1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57 #include <openssl/ssl.h> 58 59 #include <assert.h> 60 #include <string.h> 61 62 #include <openssl/buf.h> 63 64 #include "../crypto/internal.h" 65 #include "internal.h" 66 67 68 namespace bssl { 69 70 static void ssl3_on_handshake_complete(SSL *ssl) { 71 // The handshake should have released its final message. 72 assert(!ssl->s3->has_message); 73 74 // During the handshake, |hs_buf| is retained. Release if it there is no 75 // excess in it. There may be excess left if there server sent Finished and 76 // HelloRequest in the same record. 77 // 78 // TODO(davidben): SChannel does not support this. Reject this case. 79 if (ssl->s3->hs_buf && ssl->s3->hs_buf->length == 0) { 80 ssl->s3->hs_buf.reset(); 81 } 82 } 83 84 static bool ssl3_set_read_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) { 85 // Cipher changes are forbidden if the current epoch has leftover data. 86 if (tls_has_unprocessed_handshake_data(ssl)) { 87 OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE); 88 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 89 return false; 90 } 91 92 OPENSSL_memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence)); 93 ssl->s3->aead_read_ctx = std::move(aead_ctx); 94 return true; 95 } 96 97 static bool ssl3_set_write_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) { 98 OPENSSL_memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence)); 99 ssl->s3->aead_write_ctx = std::move(aead_ctx); 100 return true; 101 } 102 103 static const SSL_PROTOCOL_METHOD kTLSProtocolMethod = { 104 false /* is_dtls */, 105 ssl3_new, 106 ssl3_free, 107 ssl3_get_message, 108 ssl3_next_message, 109 ssl3_open_handshake, 110 ssl3_open_change_cipher_spec, 111 ssl3_open_app_data, 112 ssl3_write_app_data, 113 ssl3_dispatch_alert, 114 ssl3_init_message, 115 ssl3_finish_message, 116 ssl3_add_message, 117 ssl3_add_change_cipher_spec, 118 ssl3_add_alert, 119 ssl3_flush_flight, 120 ssl3_on_handshake_complete, 121 ssl3_set_read_state, 122 ssl3_set_write_state, 123 }; 124 125 static int ssl_noop_x509_check_client_CA_names( 126 STACK_OF(CRYPTO_BUFFER) *names) { 127 return 1; 128 } 129 130 static void ssl_noop_x509_clear(CERT *cert) {} 131 static void ssl_noop_x509_free(CERT *cert) {} 132 static void ssl_noop_x509_dup(CERT *new_cert, const CERT *cert) {} 133 static void ssl_noop_x509_flush_cached_leaf(CERT *cert) {} 134 static void ssl_noop_x509_flush_cached_chain(CERT *cert) {} 135 static int ssl_noop_x509_session_cache_objects(SSL_SESSION *sess) { 136 return 1; 137 } 138 static int ssl_noop_x509_session_dup(SSL_SESSION *new_session, 139 const SSL_SESSION *session) { 140 return 1; 141 } 142 static void ssl_noop_x509_session_clear(SSL_SESSION *session) {} 143 static int ssl_noop_x509_session_verify_cert_chain(SSL_SESSION *session, 144 SSL *ssl, 145 uint8_t *out_alert) { 146 return 0; 147 } 148 149 static void ssl_noop_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE *hs) {} 150 static int ssl_noop_x509_ssl_new(SSL *ctx) { return 1; } 151 static void ssl_noop_x509_ssl_free(SSL *ctx) { } 152 static void ssl_noop_x509_ssl_flush_cached_client_CA(SSL *ssl) {} 153 static int ssl_noop_x509_ssl_auto_chain_if_needed(SSL *ssl) { return 1; } 154 static int ssl_noop_x509_ssl_ctx_new(SSL_CTX *ctx) { return 1; } 155 static void ssl_noop_x509_ssl_ctx_free(SSL_CTX *ctx) { } 156 static void ssl_noop_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {} 157 158 const SSL_X509_METHOD ssl_noop_x509_method = { 159 ssl_noop_x509_check_client_CA_names, 160 ssl_noop_x509_clear, 161 ssl_noop_x509_free, 162 ssl_noop_x509_dup, 163 ssl_noop_x509_flush_cached_chain, 164 ssl_noop_x509_flush_cached_leaf, 165 ssl_noop_x509_session_cache_objects, 166 ssl_noop_x509_session_dup, 167 ssl_noop_x509_session_clear, 168 ssl_noop_x509_session_verify_cert_chain, 169 ssl_noop_x509_hs_flush_cached_ca_names, 170 ssl_noop_x509_ssl_new, 171 ssl_noop_x509_ssl_free, 172 ssl_noop_x509_ssl_flush_cached_client_CA, 173 ssl_noop_x509_ssl_auto_chain_if_needed, 174 ssl_noop_x509_ssl_ctx_new, 175 ssl_noop_x509_ssl_ctx_free, 176 ssl_noop_x509_ssl_ctx_flush_cached_client_CA, 177 }; 178 179 } // namespace bssl 180 181 using namespace bssl; 182 183 const SSL_METHOD *TLS_method(void) { 184 static const SSL_METHOD kMethod = { 185 0, 186 &kTLSProtocolMethod, 187 &ssl_crypto_x509_method, 188 }; 189 return &kMethod; 190 } 191 192 const SSL_METHOD *SSLv23_method(void) { 193 return TLS_method(); 194 } 195 196 const SSL_METHOD *TLS_with_buffers_method(void) { 197 static const SSL_METHOD kMethod = { 198 0, 199 &kTLSProtocolMethod, 200 &ssl_noop_x509_method, 201 }; 202 return &kMethod; 203 } 204 205 // Legacy version-locked methods. 206 207 const SSL_METHOD *TLSv1_2_method(void) { 208 static const SSL_METHOD kMethod = { 209 TLS1_2_VERSION, 210 &kTLSProtocolMethod, 211 &ssl_crypto_x509_method, 212 }; 213 return &kMethod; 214 } 215 216 const SSL_METHOD *TLSv1_1_method(void) { 217 static const SSL_METHOD kMethod = { 218 TLS1_1_VERSION, 219 &kTLSProtocolMethod, 220 &ssl_crypto_x509_method, 221 }; 222 return &kMethod; 223 } 224 225 const SSL_METHOD *TLSv1_method(void) { 226 static const SSL_METHOD kMethod = { 227 TLS1_VERSION, 228 &kTLSProtocolMethod, 229 &ssl_crypto_x509_method, 230 }; 231 return &kMethod; 232 } 233 234 const SSL_METHOD *SSLv3_method(void) { 235 static const SSL_METHOD kMethod = { 236 SSL3_VERSION, 237 &kTLSProtocolMethod, 238 &ssl_crypto_x509_method, 239 }; 240 return &kMethod; 241 } 242 243 // Legacy side-specific methods. 244 245 const SSL_METHOD *TLSv1_2_server_method(void) { 246 return TLSv1_2_method(); 247 } 248 249 const SSL_METHOD *TLSv1_1_server_method(void) { 250 return TLSv1_1_method(); 251 } 252 253 const SSL_METHOD *TLSv1_server_method(void) { 254 return TLSv1_method(); 255 } 256 257 const SSL_METHOD *SSLv3_server_method(void) { 258 return SSLv3_method(); 259 } 260 261 const SSL_METHOD *TLSv1_2_client_method(void) { 262 return TLSv1_2_method(); 263 } 264 265 const SSL_METHOD *TLSv1_1_client_method(void) { 266 return TLSv1_1_method(); 267 } 268 269 const SSL_METHOD *TLSv1_client_method(void) { 270 return TLSv1_method(); 271 } 272 273 const SSL_METHOD *SSLv3_client_method(void) { 274 return SSLv3_method(); 275 } 276 277 const SSL_METHOD *SSLv23_server_method(void) { 278 return SSLv23_method(); 279 } 280 281 const SSL_METHOD *SSLv23_client_method(void) { 282 return SSLv23_method(); 283 } 284 285 const SSL_METHOD *TLS_server_method(void) { 286 return TLS_method(); 287 } 288 289 const SSL_METHOD *TLS_client_method(void) { 290 return TLS_method(); 291 } 292