static int test_PACKET_get_net_4() { unsigned long i; PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) || !TEST_true(PACKET_get_net_4(&pkt, &i)) || !TEST_ulong_eq(i, 0x02040608UL) || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) || !TEST_true(PACKET_get_net_4(&pkt, &i)) || !TEST_ulong_eq(i, 0xf8fafcfeUL) || !TEST_false(PACKET_get_net_4(&pkt, &i))) return 0; return 1; }
static int test_PACKET_get_net_4(PACKET *pkt, size_t start) { unsigned long i; if ( !PACKET_goto_bookmark(pkt, start) || !PACKET_get_net_4(pkt, &i) || i != 0x02040608UL || !PACKET_forward(pkt, BUF_LEN - 8) || !PACKET_get_net_4(pkt, &i) || i != 0xf8fafcfeUL || PACKET_get_net_4(pkt, &i)) { fprintf(stderr, "test_PACKET_get_net_4() failed\n"); return 0; } return 1; }
static int test_PACKET_get_net_4(unsigned char buf[BUF_LEN]) { unsigned long i; PACKET pkt; if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) || !PACKET_get_net_4(&pkt, &i) || i != 0x02040608UL || !PACKET_forward(&pkt, BUF_LEN - 8) || !PACKET_get_net_4(&pkt, &i) || i != 0xf8fafcfeUL || PACKET_get_net_4(&pkt, &i)) { fprintf(stderr, "test_PACKET_get_net_4() failed\n"); return 0; } return 1; }
static int test_PACKET_get_sub_packet() { PACKET pkt, subpkt; unsigned long i; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) || !TEST_true(PACKET_get_sub_packet(&pkt, &subpkt, 4)) || !TEST_true(PACKET_get_net_4(&subpkt, &i)) || !TEST_ulong_eq(i, 0x02040608UL) || !TEST_size_t_eq(PACKET_remaining(&subpkt), 0) || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) || !TEST_true(PACKET_get_sub_packet(&pkt, &subpkt, 4)) || !TEST_true(PACKET_get_net_4(&subpkt, &i)) || !TEST_ulong_eq(i, 0xf8fafcfeUL) || !TEST_size_t_eq(PACKET_remaining(&subpkt), 0) || !TEST_false(PACKET_get_sub_packet(&pkt, &subpkt, 4))) return 0; return 1; }
static int test_PACKET_get_sub_packet(unsigned char buf[BUF_LEN]) { PACKET pkt, subpkt; unsigned long i; if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) || !PACKET_get_sub_packet(&pkt, &subpkt, 4) || !PACKET_get_net_4(&subpkt, &i) || i != 0x02040608UL || PACKET_remaining(&subpkt) || !PACKET_forward(&pkt, BUF_LEN - 8) || !PACKET_get_sub_packet(&pkt, &subpkt, 4) || !PACKET_get_net_4(&subpkt, &i) || i != 0xf8fafcfeUL || PACKET_remaining(&subpkt) || PACKET_get_sub_packet(&pkt, &subpkt, 4)) { fprintf(stderr, "test_PACKET_get_sub_packet() failed\n"); return 0; } return 1; }
static int test_PACKET_get_sub_packet(PACKET *pkt, size_t start) { PACKET subpkt; unsigned long i; if ( !PACKET_goto_bookmark(pkt, start) || !PACKET_get_sub_packet(pkt, &subpkt, 4) || !PACKET_get_net_4(&subpkt, &i) || i != 0x02040608UL || PACKET_remaining(&subpkt) || !PACKET_forward(pkt, BUF_LEN - 8) || !PACKET_get_sub_packet(pkt, &subpkt, 4) || !PACKET_get_net_4(&subpkt, &i) || i != 0xf8fafcfeUL || PACKET_remaining(&subpkt) || PACKET_get_sub_packet(pkt, &subpkt, 4)) { fprintf(stderr, "test_PACKET_get_sub_packet() failed\n"); return 0; } return 1; }
int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { PACKET identities, binders, binder; size_t binderoffset, hashsize; SSL_SESSION *sess = NULL; unsigned int id, i, ext = 0; const EVP_MD *md = NULL; /* * If we have no PSK kex mode that we recognise then we can't resume so * ignore this extension */ if ((s->ext.psk_kex_mode & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0) return 1; if (!PACKET_get_length_prefixed_2(pkt, &identities)) { *al = SSL_AD_DECODE_ERROR; return 0; } for (id = 0; PACKET_remaining(&identities) != 0; id++) { PACKET identity; unsigned long ticket_agel; if (!PACKET_get_length_prefixed_2(&identities, &identity) || !PACKET_get_net_4(&identities, &ticket_agel)) { *al = SSL_AD_DECODE_ERROR; return 0; } if (s->psk_find_session_cb != NULL && !s->psk_find_session_cb(s, PACKET_data(&identity), PACKET_remaining(&identity), &sess)) { *al = SSL_AD_INTERNAL_ERROR; return 0; } if (sess != NULL) { /* We found a PSK */ SSL_SESSION *sesstmp = ssl_session_dup(sess, 0); if (sesstmp == NULL) { *al = SSL_AD_INTERNAL_ERROR; return 0; } SSL_SESSION_free(sess); sess = sesstmp; /* * We've just been told to use this session for this context so * make sure the sid_ctx matches up. */ memcpy(sess->sid_ctx, s->sid_ctx, s->sid_ctx_length); sess->sid_ctx_length = s->sid_ctx_length; ext = 1; } else { uint32_t ticket_age = 0, now, agesec, agems; int ret = tls_decrypt_ticket(s, PACKET_data(&identity), PACKET_remaining(&identity), NULL, 0, &sess); if (ret == TICKET_FATAL_ERR_MALLOC || ret == TICKET_FATAL_ERR_OTHER) { *al = SSL_AD_INTERNAL_ERROR; return 0; } if (ret == TICKET_NO_DECRYPT) continue; ticket_age = (uint32_t)ticket_agel; now = (uint32_t)time(NULL); agesec = now - (uint32_t)sess->time; agems = agesec * (uint32_t)1000; ticket_age -= sess->ext.tick_age_add; /* * For simplicity we do our age calculations in seconds. If the * client does it in ms then it could appear that their ticket age * is longer than ours (our ticket age calculation should always be * slightly longer than the client's due to the network latency). * Therefore we add 1000ms to our age calculation to adjust for * rounding errors. */ if (sess->timeout >= (long)agesec && agems / (uint32_t)1000 == agesec && ticket_age <= agems + 1000 && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) { /* * Ticket age is within tolerance and not expired. We allow it * for early data */ s->ext.early_data_ok = 1; } } md = ssl_md(sess->cipher->algorithm2); if (md != ssl_md(s->s3->tmp.new_cipher->algorithm2)) { /* The ciphersuite is not compatible with this session. */ SSL_SESSION_free(sess); sess = NULL; continue; } break; } if (sess == NULL) return 1; binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data; hashsize = EVP_MD_size(md); if (!PACKET_get_length_prefixed_2(pkt, &binders)) { *al = SSL_AD_DECODE_ERROR; goto err; } for (i = 0; i <= id; i++) { if (!PACKET_get_length_prefixed_1(&binders, &binder)) { *al = SSL_AD_DECODE_ERROR; goto err; } } if (PACKET_remaining(&binder) != hashsize || tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data, binderoffset, PACKET_data(&binder), NULL, sess, 0, ext) != 1) { *al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR); goto err; } sess->ext.tick_identity = id; SSL_SESSION_free(s->session); s->session = sess; return 1; err: SSL_SESSION_free(sess); return 0; }
int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { PACKET identities, binders, binder; size_t binderoffset, hashsize; SSL_SESSION *sess = NULL; unsigned int id, i; const EVP_MD *md = NULL; uint32_t ticket_age = 0, now, agesec, agems; /* * If we have no PSK kex mode that we recognise then we can't resume so * ignore this extension */ if ((s->ext.psk_kex_mode & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0) return 1; if (!PACKET_get_length_prefixed_2(pkt, &identities)) { *al = SSL_AD_DECODE_ERROR; return 0; } for (id = 0; PACKET_remaining(&identities) != 0; id++) { PACKET identity; unsigned long ticket_agel; int ret; if (!PACKET_get_length_prefixed_2(&identities, &identity) || !PACKET_get_net_4(&identities, &ticket_agel)) { *al = SSL_AD_DECODE_ERROR; return 0; } ticket_age = (uint32_t)ticket_agel; ret = tls_decrypt_ticket(s, PACKET_data(&identity), PACKET_remaining(&identity), NULL, 0, &sess); if (ret == TICKET_FATAL_ERR_MALLOC || ret == TICKET_FATAL_ERR_OTHER) { *al = SSL_AD_INTERNAL_ERROR; return 0; } if (ret == TICKET_NO_DECRYPT) continue; md = ssl_md(sess->cipher->algorithm2); if (md == NULL) { /* * Don't recognise this cipher so we can't use the session. * Ignore it */ SSL_SESSION_free(sess); sess = NULL; continue; } /* * TODO(TLS1.3): Somehow we need to handle the case of a ticket renewal. * Ignored for now */ break; } if (sess == NULL) return 1; binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data; hashsize = EVP_MD_size(md); if (!PACKET_get_length_prefixed_2(pkt, &binders)) { *al = SSL_AD_DECODE_ERROR; goto err; } for (i = 0; i <= id; i++) { if (!PACKET_get_length_prefixed_1(&binders, &binder)) { *al = SSL_AD_DECODE_ERROR; goto err; } } if (PACKET_remaining(&binder) != hashsize || tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data, binderoffset, PACKET_data(&binder), NULL, sess, 0) != 1) { *al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR); goto err; } sess->ext.tick_identity = id; now = (uint32_t)time(NULL); agesec = now - (uint32_t)sess->time; agems = agesec * (uint32_t)1000; ticket_age -= sess->ext.tick_age_add; /* * For simplicity we do our age calculations in seconds. If the client does * it in ms then it could appear that their ticket age is longer than ours * (our ticket age calculation should always be slightly longer than the * client's due to the network latency). Therefore we add 1000ms to our age * calculation to adjust for rounding errors. */ if (sess->timeout >= (long)agesec && agems / (uint32_t)1000 == agesec && ticket_age <= agems + 1000 && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) { /* * Ticket age is within tolerance and not expired. We allow it for early * data */ s->ext.early_data_ok = 1; } SSL_SESSION_free(s->session); s->session = sess; return 1; err: SSL_SESSION_free(sess); return 0; }