int ssl_get_new_session(SSL *s, int session)
{
/* This gets used by clients and servers. */
SSL_SESSION *ss = NULL;
if ((ss = SSL_SESSION_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
ERR_R_MALLOC_FAILURE);
return 0;
}
/* If the context has a default timeout, use it */
if (s->session_ctx->session_timeout == 0)
ss->timeout = SSL_get_default_timeout(s);
else
ss->timeout = s->session_ctx->session_timeout;
SSL_SESSION_free(s->session);
s->session = NULL;
if (session) {
if (!ssl_generate_session_id(s, ss)) {
/* SSLfatal() already called */
SSL_SESSION_free(ss);
return 0;
}
if (s->ext.hostname) {
ss->ext.hostname = OPENSSL_strdup(s->ext.hostname);
if (ss->ext.hostname == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
}
}
} else {
ss->session_id_length = 0;
}
if (s->sid_ctx_length > sizeof ss->sid_ctx) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
}
memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
ss->sid_ctx_length = s->sid_ctx_length;
s->session = ss;
ss->ssl_version = s->version;
ss->verify_result = X509_V_OK;
/* If client supports extended master secret set it in session */
if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
ss->flags |= SSL_SESS_FLAG_EXTMS;
return 1;
}
int ssl_get_new_session(SSL *ssl, int is_server) {
if (ssl->mode & SSL_MODE_NO_SESSION_CREATION) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SESSION_MAY_NOT_BE_CREATED);
return 0;
}
SSL_SESSION *session = SSL_SESSION_new();
if (session == NULL) {
return 0;
}
/* If the context has a default timeout, use it over the default. */
if (ssl->initial_ctx->session_timeout != 0) {
session->timeout = ssl->initial_ctx->session_timeout;
}
session->ssl_version = ssl->version;
if (is_server) {
if (ssl->tlsext_ticket_expected) {
/* Don't set session IDs for sessions resumed with tickets. This will keep
* them out of the session cache. */
session->session_id_length = 0;
} else {
session->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
if (!RAND_bytes(session->session_id, session->session_id_length)) {
goto err;
}
}
if (ssl->tlsext_hostname != NULL) {
session->tlsext_hostname = BUF_strdup(ssl->tlsext_hostname);
if (session->tlsext_hostname == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
}
} else {
session->session_id_length = 0;
}
if (ssl->sid_ctx_length > sizeof(session->sid_ctx)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
goto err;
}
memcpy(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length);
session->sid_ctx_length = ssl->sid_ctx_length;
session->verify_result = X509_V_OK;
SSL_SESSION_free(ssl->session);
ssl->session = session;
return 1;
err:
SSL_SESSION_free(session);
return 0;
}
/* If the length actually fits in one byte (which it should), do
* it that way. Else, leave it indeterminate and add two
* end-of-contents octets to mark the end of the SEQUENCE. */
if (!buf_error(buf) && buf->pos <= 0x80)
buf->data[1] = buf->pos - 2;
else
buf_append_bytes(buf, "\0\0", 2);
if (buf_error(buf)) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to create SSL_SESSION ASN.1 for OpenSSL: %s\n"),
strerror(buf_error(buf)));
buf_free(buf);
return NULL;
}
asn = (void *)buf->data;
dtls_session = d2i_SSL_SESSION(NULL, &asn, buf->pos);
buf_free(buf);
if (!dtls_session) {
vpn_progress(vpninfo, PRG_ERR,
_("OpenSSL failed to parse SSL_SESSION ASN.1\n"));
openconnect_report_ssl_errors(vpninfo);
return NULL;
}
return dtls_session;
}
#else /* OpenSSL before 1.1 */
static SSL_SESSION *generate_dtls_session(struct openconnect_info *vpninfo,
int dtlsver, const SSL_CIPHER *cipher)
{
SSL_SESSION *dtls_session = SSL_SESSION_new();
if (!dtls_session) {
vpn_progress(vpninfo, PRG_ERR,
_("Initialise DTLSv1 session failed\n"));
return NULL;
}
dtls_session->ssl_version = dtlsver;
dtls_session->master_key_length = sizeof(vpninfo->dtls_secret);
memcpy(dtls_session->master_key, vpninfo->dtls_secret,
sizeof(vpninfo->dtls_secret));
dtls_session->session_id_length = sizeof(vpninfo->dtls_session_id);
memcpy(dtls_session->session_id, vpninfo->dtls_session_id,
sizeof(vpninfo->dtls_session_id));
dtls_session->cipher = (SSL_CIPHER *)cipher;
dtls_session->cipher_id = cipher->id;
return dtls_session;
}
static int test_handshake_secrets(void)
{
SSL_CTX *ctx = NULL;
SSL *s = NULL;
int ret = 0;
size_t hashsize;
unsigned char out_master_secret[EVP_MAX_MD_SIZE];
size_t master_secret_length;
ctx = SSL_CTX_new(TLS_method());
if (!TEST_ptr(ctx))
goto err;
s = SSL_new(ctx);
if (!TEST_ptr(s ))
goto err;
s->session = SSL_SESSION_new();
if (!TEST_ptr(s->session))
goto err;
if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
(unsigned char *)&s->early_secret))) {
TEST_info("Early secret generation failed");
goto err;
}
if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
early_secret, sizeof(early_secret))) {
TEST_info("Early secret does not match");
goto err;
}
if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
sizeof(ecdhe_secret)))) {
TEST_info("Hanshake secret generation failed");
goto err;
}
if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
handshake_secret, sizeof(handshake_secret)))
goto err;
hashsize = EVP_MD_size(ssl_handshake_md(s));
if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
goto err;
if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
goto err;
if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
goto err;
if (!TEST_true(test_secret(s, s->handshake_secret,
(unsigned char *)client_hts_label,
strlen(client_hts_label), client_hts,
client_hts_key, client_hts_iv))) {
TEST_info("Client handshake secret test failed");
goto err;
}
if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
goto err;
if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
goto err;
if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
goto err;
if (!TEST_true(test_secret(s, s->handshake_secret,
(unsigned char *)server_hts_label,
strlen(server_hts_label), server_hts,
server_hts_key, server_hts_iv))) {
TEST_info("Server handshake secret test failed");
goto err;
}
/*
* Ensure the mocked out ssl_handshake_hash() returns the full handshake
* hash.
*/
full_hash = 1;
if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
s->handshake_secret, hashsize,
&master_secret_length))) {
TEST_info("Master secret generation failed");
goto err;
}
if (!TEST_mem_eq(out_master_secret, master_secret_length,
master_secret, sizeof(master_secret))) {
TEST_info("Master secret does not match");
goto err;
}
if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
goto err;
if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
goto err;
if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
goto err;
if (!TEST_true(test_secret(s, out_master_secret,
(unsigned char *)client_ats_label,
strlen(client_ats_label), client_ats,
client_ats_key, client_ats_iv))) {
TEST_info("Client application data secret test failed");
goto err;
}
if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
goto err;
if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
goto err;
if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
goto err;
if (!TEST_true(test_secret(s, out_master_secret,
(unsigned char *)server_ats_label,
strlen(server_ats_label), server_ats,
server_ats_key, server_ats_iv))) {
TEST_info("Server application data secret test failed");
goto err;
}
ret = 1;
err:
SSL_free(s);
SSL_CTX_free(ctx);
return ret;
}
int MAIN(int argc, char **argv)
{
SSL_SESSION *x=NULL;
int ret=1,i,num,badops=0;
BIO *out=NULL;
int informat,outformat;
char *infile=NULL,*outfile=NULL,*context=NULL;
int cert=0,noout=0,text=0;
char **pp;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
argc--;
argv++;
num=0;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-text") == 0)
text= ++num;
else if (strcmp(*argv,"-cert") == 0)
cert= ++num;
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-context") == 0)
{
if(--argc < 1) goto bad;
context=*++argv;
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
for (pp=sess_id_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,*pp);
goto end;
}
ERR_load_crypto_strings();
x=load_sess_id(infile,informat);
if (x == NULL) { goto end; }
if(context)
{
x->sid_ctx_length=strlen(context);
if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
{
BIO_printf(bio_err,"Context too long\n");
goto end;
}
memcpy(x->sid_ctx,context,x->sid_ctx_length);
}
#ifdef undef
/* just testing for memory leaks :-) */
{
SSL_SESSION *s;
char buf[1024*10],*p;
int i;
s=SSL_SESSION_new();
p= &buf;
i=i2d_SSL_SESSION(x,&p);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
SSL_SESSION_free(s);
}
#endif
if (!noout || text)
{
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
}
if (text)
{
SSL_SESSION_print(out,x);
if (cert)
{
if (x->peer == NULL)
BIO_puts(out,"No certificate present\n");
else
X509_print(out,x->peer);
}
}
if (!noout && !cert)
{
if (outformat == FORMAT_ASN1)
i=(int)i2d_SSL_SESSION_bio(out,x);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_SSL_SESSION(out,x);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err,"unable to write SSL_SESSION\n");
goto end;
}
}
else if (!noout && (x->peer != NULL)) /* just print the certificate */
{
if (outformat == FORMAT_ASN1)
i=(int)i2d_X509_bio(out,x->peer);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_X509(out,x->peer);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err,"unable to write X509\n");
goto end;
}
}
ret=0;
end:
if (out != NULL) BIO_free_all(out);
if (x != NULL) SSL_SESSION_free(x);
EXIT(ret);
}
static int openssl_ssl_session_new(lua_State*L)
{
SSL_SESSION *ss = SSL_SESSION_new();
PUSH_OBJECT(ss, "openssl.ssl_session");
return 1;
}
static int test_handshake_secrets(void)
{
SSL_CTX *ctx = NULL;
SSL *s = NULL;
int ret = 0;
size_t hashsize;
unsigned char out_master_secret[EVP_MAX_MD_SIZE];
size_t master_secret_length;
ctx = SSL_CTX_new(TLS_method());
if (ctx == NULL)
goto err;
s = SSL_new(ctx);
if (s == NULL)
goto err;
s->session = SSL_SESSION_new();
if (s->session == NULL)
goto err;
if (!tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
(unsigned char *)&s->early_secret)) {
fprintf(stderr, "Early secret generation failed\n");
goto err;
}
if (memcmp(s->early_secret, early_secret, sizeof(early_secret)) != 0) {
fprintf(stderr, "Early secret does not match\n");
goto err;
}
if (!tls13_generate_handshake_secret(s, ecdhe_secret,
sizeof(ecdhe_secret))) {
fprintf(stderr, "Hanshake secret generation failed\n");
goto err;
}
if (memcmp(s->handshake_secret, handshake_secret,
sizeof(handshake_secret)) != 0) {
fprintf(stderr, "Handshake secret does not match\n");
goto err;
}
hashsize = EVP_MD_size(ssl_handshake_md(s));
if (sizeof(client_hts) != hashsize || sizeof(client_hts_key) != KEYLEN
|| sizeof(client_hts_iv) != IVLEN) {
fprintf(stderr, "Internal test error\n");
goto err;
}
if (!test_secret(s, s->handshake_secret, (unsigned char *)client_hts_label,
strlen(client_hts_label), client_hts, client_hts_key,
client_hts_iv)) {
fprintf(stderr, "Client handshake secret test failed\n");
goto err;
}
if (sizeof(server_hts) != hashsize || sizeof(server_hts_key) != KEYLEN
|| sizeof(server_hts_iv) != IVLEN) {
fprintf(stderr, "Internal test error\n");
goto err;
}
if (!test_secret(s, s->handshake_secret, (unsigned char *)server_hts_label,
strlen(server_hts_label), server_hts, server_hts_key,
server_hts_iv)) {
fprintf(stderr, "Server handshake secret test failed\n");
goto err;
}
/*
* Ensure the mocked out ssl_handshake_hash() returns the full handshake
* hash.
*/
full_hash = 1;
if (!tls13_generate_master_secret(s, out_master_secret,
s->handshake_secret, hashsize,
&master_secret_length)) {
fprintf(stderr, "Master secret generation failed\n");
goto err;
}
if (master_secret_length != sizeof(master_secret) ||
memcmp(out_master_secret, master_secret,
sizeof(master_secret)) != 0) {
fprintf(stderr, "Master secret does not match\n");
goto err;
}
if (sizeof(client_ats) != hashsize || sizeof(client_ats_key) != KEYLEN
|| sizeof(client_ats_iv) != IVLEN) {
fprintf(stderr, "Internal test error\n");
goto err;
}
if (!test_secret(s, out_master_secret, (unsigned char *)client_ats_label,
strlen(client_ats_label), client_ats, client_ats_key,
client_ats_iv)) {
fprintf(stderr, "Client application data secret test failed\n");
goto err;
}
if (sizeof(server_ats) != hashsize || sizeof(server_ats_key) != KEYLEN
|| sizeof(server_ats_iv) != IVLEN) {
fprintf(stderr, "Internal test error\n");
goto err;
}
if (!test_secret(s, out_master_secret, (unsigned char *)server_ats_label,
strlen(server_ats_label), server_ats, server_ats_key,
server_ats_iv)) {
fprintf(stderr, "Server application data secret test failed\n");
goto err;
}
ret = 1;
err:
SSL_free(s);
SSL_CTX_free(ctx);
return ret;
}
SSL_SESSION *
d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
{
CBS cbs, session, cipher_suite, session_id, master_key, peer_cert;
CBS hostname, ticket;
uint64_t version, tls_version, stime, timeout, verify_result, lifetime;
const unsigned char *peer_cert_bytes;
uint16_t cipher_value;
SSL_SESSION *s = NULL;
size_t data_len;
int present;
if (a != NULL)
s = *a;
if (s == NULL) {
if ((s = SSL_SESSION_new()) == NULL) {
SSLerrorx(ERR_R_MALLOC_FAILURE);
return (NULL);
}
}
CBS_init(&cbs, *pp, length);
if (!CBS_get_asn1(&cbs, &session, CBS_ASN1_SEQUENCE))
goto err;
/* Session ASN1 version. */
if (!CBS_get_asn1_uint64(&session, &version))
goto err;
if (version != SSL_SESSION_ASN1_VERSION)
goto err;
/* TLS/SSL Protocol Version. */
if (!CBS_get_asn1_uint64(&session, &tls_version))
goto err;
if (tls_version > INT_MAX)
goto err;
s->ssl_version = (int)tls_version;
/* Cipher suite. */
if (!CBS_get_asn1(&session, &cipher_suite, CBS_ASN1_OCTETSTRING))
goto err;
if (!CBS_get_u16(&cipher_suite, &cipher_value))
goto err;
if (CBS_len(&cipher_suite) != 0)
goto err;
/* XXX - populate cipher instead? */
s->cipher = NULL;
s->cipher_id = SSL3_CK_ID | cipher_value;
/* Session ID. */
if (!CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING))
goto err;
if (!CBS_write_bytes(&session_id, s->session_id, sizeof(s->session_id),
&data_len))
goto err;
if (data_len > UINT_MAX)
goto err;
s->session_id_length = (unsigned int)data_len;
/* Master key. */
if (!CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING))
goto err;
if (!CBS_write_bytes(&master_key, s->master_key, sizeof(s->master_key),
&data_len))
goto err;
if (data_len > INT_MAX)
goto err;
s->master_key_length = (int)data_len;
/* Time [1]. */
s->time = time(NULL);
if (!CBS_get_optional_asn1_uint64(&session, &stime, SSLASN1_TIME_TAG,
0))
goto err;
if (stime > time_max())
goto err;
if (stime != 0)
s->time = (time_t)stime;
/* Timeout [2]. */
s->timeout = 3;
if (!CBS_get_optional_asn1_uint64(&session, &timeout,
SSLASN1_TIMEOUT_TAG, 0))
goto err;
if (timeout > LONG_MAX)
goto err;
if (timeout != 0)
s->timeout = (long)timeout;
/* Peer certificate [3]. */
X509_free(s->peer);
s->peer = NULL;
if (!CBS_get_optional_asn1(&session, &peer_cert, &present,
SSLASN1_PEER_CERT_TAG))
goto err;
if (present) {
data_len = CBS_len(&peer_cert);
if (data_len > LONG_MAX)
goto err;
peer_cert_bytes = CBS_data(&peer_cert);
if (d2i_X509(&s->peer, &peer_cert_bytes,
(long)data_len) == NULL)
goto err;
}
/* Session ID context [4]. */
s->sid_ctx_length = 0;
if (!CBS_get_optional_asn1_octet_string(&session, &session_id, &present,
SSLASN1_SESSION_ID_CTX_TAG))
goto err;
if (present) {
if (!CBS_write_bytes(&session_id, (uint8_t *)&s->sid_ctx,
sizeof(s->sid_ctx), &data_len))
goto err;
if (data_len > UINT_MAX)
goto err;
s->sid_ctx_length = (unsigned int)data_len;
}
/* Verify result [5]. */
s->verify_result = X509_V_OK;
if (!CBS_get_optional_asn1_uint64(&session, &verify_result,
SSLASN1_VERIFY_RESULT_TAG, X509_V_OK))
goto err;
if (verify_result > LONG_MAX)
goto err;
s->verify_result = (long)verify_result;
/* Hostname [6]. */
free(s->tlsext_hostname);
s->tlsext_hostname = NULL;
if (!CBS_get_optional_asn1_octet_string(&session, &hostname, &present,
SSLASN1_HOSTNAME_TAG))
goto err;
if (present) {
if (CBS_contains_zero_byte(&hostname))
goto err;
if (!CBS_strdup(&hostname, &s->tlsext_hostname))
goto err;
}
/* PSK identity hint [7]. */
/* PSK identity [8]. */
/* Ticket lifetime [9]. */
s->tlsext_tick_lifetime_hint = 0;
/* XXX - tlsext_ticklen is not yet set... */
if (s->tlsext_ticklen > 0 && s->session_id_length > 0)
s->tlsext_tick_lifetime_hint = -1;
if (!CBS_get_optional_asn1_uint64(&session, &lifetime,
SSLASN1_LIFETIME_TAG, 0))
goto err;
if (lifetime > LONG_MAX)
goto err;
if (lifetime > 0)
s->tlsext_tick_lifetime_hint = (long)lifetime;
/* Ticket [10]. */
free(s->tlsext_tick);
s->tlsext_tick = NULL;
if (!CBS_get_optional_asn1_octet_string(&session, &ticket, &present,
SSLASN1_TICKET_TAG))
goto err;
if (present) {
if (!CBS_stow(&ticket, &s->tlsext_tick, &s->tlsext_ticklen))
goto err;
}
/* Compression method [11]. */
/* SRP username [12]. */
*pp = CBS_data(&cbs);
if (a != NULL)
*a = s;
return (s);
err:
ERR_asprintf_error_data("offset=%d", (int)(CBS_data(&cbs) - *pp));
if (s != NULL && (a == NULL || *a != s))
SSL_SESSION_free(s);
return (NULL);
}
int ssl_get_new_session(SSL *s, int session) {
/* This gets used by clients and servers. */
unsigned int tmp;
SSL_SESSION *ss = NULL;
GEN_SESSION_CB cb = def_generate_session_id;
if (s->mode & SSL_MODE_NO_SESSION_CREATION) {
OPENSSL_PUT_ERROR(SSL, ssl_get_new_session,
SSL_R_SESSION_MAY_NOT_BE_CREATED);
return 0;
}
ss = SSL_SESSION_new();
if (ss == NULL) {
return 0;
}
/* If the context has a default timeout, use it over the default. */
if (s->initial_ctx->session_timeout != 0) {
ss->timeout = s->initial_ctx->session_timeout;
}
if (s->session != NULL) {
SSL_SESSION_free(s->session);
s->session = NULL;
}
if (session) {
if (s->version == SSL3_VERSION || s->version == TLS1_VERSION ||
s->version == TLS1_1_VERSION || s->version == TLS1_2_VERSION ||
s->version == DTLS1_VERSION || s->version == DTLS1_2_VERSION) {
ss->ssl_version = s->version;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else {
OPENSSL_PUT_ERROR(SSL, ssl_get_new_session,
SSL_R_UNSUPPORTED_SSL_VERSION);
SSL_SESSION_free(ss);
return 0;
}
/* If RFC4507 ticket use empty session ID */
if (s->tlsext_ticket_expected) {
ss->session_id_length = 0;
goto sess_id_done;
}
/* Choose which callback will set the session ID */
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
if (s->generate_session_id) {
cb = s->generate_session_id;
} else if (s->initial_ctx->generate_session_id) {
cb = s->initial_ctx->generate_session_id;
}
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
/* Choose a session ID */
tmp = ss->session_id_length;
if (!cb(s, ss->session_id, &tmp)) {
/* The callback failed */
OPENSSL_PUT_ERROR(SSL, ssl_get_new_session,
SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
SSL_SESSION_free(ss);
return 0;
}
/* Don't allow the callback to set the session length to zero. nor set it
* higher than it was. */
if (!tmp || tmp > ss->session_id_length) {
/* The callback set an illegal length */
OPENSSL_PUT_ERROR(SSL, ssl_get_new_session,
SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
SSL_SESSION_free(ss);
return 0;
}
ss->session_id_length = tmp;
/* Finally, check for a conflict */
if (SSL_has_matching_session_id(s, ss->session_id, ss->session_id_length)) {
OPENSSL_PUT_ERROR(SSL, ssl_get_new_session,
SSL_R_SSL_SESSION_ID_CONFLICT);
SSL_SESSION_free(ss);
return 0;
}
sess_id_done:
if (s->tlsext_hostname) {
ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
if (ss->tlsext_hostname == NULL) {
OPENSSL_PUT_ERROR(SSL, ssl_get_new_session, ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
}
}
} else {
ss->session_id_length = 0;
}
if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
OPENSSL_PUT_ERROR(SSL, ssl_get_new_session, ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
}
memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
ss->sid_ctx_length = s->sid_ctx_length;
s->session = ss;
ss->ssl_version = s->version;
ss->verify_result = X509_V_OK;
return 1;
}
int ssl_get_new_session(SSL *s, int session)
{
/* This gets used by clients and servers. */
unsigned int tmp;
SSL_SESSION *ss = NULL;
GEN_SESSION_CB cb = def_generate_session_id;
if ((ss = SSL_SESSION_new()) == NULL)
return (0);
/* If the context has a default timeout, use it */
if (s->session_ctx->session_timeout == 0)
ss->timeout = SSL_get_default_timeout(s);
else
ss->timeout = s->session_ctx->session_timeout;
SSL_SESSION_free(s->session);
s->session = NULL;
if (session) {
if (s->version == SSL3_VERSION) {
ss->ssl_version = SSL3_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == TLS1_VERSION) {
ss->ssl_version = TLS1_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == TLS1_1_VERSION) {
ss->ssl_version = TLS1_1_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == TLS1_2_VERSION) {
ss->ssl_version = TLS1_2_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == TLS1_3_VERSION) {
ss->ssl_version = TLS1_3_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == DTLS1_BAD_VER) {
ss->ssl_version = DTLS1_BAD_VER;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == DTLS1_VERSION) {
ss->ssl_version = DTLS1_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == DTLS1_2_VERSION) {
ss->ssl_version = DTLS1_2_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
SSL_SESSION_free(ss);
return (0);
}
/*-
* If RFC5077 ticket, use empty session ID (as server).
* Note that:
* (a) ssl_get_prev_session() does lookahead into the
* ClientHello extensions to find the session ticket.
* When ssl_get_prev_session() fails, statem_srvr.c calls
* ssl_get_new_session() in tls_process_client_hello().
* At that point, it has not yet parsed the extensions,
* however, because of the lookahead, it already knows
* whether a ticket is expected or not.
*
* (b) statem_clnt.c calls ssl_get_new_session() before parsing
* ServerHello extensions, and before recording the session
* ID received from the server, so this block is a noop.
*/
if (s->ext.ticket_expected) {
ss->session_id_length = 0;
goto sess_id_done;
}
/* Choose which callback will set the session ID */
CRYPTO_THREAD_read_lock(s->lock);
CRYPTO_THREAD_read_lock(s->session_ctx->lock);
if (s->generate_session_id)
cb = s->generate_session_id;
else if (s->session_ctx->generate_session_id)
cb = s->session_ctx->generate_session_id;
CRYPTO_THREAD_unlock(s->session_ctx->lock);
CRYPTO_THREAD_unlock(s->lock);
/* Choose a session ID */
memset(ss->session_id, 0, ss->session_id_length);
tmp = (int)ss->session_id_length;
if (!cb(s, ss->session_id, &tmp)) {
/* The callback failed */
SSLerr(SSL_F_SSL_GET_NEW_SESSION,
SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
SSL_SESSION_free(ss);
return (0);
}
/*
* Don't allow the callback to set the session length to zero. nor
* set it higher than it was.
*/
if (tmp == 0 || tmp > ss->session_id_length) {
/* The callback set an illegal length */
SSLerr(SSL_F_SSL_GET_NEW_SESSION,
SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
SSL_SESSION_free(ss);
return (0);
}
ss->session_id_length = tmp;
/* Finally, check for a conflict */
if (SSL_has_matching_session_id(s, ss->session_id,
(unsigned int)ss->session_id_length)) {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_SSL_SESSION_ID_CONFLICT);
SSL_SESSION_free(ss);
return (0);
}
sess_id_done:
if (s->ext.hostname) {
ss->ext.hostname = OPENSSL_strdup(s->ext.hostname);
if (ss->ext.hostname == NULL) {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
}
}
} else {
ss->session_id_length = 0;
}
if (s->sid_ctx_length > sizeof ss->sid_ctx) {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
}
memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
ss->sid_ctx_length = s->sid_ctx_length;
s->session = ss;
ss->ssl_version = s->version;
ss->verify_result = X509_V_OK;
/* If client supports extended master secret set it in session */
if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
ss->flags |= SSL_SESS_FLAG_EXTMS;
return (1);
}
int connect_dtls_socket(struct openconnect_info *vpninfo)
{
STACK_OF(SSL_CIPHER) *ciphers;
method_const SSL_METHOD *dtls_method;
SSL_CIPHER *dtls_cipher;
SSL *dtls_ssl;
BIO *dtls_bio;
int dtls_fd;
if (!vpninfo->dtls_addr) {
vpn_progress(vpninfo, PRG_ERR, _("No DTLS address\n"));
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
if (!vpninfo->dtls_cipher) {
/* We probably didn't offer it any ciphers it liked */
vpn_progress(vpninfo, PRG_ERR, _("Server offered no DTLS cipher option\n"));
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
if (vpninfo->proxy) {
/* XXX: Theoretically, SOCKS5 proxies can do UDP too */
vpn_progress(vpninfo, PRG_ERR, _("No DTLS when connected via proxy\n"));
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
dtls_fd = socket(vpninfo->peer_addr->sa_family, SOCK_DGRAM, IPPROTO_UDP);
if (dtls_fd < 0) {
perror(_("Open UDP socket for DTLS:"));
return -EINVAL;
}
if (connect(dtls_fd, vpninfo->dtls_addr, vpninfo->peer_addrlen)) {
perror(_("UDP (DTLS) connect:\n"));
close(dtls_fd);
return -EINVAL;
}
fcntl(dtls_fd, F_SETFD, FD_CLOEXEC);
if (!vpninfo->dtls_ctx) {
dtls_method = DTLSv1_client_method();
vpninfo->dtls_ctx = SSL_CTX_new(dtls_method);
if (!vpninfo->dtls_ctx) {
vpn_progress(vpninfo, PRG_ERR,
_("Initialise DTLSv1 CTX failed\n"));
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
/* If we don't readahead, then we do short reads and throw
away the tail of data packets. */
SSL_CTX_set_read_ahead(vpninfo->dtls_ctx, 1);
if (!SSL_CTX_set_cipher_list(vpninfo->dtls_ctx, vpninfo->dtls_cipher)) {
vpn_progress(vpninfo, PRG_ERR,
_("Set DTLS cipher list failed\n"));
SSL_CTX_free(vpninfo->dtls_ctx);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
}
if (!vpninfo->dtls_session) {
/* We're going to "resume" a session which never existed. Fake it... */
vpninfo->dtls_session = SSL_SESSION_new();
if (!vpninfo->dtls_session) {
vpn_progress(vpninfo, PRG_ERR,
_("Initialise DTLSv1 session failed\n"));
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
vpninfo->dtls_session->ssl_version = 0x0100; /* DTLS1_BAD_VER */
}
/* Do this every time; it may have changed due to a rekey */
vpninfo->dtls_session->master_key_length = sizeof(vpninfo->dtls_secret);
memcpy(vpninfo->dtls_session->master_key, vpninfo->dtls_secret,
sizeof(vpninfo->dtls_secret));
vpninfo->dtls_session->session_id_length = sizeof(vpninfo->dtls_session_id);
memcpy(vpninfo->dtls_session->session_id, vpninfo->dtls_session_id,
sizeof(vpninfo->dtls_session_id));
dtls_ssl = SSL_new(vpninfo->dtls_ctx);
SSL_set_connect_state(dtls_ssl);
ciphers = SSL_get_ciphers(dtls_ssl);
if (sk_SSL_CIPHER_num(ciphers) != 1) {
vpn_progress(vpninfo, PRG_ERR, _("Not precisely one DTLS cipher\n"));
SSL_CTX_free(vpninfo->dtls_ctx);
SSL_free(dtls_ssl);
SSL_SESSION_free(vpninfo->dtls_session);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_session = NULL;
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
dtls_cipher = sk_SSL_CIPHER_value(ciphers, 0);
/* Set the appropriate cipher on our session to be resumed */
vpninfo->dtls_session->cipher = dtls_cipher;
vpninfo->dtls_session->cipher_id = dtls_cipher->id;
/* Add the generated session to the SSL */
if (!SSL_set_session(dtls_ssl, vpninfo->dtls_session)) {
vpn_progress(vpninfo, PRG_ERR,
_("SSL_set_session() failed with old protocol version 0x%x\n"
"Are you using a version of OpenSSL older than 0.9.8m?\n"
"See http://rt.openssl.org/Ticket/Display.html?id=1751\n"
"Use the --no-dtls command line option to avoid this message\n"),
vpninfo->dtls_session->ssl_version);
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
/* Go Go Go! */
dtls_bio = BIO_new_socket(dtls_fd, BIO_NOCLOSE);
SSL_set_bio(dtls_ssl, dtls_bio, dtls_bio);
SSL_set_options(dtls_ssl, SSL_OP_CISCO_ANYCONNECT);
/* Set non-blocking */
BIO_set_nbio(SSL_get_rbio(dtls_ssl), 1);
BIO_set_nbio(SSL_get_wbio(dtls_ssl), 1);
fcntl(dtls_fd, F_SETFL, fcntl(dtls_fd, F_GETFL) | O_NONBLOCK);
vpninfo->new_dtls_fd = dtls_fd;
vpninfo->new_dtls_ssl = dtls_ssl;
if (vpninfo->select_nfds <= dtls_fd)
vpninfo->select_nfds = dtls_fd + 1;
FD_SET(dtls_fd, &vpninfo->select_rfds);
FD_SET(dtls_fd, &vpninfo->select_efds);
time(&vpninfo->new_dtls_started);
return dtls_try_handshake(vpninfo);
}
static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd)
{
STACK_OF(SSL_CIPHER) *ciphers;
method_const SSL_METHOD *dtls_method;
SSL_CIPHER *dtls_cipher;
SSL *dtls_ssl;
BIO *dtls_bio;
if (!vpninfo->dtls_ctx) {
dtls_method = DTLSv1_client_method();
vpninfo->dtls_ctx = SSL_CTX_new(dtls_method);
if (!vpninfo->dtls_ctx) {
vpn_progress(vpninfo, PRG_ERR,
_("Initialise DTLSv1 CTX failed\n"));
openconnect_report_ssl_errors(vpninfo);
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
/* If we don't readahead, then we do short reads and throw
away the tail of data packets. */
SSL_CTX_set_read_ahead(vpninfo->dtls_ctx, 1);
if (!SSL_CTX_set_cipher_list(vpninfo->dtls_ctx, vpninfo->dtls_cipher)) {
vpn_progress(vpninfo, PRG_ERR,
_("Set DTLS cipher list failed\n"));
SSL_CTX_free(vpninfo->dtls_ctx);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
}
if (!vpninfo->dtls_session) {
/* We're going to "resume" a session which never existed. Fake it... */
vpninfo->dtls_session = SSL_SESSION_new();
if (!vpninfo->dtls_session) {
vpn_progress(vpninfo, PRG_ERR,
_("Initialise DTLSv1 session failed\n"));
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
vpninfo->dtls_session->ssl_version = 0x0100; /* DTLS1_BAD_VER */
}
/* Do this every time; it may have changed due to a rekey */
vpninfo->dtls_session->master_key_length = sizeof(vpninfo->dtls_secret);
memcpy(vpninfo->dtls_session->master_key, vpninfo->dtls_secret,
sizeof(vpninfo->dtls_secret));
vpninfo->dtls_session->session_id_length = sizeof(vpninfo->dtls_session_id);
memcpy(vpninfo->dtls_session->session_id, vpninfo->dtls_session_id,
sizeof(vpninfo->dtls_session_id));
dtls_ssl = SSL_new(vpninfo->dtls_ctx);
SSL_set_connect_state(dtls_ssl);
ciphers = SSL_get_ciphers(dtls_ssl);
if (sk_SSL_CIPHER_num(ciphers) != 1) {
vpn_progress(vpninfo, PRG_ERR, _("Not precisely one DTLS cipher\n"));
SSL_CTX_free(vpninfo->dtls_ctx);
SSL_free(dtls_ssl);
SSL_SESSION_free(vpninfo->dtls_session);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_session = NULL;
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
dtls_cipher = sk_SSL_CIPHER_value(ciphers, 0);
/* Set the appropriate cipher on our session to be resumed */
vpninfo->dtls_session->cipher = dtls_cipher;
vpninfo->dtls_session->cipher_id = dtls_cipher->id;
/* Add the generated session to the SSL */
if (!SSL_set_session(dtls_ssl, vpninfo->dtls_session)) {
vpn_progress(vpninfo, PRG_ERR,
_("SSL_set_session() failed with old protocol version 0x%x\n"
"Are you using a version of OpenSSL older than 0.9.8m?\n"
"See http://rt.openssl.org/Ticket/Display.html?id=1751\n"
"Use the --no-dtls command line option to avoid this message\n"),
vpninfo->dtls_session->ssl_version);
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
dtls_bio = BIO_new_socket(dtls_fd, BIO_NOCLOSE);
/* Set non-blocking */
BIO_set_nbio(dtls_bio, 1);
SSL_set_bio(dtls_ssl, dtls_bio, dtls_bio);
SSL_set_options(dtls_ssl, SSL_OP_CISCO_ANYCONNECT);
vpninfo->new_dtls_ssl = dtls_ssl;
return 0;
}
int
ssl_get_new_session(SSL *s, int session)
{
unsigned int tmp;
SSL_SESSION *ss = NULL;
GEN_SESSION_CB cb = def_generate_session_id;
/* This gets used by clients and servers. */
if ((ss = SSL_SESSION_new()) == NULL)
return (0);
/* If the context has a default timeout, use it */
if (s->session_ctx->session_timeout == 0)
ss->timeout = SSL_get_default_timeout(s);
else
ss->timeout = s->session_ctx->session_timeout;
if (s->session != NULL) {
SSL_SESSION_free(s->session);
s->session = NULL;
}
if (session) {
switch (s->version) {
case TLS1_VERSION:
case TLS1_1_VERSION:
case TLS1_2_VERSION:
case DTLS1_VERSION:
ss->ssl_version = s->version;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
break;
default:
SSLerror(s, SSL_R_UNSUPPORTED_SSL_VERSION);
SSL_SESSION_free(ss);
return (0);
}
/* If RFC4507 ticket use empty session ID. */
if (s->internal->tlsext_ticket_expected) {
ss->session_id_length = 0;
goto sess_id_done;
}
/* Choose which callback will set the session ID. */
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
if (s->internal->generate_session_id)
cb = s->internal->generate_session_id;
else if (s->session_ctx->internal->generate_session_id)
cb = s->session_ctx->internal->generate_session_id;
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
/* Choose a session ID. */
tmp = ss->session_id_length;
if (!cb(s, ss->session_id, &tmp)) {
/* The callback failed */
SSLerror(s, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
SSL_SESSION_free(ss);
return (0);
}
/*
* Don't allow the callback to set the session length to zero.
* nor set it higher than it was.
*/
if (!tmp || (tmp > ss->session_id_length)) {
/* The callback set an illegal length */
SSLerror(s, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
SSL_SESSION_free(ss);
return (0);
}
ss->session_id_length = tmp;
/* Finally, check for a conflict. */
if (SSL_has_matching_session_id(s, ss->session_id,
ss->session_id_length)) {
SSLerror(s, SSL_R_SSL_SESSION_ID_CONFLICT);
SSL_SESSION_free(ss);
return (0);
}
sess_id_done:
if (s->tlsext_hostname) {
ss->tlsext_hostname = strdup(s->tlsext_hostname);
if (ss->tlsext_hostname == NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
}
}
} else {
ss->session_id_length = 0;
}
if (s->sid_ctx_length > sizeof ss->sid_ctx) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
}
memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
ss->sid_ctx_length = s->sid_ctx_length;
s->session = ss;
ss->ssl_version = s->version;
ss->verify_result = X509_V_OK;
return (1);
}