enum ssl_private_key_result_t tls13_prepare_certificate_verify( SSL *ssl, int is_first_run) { enum ssl_private_key_result_t ret = ssl_private_key_failure; uint8_t *msg = NULL; size_t msg_len; CBB cbb, body; CBB_zero(&cbb); uint16_t signature_algorithm; if (!tls1_choose_signature_algorithm(ssl, &signature_algorithm)) { goto err; } if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE_VERIFY) || !CBB_add_u16(&body, signature_algorithm)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); goto err; } /* Sign the digest. */ CBB child; const size_t max_sig_len = ssl_private_key_max_signature_len(ssl); uint8_t *sig; size_t sig_len; if (!CBB_add_u16_length_prefixed(&body, &child) || !CBB_reserve(&child, &sig, max_sig_len)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); goto err; } enum ssl_private_key_result_t sign_result; if (is_first_run) { if (!tls13_get_cert_verify_signature_input(ssl, &msg, &msg_len, ssl->server)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); goto err; } sign_result = ssl_private_key_sign(ssl, sig, &sig_len, max_sig_len, signature_algorithm, msg, msg_len); } else { sign_result = ssl_private_key_complete(ssl, sig, &sig_len, max_sig_len); } if (sign_result != ssl_private_key_success) { ret = sign_result; goto err; } if (!CBB_did_write(&child, sig_len) || !ssl->method->finish_message(ssl, &cbb)) { goto err; } ret = ssl_private_key_success; err: CBB_cleanup(&cbb); OPENSSL_free(msg); return ret; }
static int hkdf_expand_label(uint8_t *out, const EVP_MD *digest, const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len, const uint8_t *hash, size_t hash_len, size_t len) { static const char kTLS13LabelVersion[] = "TLS 1.3, "; CBB cbb, child; uint8_t *hkdf_label; size_t hkdf_label_len; if (!CBB_init(&cbb, 2 + 1 + strlen(kTLS13LabelVersion) + label_len + 1 + hash_len) || !CBB_add_u16(&cbb, len) || !CBB_add_u8_length_prefixed(&cbb, &child) || !CBB_add_bytes(&child, (const uint8_t *)kTLS13LabelVersion, strlen(kTLS13LabelVersion)) || !CBB_add_bytes(&child, label, label_len) || !CBB_add_u8_length_prefixed(&cbb, &child) || !CBB_add_bytes(&child, hash, hash_len) || !CBB_finish(&cbb, &hkdf_label, &hkdf_label_len)) { CBB_cleanup(&cbb); return 0; } int ret = HKDF_expand(out, len, digest, secret, secret_len, hkdf_label, hkdf_label_len); OPENSSL_free(hkdf_label); return ret; }
static enum ssl_hs_wait_t do_send_new_session_ticket(SSL *ssl, SSL_HANDSHAKE *hs) { SSL_SESSION *session = ssl->s3->new_session; session->tlsext_tick_lifetime_hint = session->timeout; session->ticket_flags = SSL_TICKET_ALLOW_DHE_RESUMPTION; if (!RAND_bytes((uint8_t *)&session->ticket_age_add, sizeof(session->ticket_age_add))) { return 0; } session->ticket_age_add_valid = 1; CBB cbb, body, ticket; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_NEW_SESSION_TICKET) || !CBB_add_u32(&body, session->tlsext_tick_lifetime_hint) || !CBB_add_u32(&body, session->ticket_flags) || !CBB_add_u32(&body, session->ticket_age_add) || !CBB_add_u16(&body, 0 /* no ticket extensions */) || !CBB_add_u16_length_prefixed(&body, &ticket) || !ssl_encrypt_ticket(ssl, &ticket, session) || !ssl->method->finish_message(ssl, &cbb)) { CBB_cleanup(&cbb); return ssl_hs_error; } hs->session_tickets_sent++; hs->state = state_flush_new_session_ticket; return ssl_hs_write_message; }
int ECDSA_sign_ex(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, unsigned int *sig_len, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) { int ret = 0; ECDSA_SIG *s = NULL; s = ECDSA_do_sign_ex(digest, digest_len, kinv, r, eckey); if (s == NULL) { *sig_len = 0; goto err; } CBB cbb; CBB_zero(&cbb); size_t len; if (!CBB_init_fixed(&cbb, sig, ECDSA_size(eckey)) || !ECDSA_SIG_marshal(&cbb, s) || !CBB_finish(&cbb, NULL, &len)) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); CBB_cleanup(&cbb); *sig_len = 0; goto err; } *sig_len = (unsigned)len; ret = 1; err: ECDSA_SIG_free(s); return ret; }
int CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len) { CBB cbb; /* First, do a quick walk to find any indefinite-length elements. Most of the * time we hope that there aren't any and thus we can quickly return. */ char conversion_needed; if (!cbs_find_ber(in, &conversion_needed, 0)) { return 0; } if (!conversion_needed) { *out = NULL; *out_len = 0; return 1; } if (!CBB_init(&cbb, CBS_len(in)) || !cbs_convert_ber(in, &cbb, 0, 0, 0) || !CBB_finish(&cbb, out, out_len)) { CBB_cleanup(&cbb); return 0; } return 1; }
static int test_cbb_basic(void) { static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7, 8}; uint8_t *buf; size_t buf_len; int ok; CBB cbb; if (!CBB_init(&cbb, 100)) { return 0; } CBB_cleanup(&cbb); if (!CBB_init(&cbb, 0) || !CBB_add_u8(&cbb, 1) || !CBB_add_u16(&cbb, 0x203) || !CBB_add_u24(&cbb, 0x40506) || !CBB_add_bytes(&cbb, (const uint8_t*) "\x07\x08", 2) || !CBB_finish(&cbb, &buf, &buf_len)) { return 0; } ok = buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0; free(buf); return ok; }
int i2d_DSAPublicKey(const DSA *in, uint8_t **outp) { CBB cbb; if (!CBB_init(&cbb, 0) || !DSA_marshal_public_key(&cbb, in)) { CBB_cleanup(&cbb); return -1; } return CBB_finish_i2d(&cbb, outp); }
int i2d_DSA_SIG(const DSA_SIG *in, uint8_t **outp) { CBB cbb; if (!CBB_init(&cbb, 0) || !DSA_SIG_marshal(&cbb, in)) { CBB_cleanup(&cbb); return -1; } return CBB_finish_i2d(&cbb, outp); }
int i2d_DSAparams(const DSA *in, uint8_t **outp) { CBB cbb; if (!CBB_init(&cbb, 0) || !DSA_marshal_parameters(&cbb, in)) { CBB_cleanup(&cbb); return -1; } return CBB_finish_i2d(&cbb, outp); }
int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp) { CBB cbb; if (!CBB_init(&cbb, 0) || !RSA_marshal_private_key(&cbb, in)) { CBB_cleanup(&cbb); return -1; } return CBB_finish_i2d(&cbb, outp); }
int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp) { CBB cbb; if (!CBB_init(&cbb, 0) || !ECDSA_SIG_marshal(&cbb, sig)) { CBB_cleanup(&cbb); return -1; } return CBB_finish_i2d(&cbb, outp); }
MONO_API MonoBtlsX509Name * mono_btls_x509_name_from_data (const void *data, int len, int use_canon_enc) { MonoBtlsX509Name *name; uint8_t *buf; const unsigned char *ptr; X509_NAME *ret; name = OPENSSL_malloc (sizeof (MonoBtlsX509Name)); if (!name) return NULL; memset (name, 0, sizeof(MonoBtlsX509Name)); name->owns = 1; name->name = X509_NAME_new (); if (!name->name) { OPENSSL_free (name); return NULL; } if (use_canon_enc) { CBB cbb, contents; size_t buf_len; // re-add ASN1 SEQUENCE header. CBB_init(&cbb, 0); if (!CBB_add_asn1(&cbb, &contents, 0x30) || !CBB_add_bytes(&contents, data, len) || !CBB_finish(&cbb, &buf, &buf_len)) { CBB_cleanup (&cbb); mono_btls_x509_name_free (name); return NULL; } ptr = buf; len = (int)buf_len; } else { ptr = data; buf = NULL; } ret = d2i_X509_NAME (&name->name, &ptr, len); if (buf) OPENSSL_free (buf); if (ret != name->name) { mono_btls_x509_name_free (name); return NULL; } return name; }
int tls13_get_cert_verify_signature_input( SSL *ssl, uint8_t **out, size_t *out_len, enum ssl_cert_verify_context_t cert_verify_context) { CBB cbb; if (!CBB_init(&cbb, 64 + 33 + 1 + 2 * EVP_MAX_MD_SIZE)) { goto err; } for (size_t i = 0; i < 64; i++) { if (!CBB_add_u8(&cbb, 0x20)) { goto err; } } const uint8_t *context; size_t context_len; if (cert_verify_context == ssl_cert_verify_server) { /* Include the NUL byte. */ static const char kContext[] = "TLS 1.3, server CertificateVerify"; context = (const uint8_t *)kContext; context_len = sizeof(kContext); } else if (cert_verify_context == ssl_cert_verify_client) { static const char kContext[] = "TLS 1.3, client CertificateVerify"; context = (const uint8_t *)kContext; context_len = sizeof(kContext); } else if (cert_verify_context == ssl_cert_verify_channel_id) { static const char kContext[] = "TLS 1.3, Channel ID"; context = (const uint8_t *)kContext; context_len = sizeof(kContext); } else { goto err; } if (!CBB_add_bytes(&cbb, context, context_len)) { goto err; } uint8_t context_hash[EVP_MAX_MD_SIZE]; size_t context_hash_len; if (!tls13_get_context_hash(ssl, context_hash, &context_hash_len) || !CBB_add_bytes(&cbb, context_hash, context_hash_len) || !CBB_finish(&cbb, out, out_len)) { goto err; } return 1; err: OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); CBB_cleanup(&cbb); return 0; }
int RSA_private_key_to_bytes(uint8_t **out_bytes, size_t *out_len, const RSA *rsa) { CBB cbb; CBB_zero(&cbb); if (!CBB_init(&cbb, 0) || !RSA_marshal_private_key(&cbb, rsa) || !CBB_finish(&cbb, out_bytes, out_len)) { OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR); CBB_cleanup(&cbb); return 0; } return 1; }
int tls13_prepare_certificate(SSL *ssl) { CBB cbb, body; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE) || /* The request context is always empty in the handshake. */ !CBB_add_u8(&body, 0) || !ssl_add_cert_chain(ssl, &body) || !ssl->method->finish_message(ssl, &cbb)) { CBB_cleanup(&cbb); return 0; } return 1; }
static enum ssl_hs_wait_t do_send_second_client_hello(SSL *ssl, SSL_HANDSHAKE *hs) { CBB cbb, body; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CLIENT_HELLO) || !ssl_add_client_hello_body(ssl, &body) || !ssl->method->finish_message(ssl, &cbb)) { CBB_cleanup(&cbb); return ssl_hs_error; } hs->state = state_flush_second_client_hello; return ssl_hs_write_message; }
int ECDSA_SIG_to_bytes(uint8_t **out_bytes, size_t *out_len, const ECDSA_SIG *sig) { CBB cbb; CBB_zero(&cbb); if (!CBB_init(&cbb, 0) || !ECDSA_SIG_marshal(&cbb, sig) || !CBB_finish(&cbb, out_bytes, out_len)) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); CBB_cleanup(&cbb); return 0; } return 1; }
int tls13_prepare_certificate(SSL *ssl) { CBB cbb, body, context; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE) || !CBB_add_u8_length_prefixed(&body, &context) || !CBB_add_bytes(&context, ssl->s3->hs->cert_context, ssl->s3->hs->cert_context_len) || !ssl_add_cert_chain(ssl, &body) || !ssl->method->finish_message(ssl, &cbb)) { CBB_cleanup(&cbb); return 0; } return 1; }
static int test_asn1_uint64(void) { size_t i; for (i = 0; i < sizeof(kAsn1Uint64Tests) / sizeof(kAsn1Uint64Tests[0]); i++) { const ASN1_UINT64_TEST *test = &kAsn1Uint64Tests[i]; CBS cbs; uint64_t value; CBB cbb; uint8_t *out; size_t len; CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); if (!CBS_get_asn1_uint64(&cbs, &value) || CBS_len(&cbs) != 0 || value != test->value) { return 0; } if (!CBB_init(&cbb, 0)) { return 0; } if (!CBB_add_asn1_uint64(&cbb, test->value) || !CBB_finish(&cbb, &out, &len)) { CBB_cleanup(&cbb); return 0; } if (len != test->encoding_len || memcmp(out, test->encoding, len) != 0) { free(out); return 0; } free(out); } for (i = 0; i < sizeof(kAsn1InvalidUint64Tests) / sizeof(kAsn1InvalidUint64Tests[0]); i++) { const ASN1_INVALID_UINT64_TEST *test = &kAsn1InvalidUint64Tests[i]; CBS cbs; uint64_t value; CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); if (CBS_get_asn1_uint64(&cbs, &value)) { return 0; } } return 1; }
static enum ssl_hs_wait_t do_send_certificate_request(SSL *ssl, SSL_HANDSHAKE *hs) { /* Determine whether to request a client certificate. */ ssl->s3->tmp.cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER); /* CertificateRequest may only be sent in certificate-based ciphers. */ if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { ssl->s3->tmp.cert_request = 0; } if (!ssl->s3->tmp.cert_request) { /* Skip this state. */ hs->state = state_send_server_certificate; return ssl_hs_ok; } CBB cbb, body, sigalgs_cbb; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE_REQUEST) || !CBB_add_u8(&body, 0 /* no certificate_request_context. */)) { goto err; } const uint16_t *sigalgs; size_t sigalgs_len = tls12_get_psigalgs(ssl, &sigalgs); if (!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb)) { goto err; } for (size_t i = 0; i < sigalgs_len; i++) { if (!CBB_add_u16(&sigalgs_cbb, sigalgs[i])) { goto err; } } if (!ssl_add_client_CA_list(ssl, &body) || !CBB_add_u16(&body, 0 /* empty certificate_extensions. */) || !ssl->method->finish_message(ssl, &cbb)) { goto err; } hs->state = state_send_server_certificate; return ssl_hs_write_message; err: CBB_cleanup(&cbb); return ssl_hs_error; }
static enum ssl_hs_wait_t do_send_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) { CBB cbb, body, extensions; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_SERVER_HELLO) || !CBB_add_u16(&body, ssl->version) || !RAND_bytes(ssl->s3->server_random, sizeof(ssl->s3->server_random)) || !CBB_add_bytes(&body, ssl->s3->server_random, SSL3_RANDOM_SIZE) || !CBB_add_u16(&body, ssl_cipher_get_value(ssl->s3->tmp.new_cipher)) || !CBB_add_u16_length_prefixed(&body, &extensions) || !ssl_ext_key_share_add_serverhello(ssl, &extensions) || !ssl->method->finish_message(ssl, &cbb)) { CBB_cleanup(&cbb); return ssl_hs_error; } hs->state = state_send_encrypted_extensions; return ssl_hs_write_message; }
static enum ssl_hs_wait_t do_send_encrypted_extensions(SSL *ssl, SSL_HANDSHAKE *hs) { if (!tls13_set_handshake_traffic(ssl)) { return ssl_hs_error; } CBB cbb, body; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_ENCRYPTED_EXTENSIONS) || !ssl_add_serverhello_tlsext(ssl, &body) || !ssl->method->finish_message(ssl, &cbb)) { CBB_cleanup(&cbb); return ssl_hs_error; } hs->state = state_send_certificate_request; return ssl_hs_write_message; }
int CBS_get_asn1_implicit_string(CBS *in, CBS *out, uint8_t **out_storage, unsigned outer_tag, unsigned inner_tag) { assert(!(outer_tag & CBS_ASN1_CONSTRUCTED)); assert(!(inner_tag & CBS_ASN1_CONSTRUCTED)); assert(is_string_type(inner_tag)); if (CBS_peek_asn1_tag(in, outer_tag)) { /* Normal implicitly-tagged string. */ *out_storage = NULL; return CBS_get_asn1(in, out, outer_tag); } /* Otherwise, try to parse an implicitly-tagged constructed string. * |CBS_asn1_ber_to_der| is assumed to have run, so only allow one level deep * of nesting. */ CBB result; CBS child; if (!CBB_init(&result, CBS_len(in)) || !CBS_get_asn1(in, &child, outer_tag | CBS_ASN1_CONSTRUCTED)) { goto err; } while (CBS_len(&child) > 0) { CBS chunk; if (!CBS_get_asn1(&child, &chunk, inner_tag) || !CBB_add_bytes(&result, CBS_data(&chunk), CBS_len(&chunk))) { goto err; } } uint8_t *data; size_t len; if (!CBB_finish(&result, &data, &len)) { goto err; } CBS_init(out, data, len); *out_storage = data; return 1; err: CBB_cleanup(&result); return 0; }
static enum ssl_hs_wait_t do_send_hello_retry_request(SSL *ssl, SSL_HANDSHAKE *hs) { CBB cbb, body, extensions; uint16_t group_id; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_HELLO_RETRY_REQUEST) || !CBB_add_u16(&body, ssl->version) || !CBB_add_u16(&body, ssl_cipher_get_value(ssl->s3->tmp.new_cipher)) || !tls1_get_shared_group(ssl, &group_id) || !CBB_add_u16(&body, group_id) || !CBB_add_u16_length_prefixed(&body, &extensions) || !ssl->method->finish_message(ssl, &cbb)) { CBB_cleanup(&cbb); return ssl_hs_error; } hs->state = state_flush_hello_retry_request; return ssl_hs_write_message; }
static enum ssl_hs_wait_t do_send_hello_retry_request(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; CBB cbb, body, extensions; uint16_t group_id; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_HELLO_RETRY_REQUEST) || !CBB_add_u16(&body, ssl->version) || !tls1_get_shared_group(hs, &group_id) || !CBB_add_u16_length_prefixed(&body, &extensions) || !CBB_add_u16(&extensions, TLSEXT_TYPE_key_share) || !CBB_add_u16(&extensions, 2 /* length */) || !CBB_add_u16(&extensions, group_id) || !ssl_add_message_cbb(ssl, &cbb)) { CBB_cleanup(&cbb); return ssl_hs_error; } hs->tls13_state = state_process_second_client_hello; return ssl_hs_flush_and_read_message; }
int tls13_prepare_finished(SSL *ssl) { size_t verify_data_len; uint8_t verify_data[EVP_MAX_MD_SIZE]; if (!tls13_finished_mac(ssl, verify_data, &verify_data_len, ssl->server)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED); return 0; } CBB cbb, body; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_FINISHED) || !CBB_add_bytes(&body, verify_data, verify_data_len) || !ssl->method->finish_message(ssl, &cbb)) { CBB_cleanup(&cbb); return 0; } return 1; }
static int tls13_get_cert_verify_signature_input(SSL *ssl, uint8_t **out, size_t *out_len, int server) { CBB cbb; if (!CBB_init(&cbb, 64 + 33 + 1 + 2 * EVP_MAX_MD_SIZE)) { goto err; } for (size_t i = 0; i < 64; i++) { if (!CBB_add_u8(&cbb, 0x20)) { goto err; } } if (server) { /* Include the NUL byte. */ static const char kContext[] = "TLS 1.3, server CertificateVerify"; if (!CBB_add_bytes(&cbb, (const uint8_t *)kContext, sizeof(kContext))) { goto err; } } else { static const char kContext[] = "TLS 1.3, client CertificateVerify"; if (!CBB_add_bytes(&cbb, (const uint8_t *)kContext, sizeof(kContext))) { goto err; } } uint8_t context_hashes[2 * EVP_MAX_MD_SIZE]; size_t context_hashes_len; if (!tls13_get_context_hashes(ssl, context_hashes, &context_hashes_len) || !CBB_add_bytes(&cbb, context_hashes, context_hashes_len) || !CBB_finish(&cbb, out, out_len)) { goto err; } return 1; err: OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); CBB_cleanup(&cbb); return 0; }
int mono_btls_ssl_ctx_set_ciphers (MonoBtlsSslCtx *ctx, int count, const uint16_t *data, int allow_unsupported) { CBB cbb; int i, ret = 0; if (!CBB_init (&cbb, 64)) goto err; /* Assemble a cipher string with the specified ciphers' names. */ for (i = 0; i < count; i++) { const char *name; const SSL_CIPHER *cipher = SSL_get_cipher_by_value (data [i]); if (!cipher) { debug_printf (ctx, "mono_btls_ssl_ctx_set_ciphers(): unknown cipher %02x", data [i]); if (!allow_unsupported) goto err; continue; } name = SSL_CIPHER_get_name (cipher); if (i > 0 && !CBB_add_u8 (&cbb, ':')) goto err; if (!CBB_add_bytes (&cbb, (const uint8_t *)name, strlen(name))) goto err; } /* NUL-terminate the string. */ if (!CBB_add_u8 (&cbb, 0)) goto err; ret = SSL_CTX_set_cipher_list (ctx->ctx, (const char *)CBB_data (&cbb)); err: CBB_cleanup (&cbb); return ret; }
static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data, size_t *out_len, int for_ticket) { CBB cbb, session, child, child2; if (in == NULL || in->cipher == NULL) { return 0; } CBB_zero(&cbb); if (!CBB_init(&cbb, 0) || !CBB_add_asn1(&cbb, &session, CBS_ASN1_SEQUENCE) || !CBB_add_asn1_uint64(&session, kVersion) || !CBB_add_asn1_uint64(&session, in->ssl_version) || !CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) || !CBB_add_u16(&child, (uint16_t)(in->cipher->id & 0xffff)) || !CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) || /* The session ID is irrelevant for a session ticket. */ !CBB_add_bytes(&child, in->session_id, for_ticket ? 0 : in->session_id_length) || !CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child, in->master_key, in->master_key_length) || !CBB_add_asn1(&session, &child, kTimeTag) || !CBB_add_asn1_uint64(&child, in->time) || !CBB_add_asn1(&session, &child, kTimeoutTag) || !CBB_add_asn1_uint64(&child, in->timeout)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } /* The peer certificate is only serialized if the SHA-256 isn't * serialized instead. */ if (sk_CRYPTO_BUFFER_num(in->certs) > 0 && !in->peer_sha256_valid) { const CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(in->certs, 0); if (!CBB_add_asn1(&session, &child, kPeerTag) || !CBB_add_bytes(&child, CRYPTO_BUFFER_data(buffer), CRYPTO_BUFFER_len(buffer))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } /* Although it is OPTIONAL and usually empty, OpenSSL has * historically always encoded the sid_ctx. */ if (!CBB_add_asn1(&session, &child, kSessionIDContextTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->sid_ctx, in->sid_ctx_length)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } if (in->verify_result != X509_V_OK) { if (!CBB_add_asn1(&session, &child, kVerifyResultTag) || !CBB_add_asn1_uint64(&child, in->verify_result)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (in->tlsext_hostname) { if (!CBB_add_asn1(&session, &child, kHostNameTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, (const uint8_t *)in->tlsext_hostname, strlen(in->tlsext_hostname))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (in->psk_identity) { if (!CBB_add_asn1(&session, &child, kPSKIdentityTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, (const uint8_t *)in->psk_identity, strlen(in->psk_identity))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (in->tlsext_tick_lifetime_hint > 0) { if (!CBB_add_asn1(&session, &child, kTicketLifetimeHintTag) || !CBB_add_asn1_uint64(&child, in->tlsext_tick_lifetime_hint)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (in->tlsext_tick && !for_ticket) { if (!CBB_add_asn1(&session, &child, kTicketTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->tlsext_tick, in->tlsext_ticklen)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (in->peer_sha256_valid) { if (!CBB_add_asn1(&session, &child, kPeerSHA256Tag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->peer_sha256, sizeof(in->peer_sha256))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (in->original_handshake_hash_len > 0) { if (!CBB_add_asn1(&session, &child, kOriginalHandshakeHashTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->original_handshake_hash, in->original_handshake_hash_len)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (in->tlsext_signed_cert_timestamp_list_length > 0) { if (!CBB_add_asn1(&session, &child, kSignedCertTimestampListTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->tlsext_signed_cert_timestamp_list, in->tlsext_signed_cert_timestamp_list_length)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (in->ocsp_response_length > 0) { if (!CBB_add_asn1(&session, &child, kOCSPResponseTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, in->ocsp_response, in->ocsp_response_length)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (in->extended_master_secret) { if (!CBB_add_asn1(&session, &child, kExtendedMasterSecretTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_BOOLEAN) || !CBB_add_u8(&child2, 0xff)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (in->group_id > 0 && (!CBB_add_asn1(&session, &child, kGroupIDTag) || !CBB_add_asn1_uint64(&child, in->group_id))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } /* The certificate chain is only serialized if the leaf's SHA-256 isn't * serialized instead. */ if (in->certs != NULL && !in->peer_sha256_valid && sk_CRYPTO_BUFFER_num(in->certs) >= 2) { if (!CBB_add_asn1(&session, &child, kCertChainTag)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(in->certs); i++) { const CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(in->certs, i); if (!CBB_add_bytes(&child, CRYPTO_BUFFER_data(buffer), CRYPTO_BUFFER_len(buffer))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } } if (in->ticket_age_add_valid) { if (!CBB_add_asn1(&session, &child, kTicketAgeAddTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_u32(&child2, in->ticket_age_add)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (!in->is_server) { if (!CBB_add_asn1(&session, &child, kIsServerTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_BOOLEAN) || !CBB_add_u8(&child2, 0x00)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (in->peer_signature_algorithm != 0 && (!CBB_add_asn1(&session, &child, kPeerSignatureAlgorithmTag) || !CBB_add_asn1_uint64(&child, in->peer_signature_algorithm))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } if (in->ticket_max_early_data != 0 && (!CBB_add_asn1(&session, &child, kTicketMaxEarlyDataTag) || !CBB_add_asn1_uint64(&child, in->ticket_max_early_data))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } if (in->timeout != in->auth_timeout && (!CBB_add_asn1(&session, &child, kAuthTimeoutTag) || !CBB_add_asn1_uint64(&child, in->auth_timeout))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } if (in->early_alpn) { if (!CBB_add_asn1(&session, &child, kEarlyALPNTag) || !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child2, (const uint8_t *)in->early_alpn, in->early_alpn_len)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } if (!CBB_finish(&cbb, out_data, out_len)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } return 1; err: CBB_cleanup(&cbb); return 0; }
int tls13_prepare_certificate(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; CBB cbb, body, certificate_list; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE) || /* The request context is always empty in the handshake. */ !CBB_add_u8(&body, 0) || !CBB_add_u24_length_prefixed(&body, &certificate_list)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); goto err; } if (!ssl_has_certificate(ssl)) { if (!ssl_complete_message(ssl, &cbb)) { goto err; } return 1; } CERT *cert = ssl->cert; CBB leaf, extensions; if (!CBB_add_u24_length_prefixed(&certificate_list, &leaf) || !ssl_add_cert_to_cbb(&leaf, cert->x509_leaf) || !CBB_add_u16_length_prefixed(&certificate_list, &extensions)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); goto err; } if (hs->scts_requested && ssl->ctx->signed_cert_timestamp_list_length != 0) { CBB contents; if (!CBB_add_u16(&extensions, TLSEXT_TYPE_certificate_timestamp) || !CBB_add_u16_length_prefixed(&extensions, &contents) || !CBB_add_bytes(&contents, ssl->ctx->signed_cert_timestamp_list, ssl->ctx->signed_cert_timestamp_list_length) || !CBB_flush(&extensions)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); goto err; } } if (hs->ocsp_stapling_requested && ssl->ocsp_response != NULL) { CBB contents, ocsp_response; if (!CBB_add_u16(&extensions, TLSEXT_TYPE_status_request) || !CBB_add_u16_length_prefixed(&extensions, &contents) || !CBB_add_u8(&contents, TLSEXT_STATUSTYPE_ocsp) || !CBB_add_u24_length_prefixed(&contents, &ocsp_response) || !CBB_add_bytes(&ocsp_response, CRYPTO_BUFFER_data(ssl->ocsp_response), CRYPTO_BUFFER_len(ssl->ocsp_response)) || !CBB_flush(&extensions)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); goto err; } } for (size_t i = 0; i < sk_X509_num(cert->x509_chain); i++) { CBB child; if (!CBB_add_u24_length_prefixed(&certificate_list, &child) || !ssl_add_cert_to_cbb(&child, sk_X509_value(cert->x509_chain, i)) || !CBB_add_u16(&certificate_list, 0 /* no extensions */)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); goto err; } } if (!ssl_complete_message(ssl, &cbb)) { goto err; } return 1; err: CBB_cleanup(&cbb); return 0; }