Exemple #1
0
int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
{
    /* Internal API, so should not fail */
    if (!ossl_assert(pkt->subs != NULL && len != 0))
        return 0;

    if (pkt->maxsize - pkt->written < len)
        return 0;

    if (pkt->staticbuf == NULL && (pkt->buf->length - pkt->written < len)) {
        size_t newlen;
        size_t reflen;

        reflen = (len > pkt->buf->length) ? len : pkt->buf->length;

        if (reflen > SIZE_MAX / 2) {
            newlen = SIZE_MAX;
        } else {
            newlen = reflen * 2;
            if (newlen < DEFAULT_BUF_SIZE)
                newlen = DEFAULT_BUF_SIZE;
        }
        if (BUF_MEM_grow(pkt->buf, newlen) == 0)
            return 0;
    }
    if (allocbytes != NULL)
        *allocbytes = WPACKET_get_curr(pkt);

    return 1;
}
Exemple #2
0
/*
 * Construct the pre_shared_key extension
 */
int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,
                           size_t chainidx, int *al)
{
#ifndef OPENSSL_NO_TLS1_3
    uint32_t now, agesec, agems;
    size_t hashsize, binderoffset, msglen;
    unsigned char *binder = NULL, *msgstart = NULL;
    const EVP_MD *md;
    int ret = 0;

    s->session->ext.tick_identity = TLSEXT_PSK_BAD_IDENTITY;

    /*
     * If this is an incompatible or new session then we have nothing to resume
     * so don't add this extension.
     */
    if (s->session->ssl_version != TLS1_3_VERSION
            || s->session->ext.ticklen == 0)
        return 1;

    if (s->session->cipher == NULL) {
        SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
        goto err;
    }

    md = ssl_md(s->session->cipher->algorithm2);
    if (md == NULL) {
        /* Don't recognise this cipher so we can't use the session. Ignore it */
        return 1;
    }

    /*
     * Technically the C standard just says time() returns a time_t and says
     * nothing about the encoding of that type. In practice most implementations
     * follow POSIX which holds it as an integral type in seconds since epoch.
     * We've already made the assumption that we can do this in multiple places
     * in the code, so portability shouldn't be an issue.
     */
    now = (uint32_t)time(NULL);
    agesec = now - (uint32_t)s->session->time;

    if (s->session->ext.tick_lifetime_hint < agesec) {
        /* Ticket is too old. Ignore it. */
        return 1;
    }

    /*
     * Calculate age in ms. We're just doing it to nearest second. Should be
     * good enough.
     */
    agems = agesec * (uint32_t)1000;

    if (agesec != 0 && agems / (uint32_t)1000 != agesec) {
        /*
         * Overflow. Shouldn't happen unless this is a *really* old session. If
         * so we just ignore it.
         */
        return 1;
    }

    /*
     * Obfuscate the age. Overflow here is fine, this addition is supposed to
     * be mod 2^32.
     */
    agems += s->session->ext.tick_age_add;

    hashsize = EVP_MD_size(md);

    /* Create the extension, but skip over the binder for now */
    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk)
            || !WPACKET_start_sub_packet_u16(pkt)
            || !WPACKET_start_sub_packet_u16(pkt)
            || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick,
                                       s->session->ext.ticklen)
            || !WPACKET_put_bytes_u32(pkt, agems)
            || !WPACKET_close(pkt)
            || !WPACKET_get_total_written(pkt, &binderoffset)
            || !WPACKET_start_sub_packet_u16(pkt)
            || !WPACKET_sub_allocate_bytes_u8(pkt, hashsize, &binder)
            || !WPACKET_close(pkt)
            || !WPACKET_close(pkt)
            || !WPACKET_get_total_written(pkt, &msglen)
               /*
                * We need to fill in all the sub-packet lengths now so we can
                * calculate the HMAC of the message up to the binders
                */
            || !WPACKET_fill_lengths(pkt)) {
        SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
        goto err;
    }

    msgstart = WPACKET_get_curr(pkt) - msglen;

    if (tls_psk_do_binder(s, md, msgstart, binderoffset, NULL, binder,
                          s->session, 1) != 1) {
        SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
        goto err;
    }

    s->session->ext.tick_identity = 0;

    ret = 1;
 err:
    return ret;
#else
    return 1;
#endif
}