS1_VERSION) 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long extlen, idlen, itmp; 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID *id; 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project idlen = 0; 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project itmp = i2d_OCSP_RESPID(id, NULL); 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (itmp <= 0) 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project idlen += itmp + 2; 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_exts) 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extlen < 0) 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extlen = 0; 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL; 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_status_request, ret); 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extlen + idlen > 0xFFF0) 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extlen + idlen + 5, ret); 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(ret++) = TLSEXT_STATUSTYPE_ocsp; 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(idlen, ret); 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* save position of id len */ 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *q = ret; 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* skip over id len */ 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret += 2; 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project itmp = i2d_OCSP_RESPID(id, &ret); 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* write id len */ 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(itmp, q); 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extlen, ret); 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extlen > 0) 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 497bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 498bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) 499bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 500bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* The client advertises an emtpy extension to indicate its 501bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * support for Next Protocol Negotiation */ 502bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (limit - ret - 4 < 0) 503bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return NULL; 504bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(TLSEXT_TYPE_next_proto_neg,ret); 505bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(0,ret); 506bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 507bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 508bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((extdatalen = ret-p-2)== 0) 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return p; 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extdatalen,p); 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectunsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int extdatalen=0; 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *ret = p; 520bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 521bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen int next_proto_neg_seen; 522bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 52498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* don't add extensions for SSLv3, unless doing secure renegotiation */ 52598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) 52698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return p; 52798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret+=2; 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret>=limit) return NULL; /* this really never occurs, but ... */ 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 533221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 4) < 0) return NULL; 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_server_name,ret); 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(0,ret); 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 53898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 53998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(s->s3->send_connection_binding) 54098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 54198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int el; 54298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 54398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) 54498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 54598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 54698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 54798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 54898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 54998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if((limit - p - 4 - el) < 0) return NULL; 55098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 55198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(TLSEXT_TYPE_renegotiate,ret); 55298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(el,ret); 55398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 55498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) 55598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 55698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 55798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 55898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 55998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 56098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ret += el; 56198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 562221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 563221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 564221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL && 565221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 566221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 567221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Add TLS extension ECPointFormats to the ServerHello message */ 568221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long lenmax; 569221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 570221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((lenmax = limit - ret - 5) < 0) return NULL; 571221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; 572221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > 255) 573221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 574221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 575221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 576221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 577221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 578221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_ec_point_formats,ret); 579221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ecpointformatlist_length + 1,ret); 580221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; 581221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 582221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=s->tlsext_ecpointformatlist_length; 583221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 584221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 585221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Currently the server should not respond with a SupportedCurves extension */ 586221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 587221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ticket_expected 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 591221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 4) < 0) return NULL; 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_session_ticket,ret); 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(0,ret); 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_status_expected) 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((long)(limit - ret - 4) < 0) return NULL; 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_status_request,ret); 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(0,ret); 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 603221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 604221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input != NULL && 605221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 606221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 607221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t sol = s->s3->server_opaque_prf_input_len; 608221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 609221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 6 - sol) < 0) 610221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 611221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (sol > 0xFFFD) /* can't happen */ 612221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 613221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 614221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_opaque_prf_input, ret); 615221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(sol + 2, ret); 616221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(sol, ret); 617221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->s3->server_opaque_prf_input, sol); 618221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret += sol; 619221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 620221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 621221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) 622221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) 623221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { const unsigned char cryptopro_ext[36] = { 624221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0xfd, 0xe8, /*65000*/ 625221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x00, 0x20, /*32 bytes length*/ 626221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, 627221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, 628221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, 629221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17}; 630221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (limit-ret<36) return NULL; 631221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret,cryptopro_ext,36); 632221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=36; 633221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 634221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 635221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 636bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 637bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen next_proto_neg_seen = s->s3->next_proto_neg_seen; 638bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->s3->next_proto_neg_seen = 0; 639bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) 640bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 641bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen const unsigned char *npa; 642bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned int npalen; 643bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen int r; 644bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 645bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg); 646bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (r == SSL_TLSEXT_ERR_OK) 647bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 648bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if ((long)(limit - ret - 4 - npalen) < 0) return NULL; 649bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(TLSEXT_TYPE_next_proto_neg,ret); 650bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(npalen,ret); 651bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen memcpy(ret, npa, npalen); 652bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen ret += npalen; 653bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->s3->next_proto_neg_seen = 1; 654bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 655bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 656bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 657bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((extdatalen = ret-p-2)== 0) 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return p; 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extdatalen,p); 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short type; 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short size; 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short len; 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *data = *p; 67198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int renegotiate_seen = 0; 67298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done = 0; 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_type = -1; 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data >= (d+n-2)) 67798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,len); 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data > (d+n-len)) 68198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (data <= (d+n-4)) 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,type); 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,size); 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data+size > (d+n)) 68998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 690221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 691221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"Received extension type %d size %d\n",type,size); 692221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_debug_cb) 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_cb(s, 0, type, data, size, 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_arg); 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* The servername extension is treated as follows: 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - Only the hostname type is supported with a maximum length of 255. 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - The servername is rejected if too long or if it contains zeros, 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project in which case an fatal alert is generated. 701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - The servername field is maintained together with the session cache. 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - When a session is resumed, the servername call back invoked in order 703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project to allow the application to position itself to the right context. 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - The servername is acknowledged if it is new for a session or when 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project it is identical to a previously used for the same session. 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project Applications can control the behaviour. They can at any time 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project set a 'desirable' servername for a new SSL object. This can be the 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case for example with HTTPS when a Host: header field is received and 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a renegotiation is requested. In this case, a possible servername 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project presented in the new client hello is only acknowledged if it matches 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project the value of the Host: field. 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if they provide for changing an explicit servername context for the session, 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i.e. when the session has been established with a servername extension. 715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - On session reconnect, the servername extension may be absent. 716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project*/ 718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == TLSEXT_TYPE_server_name) 720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *sdata; 722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int servname_type; 723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int dsize; 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (size < 2) 726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,dsize); 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size -= 2; 732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize > size ) 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdata = data; 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (dsize > 3) 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project servname_type = *(sdata++); 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(sdata,len); 743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsize -= 3; 744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len > dsize) 746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->servername_done == 0) 751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (servname_type) 752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_NAMETYPE_host_name: 75443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (!s->hit) 755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 75643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if(s->session->tlsext_hostname) 75743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 75843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 75943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 76043c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 76143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (len > TLSEXT_MAXLEN_host_name) 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNRECOGNIZED_NAME; 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 76643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) 76743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 76843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 76943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 77043c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->session->tlsext_hostname, sdata, len); 772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_hostname[len]='\0'; 773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (strlen(s->session->tlsext_hostname) != len) { 774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s->session->tlsext_hostname); 775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_hostname = NULL; 776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNRECOGNIZED_NAME; 777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done = 1; 780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 78343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->servername_done = s->session->tlsext_hostname 78443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom && strlen(s->session->tlsext_hostname) == len 785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; 786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsize -= len; 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize != 0) 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 802221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 803221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 804221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_ec_point_formats && 805221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 806221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 807221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 808221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int ecpointformatlist_length = *(sdata++); 809221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 810221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ecpointformatlist_length != size - 1) 811221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 812221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 813221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 814221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 81543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (!s->hit) 816221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 81743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if(s->session->tlsext_ecpointformatlist) 81843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 819976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom OPENSSL_free(s->session->tlsext_ecpointformatlist); 820976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom s->session->tlsext_ecpointformatlist = NULL; 82143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 82243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ecpointformatlist_length = 0; 82343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) 82443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 82543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 82643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 82743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 82843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; 82943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); 830221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 831221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 832221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); 833221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sdata = s->session->tlsext_ecpointformatlist; 834221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 835221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"%i ",*(sdata++)); 836221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"\n"); 837221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 838221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 839221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_elliptic_curves && 840221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 841221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 842221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 843221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int ellipticcurvelist_length = (*(sdata++) << 8); 844221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ellipticcurvelist_length += (*(sdata++)); 845221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 846221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ellipticcurvelist_length != size - 2) 847221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 848221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 849221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 850221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 85143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (!s->hit) 852221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 85343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if(s->session->tlsext_ellipticcurvelist) 85443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 85543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 85643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 85743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 85843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ellipticcurvelist_length = 0; 85943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) 86043c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 86143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 86243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 86343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 86443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; 86543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); 866221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 867221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 868221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); 869221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sdata = s->session->tlsext_ellipticcurvelist; 870221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++) 871221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"%i ",*(sdata++)); 872221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"\n"); 873221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 874221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 875221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 876221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 877221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_opaque_prf_input && 878221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 879221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 880221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 881221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 882221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (size < 2) 883221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 884221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 885221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 886221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 887221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n2s(sdata, s->s3->client_opaque_prf_input_len); 888221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input_len != size - 2) 889221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 890221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 891221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 892221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 893221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 894221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 895221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->client_opaque_prf_input); 896221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input_len == 0) 897221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 898221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 899221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); 900221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input == NULL) 901221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 902221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 903221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 904221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 905221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 906221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 907221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_session_ticket) 908221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 909221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tls_session_ticket_ext_cb && 910221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) 911221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 912221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 913221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 914221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 915221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 91698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_renegotiate) 91798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 91898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) 91998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 92098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom renegotiate_seen = 1; 92198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 92298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_status_request && 92398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) 924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (size < 5) 927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_type = *data++; 933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size--; 934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) 935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *sdata; 937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int dsize; 938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Read in responder_id_list */ 939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,dsize); 940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size -= 2; 941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize > size ) 942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (dsize > 0) 947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID *id; 949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int idsize; 950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize < 4) 951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data, idsize); 956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsize -= 2 + idsize; 95781c4de7869b646592127e952cda763abf8305069Brian Carlstrom size -= 2 + idsize; 958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize < 0) 959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdata = data; 964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project data += idsize; 965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = d2i_OCSP_RESPID(NULL, 966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &sdata, idsize); 967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!id) 968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data != sdata) 973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID_free(id); 975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->tlsext_ocsp_ids 979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && !(s->tlsext_ocsp_ids = 980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_OCSP_RESPID_new_null())) 981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID_free(id); 983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_INTERNAL_ERROR; 984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_OCSP_RESPID_push( 987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_ids, id)) 988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID_free(id); 990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_INTERNAL_ERROR; 991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Read in request_extensions */ 99681c4de7869b646592127e952cda763abf8305069Brian Carlstrom if (size < 2) 99781c4de7869b646592127e952cda763abf8305069Brian Carlstrom { 99881c4de7869b646592127e952cda763abf8305069Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 99981c4de7869b646592127e952cda763abf8305069Brian Carlstrom return 0; 100081c4de7869b646592127e952cda763abf8305069Brian Carlstrom } 1001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,dsize); 1002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size -= 2; 100381c4de7869b646592127e952cda763abf8305069Brian Carlstrom if (dsize != size) 1004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdata = data; 1009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize > 0) 1010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 10117b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom if (s->tlsext_ocsp_exts) 10127b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom { 10137b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 10147b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom X509_EXTENSION_free); 10157b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom } 10167b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom 1017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_exts = 1018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d2i_X509_EXTENSIONS(NULL, 1019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &sdata, dsize); 1020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->tlsext_ocsp_exts 1021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || (data + dsize != sdata)) 1022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We don't know what to do with any other type 1029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * so ignore it. 1030656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1031656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1032656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_type = -1; 1033656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1034bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 1035bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen else if (type == TLSEXT_TYPE_next_proto_neg && 1036bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->s3->tmp.finish_md_len == 0) 1037bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1038bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* We shouldn't accept this extension on a 1039bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * renegotiation. 1040bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1041bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * s->new_session will be set on renegotiation, but we 1042bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * probably shouldn't rely that it couldn't be set on 1043bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * the initial renegotation too in certain cases (when 1044bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * there's some other reason to disallow resuming an 1045bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * earlier session -- the current code won't be doing 1046bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * anything like that, but this might change). 1047bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1048bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * A valid sign that there's been a previous handshake 1049bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * in this connection is if s->s3->tmp.finish_md_len > 1050bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 0. (We are talking about a check that will happen 1051bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * in the Hello protocol round, well before a new 1052bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * Finished message could have been computed.) */ 1053bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->s3->next_proto_neg_seen = 1; 1054bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1055bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 105698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* session ticket processed earlier */ 1058221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom data+=size; 1059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1060221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *p = data; 106298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 106398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ri_check: 106498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 106598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Need RI if renegotiating */ 106698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 106798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!renegotiate_seen && s->new_session && 106898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) 106998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 107098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom *al = SSL_AD_HANDSHAKE_FAILURE; 107198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, 107298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 107398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 107498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 107598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1079bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 1080bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No 1081bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * elements of zero length are allowed and the set of elements must exactly fill 1082bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * the length of the block. */ 1083bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsenstatic int ssl_next_proto_validate(unsigned char *d, unsigned len) 1084bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1085bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned int off = 0; 1086bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1087bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen while (off < len) 1088bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1089bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (d[off] == 0) 1090bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1091bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen off += d[off]; 1092bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen off++; 1093bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1094bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1095bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return off == len; 1096bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1097bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 1098bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1099656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 1100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 110143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom unsigned short length; 1102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short type; 1103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short size; 1104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *data = *p; 1105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int tlsext_servername = 0; 110698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int renegotiate_seen = 0; 1107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data >= (d+n-2)) 110998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 1110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 111143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom n2s(data,length); 111243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (data+length != d+n) 111343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 111443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 111543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 111643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 1117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while(data <= (d+n-4)) 1119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,type); 1121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,size); 1122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data+size > (d+n)) 112498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 1125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_debug_cb) 1127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_cb(s, 1, type, data, size, 1128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_arg); 1129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == TLSEXT_TYPE_server_name) 1131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_hostname == NULL || size > 0) 1133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNRECOGNIZED_NAME; 1135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlsext_servername = 1; 1138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1139221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1140221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1141221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_ec_point_formats && 1142221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 1143221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1144221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 1145221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int ecpointformatlist_length = *(sdata++); 1146221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1147221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ecpointformatlist_length != size - 1) 1148221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1149221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 1150221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1151221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1152221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_ecpointformatlist_length = 0; 1153221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); 1154221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) 1155221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1156221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 1157221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1158221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1159221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; 1160221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); 1161221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 1162221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist "); 1163221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sdata = s->session->tlsext_ecpointformatlist; 1164221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 1165221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"%i ",*(sdata++)); 1166221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"\n"); 1167221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1168221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1169221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1170221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (type == TLSEXT_TYPE_session_ticket) 1172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1173221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tls_session_ticket_ext_cb && 1174221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) 1175221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1176221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 1177221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1178221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((SSL_get_options(s) & SSL_OP_NO_TICKET) 1180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || (size > 0)) 1181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNSUPPORTED_EXTENSION; 1183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ticket_expected = 1; 1186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1187221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1188221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_opaque_prf_input && 1189221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 1190221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1191221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 1192221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1193221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (size < 2) 1194221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1195221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1196221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1197221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1198221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n2s(sdata, s->s3->server_opaque_prf_input_len); 1199221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input_len != size - 2) 1200221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1201221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1202221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1203221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1204221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1205221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1206221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->server_opaque_prf_input); 1207221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input_len == 0) 1208221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 1209221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 1210221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len); 1211221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1212221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input == NULL) 1213221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1214221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 1215221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1216221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1217221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1218221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 121998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_status_request && 122098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->version != DTLS1_VERSION) 1221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* MUST be empty and only sent if we've requested 1223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * a status request message. 1224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->tlsext_status_type == -1) || (size > 0)) 1226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNSUPPORTED_EXTENSION; 1228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Set flag to expect CertificateStatus message */ 1231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 1; 1232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1233bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 1234bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen else if (type == TLSEXT_TYPE_next_proto_neg) 1235bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1236bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned char *selected; 1237bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned char selected_len; 1238bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1239bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* We must have requested it. */ 1240bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if ((s->ctx->next_proto_select_cb == NULL)) 1241bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1242bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_UNSUPPORTED_EXTENSION; 1243bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1244bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1245bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* The data must be valid */ 1246bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (!ssl_next_proto_validate(data, size)) 1247bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1248bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_DECODE_ERROR; 1249bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1250bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1251bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) 1252bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1253bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_INTERNAL_ERROR; 1254bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1255bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1256bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->next_proto_negotiated = OPENSSL_malloc(selected_len); 1257bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (!s->next_proto_negotiated) 1258bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1259bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_INTERNAL_ERROR; 1260bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1261bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1262bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen memcpy(s->next_proto_negotiated, selected, selected_len); 1263bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->next_proto_negotiated_len = selected_len; 1264bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1265bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 126698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_renegotiate) 126798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 126898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) 126998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 127098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom renegotiate_seen = 1; 127198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 1272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project data+=size; 1273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data != d+n) 1276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->hit && tlsext_servername == 1) 1282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_hostname) 1284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->tlsext_hostname == NULL) 1286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname); 1288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->session->tlsext_hostname) 1289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_UNRECOGNIZED_NAME; 1291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *p = data; 130398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 130498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ri_check: 130598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 130698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Determine if we need to see RI. Strictly speaking if we want to 130798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * avoid an attack we should *always* see RI even on initial server 130898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * hello because the client doesn't see any renegotiation during an 130998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * attack. However this would mean we could not connect to any server 131098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * which doesn't support RI so for the immediate future tolerate RI 131198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * absence on initial connect only. 131298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom */ 131398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!renegotiate_seen 131498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT) 131598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) 131698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 131798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom *al = SSL_AD_HANDSHAKE_FAILURE; 131898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, 131998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 132098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 132198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 132298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1326221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1327221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint ssl_prepare_clienthello_tlsext(SSL *s) 1328221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1329221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1330221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats 1331221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * and elliptic curves we support. 1332221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1333221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int using_ecc = 0; 1334221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int i; 1335221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *j; 1336221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_k, alg_a; 1337221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s); 1338221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1339221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) 1340221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1341221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); 1342221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1343221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_k = c->algorithm_mkey; 1344221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_a = c->algorithm_auth; 1345221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA))) 1346221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1347221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom using_ecc = 1; 1348221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 1349221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1350221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1351221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom using_ecc = using_ecc && (s->version == TLS1_VERSION); 1352221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (using_ecc) 1353221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1354221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); 1355221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) 1356221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1357221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1358221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1359221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1360221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist_length = 3; 1361221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; 1362221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1363221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1364221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1365221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ 1366221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist); 1367221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ellipticcurvelist_length = sizeof(nid_list)/sizeof(nid_list[0]) * 2; 1368221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) 1369221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1370221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ellipticcurvelist_length = 0; 1371221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1372221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1373221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1374221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 1, j = s->tlsext_ellipticcurvelist; (unsigned int)i <= 1375221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(nid_list)/sizeof(nid_list[0]); i++) 1376221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(i,j); 1377221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1378221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1379221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1380221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1381221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1382221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int r = 1; 1383221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1384221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->ctx->tlsext_opaque_prf_input_callback != 0) 1385221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1386221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); 1387221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!r) 1388221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1389221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1390221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1391221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input != NULL) 1392221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1393221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1394221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->client_opaque_prf_input); 1395221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1396221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input_len == 0) 1397221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 1398221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 1399221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); 1400221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input == NULL) 1401221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1402221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1403221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1404221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1405221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; 1406221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1407221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1408221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (r == 2) 1409221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* at callback's request, insist on receiving an appropriate server opaque PRF input */ 1410221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; 1411221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1412221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1413221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1414221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 1415221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1416221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1417221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint ssl_prepare_serverhello_tlsext(SSL *s) 1418221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1419221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1420221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If we are server and using an ECC cipher suite, send the point formats we support 1421221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * if the client sent us an ECPointsFormat extension. Note that the server is not 1422221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * supposed to send an EllipticCurves extension. 1423221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1424221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1425221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1426221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1427221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); 1428221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); 1429221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1430221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (using_ecc) 1431221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1432221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); 1433221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) 1434221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1435221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1436221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1437221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1438221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist_length = 3; 1439221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; 1440221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1441221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1442221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1443221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1444221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1445221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 1446221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1447221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_check_clienthello_tlsext(SSL *s) 1449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=SSL_TLSEXT_ERR_NOACK; 1451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int al = SSL_AD_UNRECOGNIZED_NAME; 1452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1453221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1454221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* The handling of the ECPointFormats extension is done elsewhere, namely in 1455221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ssl3_choose_cipher in s3_lib.c. 1456221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1457221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* The handling of the EllipticCurves extension is done elsewhere, namely in 1458221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ssl3_choose_cipher in s3_lib.c. 1459221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1460221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1461221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 1463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); 1464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If status request then ask callback what to do. 1468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Note: this must be called after servername callbacks in case 1469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the certificate has changed. 1470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1471221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) 1472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int r; 1474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (r) 1476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We don't want to send a status request response */ 1478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_NOACK: 1479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 0; 1480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* status request response should be sent */ 1482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_OK: 1483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_resp) 1484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 1; 1485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 0; 1487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* something bad happened */ 1489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_FATAL: 1490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_INTERNAL_ERROR; 1492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 0; 1497221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1498221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1499221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1500221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* This sort of belongs into ssl_prepare_serverhello_tlsext(), 1501221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * but we might be sending an alert in response to the client hello, 1502221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * so this has to happen here in ssl_check_clienthello_tlsext(). */ 1503221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1504221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int r = 1; 1505221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1506221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->ctx->tlsext_opaque_prf_input_callback != 0) 1507221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1508221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); 1509221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!r) 1510221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1511221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1512221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_INTERNAL_ERROR; 1513221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1514221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1515221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1516221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1517221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1518221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->server_opaque_prf_input); 1519221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = NULL; 1520221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1521221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input != NULL) 1522221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1523221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL && 1524221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) 1525221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1526221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* can only use this extension if we have a server opaque PRF input 1527221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * of the same length as the client opaque PRF input! */ 1528221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1529221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input_len == 0) 1530221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 1531221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 1532221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); 1533221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input == NULL) 1534221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1535221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1536221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_INTERNAL_ERROR; 1537221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1538221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1539221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; 1540221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1541221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1542221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1543221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (r == 2 && s->s3->server_opaque_prf_input == NULL) 1544221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1545221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* The callback wants to enforce use of the extension, 1546221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * but we can't do that with the client opaque PRF input; 1547221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * abort the handshake. 1548221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1549221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1550221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_HANDSHAKE_FAILURE; 1551221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1552221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1553221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1554221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1555221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom err: 1556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (ret) 1557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_FATAL: 1559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,al); 1560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_WARNING: 1563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_WARNING,al); 1564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_NOACK: 1567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done=0; 1568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 1569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_check_serverhello_tlsext(SSL *s) 1574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=SSL_TLSEXT_ERR_NOACK; 1576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int al = SSL_AD_UNRECOGNIZED_NAME; 1577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1578221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1579976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom /* If we are client and using an elliptic curve cryptography cipher 1580976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom * suite, then if server returns an EC point formats lists extension 1581976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom * it must contain uncompressed. 1582221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1583221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1584221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1585221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 1586976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && 1587221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) 1588221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1589221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* we are using an ECC cipher */ 1590221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t i; 1591221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *list; 1592221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int found_uncompressed = 0; 1593221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom list = s->session->tlsext_ecpointformatlist; 1594221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 1595221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1596221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) 1597221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1598221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom found_uncompressed = 1; 1599221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 1600221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1601221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1602221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!found_uncompressed) 1603221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1604221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); 1605221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1606221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1607221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1608221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_OK; 1609221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1610221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 1612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); 1613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1616221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1617221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input_len > 0) 1618221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1619221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs. 1620221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * So first verify that we really have a value from the server too. */ 1621221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1622221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input == NULL) 1623221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1624221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1625221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_HANDSHAKE_FAILURE; 1626221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1627221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1628221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Anytime the server *has* sent an opaque PRF input, we need to check 1629221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * that we have a client opaque PRF input of the same size. */ 1630221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input == NULL || 1631221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) 1632221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1633221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1634221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_ILLEGAL_PARAMETER; 1635221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1636221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1637221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1638221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If we've requested certificate status and we wont get one 1640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * tell the callback 1641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) 1643221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom && s->ctx && s->ctx->tlsext_status_cb) 1644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int r; 1646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Set resp to NULL, resplen to -1 so callback knows 1647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * there is no response. 1648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_resp) 1650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s->tlsext_ocsp_resp); 1652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_resp = NULL; 1653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_resplen = -1; 1655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r == 0) 1657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 1659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r < 0) 1662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_INTERNAL_ERROR; 1664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (ret) 1669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_FATAL: 1671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,al); 1672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_WARNING: 1675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_WARNING,al); 1676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_NOACK: 1679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done=0; 1680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 1681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Since the server cache lookup is done early on in the processing of client 1686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * hello and other operations depend on the result we need to handle any TLS 1687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * session ticket extension at the same time. 1688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint tls1_process_ticket(SSL *s, unsigned char *session_id, int len, 1691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *limit, SSL_SESSION **ret) 1692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Point after session ID in client hello */ 1694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *p = session_id + len; 1695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short i; 1696e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu 1697e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu /* If tickets disabled behave as if no ticket present 1698e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu * to permit stateful resumption. 1699e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu */ 1700e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (SSL_get_options(s) & SSL_OP_NO_TICKET) 1701e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu return 1; 1702e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu 1703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->version <= SSL3_VERSION) || !limit) 1704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p >= limit) 1706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 170798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Skip past DTLS cookie */ 170898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) 170998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 171098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom i = *(p++); 171198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom p+= i; 171298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (p >= limit) 171398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return -1; 171498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 1715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Skip past cipher list */ 1716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, i); 1717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+= i; 1718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p >= limit) 1719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Skip past compression algorithm list */ 1721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = *(p++); 1722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p += i; 1723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p > limit) 1724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Now at start of extensions */ 1726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p + 2) >= limit) 1727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, i); 1729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while ((p + 4) <= limit) 1730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short type, size; 1732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, type); 1733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, size); 1734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p + size > limit) 1735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == TLSEXT_TYPE_session_ticket) 1737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1738221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If tickets disabled indicate cache miss which will 1739221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * trigger a full handshake 1740221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1741221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (SSL_get_options(s) & SSL_OP_NO_TICKET) 1742221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 1743e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu /* If zero length note client will accept a ticket 1744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * and indicate cache miss to trigger full handshake 1745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (size == 0) 1747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ticket_expected = 1; 1749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; /* Cache miss */ 1750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1751221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tls_session_secret_cb) 1752221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1753221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Indicate cache miss here and instead of 1754221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * generating the session from ticket now, 1755221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * trigger abbreviated handshake based on 1756221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * external mechanism to calculate the master 1757221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * secret later. */ 1758221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1759221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return tls_decrypt_ticket(s, p, size, session_id, len, 1761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret); 1762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p += size; 1764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, 1769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *sess_id, int sesslen, 1770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION **psess) 1771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION *sess; 1773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *sdec; 1774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *p; 1775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int slen, mlen, renew_ticket = 0; 1776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char tick_hmac[EVP_MAX_MD_SIZE]; 1777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_CTX hctx; 1778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX ctx; 177998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_CTX *tctx = s->initial_ctx; 1780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Need at least keyname + iv + some encrypted data */ 1781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (eticklen < 48) 1782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto tickerr; 1783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Initialize session ticket encryption and HMAC contexts */ 1784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_CTX_init(&hctx); 1785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_init(&ctx); 178698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (tctx->tlsext_ticket_key_cb) 1787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *nctick = (unsigned char *)etick; 178998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, 1790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ctx, &hctx, 0); 1791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv < 0) 1792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == 0) 1794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto tickerr; 1795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == 2) 1796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project renew_ticket = 1; 1797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check key name matches */ 180198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) 1802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto tickerr; 180398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, 1804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlsext_tick_md(), NULL); 1805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, 180698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom tctx->tlsext_tick_aes_key, etick + 16); 1807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Attempt to process session ticket, first conduct sanity and 1809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * integrity checks on ticket. 1810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project mlen = HMAC_size(&hctx); 1812221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (mlen < 0) 1813221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1814221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_CIPHER_CTX_cleanup(&ctx); 1815221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1816221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project eticklen -= mlen; 1818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check HMAC of encrypted ticket */ 1819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_Update(&hctx, etick, eticklen); 1820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_Final(&hctx, tick_hmac, NULL); 1821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_CTX_cleanup(&hctx); 1822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (memcmp(tick_hmac, etick + eticklen, mlen)) 1823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto tickerr; 1824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Attempt to decrypt session data */ 1825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Move p after IV to start of encrypted ticket, update length */ 1826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); 1827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); 1828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdec = OPENSSL_malloc(eticklen); 1829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sdec) 1830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_cleanup(&ctx); 1832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); 1835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) 1836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto tickerr; 1837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project slen += mlen; 1838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_cleanup(&ctx); 1839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = sdec; 1840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sess = d2i_SSL_SESSION(NULL, &p, slen); 1842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(sdec); 1843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sess) 1844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* The session ID if non-empty is used by some clients to 1846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * detect that the ticket has been accepted. So we copy it to 1847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the session structure. If it is empty set length to zero 1848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as required by standard. 1849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sesslen) 1851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(sess->session_id, sess_id, sesslen); 1852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sess->session_id_length = sesslen; 1853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *psess = sess; 1854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ticket_expected = renew_ticket; 1855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If session decrypt failure indicate a cache miss and set state to 1858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * send a new ticket 1859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tickerr: 1861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ticket_expected = 1; 1862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1866