EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, const uint8_t **inp, long len) { if (len < 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return NULL; } // Parse with the legacy format. CBS cbs; CBS_init(&cbs, *inp, (size_t)len); EVP_PKEY *ret = old_priv_decode(&cbs, type); if (ret == NULL) { // Try again with PKCS#8. ERR_clear_error(); CBS_init(&cbs, *inp, (size_t)len); ret = EVP_parse_private_key(&cbs); if (ret == NULL) { return NULL; } if (ret->type != type) { OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES); EVP_PKEY_free(ret); return NULL; } } if (out != NULL) { EVP_PKEY_free(*out); *out = ret; } *inp = CBS_data(&cbs); return ret; }
/* pkcs7_parse_header reads the non-certificate/non-CRL prefix of a PKCS#7 * SignedData blob from |cbs| and sets |*out| to point to the rest of the * input. If the input is in BER format, then |*der_bytes| will be set to a * pointer that needs to be freed by the caller once they have finished * processing |*out| (which will be pointing into |*der_bytes|). * * It returns one on success or zero on error. On error, |*der_bytes| is * NULL. */ static int pkcs7_parse_header(uint8_t **der_bytes, CBS *out, CBS *cbs) { size_t der_len; CBS in, content_info, content_type, wrapped_signed_data, signed_data; uint64_t version; /* The input may be in BER format. */ *der_bytes = NULL; if (!CBS_asn1_ber_to_der(cbs, der_bytes, &der_len)) { return 0; } if (*der_bytes != NULL) { CBS_init(&in, *der_bytes, der_len); } else { CBS_init(&in, CBS_data(cbs), CBS_len(cbs)); } /* See https://tools.ietf.org/html/rfc2315#section-7 */ if (!CBS_get_asn1(&in, &content_info, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&content_info, &content_type, CBS_ASN1_OBJECT)) { goto err; } if (OBJ_cbs2nid(&content_type) != NID_pkcs7_signed) { OPENSSL_PUT_ERROR(X509, pkcs7_parse_header, X509_R_NOT_PKCS7_SIGNED_DATA); goto err; } /* See https://tools.ietf.org/html/rfc2315#section-9.1 */ if (!CBS_get_asn1(&content_info, &wrapped_signed_data, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) || !CBS_get_asn1(&wrapped_signed_data, &signed_data, CBS_ASN1_SEQUENCE) || !CBS_get_asn1_uint64(&signed_data, &version) || !CBS_get_asn1(&signed_data, NULL /* digests */, CBS_ASN1_SET) || !CBS_get_asn1(&signed_data, NULL /* content */, CBS_ASN1_SEQUENCE)) { goto err; } if (version < 1) { OPENSSL_PUT_ERROR(X509, pkcs7_parse_header, X509_R_BAD_PKCS7_VERSION); goto err; } CBS_init(out, CBS_data(&signed_data), CBS_len(&signed_data)); return 1; err: if (*der_bytes) { OPENSSL_free(*der_bytes); *der_bytes = NULL; } return 0; }
static int test_asn1_uint64(void) { size_t i; for (i = 0; i < sizeof(kAsn1Uint64Tests) / sizeof(kAsn1Uint64Tests[0]); i++) { const ASN1_UINT64_TEST *test = &kAsn1Uint64Tests[i]; CBS cbs; uint64_t value; CBB cbb; uint8_t *out; size_t len; CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); if (!CBS_get_asn1_uint64(&cbs, &value) || CBS_len(&cbs) != 0 || value != test->value) { return 0; } if (!CBB_init(&cbb, 0)) { return 0; } if (!CBB_add_asn1_uint64(&cbb, test->value) || !CBB_finish(&cbb, &out, &len)) { CBB_cleanup(&cbb); return 0; } if (len != test->encoding_len || memcmp(out, test->encoding, len) != 0) { free(out); return 0; } free(out); } for (i = 0; i < sizeof(kAsn1InvalidUint64Tests) / sizeof(kAsn1InvalidUint64Tests[0]); i++) { const ASN1_INVALID_UINT64_TEST *test = &kAsn1InvalidUint64Tests[i]; CBS cbs; uint64_t value; CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); if (CBS_get_asn1_uint64(&cbs, &value)) { return 0; } } return 1; }
int tls13_process_new_session_ticket(SSL *ssl) { SSL_SESSION *session = SSL_SESSION_dup(ssl->s3->established_session, SSL_SESSION_INCLUDE_NONAUTH); if (session == NULL) { return 0; } CBS cbs, extensions, ticket; CBS_init(&cbs, ssl->init_msg, ssl->init_num); if (!CBS_get_u32(&cbs, &session->tlsext_tick_lifetime_hint) || !CBS_get_u32(&cbs, &session->ticket_flags) || !CBS_get_u32(&cbs, &session->ticket_age_add) || !CBS_get_u16_length_prefixed(&cbs, &extensions) || !CBS_get_u16_length_prefixed(&cbs, &ticket) || !CBS_stow(&ticket, &session->tlsext_tick, &session->tlsext_ticklen) || CBS_len(&cbs) != 0) { SSL_SESSION_free(session); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); return 0; } session->ticket_age_add_valid = 1; session->not_resumable = 0; if (ssl->ctx->new_session_cb != NULL && ssl->ctx->new_session_cb(ssl, session)) { /* |new_session_cb|'s return value signals that it took ownership. */ return 1; } SSL_SESSION_free(session); return 1; }
static int do_ber_convert(const char *name, const uint8_t *der_expected, size_t der_len, const uint8_t *ber, size_t ber_len) { CBS in; uint8_t *out; size_t out_len; CBS_init(&in, ber, ber_len); if (!CBS_asn1_ber_to_der(&in, &out, &out_len)) { fprintf(stderr, "%s: CBS_asn1_ber_to_der failed.\n", name); return 0; } if (out == NULL) { if (ber_len != der_len || memcmp(der_expected, ber, ber_len) != 0) { fprintf(stderr, "%s: incorrect unconverted result.\n", name); return 0; } return 1; } if (out_len != der_len || memcmp(out, der_expected, der_len) != 0) { fprintf(stderr, "%s: incorrect converted result.\n", name); return 0; } free(out); return 1; }
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len) { if (len < 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return NULL; } // Parse the input as a PKCS#8 PrivateKeyInfo. CBS cbs; CBS_init(&cbs, *inp, (size_t)len); EVP_PKEY *ret = EVP_parse_private_key(&cbs); if (ret != NULL) { if (out != NULL) { EVP_PKEY_free(*out); *out = ret; } *inp = CBS_data(&cbs); return ret; } ERR_clear_error(); // Count the elements to determine the legacy key format. switch (num_elements(*inp, (size_t)len)) { case 4: return d2i_PrivateKey(EVP_PKEY_EC, out, inp, len); case 6: return d2i_PrivateKey(EVP_PKEY_DSA, out, inp, len); default: return d2i_PrivateKey(EVP_PKEY_RSA, out, inp, len); } }
static enum ssl_hs_wait_t do_process_encrypted_extensions(SSL *ssl, SSL_HANDSHAKE *hs) { if (!tls13_check_message_type(ssl, SSL3_MT_ENCRYPTED_EXTENSIONS)) { return ssl_hs_error; } CBS cbs; CBS_init(&cbs, ssl->init_msg, ssl->init_num); if (!ssl_parse_serverhello_tlsext(ssl, &cbs)) { OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT); return ssl_hs_error; } if (CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); return ssl_hs_error; } if (!ssl->method->hash_current_message(ssl)) { return ssl_hs_error; } hs->state = state_process_certificate_request; return ssl_hs_read_message; }
/* cbs_find_ber walks an ASN.1 structure in |orig_in| and sets |*ber_found| * depending on whether an indefinite length element was found. The value of * |in| is not changed. It returns one on success (i.e. |*ber_found| was set) * and zero on error. */ static int cbs_find_ber(CBS *orig_in, char *ber_found, unsigned depth) { CBS in; if (depth > kMaxDepth) { return 0; } CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in)); *ber_found = 0; while (CBS_len(&in) > 0) { CBS contents; unsigned tag; size_t header_len; if (!CBS_get_any_ber_asn1_element(&in, &contents, &tag, &header_len)) { return 0; } if (CBS_len(&contents) == header_len && header_len > 0 && CBS_data(&contents)[header_len-1] == 0x80) { *ber_found = 1; return 1; } if (tag & CBS_ASN1_CONSTRUCTED) { if (!CBS_skip(&contents, header_len) || !cbs_find_ber(&contents, ber_found, depth + 1)) { return 0; } } } return 1; }
int ssl3_get_finished(SSL *s, int a, int b) { int al, ok, md_len; long n; CBS cbs; n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, /* should actually be 36+4 :-) */ &ok); if (!ok) return ((int)n); /* If this occurs, we have missed a message */ if (!s->s3->change_cipher_spec) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS); goto f_err; } s->s3->change_cipher_spec = 0; md_len = s->s3->tmp.peer_finish_md_len; if (n < 0) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); goto f_err; } CBS_init(&cbs, s->init_msg, n); if (s->s3->tmp.peer_finish_md_len != md_len || (int)CBS_len(&cbs) != md_len) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); goto f_err; } if (!CBS_mem_equal(&cbs, s->s3->tmp.peer_finish_md, CBS_len(&cbs))) { al = SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); goto f_err; } /* Copy the finished so we can use it for renegotiation checks */ if (s->type == SSL_ST_ACCEPT) { OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, md_len); s->s3->previous_client_finished_len = md_len; } else { OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, md_len); s->s3->previous_server_finished_len = md_len; } return (1); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); return (0); }
int tls13_process_certificate_verify(SSL *ssl) { int ret = 0; X509 *peer = ssl->s3->new_session->peer; EVP_PKEY *pkey = NULL; uint8_t *msg = NULL; size_t msg_len; /* Filter out unsupported certificate types. */ pkey = X509_get_pubkey(peer); if (pkey == NULL) { goto err; } CBS cbs, signature; uint16_t signature_algorithm; CBS_init(&cbs, ssl->init_msg, ssl->init_num); if (!CBS_get_u16(&cbs, &signature_algorithm) || !CBS_get_u16_length_prefixed(&cbs, &signature) || CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); goto err; } int al; if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, al); goto err; } ssl->s3->tmp.peer_signature_algorithm = signature_algorithm; if (!tls13_get_cert_verify_signature_input( ssl, &msg, &msg_len, ssl->server ? ssl_cert_verify_client : ssl_cert_verify_server)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); goto err; } int sig_ok = ssl_public_key_verify(ssl, CBS_data(&signature), CBS_len(&signature), signature_algorithm, pkey, msg, msg_len); #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) sig_ok = 1; ERR_clear_error(); #endif if (!sig_ok) { OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); goto err; } ret = 1; err: EVP_PKEY_free(pkey); OPENSSL_free(msg); return ret; }
static int test_EVP_DigestVerifyInitFromAlgorithm(void) { int ret = 0; CBS cert, cert_body, tbs_cert, algorithm, signature; uint8_t padding; X509_ALGOR *algor = NULL; const uint8_t *derp; EVP_PKEY *pkey = NULL; EVP_MD_CTX md_ctx; EVP_MD_CTX_init(&md_ctx); CBS_init(&cert, kExamplePSSCert, sizeof(kExamplePSSCert)); if (!CBS_get_asn1(&cert, &cert_body, CBS_ASN1_SEQUENCE) || CBS_len(&cert) != 0 || !CBS_get_any_asn1_element(&cert_body, &tbs_cert, NULL, NULL) || !CBS_get_asn1_element(&cert_body, &algorithm, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&cert_body, &signature, CBS_ASN1_BITSTRING) || CBS_len(&cert_body) != 0) { fprintf(stderr, "Failed to parse certificate\n"); goto out; } /* Signatures are BIT STRINGs, but they have are multiple of 8 bytes, so the leading phase byte is just a zero. */ if (!CBS_get_u8(&signature, &padding) || padding != 0) { fprintf(stderr, "Invalid signature padding\n"); goto out; } derp = CBS_data(&algorithm); if (!d2i_X509_ALGOR(&algor, &derp, CBS_len(&algorithm)) || derp != CBS_data(&algorithm) + CBS_len(&algorithm)) { fprintf(stderr, "Failed to parse algorithm\n"); } pkey = load_example_rsa_key(); if (pkey == NULL || !EVP_DigestVerifyInitFromAlgorithm(&md_ctx, algor, pkey) || !EVP_DigestVerifyUpdate(&md_ctx, CBS_data(&tbs_cert), CBS_len(&tbs_cert)) || !EVP_DigestVerifyFinal(&md_ctx, CBS_data(&signature), CBS_len(&signature))) { goto out; } ret = 1; out: if (!ret) { BIO_print_errors_fp(stderr); } EVP_MD_CTX_cleanup(&md_ctx); if (pkey) { EVP_PKEY_free(pkey); } return ret; }
static enum ssl_hs_wait_t do_process_hello_retry_request(SSL *ssl, SSL_HANDSHAKE *hs) { if (ssl->s3->tmp.message_type != SSL3_MT_HELLO_RETRY_REQUEST) { hs->state = state_process_server_hello; return ssl_hs_ok; } CBS cbs, extensions; uint16_t server_wire_version, cipher_suite, group_id; CBS_init(&cbs, ssl->init_msg, ssl->init_num); if (!CBS_get_u16(&cbs, &server_wire_version) || !CBS_get_u16(&cbs, &cipher_suite) || !CBS_get_u16(&cbs, &group_id) || /* We do not currently parse any HelloRetryRequest extensions. */ !CBS_get_u16_length_prefixed(&cbs, &extensions) || CBS_len(&cbs) != 0) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); return ssl_hs_error; } /* TODO(svaldez): Don't do early_data on HelloRetryRequest. */ const uint16_t *groups; size_t groups_len; tls1_get_grouplist(ssl, 0 /* local groups */, &groups, &groups_len); int found = 0; for (size_t i = 0; i < groups_len; i++) { if (groups[i] == group_id) { found = 1; break; } } if (!found) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE); return ssl_hs_error; } for (size_t i = 0; i < ssl->s3->hs->groups_len; i++) { /* Check that the HelloRetryRequest does not request a key share that was * provided in the initial ClientHello. * * TODO(svaldez): Don't enforce this check when the HelloRetryRequest is due * to a cookie. */ if (SSL_ECDH_CTX_get_id(&ssl->s3->hs->groups[i]) == group_id) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE); return ssl_hs_error; } } ssl_handshake_clear_groups(ssl->s3->hs); ssl->s3->hs->retry_group = group_id; hs->state = state_send_second_client_hello; return ssl_hs_ok; }
static enum ssl_hs_wait_t do_process_certificate_request(SSL *ssl, SSL_HANDSHAKE *hs) { ssl->s3->tmp.cert_request = 0; /* CertificateRequest may only be sent in certificate-based ciphers. */ if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { hs->state = state_process_server_finished; return ssl_hs_ok; } /* CertificateRequest is optional. */ if (ssl->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { hs->state = state_process_server_certificate; return ssl_hs_ok; } CBS cbs, context, supported_signature_algorithms; CBS_init(&cbs, ssl->init_msg, ssl->init_num); if (!CBS_get_u8_length_prefixed(&cbs, &context) || /* The request context is always empty during the handshake. */ CBS_len(&context) != 0 || !CBS_get_u16_length_prefixed(&cbs, &supported_signature_algorithms) || CBS_len(&supported_signature_algorithms) == 0 || !tls1_parse_peer_sigalgs(ssl, &supported_signature_algorithms)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); return ssl_hs_error; } uint8_t alert; STACK_OF(X509_NAME) *ca_sk = ssl_parse_client_CA_list(ssl, &alert, &cbs); if (ca_sk == NULL) { ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); return ssl_hs_error; } /* Ignore extensions. */ CBS extensions; if (!CBS_get_u16_length_prefixed(&cbs, &extensions) || CBS_len(&cbs) != 0) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); return ssl_hs_error; } ssl->s3->tmp.cert_request = 1; sk_X509_NAME_pop_free(ssl->s3->tmp.ca_names, X509_NAME_free); ssl->s3->tmp.ca_names = ca_sk; if (!ssl->method->hash_current_message(ssl)) { return ssl_hs_error; } hs->state = state_process_server_certificate; return ssl_hs_read_message; }
int dtls1_get_hello_verify(SSL *s) { long n; int al, ok = 0; size_t cookie_len; uint16_t ssl_version; CBS hello_verify_request, cookie; n = s->method->internal->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { D1I(s)->send_cookie = 0; S3I(s)->tmp.reuse_message = 1; return (1); } if (n < 0) goto truncated; CBS_init(&hello_verify_request, s->internal->init_msg, n); if (!CBS_get_u16(&hello_verify_request, &ssl_version)) goto truncated; if (ssl_version != s->version) { SSLerror(s, SSL_R_WRONG_SSL_VERSION); s->version = (s->version & 0xff00) | (ssl_version & 0xff); al = SSL_AD_PROTOCOL_VERSION; goto f_err; } if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) goto truncated; if (!CBS_write_bytes(&cookie, D1I(s)->cookie, sizeof(D1I(s)->cookie), &cookie_len)) { D1I(s)->cookie_len = 0; al = SSL_AD_ILLEGAL_PARAMETER; goto f_err; } D1I(s)->cookie_len = cookie_len; D1I(s)->send_cookie = 1; return 1; truncated: al = SSL_AD_DECODE_ERROR; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); return -1; }
ECDSA_SIG *ECDSA_SIG_from_bytes(const uint8_t *in, size_t in_len) { CBS cbs; CBS_init(&cbs, in, in_len); ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs); if (ret == NULL || CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); ECDSA_SIG_free(ret); return NULL; } return ret; }
int tls13_process_certificate_verify(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; int ret = 0; uint8_t *msg = NULL; size_t msg_len; if (hs->peer_pubkey == NULL) { goto err; } CBS cbs, signature; uint16_t signature_algorithm; CBS_init(&cbs, ssl->init_msg, ssl->init_num); if (!CBS_get_u16(&cbs, &signature_algorithm) || !CBS_get_u16_length_prefixed(&cbs, &signature) || CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); goto err; } int al; if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, al); goto err; } ssl->s3->new_session->peer_signature_algorithm = signature_algorithm; if (!tls13_get_cert_verify_signature_input( ssl, &msg, &msg_len, ssl->server ? ssl_cert_verify_client : ssl_cert_verify_server)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); goto err; } int sig_ok = ssl_public_key_verify(ssl, CBS_data(&signature), CBS_len(&signature), signature_algorithm, hs->peer_pubkey, msg, msg_len); #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) sig_ok = 1; ERR_clear_error(); #endif if (!sig_ok) { OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); goto err; } ret = 1; err: OPENSSL_free(msg); return ret; }
RSA *RSA_private_key_from_bytes(const uint8_t *in, size_t in_len) { CBS cbs; CBS_init(&cbs, in, in_len); RSA *ret = RSA_parse_private_key(&cbs); if (ret == NULL || CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING); RSA_free(ret); return NULL; } return ret; }
static int test_skip(void) { static const uint8_t kData[] = {1, 2, 3}; CBS data; CBS_init(&data, kData, sizeof(kData)); return CBS_len(&data) == 3 && CBS_skip(&data, 1) && CBS_len(&data) == 2 && CBS_skip(&data, 2) && CBS_len(&data) == 0 && !CBS_skip(&data, 1); }
static int set_signed_cert_timestamp_list(CERT *cert, const uint8_t *list, size_t list_len) { CBS sct_list; CBS_init(&sct_list, list, list_len); if (!ssl_is_sct_list_valid(&sct_list)) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SCT_LIST); return 0; } CRYPTO_BUFFER_free(cert->signed_cert_timestamp_list); cert->signed_cert_timestamp_list = CRYPTO_BUFFER_new(CBS_data(&sct_list), CBS_len(&sct_list), NULL); return cert->signed_cert_timestamp_list != NULL; }
static int test_get_prefixed_bad(void) { static const uint8_t kData1[] = {2, 1}; static const uint8_t kData2[] = {0, 2, 1}; static const uint8_t kData3[] = {0, 0, 2, 1}; CBS data, prefixed; CBS_init(&data, kData1, sizeof(kData1)); if (CBS_get_u8_length_prefixed(&data, &prefixed)) { return 0; } CBS_init(&data, kData2, sizeof(kData2)); if (CBS_get_u16_length_prefixed(&data, &prefixed)) { return 0; } CBS_init(&data, kData3, sizeof(kData3)); if (CBS_get_u24_length_prefixed(&data, &prefixed)) { return 0; } return 1; }
SSL_SESSION *SSL_SESSION_from_bytes(const uint8_t *in, size_t in_len, const SSL_CTX *ctx) { CBS cbs; CBS_init(&cbs, in, in_len); SSL_SESSION *ret = SSL_SESSION_parse(&cbs, ctx->x509_method, ctx->pool); if (ret == NULL) { return NULL; } if (CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); SSL_SESSION_free(ret); return NULL; } return ret; }
static int test_get_optional_asn1_bool(void) { CBS data; int val; static const uint8_t kTrue[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0xff}; static const uint8_t kFalse[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x00}; static const uint8_t kInvalid[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x01}; CBS_init(&data, NULL, 0); val = 2; if (!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0) || val != 0) { return 0; } CBS_init(&data, kTrue, sizeof(kTrue)); val = 2; if (!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0) || val != 1) { return 0; } CBS_init(&data, kFalse, sizeof(kFalse)); val = 2; if (!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1) || val != 0) { return 0; } CBS_init(&data, kInvalid, sizeof(kInvalid)); if (CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1)) { return 0; } return 1; }
static int dtls1_get_hello_verify(SSL *s) { long n; int al, ok = 0; CBS hello_verify_request, cookie; uint16_t server_version; n = s->method->ssl_get_message( s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, /* Use the same maximum size as ssl3_get_server_hello. */ 20000, ssl_hash_message, &ok); if (!ok) { return n; } if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { s->d1->send_cookie = 0; s->s3->tmp.reuse_message = 1; return 1; } CBS_init(&hello_verify_request, s->init_msg, n); if (!CBS_get_u16(&hello_verify_request, &server_version) || !CBS_get_u8_length_prefixed(&hello_verify_request, &cookie) || CBS_len(&hello_verify_request) != 0) { al = SSL_AD_DECODE_ERROR; OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); goto f_err; } if (CBS_len(&cookie) > sizeof(s->d1->cookie)) { al = SSL_AD_ILLEGAL_PARAMETER; goto f_err; } memcpy(s->d1->cookie, CBS_data(&cookie), CBS_len(&cookie)); s->d1->cookie_len = CBS_len(&cookie); s->d1->send_cookie = 1; return 1; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); return -1; }
ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp, long len) { if (len < 0) { return NULL; } CBS cbs; CBS_init(&cbs, *inp, (size_t)len); ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs); if (ret == NULL) { return NULL; } if (out != NULL) { ECDSA_SIG_free(*out); *out = ret; } *inp = CBS_data(&cbs); return ret; }
static int tls13_receive_key_update(SSL *ssl) { CBS cbs; uint8_t key_update_request; CBS_init(&cbs, ssl->init_msg, ssl->init_num); if (!CBS_get_u8(&cbs, &key_update_request) || CBS_len(&cbs) != 0 || (key_update_request != SSL_KEY_UPDATE_NOT_REQUESTED && key_update_request != SSL_KEY_UPDATE_REQUESTED)) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); return 0; } /* TODO(svaldez): Send KeyUpdate if |key_update_request| is * |SSL_KEY_UPDATE_REQUESTED|. */ return tls13_rotate_traffic_key(ssl, evp_aead_open); }
DSA *d2i_DSAparams(DSA **out, const uint8_t **inp, long len) { if (len < 0) { return NULL; } CBS cbs; CBS_init(&cbs, *inp, (size_t)len); DSA *ret = DSA_parse_parameters(&cbs); if (ret == NULL) { return NULL; } if (out != NULL) { DSA_free(*out); *out = ret; } *inp = CBS_data(&cbs); return ret; }
DSA_SIG *d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp, long len) { if (len < 0) { return NULL; } CBS cbs; CBS_init(&cbs, *inp, (size_t)len); DSA_SIG *ret = DSA_SIG_parse(&cbs); if (ret == NULL) { return NULL; } if (out_sig != NULL) { DSA_SIG_free(*out_sig); *out_sig = ret; } *inp = CBS_data(&cbs); return ret; }
RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len) { if (len < 0) { return NULL; } CBS cbs; CBS_init(&cbs, *inp, (size_t)len); RSA *ret = RSA_parse_private_key(&cbs); if (ret == NULL) { return NULL; } if (out != NULL) { RSA_free(*out); *out = ret; } *inp = CBS_data(&cbs); return ret; }
static const SSL_CIPHER *choose_tls13_cipher( const SSL *ssl, const SSL_CLIENT_HELLO *client_hello) { if (client_hello->cipher_suites_len % 2 != 0) { return NULL; } CBS cipher_suites; CBS_init(&cipher_suites, client_hello->cipher_suites, client_hello->cipher_suites_len); const int aes_is_fine = EVP_has_aes_hardware(); const uint16_t version = ssl3_protocol_version(ssl); const SSL_CIPHER *best = NULL; while (CBS_len(&cipher_suites) > 0) { uint16_t cipher_suite; if (!CBS_get_u16(&cipher_suites, &cipher_suite)) { return NULL; } /* Limit to TLS 1.3 ciphers we know about. */ const SSL_CIPHER *candidate = SSL_get_cipher_by_value(cipher_suite); if (candidate == NULL || SSL_CIPHER_get_min_version(candidate) > version || SSL_CIPHER_get_max_version(candidate) < version) { continue; } /* TLS 1.3 removes legacy ciphers, so honor the client order, but prefer * ChaCha20 if we do not have AES hardware. */ if (aes_is_fine) { return candidate; } if (candidate->algorithm_enc == SSL_CHACHA20POLY1305) { return candidate; } if (best == NULL) { best = candidate; } } return best; }
static int test_get_u(void) { static const uint8_t kData[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}; uint8_t u8; uint16_t u16; uint32_t u32; CBS data; CBS_init(&data, kData, sizeof(kData)); return CBS_get_u8(&data, &u8) && u8 == 1 && CBS_get_u16(&data, &u16) && u16 == 0x203 && CBS_get_u24(&data, &u32) && u32 == 0x40506 && CBS_get_u32(&data, &u32) && u32 == 0x708090a && !CBS_get_u8(&data, &u8); }