t1_lib.c revision 976a034585c7e8ff9dda5ebe032f399b78887f70
1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ssl/t1_lib.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom/* ==================================================================== 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 61221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Redistribution and use in source and binary forms, with or without 62221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * modification, are permitted provided that the following conditions 63221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * are met: 64221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 65221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 1. Redistributions of source code must retain the above copyright 66221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * notice, this list of conditions and the following disclaimer. 67221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 68221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 2. Redistributions in binary form must reproduce the above copyright 69221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * notice, this list of conditions and the following disclaimer in 70221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * the documentation and/or other materials provided with the 71221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * distribution. 72221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 73221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 3. All advertising materials mentioning features or use of this 74221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * software must display the following acknowledgment: 75221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * "This product includes software developed by the OpenSSL Project 76221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 78221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * endorse or promote products derived from this software without 80221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * prior written permission. For written permission, please contact 81221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * openssl-core@openssl.org. 82221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 83221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 5. Products derived from this software may not be called "OpenSSL" 84221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * nor may "OpenSSL" appear in their names without prior written 85221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * permission of the OpenSSL Project. 86221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 87221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 6. Redistributions of any form whatsoever must retain the following 88221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * acknowledgment: 89221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * "This product includes software developed by the OpenSSL Project 90221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 92221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * OF THE POSSIBILITY OF SUCH DAMAGE. 104221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ==================================================================== 105221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 106221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * This product includes cryptographic software written by Eric Young 107221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * (eay@cryptsoft.com). This product includes software written by Tim 108221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Hudson (tjh@cryptsoft.com). 109221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 110221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/evp.h> 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/hmac.h> 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/ocsp.h> 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "ssl_locl.h" 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *sess_id, int sesslen, 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION **psess); 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSSL3_ENC_METHOD TLSv1_enc_data={ 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_enc, 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_mac, 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_setup_key_block, 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_generate_master_secret, 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_change_cipher_state, 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_final_finish_mac, 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project TLS1_FINISH_MAC_LENGTH, 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_cert_verify_mac, 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, 137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tls1_alert_code, 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project }; 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectlong tls1_default_timeout(void) 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 2 hours, the 24 hours mentioned in the TLSv1 spec 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * is way too long for http, the cache would over fill */ 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(60*60*2); 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint tls1_new(SSL *s) 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl3_new(s)) return(0); 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl_clear(s); 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid tls1_free(SSL *s) 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 157221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_TLSEXT 158221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_session_ticket) 159221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 160221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->tlsext_session_ticket); 161221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 162221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_TLSEXT */ 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_free(s); 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid tls1_clear(SSL *s) 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_clear(s); 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=TLS1_VERSION; 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 172221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 173221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int nid_list[] = 174221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 175221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect163k1, /* sect163k1 (1) */ 176221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect163r1, /* sect163r1 (2) */ 177221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect163r2, /* sect163r2 (3) */ 178221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect193r1, /* sect193r1 (4) */ 179221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect193r2, /* sect193r2 (5) */ 180221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect233k1, /* sect233k1 (6) */ 181221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect233r1, /* sect233r1 (7) */ 182221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect239k1, /* sect239k1 (8) */ 183221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect283k1, /* sect283k1 (9) */ 184221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect283r1, /* sect283r1 (10) */ 185221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect409k1, /* sect409k1 (11) */ 186221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect409r1, /* sect409r1 (12) */ 187221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect571k1, /* sect571k1 (13) */ 188221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sect571r1, /* sect571r1 (14) */ 189221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp160k1, /* secp160k1 (15) */ 190221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp160r1, /* secp160r1 (16) */ 191221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp160r2, /* secp160r2 (17) */ 192221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp192k1, /* secp192k1 (18) */ 193221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_X9_62_prime192v1, /* secp192r1 (19) */ 194221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp224k1, /* secp224k1 (20) */ 195221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp224r1, /* secp224r1 (21) */ 196221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp256k1, /* secp256k1 (22) */ 197221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_X9_62_prime256v1, /* secp256r1 (23) */ 198221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp384r1, /* secp384r1 (24) */ 199221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_secp521r1 /* secp521r1 (25) */ 200221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom }; 201221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 202221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint tls1_ec_curve_id2nid(int curve_id) 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 204221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ 205221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((curve_id < 1) || ((unsigned int)curve_id > 206221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(nid_list)/sizeof(nid_list[0]))) 207221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 208221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return nid_list[curve_id-1]; 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 211221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint tls1_ec_nid2curve_id(int nid) 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 213221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ 214221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom switch (nid) 215221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 216221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect163k1: /* sect163k1 (1) */ 217221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 218221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect163r1: /* sect163r1 (2) */ 219221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 2; 220221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect163r2: /* sect163r2 (3) */ 221221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 3; 222221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect193r1: /* sect193r1 (4) */ 223221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 4; 224221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect193r2: /* sect193r2 (5) */ 225221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 5; 226221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect233k1: /* sect233k1 (6) */ 227221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 6; 228221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect233r1: /* sect233r1 (7) */ 229221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 7; 230221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect239k1: /* sect239k1 (8) */ 231221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 8; 232221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect283k1: /* sect283k1 (9) */ 233221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 9; 234221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect283r1: /* sect283r1 (10) */ 235221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 10; 236221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect409k1: /* sect409k1 (11) */ 237221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 11; 238221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect409r1: /* sect409r1 (12) */ 239221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 12; 240221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect571k1: /* sect571k1 (13) */ 241221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 13; 242221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_sect571r1: /* sect571r1 (14) */ 243221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 14; 244221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp160k1: /* secp160k1 (15) */ 245221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 15; 246221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp160r1: /* secp160r1 (16) */ 247221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 16; 248221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp160r2: /* secp160r2 (17) */ 249221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 17; 250221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp192k1: /* secp192k1 (18) */ 251221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 18; 252221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_X9_62_prime192v1: /* secp192r1 (19) */ 253221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 19; 254221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp224k1: /* secp224k1 (20) */ 255221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 20; 256221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp224r1: /* secp224r1 (21) */ 257221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 21; 258221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp256k1: /* secp256k1 (22) */ 259221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 22; 260221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_X9_62_prime256v1: /* secp256r1 (23) */ 261221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 23; 262221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp384r1: /* secp384r1 (24) */ 263221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 24; 264221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case NID_secp521r1: /* secp521r1 (25) */ 265221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 25; 266221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom default: 267221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 268221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 270221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectunsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int extdatalen=0; 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *ret = p; 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 27898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* don't add extensions for SSLv3 unless doing secure renegotiation */ 27998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->client_version == SSL3_VERSION 28098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom && !s->s3->send_connection_binding) 28198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return p; 28298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret+=2; 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret>=limit) return NULL; /* this really never occurs, but ... */ 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_hostname != NULL) 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Add TLS extension servername to the Client Hello message */ 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long size_str; 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long lenmax; 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* check for enough space. 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 4 for the servername type and entension length 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2 for servernamelist length 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1 for the hostname type 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2 for hostname length 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project + hostname length 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((lenmax = limit - ret - 9) < 0 302221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* extension type and length */ 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_server_name,ret); 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(size_str+5,ret); 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* length of servername list */ 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(size_str+3,ret); 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* hostname type, length and hostname */ 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name; 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(size_str,ret); 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(ret, s->tlsext_hostname, size_str); 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret+=size_str; 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 318221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 31998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Add RI if renegotiating */ 32098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->new_session) 32198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 32298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int el; 32398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 32498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) 32598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 32698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 32798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 32898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 32998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 33098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if((limit - p - 4 - el) < 0) return NULL; 33198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 33298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(TLSEXT_TYPE_renegotiate,ret); 33398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(el,ret); 33498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 33598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) 33698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 33798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 33898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 33998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 34098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 34198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ret += el; 34298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 34398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 344221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 345221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL && 346221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 347221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 348221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Add TLS extension ECPointFormats to the ClientHello message */ 349221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long lenmax; 350221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 351221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((lenmax = limit - ret - 5) < 0) return NULL; 352221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; 353221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > 255) 354221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 355221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 356221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 357221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 358221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 359221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_ec_point_formats,ret); 360221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ecpointformatlist_length + 1,ret); 361221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; 362221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 363221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=s->tlsext_ecpointformatlist_length; 364221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 365221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist != NULL && 366221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 367221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 368221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Add TLS extension EllipticCurves to the ClientHello message */ 369221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long lenmax; 370221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 371221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((lenmax = limit - ret - 6) < 0) return NULL; 372221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL; 373221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist_length > 65532) 374221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 375221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 376221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 377221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 378221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 379221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_elliptic_curves,ret); 380221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ellipticcurvelist_length + 2, ret); 381221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 382221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for 383221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * elliptic_curve_list, but the examples use two bytes. 384221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html 385221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * resolves this to two bytes. 386221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 387221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ellipticcurvelist_length, ret); 388221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); 389221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=s->tlsext_ellipticcurvelist_length; 390221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 391221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 392221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ticklen; 39698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!s->new_session && s->session && s->session->tlsext_tick) 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ticklen = s->session->tlsext_ticklen; 398221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (s->session && s->tlsext_session_ticket && 399221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_session_ticket->data) 400221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 401221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ticklen = s->tlsext_session_ticket->length; 402221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_tick = OPENSSL_malloc(ticklen); 403221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!s->session->tlsext_tick) 404221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 405221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(s->session->tlsext_tick, 406221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_session_ticket->data, 407221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ticklen); 408221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_ticklen = ticklen; 409221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ticklen = 0; 412221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ticklen == 0 && s->tlsext_session_ticket && 413221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_session_ticket->data == NULL) 414221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto skip_ext; 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check for enough room 2 for extension type, 2 for len 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * rest for ticket 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 418221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 4 - ticklen) < 0) return NULL; 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_session_ticket,ret); 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(ticklen,ret); 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ticklen) 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(ret, s->session->tlsext_tick, ticklen); 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret += ticklen; 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 427221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom skip_ext: 428221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 429221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 430221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL && 431221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 432221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 433221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t col = s->s3->client_opaque_prf_input_len; 434221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 435221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 6 - col < 0)) 436221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 437221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (col > 0xFFFD) /* can't happen */ 438221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 439221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 440221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_opaque_prf_input, ret); 441221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(col + 2, ret); 442221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(col, ret); 443221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->s3->client_opaque_prf_input, col); 444221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret += col; 445221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 446221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 44898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && 44998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->version != DTLS1_VERSION) 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long extlen, idlen, itmp; 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID *id; 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project idlen = 0; 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project itmp = i2d_OCSP_RESPID(id, NULL); 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (itmp <= 0) 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project idlen += itmp + 2; 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_exts) 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extlen < 0) 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extlen = 0; 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL; 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_status_request, ret); 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extlen + idlen > 0xFFF0) 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extlen + idlen + 5, ret); 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(ret++) = TLSEXT_STATUSTYPE_ocsp; 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(idlen, ret); 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* save position of id len */ 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *q = ret; 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* skip over id len */ 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret += 2; 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project itmp = i2d_OCSP_RESPID(id, &ret); 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* write id len */ 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(itmp, q); 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extlen, ret); 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extlen > 0) 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 497bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 498bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) 499bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 500bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* The client advertises an emtpy extension to indicate its 501bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * support for Next Protocol Negotiation */ 502bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (limit - ret - 4 < 0) 503bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return NULL; 504bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(TLSEXT_TYPE_next_proto_neg,ret); 505bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(0,ret); 506bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 507bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 508bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((extdatalen = ret-p-2)== 0) 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return p; 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extdatalen,p); 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectunsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int extdatalen=0; 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *ret = p; 520bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 521bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen int next_proto_neg_seen; 522bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 52498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* don't add extensions for SSLv3, unless doing secure renegotiation */ 52598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) 52698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return p; 52798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret+=2; 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret>=limit) return NULL; /* this really never occurs, but ... */ 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 533221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 4) < 0) return NULL; 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_server_name,ret); 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(0,ret); 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 53898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 53998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(s->s3->send_connection_binding) 54098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 54198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int el; 54298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 54398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) 54498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 54598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 54698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 54798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 54898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 54998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if((limit - p - 4 - el) < 0) return NULL; 55098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 55198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(TLSEXT_TYPE_renegotiate,ret); 55298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s2n(el,ret); 55398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 55498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) 55598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 55698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 55798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return NULL; 55898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 55998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 56098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ret += el; 56198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 562221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 563221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 564221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL && 565221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 566221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 567221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Add TLS extension ECPointFormats to the ServerHello message */ 568221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long lenmax; 569221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 570221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((lenmax = limit - ret - 5) < 0) return NULL; 571221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; 572221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist_length > 255) 573221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 574221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 575221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 576221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 577221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 578221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_ec_point_formats,ret); 579221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(s->tlsext_ecpointformatlist_length + 1,ret); 580221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; 581221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 582221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=s->tlsext_ecpointformatlist_length; 583221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 584221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 585221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Currently the server should not respond with a SupportedCurves extension */ 586221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 587221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ticket_expected 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 591221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 4) < 0) return NULL; 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_session_ticket,ret); 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(0,ret); 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_status_expected) 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((long)(limit - ret - 4) < 0) return NULL; 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(TLSEXT_TYPE_status_request,ret); 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(0,ret); 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 603221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 604221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input != NULL && 605221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 606221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 607221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t sol = s->s3->server_opaque_prf_input_len; 608221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 609221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((long)(limit - ret - 6 - sol) < 0) 610221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 611221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (sol > 0xFFFD) /* can't happen */ 612221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 613221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 614221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(TLSEXT_TYPE_opaque_prf_input, ret); 615221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(sol + 2, ret); 616221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(sol, ret); 617221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret, s->s3->server_opaque_prf_input, sol); 618221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret += sol; 619221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 620221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 621221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) 622221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) 623221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { const unsigned char cryptopro_ext[36] = { 624221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0xfd, 0xe8, /*65000*/ 625221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x00, 0x20, /*32 bytes length*/ 626221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, 627221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, 628221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, 629221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17}; 630221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (limit-ret<36) return NULL; 631221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(ret,cryptopro_ext,36); 632221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret+=36; 633221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 634221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 635221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 636bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 637bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen next_proto_neg_seen = s->s3->next_proto_neg_seen; 638bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->s3->next_proto_neg_seen = 0; 639bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) 640bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 641bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen const unsigned char *npa; 642bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned int npalen; 643bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen int r; 644bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 645bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg); 646bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (r == SSL_TLSEXT_ERR_OK) 647bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 648bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if ((long)(limit - ret - 4 - npalen) < 0) return NULL; 649bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(TLSEXT_TYPE_next_proto_neg,ret); 650bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s2n(npalen,ret); 651bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen memcpy(ret, npa, npalen); 652bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen ret += npalen; 653bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->s3->next_proto_neg_seen = 1; 654bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 655bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 656bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 657bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((extdatalen = ret-p-2)== 0) 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return p; 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(extdatalen,p); 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short type; 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short size; 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short len; 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *data = *p; 67198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int renegotiate_seen = 0; 67298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done = 0; 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_type = -1; 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data >= (d+n-2)) 67798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,len); 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data > (d+n-len)) 68198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (data <= (d+n-4)) 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,type); 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,size); 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data+size > (d+n)) 68998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 690221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 691221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"Received extension type %d size %d\n",type,size); 692221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_debug_cb) 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_cb(s, 0, type, data, size, 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_arg); 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* The servername extension is treated as follows: 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - Only the hostname type is supported with a maximum length of 255. 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - The servername is rejected if too long or if it contains zeros, 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project in which case an fatal alert is generated. 701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - The servername field is maintained together with the session cache. 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - When a session is resumed, the servername call back invoked in order 703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project to allow the application to position itself to the right context. 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - The servername is acknowledged if it is new for a session or when 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project it is identical to a previously used for the same session. 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project Applications can control the behaviour. They can at any time 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project set a 'desirable' servername for a new SSL object. This can be the 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case for example with HTTPS when a Host: header field is received and 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a renegotiation is requested. In this case, a possible servername 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project presented in the new client hello is only acknowledged if it matches 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project the value of the Host: field. 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if they provide for changing an explicit servername context for the session, 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i.e. when the session has been established with a servername extension. 715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project - On session reconnect, the servername extension may be absent. 716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project*/ 718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == TLSEXT_TYPE_server_name) 720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *sdata; 722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int servname_type; 723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int dsize; 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (size < 2) 726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,dsize); 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size -= 2; 732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize > size ) 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdata = data; 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (dsize > 3) 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project servname_type = *(sdata++); 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(sdata,len); 743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsize -= 3; 744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len > dsize) 746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->servername_done == 0) 751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (servname_type) 752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_NAMETYPE_host_name: 75443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (!s->hit) 755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 75643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if(s->session->tlsext_hostname) 75743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 75843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 75943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 76043c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 76143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (len > TLSEXT_MAXLEN_host_name) 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNRECOGNIZED_NAME; 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 76643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) 76743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 76843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 76943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 77043c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->session->tlsext_hostname, sdata, len); 772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_hostname[len]='\0'; 773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (strlen(s->session->tlsext_hostname) != len) { 774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s->session->tlsext_hostname); 775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_hostname = NULL; 776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNRECOGNIZED_NAME; 777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done = 1; 780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 78343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->servername_done = s->session->tlsext_hostname 78443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom && strlen(s->session->tlsext_hostname) == len 785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; 786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsize -= len; 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize != 0) 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 802221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 803221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 804221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_ec_point_formats && 805221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 806221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 807221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 808221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int ecpointformatlist_length = *(sdata++); 809221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 810221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ecpointformatlist_length != size - 1) 811221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 812221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 813221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 814221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 81543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (!s->hit) 816221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 81743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if(s->session->tlsext_ecpointformatlist) 81843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 819976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom OPENSSL_free(s->session->tlsext_ecpointformatlist); 820976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom s->session->tlsext_ecpointformatlist = NULL; 82143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 82243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ecpointformatlist_length = 0; 82343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) 82443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 82543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 82643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 82743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 82843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; 82943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); 830221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 831221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 832221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); 833221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sdata = s->session->tlsext_ecpointformatlist; 834221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 835221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"%i ",*(sdata++)); 836221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"\n"); 837221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 838221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 839221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_elliptic_curves && 840221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 841221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 842221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 843221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int ellipticcurvelist_length = (*(sdata++) << 8); 844221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ellipticcurvelist_length += (*(sdata++)); 845221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 846221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ellipticcurvelist_length != size - 2) 847221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 848221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 849221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 850221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 85143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (!s->hit) 852221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 85343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if(s->session->tlsext_ellipticcurvelist) 85443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 85543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 85643c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 85743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 85843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ellipticcurvelist_length = 0; 85943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) 86043c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 86143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 86243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 86343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 86443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; 86543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); 866221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 867221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 868221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); 869221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sdata = s->session->tlsext_ellipticcurvelist; 870221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++) 871221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"%i ",*(sdata++)); 872221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"\n"); 873221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 874221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 875221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 876221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 877221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_opaque_prf_input && 878221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 879221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 880221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 881221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 882221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (size < 2) 883221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 884221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 885221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 886221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 887221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n2s(sdata, s->s3->client_opaque_prf_input_len); 888221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input_len != size - 2) 889221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 890221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 891221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 892221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 893221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 894221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 895221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->client_opaque_prf_input); 896221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input_len == 0) 897221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 898221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 899221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); 900221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input == NULL) 901221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 902221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 903221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 904221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 905221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 906221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 907221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_session_ticket) 908221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 909221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tls_session_ticket_ext_cb && 910221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) 911221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 912221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 913221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 914221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 915221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 91698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_renegotiate) 91798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 91898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) 91998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 92098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom renegotiate_seen = 1; 92198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 92298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_status_request && 92398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) 924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (size < 5) 927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_type = *data++; 933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size--; 934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) 935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *sdata; 937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int dsize; 938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Read in responder_id_list */ 939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,dsize); 940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size -= 2; 941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize > size ) 942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (dsize > 0) 947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID *id; 949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int idsize; 950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize < 4) 951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data, idsize); 956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsize -= 2 + idsize; 957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize < 0) 958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdata = data; 963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project data += idsize; 964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = d2i_OCSP_RESPID(NULL, 965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &sdata, idsize); 966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!id) 967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data != sdata) 972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID_free(id); 974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->tlsext_ocsp_ids 978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && !(s->tlsext_ocsp_ids = 979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_OCSP_RESPID_new_null())) 980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID_free(id); 982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_INTERNAL_ERROR; 983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_OCSP_RESPID_push( 986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_ids, id)) 987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPID_free(id); 989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_INTERNAL_ERROR; 990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Read in request_extensions */ 995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,dsize); 996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size -= 2; 997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize > size) 998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdata = data; 1003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsize > 0) 1004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_exts = 1006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d2i_X509_EXTENSIONS(NULL, 1007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &sdata, dsize); 1008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->tlsext_ocsp_exts 1009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || (data + dsize != sdata)) 1010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We don't know what to do with any other type 1017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * so ignore it. 1018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_type = -1; 1021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1022bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 1023bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen else if (type == TLSEXT_TYPE_next_proto_neg && 1024bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->s3->tmp.finish_md_len == 0) 1025bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1026bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* We shouldn't accept this extension on a 1027bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * renegotiation. 1028bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1029bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * s->new_session will be set on renegotiation, but we 1030bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * probably shouldn't rely that it couldn't be set on 1031bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * the initial renegotation too in certain cases (when 1032bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * there's some other reason to disallow resuming an 1033bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * earlier session -- the current code won't be doing 1034bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * anything like that, but this might change). 1035bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1036bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * A valid sign that there's been a previous handshake 1037bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * in this connection is if s->s3->tmp.finish_md_len > 1038bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 0. (We are talking about a check that will happen 1039bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * in the Hello protocol round, well before a new 1040bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * Finished message could have been computed.) */ 1041bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->s3->next_proto_neg_seen = 1; 1042bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1043bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 104498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1045656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* session ticket processed earlier */ 1046221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom data+=size; 1047656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1048221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1049656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *p = data; 105098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 105198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ri_check: 105298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 105398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Need RI if renegotiating */ 105498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 105598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!renegotiate_seen && s->new_session && 105698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) 105798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 105898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom *al = SSL_AD_HANDSHAKE_FAILURE; 105998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, 106098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 106198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 106298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 106398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1067bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 1068bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No 1069bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * elements of zero length are allowed and the set of elements must exactly fill 1070bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * the length of the block. */ 1071bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsenstatic int ssl_next_proto_validate(unsigned char *d, unsigned len) 1072bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1073bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned int off = 0; 1074bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1075bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen while (off < len) 1076bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1077bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (d[off] == 0) 1078bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1079bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen off += d[off]; 1080bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen off++; 1081bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1082bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1083bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return off == len; 1084bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1085bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 1086bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 1088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 108943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom unsigned short length; 1090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short type; 1091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short size; 1092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *data = *p; 1093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int tlsext_servername = 0; 109498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int renegotiate_seen = 0; 1095656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1096656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data >= (d+n-2)) 109798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 1098656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 109943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom n2s(data,length); 110043c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (data+length != d+n) 110143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom { 110243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 110343c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom return 0; 110443c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom } 1105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while(data <= (d+n-4)) 1107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,type); 1109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(data,size); 1110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data+size > (d+n)) 111298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto ri_check; 1113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_debug_cb) 1115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_cb(s, 1, type, data, size, 1116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_arg); 1117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == TLSEXT_TYPE_server_name) 1119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_hostname == NULL || size > 0) 1121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNRECOGNIZED_NAME; 1123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlsext_servername = 1; 1126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1127221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1128221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1129221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_ec_point_formats && 1130221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 1131221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1132221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 1133221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int ecpointformatlist_length = *(sdata++); 1134221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1135221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ecpointformatlist_length != size - 1) 1136221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1137221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_DECODE_ERROR; 1138221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1139221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1140221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_ecpointformatlist_length = 0; 1141221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); 1142221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) 1143221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1144221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 1145221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1146221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1147221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; 1148221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); 1149221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 1150221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist "); 1151221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sdata = s->session->tlsext_ecpointformatlist; 1152221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 1153221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"%i ",*(sdata++)); 1154221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom fprintf(stderr,"\n"); 1155221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1156221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1157221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1158221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (type == TLSEXT_TYPE_session_ticket) 1160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1161221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tls_session_ticket_ext_cb && 1162221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) 1163221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1164221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 1165221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1166221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((SSL_get_options(s) & SSL_OP_NO_TICKET) 1168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || (size > 0)) 1169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNSUPPORTED_EXTENSION; 1171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ticket_expected = 1; 1174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1175221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1176221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (type == TLSEXT_TYPE_opaque_prf_input && 1177221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->version != DTLS1_VERSION) 1178221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1179221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *sdata = data; 1180221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1181221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (size < 2) 1182221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1183221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1184221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1185221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1186221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n2s(sdata, s->s3->server_opaque_prf_input_len); 1187221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input_len != size - 2) 1188221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1189221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = SSL_AD_DECODE_ERROR; 1190221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1191221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1192221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1193221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1194221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->server_opaque_prf_input); 1195221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input_len == 0) 1196221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 1197221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 1198221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len); 1199221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1200221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input == NULL) 1201221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1202221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *al = TLS1_AD_INTERNAL_ERROR; 1203221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1204221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1205221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1206221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 120798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_status_request && 120898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->version != DTLS1_VERSION) 1209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* MUST be empty and only sent if we've requested 1211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * a status request message. 1212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->tlsext_status_type == -1) || (size > 0)) 1214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = TLS1_AD_UNSUPPORTED_EXTENSION; 1216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Set flag to expect CertificateStatus message */ 1219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 1; 1220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1221bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#ifndef OPENSSL_NO_NEXTPROTONEG 1222bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen else if (type == TLSEXT_TYPE_next_proto_neg) 1223bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1224bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned char *selected; 1225bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned char selected_len; 1226bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1227bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* We must have requested it. */ 1228bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if ((s->ctx->next_proto_select_cb == NULL)) 1229bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1230bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_UNSUPPORTED_EXTENSION; 1231bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1232bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1233bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* The data must be valid */ 1234bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (!ssl_next_proto_validate(data, size)) 1235bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1236bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_DECODE_ERROR; 1237bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1238bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1239bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) 1240bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1241bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_INTERNAL_ERROR; 1242bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1243bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1244bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->next_proto_negotiated = OPENSSL_malloc(selected_len); 1245bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (!s->next_proto_negotiated) 1246bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1247bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *al = TLS1_AD_INTERNAL_ERROR; 1248bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return 0; 1249bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1250bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen memcpy(s->next_proto_negotiated, selected, selected_len); 1251bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->next_proto_negotiated_len = selected_len; 1252bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1253bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 125498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (type == TLSEXT_TYPE_renegotiate) 125598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 125698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) 125798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 125898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom renegotiate_seen = 1; 125998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 1260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project data+=size; 1261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data != d+n) 1264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->hit && tlsext_servername == 1) 1270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_hostname) 1272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->tlsext_hostname == NULL) 1274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname); 1276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->session->tlsext_hostname) 1277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_UNRECOGNIZED_NAME; 1279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *al = SSL_AD_DECODE_ERROR; 1285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *p = data; 129198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 129298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ri_check: 129398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 129498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Determine if we need to see RI. Strictly speaking if we want to 129598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * avoid an attack we should *always* see RI even on initial server 129698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * hello because the client doesn't see any renegotiation during an 129798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * attack. However this would mean we could not connect to any server 129898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * which doesn't support RI so for the immediate future tolerate RI 129998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * absence on initial connect only. 130098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom */ 130198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!renegotiate_seen 130298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT) 130398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) 130498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 130598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom *al = SSL_AD_HANDSHAKE_FAILURE; 130698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, 130798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 130898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 130998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 131098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1314221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1315221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint ssl_prepare_clienthello_tlsext(SSL *s) 1316221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1317221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1318221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats 1319221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * and elliptic curves we support. 1320221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1321221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int using_ecc = 0; 1322221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int i; 1323221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *j; 1324221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_k, alg_a; 1325221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s); 1326221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1327221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) 1328221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1329221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); 1330221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1331221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_k = c->algorithm_mkey; 1332221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_a = c->algorithm_auth; 1333221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA))) 1334221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1335221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom using_ecc = 1; 1336221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 1337221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1338221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1339221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom using_ecc = using_ecc && (s->version == TLS1_VERSION); 1340221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (using_ecc) 1341221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1342221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); 1343221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) 1344221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1345221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1346221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1347221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1348221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist_length = 3; 1349221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; 1350221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1351221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1352221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1353221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ 1354221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist); 1355221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ellipticcurvelist_length = sizeof(nid_list)/sizeof(nid_list[0]) * 2; 1356221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) 1357221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1358221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ellipticcurvelist_length = 0; 1359221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1360221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1361221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1362221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 1, j = s->tlsext_ellipticcurvelist; (unsigned int)i <= 1363221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(nid_list)/sizeof(nid_list[0]); i++) 1364221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(i,j); 1365221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1366221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1367221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1368221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1369221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1370221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int r = 1; 1371221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1372221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->ctx->tlsext_opaque_prf_input_callback != 0) 1373221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1374221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); 1375221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!r) 1376221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1377221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1378221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1379221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input != NULL) 1380221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1381221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1382221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->client_opaque_prf_input); 1383221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1384221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input_len == 0) 1385221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 1386221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 1387221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); 1388221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input == NULL) 1389221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1390221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1391221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1392221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1393221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; 1394221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1395221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1396221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (r == 2) 1397221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* at callback's request, insist on receiving an appropriate server opaque PRF input */ 1398221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; 1399221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1400221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1401221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1402221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 1403221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1404221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1405221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint ssl_prepare_serverhello_tlsext(SSL *s) 1406221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1407221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1408221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If we are server and using an ECC cipher suite, send the point formats we support 1409221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * if the client sent us an ECPointsFormat extension. Note that the server is not 1410221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * supposed to send an EllipticCurves extension. 1411221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1412221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1413221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1414221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1415221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); 1416221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); 1417221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1418221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (using_ecc) 1419221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1420221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); 1421221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) 1422221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1423221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); 1424221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1425221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1426221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist_length = 3; 1427221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; 1428221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1429221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1430221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1431221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1432221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1433221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 1434221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1435221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_check_clienthello_tlsext(SSL *s) 1437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=SSL_TLSEXT_ERR_NOACK; 1439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int al = SSL_AD_UNRECOGNIZED_NAME; 1440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1441221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1442221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* The handling of the ECPointFormats extension is done elsewhere, namely in 1443221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ssl3_choose_cipher in s3_lib.c. 1444221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1445221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* The handling of the EllipticCurves extension is done elsewhere, namely in 1446221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ssl3_choose_cipher in s3_lib.c. 1447221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1448221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1449221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 1451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); 1452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If status request then ask callback what to do. 1456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Note: this must be called after servername callbacks in case 1457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the certificate has changed. 1458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1459221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) 1460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int r; 1462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (r) 1464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We don't want to send a status request response */ 1466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_NOACK: 1467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 0; 1468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* status request response should be sent */ 1470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_OK: 1471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_resp) 1472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 1; 1473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 0; 1475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* something bad happened */ 1477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_FATAL: 1478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_INTERNAL_ERROR; 1480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 0; 1485221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1486221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1487221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1488221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* This sort of belongs into ssl_prepare_serverhello_tlsext(), 1489221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * but we might be sending an alert in response to the client hello, 1490221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * so this has to happen here in ssl_check_clienthello_tlsext(). */ 1491221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1492221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int r = 1; 1493221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1494221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->ctx->tlsext_opaque_prf_input_callback != 0) 1495221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1496221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); 1497221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!r) 1498221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1499221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1500221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_INTERNAL_ERROR; 1501221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1502221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1503221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1504221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1505221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1506221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->s3->server_opaque_prf_input); 1507221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = NULL; 1508221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1509221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input != NULL) 1510221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1511221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input != NULL && 1512221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) 1513221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1514221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* can only use this extension if we have a server opaque PRF input 1515221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * of the same length as the client opaque PRF input! */ 1516221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1517221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input_len == 0) 1518221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 1519221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 1520221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); 1521221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input == NULL) 1522221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1523221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1524221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_INTERNAL_ERROR; 1525221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1526221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1527221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; 1528221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1529221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1530221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1531221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (r == 2 && s->s3->server_opaque_prf_input == NULL) 1532221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1533221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* The callback wants to enforce use of the extension, 1534221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * but we can't do that with the client opaque PRF input; 1535221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * abort the handshake. 1536221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1537221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1538221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_HANDSHAKE_FAILURE; 1539221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1540221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1541221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1542221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1543221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom err: 1544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (ret) 1545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_FATAL: 1547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,al); 1548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_WARNING: 1551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_WARNING,al); 1552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_NOACK: 1555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done=0; 1556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 1557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_check_serverhello_tlsext(SSL *s) 1562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=SSL_TLSEXT_ERR_NOACK; 1564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int al = SSL_AD_UNRECOGNIZED_NAME; 1565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1566221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 1567976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom /* If we are client and using an elliptic curve cryptography cipher 1568976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom * suite, then if server returns an EC point formats lists extension 1569976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom * it must contain uncompressed. 1570221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1571221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1572221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1573221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 1574976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && 1575221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) 1576221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1577221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* we are using an ECC cipher */ 1578221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t i; 1579221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *list; 1580221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int found_uncompressed = 0; 1581221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom list = s->session->tlsext_ecpointformatlist; 1582221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 1583221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1584221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) 1585221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1586221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom found_uncompressed = 1; 1587221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 1588221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1589221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1590221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!found_uncompressed) 1591221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1592221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); 1593221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1594221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1595221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1596221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_OK; 1597221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 1598221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 1600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); 1601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1604221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 1605221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input_len > 0) 1606221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1607221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs. 1608221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * So first verify that we really have a value from the server too. */ 1609221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1610221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->server_opaque_prf_input == NULL) 1611221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1612221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1613221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_HANDSHAKE_FAILURE; 1614221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1615221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1616221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Anytime the server *has* sent an opaque PRF input, we need to check 1617221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * that we have a client opaque PRF input of the same size. */ 1618221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->client_opaque_prf_input == NULL || 1619221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) 1620221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1621221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1622221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al = SSL_AD_ILLEGAL_PARAMETER; 1623221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1624221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1625221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1626221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If we've requested certificate status and we wont get one 1628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * tell the callback 1629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) 1631221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom && s->ctx && s->ctx->tlsext_status_cb) 1632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int r; 1634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Set resp to NULL, resplen to -1 so callback knows 1635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * there is no response. 1636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_resp) 1638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s->tlsext_ocsp_resp); 1640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_resp = NULL; 1641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_resplen = -1; 1643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r == 0) 1645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 1647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r < 0) 1650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_INTERNAL_ERROR; 1652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = SSL_TLSEXT_ERR_ALERT_FATAL; 1653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (ret) 1657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_FATAL: 1659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,al); 1660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_ALERT_WARNING: 1663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_WARNING,al); 1664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_TLSEXT_ERR_NOACK: 1667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->servername_done=0; 1668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 1669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Since the server cache lookup is done early on in the processing of client 1674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * hello and other operations depend on the result we need to handle any TLS 1675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * session ticket extension at the same time. 1676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint tls1_process_ticket(SSL *s, unsigned char *session_id, int len, 1679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *limit, SSL_SESSION **ret) 1680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Point after session ID in client hello */ 1682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *p = session_id + len; 1683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short i; 1684e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu 1685e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu /* If tickets disabled behave as if no ticket present 1686e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu * to permit stateful resumption. 1687e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu */ 1688e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (SSL_get_options(s) & SSL_OP_NO_TICKET) 1689e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu return 1; 1690e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu 1691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->version <= SSL3_VERSION) || !limit) 1692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p >= limit) 1694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 169598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Skip past DTLS cookie */ 169698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) 169798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 169898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom i = *(p++); 169998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom p+= i; 170098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (p >= limit) 170198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return -1; 170298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 1703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Skip past cipher list */ 1704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, i); 1705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+= i; 1706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p >= limit) 1707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Skip past compression algorithm list */ 1709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = *(p++); 1710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p += i; 1711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p > limit) 1712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Now at start of extensions */ 1714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p + 2) >= limit) 1715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, i); 1717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while ((p + 4) <= limit) 1718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned short type, size; 1720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, type); 1721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, size); 1722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p + size > limit) 1723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == TLSEXT_TYPE_session_ticket) 1725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1726221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If tickets disabled indicate cache miss which will 1727221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * trigger a full handshake 1728221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1729221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (SSL_get_options(s) & SSL_OP_NO_TICKET) 1730221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 1731e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu /* If zero length note client will accept a ticket 1732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * and indicate cache miss to trigger full handshake 1733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (size == 0) 1735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ticket_expected = 1; 1737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; /* Cache miss */ 1738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1739221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tls_session_secret_cb) 1740221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1741221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Indicate cache miss here and instead of 1742221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * generating the session from ticket now, 1743221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * trigger abbreviated handshake based on 1744221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * external mechanism to calculate the master 1745221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * secret later. */ 1746221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1747221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return tls_decrypt_ticket(s, p, size, session_id, len, 1749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret); 1750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p += size; 1752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, 1757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *sess_id, int sesslen, 1758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION **psess) 1759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION *sess; 1761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *sdec; 1762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *p; 1763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int slen, mlen, renew_ticket = 0; 1764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char tick_hmac[EVP_MAX_MD_SIZE]; 1765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_CTX hctx; 1766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX ctx; 176798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_CTX *tctx = s->initial_ctx; 1768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Need at least keyname + iv + some encrypted data */ 1769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (eticklen < 48) 1770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto tickerr; 1771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Initialize session ticket encryption and HMAC contexts */ 1772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_CTX_init(&hctx); 1773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_init(&ctx); 177498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (tctx->tlsext_ticket_key_cb) 1775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *nctick = (unsigned char *)etick; 177798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, 1778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ctx, &hctx, 0); 1779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv < 0) 1780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == 0) 1782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto tickerr; 1783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == 2) 1784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project renew_ticket = 1; 1785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check key name matches */ 178998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) 1790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto tickerr; 179198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, 1792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlsext_tick_md(), NULL); 1793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, 179498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom tctx->tlsext_tick_aes_key, etick + 16); 1795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Attempt to process session ticket, first conduct sanity and 1797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * integrity checks on ticket. 1798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project mlen = HMAC_size(&hctx); 1800221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (mlen < 0) 1801221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1802221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_CIPHER_CTX_cleanup(&ctx); 1803221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 1804221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project eticklen -= mlen; 1806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check HMAC of encrypted ticket */ 1807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_Update(&hctx, etick, eticklen); 1808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_Final(&hctx, tick_hmac, NULL); 1809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project HMAC_CTX_cleanup(&hctx); 1810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (memcmp(tick_hmac, etick + eticklen, mlen)) 1811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto tickerr; 1812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Attempt to decrypt session data */ 1813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Move p after IV to start of encrypted ticket, update length */ 1814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); 1815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); 1816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sdec = OPENSSL_malloc(eticklen); 1817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sdec) 1818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_cleanup(&ctx); 1820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); 1823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) 1824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto tickerr; 1825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project slen += mlen; 1826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_cleanup(&ctx); 1827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = sdec; 1828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sess = d2i_SSL_SESSION(NULL, &p, slen); 1830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(sdec); 1831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sess) 1832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* The session ID if non-empty is used by some clients to 1834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * detect that the ticket has been accepted. So we copy it to 1835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the session structure. If it is empty set length to zero 1836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as required by standard. 1837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sesslen) 1839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(sess->session_id, sess_id, sesslen); 1840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sess->session_id_length = sesslen; 1841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *psess = sess; 1842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ticket_expected = renew_ticket; 1843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If session decrypt failure indicate a cache miss and set state to 1846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * send a new ticket 1847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tickerr: 1849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ticket_expected = 1; 1850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1854