1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115 /* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
141 #include <openssl/ssl.h>
142
143 #include <assert.h>
144
145 #include <openssl/asn1.h>
146 #include <openssl/bytestring.h>
147 #include <openssl/err.h>
148 #include <openssl/pem.h>
149 #include <openssl/stack.h>
150 #include <openssl/x509.h>
151 #include <openssl/x509v3.h>
152 #include <openssl/x509_vfy.h>
153
154 #include "internal.h"
155 #include "../crypto/internal.h"
156
157
158 BSSL_NAMESPACE_BEGIN
159
160 // check_ssl_x509_method asserts that |ssl| has the X509-based method
161 // installed. Calling an X509-based method on an |ssl| with a different method
162 // will likely misbehave and possibly crash or leak memory.
check_ssl_x509_method(const SSL * ssl)163 static void check_ssl_x509_method(const SSL *ssl) {
164 assert(ssl == NULL || ssl->ctx->x509_method == &ssl_crypto_x509_method);
165 }
166
167 // check_ssl_ctx_x509_method acts like |check_ssl_x509_method|, but for an
168 // |SSL_CTX|.
check_ssl_ctx_x509_method(const SSL_CTX * ctx)169 static void check_ssl_ctx_x509_method(const SSL_CTX *ctx) {
170 assert(ctx == NULL || ctx->x509_method == &ssl_crypto_x509_method);
171 }
172
173 // x509_to_buffer returns a |CRYPTO_BUFFER| that contains the serialised
174 // contents of |x509|.
x509_to_buffer(X509 * x509)175 static UniquePtr<CRYPTO_BUFFER> x509_to_buffer(X509 *x509) {
176 uint8_t *buf = NULL;
177 int cert_len = i2d_X509(x509, &buf);
178 if (cert_len <= 0) {
179 return 0;
180 }
181
182 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(buf, cert_len, NULL));
183 OPENSSL_free(buf);
184
185 return buffer;
186 }
187
188 // new_leafless_chain returns a fresh stack of buffers set to {NULL}.
new_leafless_chain(void)189 static UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_leafless_chain(void) {
190 UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain(sk_CRYPTO_BUFFER_new_null());
191 if (!chain ||
192 !sk_CRYPTO_BUFFER_push(chain.get(), nullptr)) {
193 return nullptr;
194 }
195
196 return chain;
197 }
198
199 // ssl_cert_set_chain sets elements 1.. of |cert->chain| to the serialised
200 // forms of elements of |chain|. It returns one on success or zero on error, in
201 // which case no change to |cert->chain| is made. It preverses the existing
202 // leaf from |cert->chain|, if any.
ssl_cert_set_chain(CERT * cert,STACK_OF (X509)* chain)203 static int ssl_cert_set_chain(CERT *cert, STACK_OF(X509) *chain) {
204 UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_chain;
205
206 if (cert->chain != nullptr) {
207 new_chain.reset(sk_CRYPTO_BUFFER_new_null());
208 if (!new_chain) {
209 return 0;
210 }
211
212 // |leaf| might be NULL if it's a “leafless” chain.
213 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);
214 if (!PushToStack(new_chain.get(), UpRef(leaf))) {
215 return 0;
216 }
217 }
218
219 for (X509 *x509 : chain) {
220 if (!new_chain) {
221 new_chain = new_leafless_chain();
222 if (!new_chain) {
223 return 0;
224 }
225 }
226
227 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509);
228 if (!buffer ||
229 !PushToStack(new_chain.get(), std::move(buffer))) {
230 return 0;
231 }
232 }
233
234 cert->chain = std::move(new_chain);
235 return 1;
236 }
237
ssl_crypto_x509_cert_flush_cached_leaf(CERT * cert)238 static void ssl_crypto_x509_cert_flush_cached_leaf(CERT *cert) {
239 X509_free(cert->x509_leaf);
240 cert->x509_leaf = NULL;
241 }
242
ssl_crypto_x509_cert_flush_cached_chain(CERT * cert)243 static void ssl_crypto_x509_cert_flush_cached_chain(CERT *cert) {
244 sk_X509_pop_free(cert->x509_chain, X509_free);
245 cert->x509_chain = NULL;
246 }
247
ssl_crypto_x509_check_client_CA_list(STACK_OF (CRYPTO_BUFFER)* names)248 static int ssl_crypto_x509_check_client_CA_list(
249 STACK_OF(CRYPTO_BUFFER) *names) {
250 for (const CRYPTO_BUFFER *buffer : names) {
251 const uint8_t *inp = CRYPTO_BUFFER_data(buffer);
252 UniquePtr<X509_NAME> name(
253 d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));
254 if (name == nullptr ||
255 inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer)) {
256 return 0;
257 }
258 }
259
260 return 1;
261 }
262
ssl_crypto_x509_cert_clear(CERT * cert)263 static void ssl_crypto_x509_cert_clear(CERT *cert) {
264 ssl_crypto_x509_cert_flush_cached_leaf(cert);
265 ssl_crypto_x509_cert_flush_cached_chain(cert);
266
267 X509_free(cert->x509_stash);
268 cert->x509_stash = NULL;
269 }
270
ssl_crypto_x509_cert_free(CERT * cert)271 static void ssl_crypto_x509_cert_free(CERT *cert) {
272 ssl_crypto_x509_cert_clear(cert);
273 X509_STORE_free(cert->verify_store);
274 }
275
ssl_crypto_x509_cert_dup(CERT * new_cert,const CERT * cert)276 static void ssl_crypto_x509_cert_dup(CERT *new_cert, const CERT *cert) {
277 if (cert->verify_store != NULL) {
278 X509_STORE_up_ref(cert->verify_store);
279 new_cert->verify_store = cert->verify_store;
280 }
281 }
282
ssl_crypto_x509_session_cache_objects(SSL_SESSION * sess)283 static int ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) {
284 bssl::UniquePtr<STACK_OF(X509)> chain, chain_without_leaf;
285 if (sk_CRYPTO_BUFFER_num(sess->certs.get()) > 0) {
286 chain.reset(sk_X509_new_null());
287 if (!chain) {
288 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
289 return 0;
290 }
291 if (sess->is_server) {
292 // chain_without_leaf is only needed for server sessions. See
293 // |SSL_get_peer_cert_chain|.
294 chain_without_leaf.reset(sk_X509_new_null());
295 if (!chain_without_leaf) {
296 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
297 return 0;
298 }
299 }
300 }
301
302 bssl::UniquePtr<X509> leaf;
303 for (CRYPTO_BUFFER *cert : sess->certs.get()) {
304 UniquePtr<X509> x509(X509_parse_from_buffer(cert));
305 if (!x509) {
306 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
307 return 0;
308 }
309 if (leaf == nullptr) {
310 leaf = UpRef(x509);
311 } else if (chain_without_leaf &&
312 !PushToStack(chain_without_leaf.get(), UpRef(x509))) {
313 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
314 return 0;
315 }
316 if (!PushToStack(chain.get(), std::move(x509))) {
317 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
318 return 0;
319 }
320 }
321
322 sk_X509_pop_free(sess->x509_chain, X509_free);
323 sess->x509_chain = chain.release();
324
325 sk_X509_pop_free(sess->x509_chain_without_leaf, X509_free);
326 sess->x509_chain_without_leaf = chain_without_leaf.release();
327
328 X509_free(sess->x509_peer);
329 sess->x509_peer = leaf.release();
330 return 1;
331 }
332
ssl_crypto_x509_session_dup(SSL_SESSION * new_session,const SSL_SESSION * session)333 static int ssl_crypto_x509_session_dup(SSL_SESSION *new_session,
334 const SSL_SESSION *session) {
335 new_session->x509_peer = UpRef(session->x509_peer).release();
336 if (session->x509_chain != nullptr) {
337 new_session->x509_chain = X509_chain_up_ref(session->x509_chain);
338 if (new_session->x509_chain == nullptr) {
339 return 0;
340 }
341 }
342 if (session->x509_chain_without_leaf != nullptr) {
343 new_session->x509_chain_without_leaf =
344 X509_chain_up_ref(session->x509_chain_without_leaf);
345 if (new_session->x509_chain_without_leaf == nullptr) {
346 return 0;
347 }
348 }
349
350 return 1;
351 }
352
ssl_crypto_x509_session_clear(SSL_SESSION * session)353 static void ssl_crypto_x509_session_clear(SSL_SESSION *session) {
354 X509_free(session->x509_peer);
355 session->x509_peer = NULL;
356 sk_X509_pop_free(session->x509_chain, X509_free);
357 session->x509_chain = NULL;
358 sk_X509_pop_free(session->x509_chain_without_leaf, X509_free);
359 session->x509_chain_without_leaf = NULL;
360 }
361
ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION * session,SSL_HANDSHAKE * hs,uint8_t * out_alert)362 static int ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION *session,
363 SSL_HANDSHAKE *hs,
364 uint8_t *out_alert) {
365 *out_alert = SSL_AD_INTERNAL_ERROR;
366 STACK_OF(X509) *const cert_chain = session->x509_chain;
367 if (cert_chain == NULL || sk_X509_num(cert_chain) == 0) {
368 return 0;
369 }
370
371 SSL_CTX *ssl_ctx = hs->ssl->ctx.get();
372 X509_STORE *verify_store = ssl_ctx->cert_store;
373 if (hs->config->cert->verify_store != NULL) {
374 verify_store = hs->config->cert->verify_store;
375 }
376
377 X509 *leaf = sk_X509_value(cert_chain, 0);
378 ScopedX509_STORE_CTX ctx;
379 if (!X509_STORE_CTX_init(ctx.get(), verify_store, leaf, cert_chain)) {
380 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
381 return 0;
382 }
383 if (!X509_STORE_CTX_set_ex_data(
384 ctx.get(), SSL_get_ex_data_X509_STORE_CTX_idx(), hs->ssl)) {
385 return 0;
386 }
387
388 // We need to inherit the verify parameters. These can be determined by the
389 // context: if its a server it will verify SSL client certificates or vice
390 // versa.
391 X509_STORE_CTX_set_default(ctx.get(),
392 hs->ssl->server ? "ssl_client" : "ssl_server");
393
394 // Anything non-default in "param" should overwrite anything in the ctx.
395 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(ctx.get()),
396 hs->config->param);
397
398 if (hs->config->verify_callback) {
399 X509_STORE_CTX_set_verify_cb(ctx.get(), hs->config->verify_callback);
400 }
401
402 int verify_ret;
403 if (ssl_ctx->app_verify_callback != NULL) {
404 verify_ret =
405 ssl_ctx->app_verify_callback(ctx.get(), ssl_ctx->app_verify_arg);
406 } else {
407 verify_ret = X509_verify_cert(ctx.get());
408 }
409
410 session->verify_result = ctx->error;
411
412 // If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result.
413 if (verify_ret <= 0 && hs->config->verify_mode != SSL_VERIFY_NONE) {
414 *out_alert = SSL_alert_from_verify_result(ctx->error);
415 return 0;
416 }
417
418 ERR_clear_error();
419 return 1;
420 }
421
ssl_crypto_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE * hs)422 static void ssl_crypto_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE *hs) {
423 sk_X509_NAME_pop_free(hs->cached_x509_ca_names, X509_NAME_free);
424 hs->cached_x509_ca_names = NULL;
425 }
426
ssl_crypto_x509_ssl_new(SSL_HANDSHAKE * hs)427 static int ssl_crypto_x509_ssl_new(SSL_HANDSHAKE *hs) {
428 hs->config->param = X509_VERIFY_PARAM_new();
429 if (hs->config->param == NULL) {
430 return 0;
431 }
432 X509_VERIFY_PARAM_inherit(hs->config->param, hs->ssl->ctx->param);
433 return 1;
434 }
435
ssl_crypto_x509_ssl_flush_cached_client_CA(SSL_CONFIG * cfg)436 static void ssl_crypto_x509_ssl_flush_cached_client_CA(SSL_CONFIG *cfg) {
437 sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);
438 cfg->cached_x509_client_CA = NULL;
439 }
440
ssl_crypto_x509_ssl_config_free(SSL_CONFIG * cfg)441 static void ssl_crypto_x509_ssl_config_free(SSL_CONFIG *cfg) {
442 sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);
443 cfg->cached_x509_client_CA = NULL;
444 X509_VERIFY_PARAM_free(cfg->param);
445 }
446
ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE * hs)447 static int ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) {
448 // Only build a chain if there are no intermediates configured and the feature
449 // isn't disabled.
450 if ((hs->ssl->mode & SSL_MODE_NO_AUTO_CHAIN) ||
451 !ssl_has_certificate(hs) || hs->config->cert->chain == NULL ||
452 sk_CRYPTO_BUFFER_num(hs->config->cert->chain.get()) > 1) {
453 return 1;
454 }
455
456 UniquePtr<X509> leaf(X509_parse_from_buffer(
457 sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0)));
458 if (!leaf) {
459 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
460 return 0;
461 }
462
463 ScopedX509_STORE_CTX ctx;
464 if (!X509_STORE_CTX_init(ctx.get(), hs->ssl->ctx->cert_store, leaf.get(),
465 NULL)) {
466 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
467 return 0;
468 }
469
470 // Attempt to build a chain, ignoring the result.
471 X509_verify_cert(ctx.get());
472 ERR_clear_error();
473
474 // Remove the leaf from the generated chain.
475 X509_free(sk_X509_shift(ctx->chain));
476
477 if (!ssl_cert_set_chain(hs->config->cert.get(), ctx->chain)) {
478 return 0;
479 }
480
481 ssl_crypto_x509_cert_flush_cached_chain(hs->config->cert.get());
482
483 return 1;
484 }
485
ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX * ctx)486 static void ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {
487 sk_X509_NAME_pop_free(ctx->cached_x509_client_CA, X509_NAME_free);
488 ctx->cached_x509_client_CA = NULL;
489 }
490
ssl_crypto_x509_ssl_ctx_new(SSL_CTX * ctx)491 static int ssl_crypto_x509_ssl_ctx_new(SSL_CTX *ctx) {
492 ctx->cert_store = X509_STORE_new();
493 ctx->param = X509_VERIFY_PARAM_new();
494 return (ctx->cert_store != NULL && ctx->param != NULL);
495 }
496
ssl_crypto_x509_ssl_ctx_free(SSL_CTX * ctx)497 static void ssl_crypto_x509_ssl_ctx_free(SSL_CTX *ctx) {
498 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(ctx);
499 X509_VERIFY_PARAM_free(ctx->param);
500 X509_STORE_free(ctx->cert_store);
501 }
502
503 const SSL_X509_METHOD ssl_crypto_x509_method = {
504 ssl_crypto_x509_check_client_CA_list,
505 ssl_crypto_x509_cert_clear,
506 ssl_crypto_x509_cert_free,
507 ssl_crypto_x509_cert_dup,
508 ssl_crypto_x509_cert_flush_cached_chain,
509 ssl_crypto_x509_cert_flush_cached_leaf,
510 ssl_crypto_x509_session_cache_objects,
511 ssl_crypto_x509_session_dup,
512 ssl_crypto_x509_session_clear,
513 ssl_crypto_x509_session_verify_cert_chain,
514 ssl_crypto_x509_hs_flush_cached_ca_names,
515 ssl_crypto_x509_ssl_new,
516 ssl_crypto_x509_ssl_config_free,
517 ssl_crypto_x509_ssl_flush_cached_client_CA,
518 ssl_crypto_x509_ssl_auto_chain_if_needed,
519 ssl_crypto_x509_ssl_ctx_new,
520 ssl_crypto_x509_ssl_ctx_free,
521 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA,
522 };
523
524 BSSL_NAMESPACE_END
525
526 using namespace bssl;
527
SSL_get_peer_certificate(const SSL * ssl)528 X509 *SSL_get_peer_certificate(const SSL *ssl) {
529 check_ssl_x509_method(ssl);
530 if (ssl == NULL) {
531 return NULL;
532 }
533 SSL_SESSION *session = SSL_get_session(ssl);
534 if (session == NULL || session->x509_peer == NULL) {
535 return NULL;
536 }
537 X509_up_ref(session->x509_peer);
538 return session->x509_peer;
539 }
540
STACK_OF(X509)541 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl) {
542 check_ssl_x509_method(ssl);
543 if (ssl == nullptr) {
544 return nullptr;
545 }
546 SSL_SESSION *session = SSL_get_session(ssl);
547 if (session == nullptr) {
548 return nullptr;
549 }
550
551 // OpenSSL historically didn't include the leaf certificate in the returned
552 // certificate chain, but only for servers.
553 return ssl->server ? session->x509_chain_without_leaf : session->x509_chain;
554 }
555
STACK_OF(X509)556 STACK_OF(X509) *SSL_get_peer_full_cert_chain(const SSL *ssl) {
557 check_ssl_x509_method(ssl);
558 SSL_SESSION *session = SSL_get_session(ssl);
559 if (session == NULL) {
560 return NULL;
561 }
562
563 return session->x509_chain;
564 }
565
SSL_CTX_set_purpose(SSL_CTX * ctx,int purpose)566 int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose) {
567 check_ssl_ctx_x509_method(ctx);
568 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
569 }
570
SSL_set_purpose(SSL * ssl,int purpose)571 int SSL_set_purpose(SSL *ssl, int purpose) {
572 check_ssl_x509_method(ssl);
573 if (!ssl->config) {
574 return 0;
575 }
576 return X509_VERIFY_PARAM_set_purpose(ssl->config->param, purpose);
577 }
578
SSL_CTX_set_trust(SSL_CTX * ctx,int trust)579 int SSL_CTX_set_trust(SSL_CTX *ctx, int trust) {
580 check_ssl_ctx_x509_method(ctx);
581 return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
582 }
583
SSL_set_trust(SSL * ssl,int trust)584 int SSL_set_trust(SSL *ssl, int trust) {
585 check_ssl_x509_method(ssl);
586 if (!ssl->config) {
587 return 0;
588 }
589 return X509_VERIFY_PARAM_set_trust(ssl->config->param, trust);
590 }
591
SSL_CTX_set1_param(SSL_CTX * ctx,const X509_VERIFY_PARAM * param)592 int SSL_CTX_set1_param(SSL_CTX *ctx, const X509_VERIFY_PARAM *param) {
593 check_ssl_ctx_x509_method(ctx);
594 return X509_VERIFY_PARAM_set1(ctx->param, param);
595 }
596
SSL_set1_param(SSL * ssl,const X509_VERIFY_PARAM * param)597 int SSL_set1_param(SSL *ssl, const X509_VERIFY_PARAM *param) {
598 check_ssl_x509_method(ssl);
599 if (!ssl->config) {
600 return 0;
601 }
602 return X509_VERIFY_PARAM_set1(ssl->config->param, param);
603 }
604
SSL_CTX_get0_param(SSL_CTX * ctx)605 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) {
606 check_ssl_ctx_x509_method(ctx);
607 return ctx->param;
608 }
609
SSL_get0_param(SSL * ssl)610 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) {
611 check_ssl_x509_method(ssl);
612 if (!ssl->config) {
613 assert(ssl->config);
614 return 0;
615 }
616 return ssl->config->param;
617 }
618
SSL_get_verify_depth(const SSL * ssl)619 int SSL_get_verify_depth(const SSL *ssl) {
620 check_ssl_x509_method(ssl);
621 if (!ssl->config) {
622 assert(ssl->config);
623 return 0;
624 }
625 return X509_VERIFY_PARAM_get_depth(ssl->config->param);
626 }
627
SSL_get_verify_callback(const SSL * ssl)628 int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *) {
629 check_ssl_x509_method(ssl);
630 if (!ssl->config) {
631 assert(ssl->config);
632 return 0;
633 }
634 return ssl->config->verify_callback;
635 }
636
SSL_CTX_get_verify_mode(const SSL_CTX * ctx)637 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) {
638 check_ssl_ctx_x509_method(ctx);
639 return ctx->verify_mode;
640 }
641
SSL_CTX_get_verify_depth(const SSL_CTX * ctx)642 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) {
643 check_ssl_ctx_x509_method(ctx);
644 return X509_VERIFY_PARAM_get_depth(ctx->param);
645 }
646
SSL_CTX_get_verify_callback(const SSL_CTX * ctx)647 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(
648 int ok, X509_STORE_CTX *store_ctx) {
649 check_ssl_ctx_x509_method(ctx);
650 return ctx->default_verify_callback;
651 }
652
SSL_set_verify(SSL * ssl,int mode,int (* callback)(int ok,X509_STORE_CTX * store_ctx))653 void SSL_set_verify(SSL *ssl, int mode,
654 int (*callback)(int ok, X509_STORE_CTX *store_ctx)) {
655 check_ssl_x509_method(ssl);
656 if (!ssl->config) {
657 return;
658 }
659 ssl->config->verify_mode = mode;
660 if (callback != NULL) {
661 ssl->config->verify_callback = callback;
662 }
663 }
664
SSL_set_verify_depth(SSL * ssl,int depth)665 void SSL_set_verify_depth(SSL *ssl, int depth) {
666 check_ssl_x509_method(ssl);
667 if (!ssl->config) {
668 return;
669 }
670 X509_VERIFY_PARAM_set_depth(ssl->config->param, depth);
671 }
672
SSL_CTX_set_cert_verify_callback(SSL_CTX * ctx,int (* cb)(X509_STORE_CTX * store_ctx,void * arg),void * arg)673 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
674 int (*cb)(X509_STORE_CTX *store_ctx,
675 void *arg),
676 void *arg) {
677 check_ssl_ctx_x509_method(ctx);
678 ctx->app_verify_callback = cb;
679 ctx->app_verify_arg = arg;
680 }
681
SSL_CTX_set_verify(SSL_CTX * ctx,int mode,int (* cb)(int,X509_STORE_CTX *))682 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
683 int (*cb)(int, X509_STORE_CTX *)) {
684 check_ssl_ctx_x509_method(ctx);
685 ctx->verify_mode = mode;
686 ctx->default_verify_callback = cb;
687 }
688
SSL_CTX_set_verify_depth(SSL_CTX * ctx,int depth)689 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) {
690 check_ssl_ctx_x509_method(ctx);
691 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
692 }
693
SSL_CTX_set_default_verify_paths(SSL_CTX * ctx)694 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) {
695 check_ssl_ctx_x509_method(ctx);
696 return X509_STORE_set_default_paths(ctx->cert_store);
697 }
698
SSL_CTX_load_verify_locations(SSL_CTX * ctx,const char * ca_file,const char * ca_dir)699 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *ca_file,
700 const char *ca_dir) {
701 check_ssl_ctx_x509_method(ctx);
702 return X509_STORE_load_locations(ctx->cert_store, ca_file, ca_dir);
703 }
704
SSL_set_verify_result(SSL * ssl,long result)705 void SSL_set_verify_result(SSL *ssl, long result) {
706 check_ssl_x509_method(ssl);
707 if (result != X509_V_OK) {
708 abort();
709 }
710 }
711
SSL_get_verify_result(const SSL * ssl)712 long SSL_get_verify_result(const SSL *ssl) {
713 check_ssl_x509_method(ssl);
714 SSL_SESSION *session = SSL_get_session(ssl);
715 if (session == NULL) {
716 return X509_V_ERR_INVALID_CALL;
717 }
718 return session->verify_result;
719 }
720
SSL_CTX_get_cert_store(const SSL_CTX * ctx)721 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
722 check_ssl_ctx_x509_method(ctx);
723 return ctx->cert_store;
724 }
725
SSL_CTX_set_cert_store(SSL_CTX * ctx,X509_STORE * store)726 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) {
727 check_ssl_ctx_x509_method(ctx);
728 X509_STORE_free(ctx->cert_store);
729 ctx->cert_store = store;
730 }
731
ssl_use_certificate(CERT * cert,X509 * x)732 static int ssl_use_certificate(CERT *cert, X509 *x) {
733 if (x == NULL) {
734 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
735 return 0;
736 }
737
738 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x);
739 if (!buffer) {
740 return 0;
741 }
742
743 return ssl_set_cert(cert, std::move(buffer));
744 }
745
SSL_use_certificate(SSL * ssl,X509 * x)746 int SSL_use_certificate(SSL *ssl, X509 *x) {
747 check_ssl_x509_method(ssl);
748 if (!ssl->config) {
749 return 0;
750 }
751 return ssl_use_certificate(ssl->config->cert.get(), x);
752 }
753
SSL_CTX_use_certificate(SSL_CTX * ctx,X509 * x)754 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) {
755 check_ssl_ctx_x509_method(ctx);
756 return ssl_use_certificate(ctx->cert.get(), x);
757 }
758
759 // ssl_cert_cache_leaf_cert sets |cert->x509_leaf|, if currently NULL, from the
760 // first element of |cert->chain|.
ssl_cert_cache_leaf_cert(CERT * cert)761 static int ssl_cert_cache_leaf_cert(CERT *cert) {
762 assert(cert->x509_method);
763
764 if (cert->x509_leaf != NULL ||
765 cert->chain == NULL) {
766 return 1;
767 }
768
769 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);
770 if (!leaf) {
771 return 1;
772 }
773
774 cert->x509_leaf = X509_parse_from_buffer(leaf);
775 return cert->x509_leaf != NULL;
776 }
777
ssl_cert_get0_leaf(CERT * cert)778 static X509 *ssl_cert_get0_leaf(CERT *cert) {
779 if (cert->x509_leaf == NULL &&
780 !ssl_cert_cache_leaf_cert(cert)) {
781 return NULL;
782 }
783
784 return cert->x509_leaf;
785 }
786
SSL_get_certificate(const SSL * ssl)787 X509 *SSL_get_certificate(const SSL *ssl) {
788 check_ssl_x509_method(ssl);
789 if (!ssl->config) {
790 assert(ssl->config);
791 return 0;
792 }
793 return ssl_cert_get0_leaf(ssl->config->cert.get());
794 }
795
SSL_CTX_get0_certificate(const SSL_CTX * ctx)796 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) {
797 check_ssl_ctx_x509_method(ctx);
798 MutexWriteLock lock(const_cast<CRYPTO_MUTEX*>(&ctx->lock));
799 return ssl_cert_get0_leaf(ctx->cert.get());
800 }
801
ssl_cert_set0_chain(CERT * cert,STACK_OF (X509)* chain)802 static int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain) {
803 if (!ssl_cert_set_chain(cert, chain)) {
804 return 0;
805 }
806
807 sk_X509_pop_free(chain, X509_free);
808 ssl_crypto_x509_cert_flush_cached_chain(cert);
809 return 1;
810 }
811
ssl_cert_set1_chain(CERT * cert,STACK_OF (X509)* chain)812 static int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain) {
813 if (!ssl_cert_set_chain(cert, chain)) {
814 return 0;
815 }
816
817 ssl_crypto_x509_cert_flush_cached_chain(cert);
818 return 1;
819 }
820
ssl_cert_append_cert(CERT * cert,X509 * x509)821 static int ssl_cert_append_cert(CERT *cert, X509 *x509) {
822 assert(cert->x509_method);
823
824 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509);
825 if (!buffer) {
826 return 0;
827 }
828
829 if (cert->chain != NULL) {
830 return PushToStack(cert->chain.get(), std::move(buffer));
831 }
832
833 cert->chain = new_leafless_chain();
834 if (!cert->chain ||
835 !PushToStack(cert->chain.get(), std::move(buffer))) {
836 cert->chain.reset();
837 return 0;
838 }
839
840 return 1;
841 }
842
ssl_cert_add0_chain_cert(CERT * cert,X509 * x509)843 static int ssl_cert_add0_chain_cert(CERT *cert, X509 *x509) {
844 if (!ssl_cert_append_cert(cert, x509)) {
845 return 0;
846 }
847
848 X509_free(cert->x509_stash);
849 cert->x509_stash = x509;
850 ssl_crypto_x509_cert_flush_cached_chain(cert);
851 return 1;
852 }
853
ssl_cert_add1_chain_cert(CERT * cert,X509 * x509)854 static int ssl_cert_add1_chain_cert(CERT *cert, X509 *x509) {
855 if (!ssl_cert_append_cert(cert, x509)) {
856 return 0;
857 }
858
859 ssl_crypto_x509_cert_flush_cached_chain(cert);
860 return 1;
861 }
862
SSL_CTX_set0_chain(SSL_CTX * ctx,STACK_OF (X509)* chain)863 int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {
864 check_ssl_ctx_x509_method(ctx);
865 return ssl_cert_set0_chain(ctx->cert.get(), chain);
866 }
867
SSL_CTX_set1_chain(SSL_CTX * ctx,STACK_OF (X509)* chain)868 int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {
869 check_ssl_ctx_x509_method(ctx);
870 return ssl_cert_set1_chain(ctx->cert.get(), chain);
871 }
872
SSL_set0_chain(SSL * ssl,STACK_OF (X509)* chain)873 int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain) {
874 check_ssl_x509_method(ssl);
875 if (!ssl->config) {
876 return 0;
877 }
878 return ssl_cert_set0_chain(ssl->config->cert.get(), chain);
879 }
880
SSL_set1_chain(SSL * ssl,STACK_OF (X509)* chain)881 int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain) {
882 check_ssl_x509_method(ssl);
883 if (!ssl->config) {
884 return 0;
885 }
886 return ssl_cert_set1_chain(ssl->config->cert.get(), chain);
887 }
888
SSL_CTX_add0_chain_cert(SSL_CTX * ctx,X509 * x509)889 int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509) {
890 check_ssl_ctx_x509_method(ctx);
891 return ssl_cert_add0_chain_cert(ctx->cert.get(), x509);
892 }
893
SSL_CTX_add1_chain_cert(SSL_CTX * ctx,X509 * x509)894 int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509) {
895 check_ssl_ctx_x509_method(ctx);
896 return ssl_cert_add1_chain_cert(ctx->cert.get(), x509);
897 }
898
SSL_CTX_add_extra_chain_cert(SSL_CTX * ctx,X509 * x509)899 int SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509) {
900 check_ssl_ctx_x509_method(ctx);
901 return SSL_CTX_add0_chain_cert(ctx, x509);
902 }
903
SSL_add0_chain_cert(SSL * ssl,X509 * x509)904 int SSL_add0_chain_cert(SSL *ssl, X509 *x509) {
905 check_ssl_x509_method(ssl);
906 if (!ssl->config) {
907 return 0;
908 }
909 return ssl_cert_add0_chain_cert(ssl->config->cert.get(), x509);
910 }
911
SSL_add1_chain_cert(SSL * ssl,X509 * x509)912 int SSL_add1_chain_cert(SSL *ssl, X509 *x509) {
913 check_ssl_x509_method(ssl);
914 if (!ssl->config) {
915 return 0;
916 }
917 return ssl_cert_add1_chain_cert(ssl->config->cert.get(), x509);
918 }
919
SSL_CTX_clear_chain_certs(SSL_CTX * ctx)920 int SSL_CTX_clear_chain_certs(SSL_CTX *ctx) {
921 check_ssl_ctx_x509_method(ctx);
922 return SSL_CTX_set0_chain(ctx, NULL);
923 }
924
SSL_CTX_clear_extra_chain_certs(SSL_CTX * ctx)925 int SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx) {
926 check_ssl_ctx_x509_method(ctx);
927 return SSL_CTX_clear_chain_certs(ctx);
928 }
929
SSL_clear_chain_certs(SSL * ssl)930 int SSL_clear_chain_certs(SSL *ssl) {
931 check_ssl_x509_method(ssl);
932 return SSL_set0_chain(ssl, NULL);
933 }
934
935 // ssl_cert_cache_chain_certs fills in |cert->x509_chain| from elements 1.. of
936 // |cert->chain|.
ssl_cert_cache_chain_certs(CERT * cert)937 static int ssl_cert_cache_chain_certs(CERT *cert) {
938 assert(cert->x509_method);
939
940 if (cert->x509_chain != nullptr ||
941 cert->chain == nullptr ||
942 sk_CRYPTO_BUFFER_num(cert->chain.get()) < 2) {
943 return 1;
944 }
945
946 UniquePtr<STACK_OF(X509)> chain(sk_X509_new_null());
947 if (!chain) {
948 return 0;
949 }
950
951 for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(cert->chain.get()); i++) {
952 CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(cert->chain.get(), i);
953 UniquePtr<X509> x509(X509_parse_from_buffer(buffer));
954 if (!x509 ||
955 !PushToStack(chain.get(), std::move(x509))) {
956 return 0;
957 }
958 }
959
960 cert->x509_chain = chain.release();
961 return 1;
962 }
963
SSL_CTX_get0_chain_certs(const SSL_CTX * ctx,STACK_OF (X509)** out_chain)964 int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain) {
965 check_ssl_ctx_x509_method(ctx);
966 MutexWriteLock lock(const_cast<CRYPTO_MUTEX*>(&ctx->lock));
967 if (!ssl_cert_cache_chain_certs(ctx->cert.get())) {
968 *out_chain = NULL;
969 return 0;
970 }
971
972 *out_chain = ctx->cert->x509_chain;
973 return 1;
974 }
975
SSL_CTX_get_extra_chain_certs(const SSL_CTX * ctx,STACK_OF (X509)** out_chain)976 int SSL_CTX_get_extra_chain_certs(const SSL_CTX *ctx,
977 STACK_OF(X509) **out_chain) {
978 return SSL_CTX_get0_chain_certs(ctx, out_chain);
979 }
980
SSL_get0_chain_certs(const SSL * ssl,STACK_OF (X509)** out_chain)981 int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) {
982 check_ssl_x509_method(ssl);
983 if (!ssl->config) {
984 assert(ssl->config);
985 return 0;
986 }
987 if (!ssl_cert_cache_chain_certs(ssl->config->cert.get())) {
988 *out_chain = NULL;
989 return 0;
990 }
991
992 *out_chain = ssl->config->cert->x509_chain;
993 return 1;
994 }
995
d2i_SSL_SESSION_bio(BIO * bio,SSL_SESSION ** out)996 SSL_SESSION *d2i_SSL_SESSION_bio(BIO *bio, SSL_SESSION **out) {
997 uint8_t *data;
998 size_t len;
999 if (!BIO_read_asn1(bio, &data, &len, 1024 * 1024)) {
1000 return 0;
1001 }
1002 bssl::UniquePtr<uint8_t> free_data(data);
1003 const uint8_t *ptr = data;
1004 return d2i_SSL_SESSION(out, &ptr, static_cast<long>(len));
1005 }
1006
i2d_SSL_SESSION_bio(BIO * bio,const SSL_SESSION * session)1007 int i2d_SSL_SESSION_bio(BIO *bio, const SSL_SESSION *session) {
1008 uint8_t *data;
1009 size_t len;
1010 if (!SSL_SESSION_to_bytes(session, &data, &len)) {
1011 return 0;
1012 }
1013 bssl::UniquePtr<uint8_t> free_data(data);
1014 return BIO_write_all(bio, data, len);
1015 }
1016
IMPLEMENT_PEM_rw(SSL_SESSION,SSL_SESSION,PEM_STRING_SSL_SESSION,SSL_SESSION)1017 IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
1018
1019 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {
1020 if (length < 0) {
1021 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1022 return NULL;
1023 }
1024
1025 CBS cbs;
1026 CBS_init(&cbs, *pp, length);
1027
1028 UniquePtr<SSL_SESSION> ret = SSL_SESSION_parse(&cbs, &ssl_crypto_x509_method,
1029 NULL /* no buffer pool */);
1030 if (!ret) {
1031 return NULL;
1032 }
1033
1034 if (a) {
1035 SSL_SESSION_free(*a);
1036 *a = ret.get();
1037 }
1038 *pp = CBS_data(&cbs);
1039 return ret.release();
1040 }
1041
STACK_OF(X509_NAME)1042 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *list) {
1043 return sk_X509_NAME_deep_copy(list, X509_NAME_dup, X509_NAME_free);
1044 }
1045
set_client_CA_list(UniquePtr<STACK_OF (CRYPTO_BUFFER)> * ca_list,const STACK_OF (X509_NAME)* name_list,CRYPTO_BUFFER_POOL * pool)1046 static void set_client_CA_list(UniquePtr<STACK_OF(CRYPTO_BUFFER)> *ca_list,
1047 const STACK_OF(X509_NAME) *name_list,
1048 CRYPTO_BUFFER_POOL *pool) {
1049 UniquePtr<STACK_OF(CRYPTO_BUFFER)> buffers(sk_CRYPTO_BUFFER_new_null());
1050 if (!buffers) {
1051 return;
1052 }
1053
1054 for (X509_NAME *name : name_list) {
1055 uint8_t *outp = NULL;
1056 int len = i2d_X509_NAME(name, &outp);
1057 if (len < 0) {
1058 return;
1059 }
1060
1061 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(outp, len, pool));
1062 OPENSSL_free(outp);
1063 if (!buffer ||
1064 !PushToStack(buffers.get(), std::move(buffer))) {
1065 return;
1066 }
1067 }
1068
1069 *ca_list = std::move(buffers);
1070 }
1071
SSL_set_client_CA_list(SSL * ssl,STACK_OF (X509_NAME)* name_list)1072 void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list) {
1073 check_ssl_x509_method(ssl);
1074 if (!ssl->config) {
1075 return;
1076 }
1077 ssl->ctx->x509_method->ssl_flush_cached_client_CA(ssl->config.get());
1078 set_client_CA_list(&ssl->config->client_CA, name_list, ssl->ctx->pool);
1079 sk_X509_NAME_pop_free(name_list, X509_NAME_free);
1080 }
1081
SSL_CTX_set_client_CA_list(SSL_CTX * ctx,STACK_OF (X509_NAME)* name_list)1082 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) {
1083 check_ssl_ctx_x509_method(ctx);
1084 ctx->x509_method->ssl_ctx_flush_cached_client_CA(ctx);
1085 set_client_CA_list(&ctx->client_CA, name_list, ctx->pool);
1086 sk_X509_NAME_pop_free(name_list, X509_NAME_free);
1087 }
1088
STACK_OF(X509_NAME)1089 static STACK_OF(X509_NAME) *
1090 buffer_names_to_x509(const STACK_OF(CRYPTO_BUFFER) *names,
1091 STACK_OF(X509_NAME) **cached) {
1092 if (names == NULL) {
1093 return NULL;
1094 }
1095
1096 if (*cached != NULL) {
1097 return *cached;
1098 }
1099
1100 UniquePtr<STACK_OF(X509_NAME)> new_cache(sk_X509_NAME_new_null());
1101 if (!new_cache) {
1102 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1103 return NULL;
1104 }
1105
1106 for (const CRYPTO_BUFFER *buffer : names) {
1107 const uint8_t *inp = CRYPTO_BUFFER_data(buffer);
1108 UniquePtr<X509_NAME> name(
1109 d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));
1110 if (!name ||
1111 inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer) ||
1112 !PushToStack(new_cache.get(), std::move(name))) {
1113 return NULL;
1114 }
1115 }
1116
1117 *cached = new_cache.release();
1118 return *cached;
1119 }
1120
STACK_OF(X509_NAME)1121 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl) {
1122 check_ssl_x509_method(ssl);
1123 if (!ssl->config) {
1124 assert(ssl->config);
1125 return NULL;
1126 }
1127 // For historical reasons, this function is used both to query configuration
1128 // state on a server as well as handshake state on a client. However, whether
1129 // |ssl| is a client or server is not known until explicitly configured with
1130 // |SSL_set_connect_state|. If |do_handshake| is NULL, |ssl| is in an
1131 // indeterminate mode and |ssl->server| is unset.
1132 if (ssl->do_handshake != NULL && !ssl->server) {
1133 if (ssl->s3->hs != NULL) {
1134 return buffer_names_to_x509(ssl->s3->hs->ca_names.get(),
1135 &ssl->s3->hs->cached_x509_ca_names);
1136 }
1137
1138 return NULL;
1139 }
1140
1141 if (ssl->config->client_CA != NULL) {
1142 return buffer_names_to_x509(
1143 ssl->config->client_CA.get(),
1144 (STACK_OF(X509_NAME) **)&ssl->config->cached_x509_client_CA);
1145 }
1146 return SSL_CTX_get_client_CA_list(ssl->ctx.get());
1147 }
1148
STACK_OF(X509_NAME)1149 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) {
1150 check_ssl_ctx_x509_method(ctx);
1151 // This is a logically const operation that may be called on multiple threads,
1152 // so it needs to lock around updating |cached_x509_client_CA|.
1153 MutexWriteLock lock(const_cast<CRYPTO_MUTEX *>(&ctx->lock));
1154 return buffer_names_to_x509(
1155 ctx->client_CA.get(),
1156 const_cast<STACK_OF(X509_NAME) **>(&ctx->cached_x509_client_CA));
1157 }
1158
add_client_CA(UniquePtr<STACK_OF (CRYPTO_BUFFER)> * names,X509 * x509,CRYPTO_BUFFER_POOL * pool)1159 static int add_client_CA(UniquePtr<STACK_OF(CRYPTO_BUFFER)> *names, X509 *x509,
1160 CRYPTO_BUFFER_POOL *pool) {
1161 if (x509 == NULL) {
1162 return 0;
1163 }
1164
1165 uint8_t *outp = NULL;
1166 int len = i2d_X509_NAME(X509_get_subject_name(x509), &outp);
1167 if (len < 0) {
1168 return 0;
1169 }
1170
1171 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(outp, len, pool));
1172 OPENSSL_free(outp);
1173 if (!buffer) {
1174 return 0;
1175 }
1176
1177 int alloced = 0;
1178 if (*names == nullptr) {
1179 names->reset(sk_CRYPTO_BUFFER_new_null());
1180 alloced = 1;
1181
1182 if (*names == NULL) {
1183 return 0;
1184 }
1185 }
1186
1187 if (!PushToStack(names->get(), std::move(buffer))) {
1188 if (alloced) {
1189 names->reset();
1190 }
1191 return 0;
1192 }
1193
1194 return 1;
1195 }
1196
SSL_add_client_CA(SSL * ssl,X509 * x509)1197 int SSL_add_client_CA(SSL *ssl, X509 *x509) {
1198 check_ssl_x509_method(ssl);
1199 if (!ssl->config) {
1200 return 0;
1201 }
1202 if (!add_client_CA(&ssl->config->client_CA, x509, ssl->ctx->pool)) {
1203 return 0;
1204 }
1205
1206 ssl_crypto_x509_ssl_flush_cached_client_CA(ssl->config.get());
1207 return 1;
1208 }
1209
SSL_CTX_add_client_CA(SSL_CTX * ctx,X509 * x509)1210 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x509) {
1211 check_ssl_ctx_x509_method(ctx);
1212 if (!add_client_CA(&ctx->client_CA, x509, ctx->pool)) {
1213 return 0;
1214 }
1215
1216 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(ctx);
1217 return 1;
1218 }
1219
do_client_cert_cb(SSL * ssl,void * arg)1220 static int do_client_cert_cb(SSL *ssl, void *arg) {
1221 // Should only be called during handshake, but check to be sure.
1222 if (!ssl->config) {
1223 assert(ssl->config);
1224 return -1;
1225 }
1226
1227 if (ssl_has_certificate(ssl->s3->hs.get()) ||
1228 ssl->ctx->client_cert_cb == NULL) {
1229 return 1;
1230 }
1231
1232 X509 *x509 = NULL;
1233 EVP_PKEY *pkey = NULL;
1234 int ret = ssl->ctx->client_cert_cb(ssl, &x509, &pkey);
1235 if (ret < 0) {
1236 return -1;
1237 }
1238 UniquePtr<X509> free_x509(x509);
1239 UniquePtr<EVP_PKEY> free_pkey(pkey);
1240
1241 if (ret != 0) {
1242 if (!SSL_use_certificate(ssl, x509) ||
1243 !SSL_use_PrivateKey(ssl, pkey)) {
1244 return 0;
1245 }
1246 }
1247
1248 return 1;
1249 }
1250
SSL_CTX_set_client_cert_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,X509 ** out_x509,EVP_PKEY ** out_pkey))1251 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl,
1252 X509 **out_x509,
1253 EVP_PKEY **out_pkey)) {
1254 check_ssl_ctx_x509_method(ctx);
1255 // Emulate the old client certificate callback with the new one.
1256 SSL_CTX_set_cert_cb(ctx, do_client_cert_cb, NULL);
1257 ctx->client_cert_cb = cb;
1258 }
1259
set_cert_store(X509_STORE ** store_ptr,X509_STORE * new_store,int take_ref)1260 static int set_cert_store(X509_STORE **store_ptr, X509_STORE *new_store,
1261 int take_ref) {
1262 X509_STORE_free(*store_ptr);
1263 *store_ptr = new_store;
1264
1265 if (new_store != NULL && take_ref) {
1266 X509_STORE_up_ref(new_store);
1267 }
1268
1269 return 1;
1270 }
1271
SSL_get_ex_data_X509_STORE_CTX_idx(void)1272 int SSL_get_ex_data_X509_STORE_CTX_idx(void) {
1273 // The ex_data index to go from |X509_STORE_CTX| to |SSL| always uses the
1274 // reserved app_data slot. Before ex_data was introduced, app_data was used.
1275 // Avoid breaking any software which assumes |X509_STORE_CTX_get_app_data|
1276 // works.
1277 return 0;
1278 }
1279
SSL_CTX_set0_verify_cert_store(SSL_CTX * ctx,X509_STORE * store)1280 int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
1281 check_ssl_ctx_x509_method(ctx);
1282 return set_cert_store(&ctx->cert->verify_store, store, 0);
1283 }
1284
SSL_CTX_set1_verify_cert_store(SSL_CTX * ctx,X509_STORE * store)1285 int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
1286 check_ssl_ctx_x509_method(ctx);
1287 return set_cert_store(&ctx->cert->verify_store, store, 1);
1288 }
1289
SSL_set0_verify_cert_store(SSL * ssl,X509_STORE * store)1290 int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store) {
1291 check_ssl_x509_method(ssl);
1292 if (!ssl->config) {
1293 return 0;
1294 }
1295 return set_cert_store(&ssl->config->cert->verify_store, store, 0);
1296 }
1297
SSL_set1_verify_cert_store(SSL * ssl,X509_STORE * store)1298 int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store) {
1299 check_ssl_x509_method(ssl);
1300 if (!ssl->config) {
1301 return 0;
1302 }
1303 return set_cert_store(&ssl->config->cert->verify_store, store, 1);
1304 }
1305
SSL_alert_from_verify_result(long result)1306 int SSL_alert_from_verify_result(long result) {
1307 switch (result) {
1308 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
1309 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1310 case X509_V_ERR_INVALID_CA:
1311 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
1312 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1313 case X509_V_ERR_UNABLE_TO_GET_CRL:
1314 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
1315 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
1316 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1317 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1318 return SSL_AD_UNKNOWN_CA;
1319
1320 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
1321 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
1322 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
1323 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
1324 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
1325 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
1326 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
1327 case X509_V_ERR_CERT_UNTRUSTED:
1328 case X509_V_ERR_CERT_REJECTED:
1329 case X509_V_ERR_HOSTNAME_MISMATCH:
1330 case X509_V_ERR_EMAIL_MISMATCH:
1331 case X509_V_ERR_IP_ADDRESS_MISMATCH:
1332 return SSL_AD_BAD_CERTIFICATE;
1333
1334 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
1335 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
1336 return SSL_AD_DECRYPT_ERROR;
1337
1338 case X509_V_ERR_CERT_HAS_EXPIRED:
1339 case X509_V_ERR_CERT_NOT_YET_VALID:
1340 case X509_V_ERR_CRL_HAS_EXPIRED:
1341 case X509_V_ERR_CRL_NOT_YET_VALID:
1342 return SSL_AD_CERTIFICATE_EXPIRED;
1343
1344 case X509_V_ERR_CERT_REVOKED:
1345 return SSL_AD_CERTIFICATE_REVOKED;
1346
1347 case X509_V_ERR_UNSPECIFIED:
1348 case X509_V_ERR_OUT_OF_MEM:
1349 case X509_V_ERR_INVALID_CALL:
1350 case X509_V_ERR_STORE_LOOKUP:
1351 return SSL_AD_INTERNAL_ERROR;
1352
1353 case X509_V_ERR_APPLICATION_VERIFICATION:
1354 return SSL_AD_HANDSHAKE_FAILURE;
1355
1356 case X509_V_ERR_INVALID_PURPOSE:
1357 return SSL_AD_UNSUPPORTED_CERTIFICATE;
1358
1359 default:
1360 return SSL_AD_CERTIFICATE_UNKNOWN;
1361 }
1362 }
1363