1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115 /* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
141 #include <openssl/ssl.h>
142
143 #include <assert.h>
144
145 #include <openssl/asn1.h>
146 #include <openssl/bytestring.h>
147 #include <openssl/err.h>
148 #include <openssl/pem.h>
149 #include <openssl/stack.h>
150 #include <openssl/x509.h>
151 #include <openssl/x509v3.h>
152
153 #include "internal.h"
154 #include "../crypto/internal.h"
155
156
157 BSSL_NAMESPACE_BEGIN
158
159 // check_ssl_x509_method asserts that |ssl| has the X509-based method
160 // installed. Calling an X509-based method on an |ssl| with a different method
161 // will likely misbehave and possibly crash or leak memory.
check_ssl_x509_method(const SSL * ssl)162 static void check_ssl_x509_method(const SSL *ssl) {
163 assert(ssl == NULL || ssl->ctx->x509_method == &ssl_crypto_x509_method);
164 }
165
166 // check_ssl_ctx_x509_method acts like |check_ssl_x509_method|, but for an
167 // |SSL_CTX|.
check_ssl_ctx_x509_method(const SSL_CTX * ctx)168 static void check_ssl_ctx_x509_method(const SSL_CTX *ctx) {
169 assert(ctx == NULL || ctx->x509_method == &ssl_crypto_x509_method);
170 }
171
172 // x509_to_buffer returns a |CRYPTO_BUFFER| that contains the serialised
173 // contents of |x509|.
x509_to_buffer(X509 * x509)174 static UniquePtr<CRYPTO_BUFFER> x509_to_buffer(X509 *x509) {
175 uint8_t *buf = NULL;
176 int cert_len = i2d_X509(x509, &buf);
177 if (cert_len <= 0) {
178 return 0;
179 }
180
181 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(buf, cert_len, NULL));
182 OPENSSL_free(buf);
183
184 return buffer;
185 }
186
187 // new_leafless_chain returns a fresh stack of buffers set to {NULL}.
new_leafless_chain(void)188 static UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_leafless_chain(void) {
189 UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain(sk_CRYPTO_BUFFER_new_null());
190 if (!chain ||
191 !sk_CRYPTO_BUFFER_push(chain.get(), nullptr)) {
192 return nullptr;
193 }
194
195 return chain;
196 }
197
198 // ssl_cert_set_chain sets elements 1.. of |cert->chain| to the serialised
199 // forms of elements of |chain|. It returns one on success or zero on error, in
200 // which case no change to |cert->chain| is made. It preverses the existing
201 // leaf from |cert->chain|, if any.
ssl_cert_set_chain(CERT * cert,STACK_OF (X509)* chain)202 static bool ssl_cert_set_chain(CERT *cert, STACK_OF(X509) *chain) {
203 UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_chain;
204
205 if (cert->chain != nullptr) {
206 new_chain.reset(sk_CRYPTO_BUFFER_new_null());
207 if (!new_chain) {
208 return false;
209 }
210
211 // |leaf| might be NULL if it's a “leafless” chain.
212 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);
213 if (!PushToStack(new_chain.get(), UpRef(leaf))) {
214 return false;
215 }
216 }
217
218 for (X509 *x509 : chain) {
219 if (!new_chain) {
220 new_chain = new_leafless_chain();
221 if (!new_chain) {
222 return false;
223 }
224 }
225
226 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509);
227 if (!buffer ||
228 !PushToStack(new_chain.get(), std::move(buffer))) {
229 return false;
230 }
231 }
232
233 cert->chain = std::move(new_chain);
234 return true;
235 }
236
ssl_crypto_x509_cert_flush_cached_leaf(CERT * cert)237 static void ssl_crypto_x509_cert_flush_cached_leaf(CERT *cert) {
238 X509_free(cert->x509_leaf);
239 cert->x509_leaf = nullptr;
240 }
241
ssl_crypto_x509_cert_flush_cached_chain(CERT * cert)242 static void ssl_crypto_x509_cert_flush_cached_chain(CERT *cert) {
243 sk_X509_pop_free(cert->x509_chain, X509_free);
244 cert->x509_chain = nullptr;
245 }
246
ssl_crypto_x509_check_client_CA_list(STACK_OF (CRYPTO_BUFFER)* names)247 static bool ssl_crypto_x509_check_client_CA_list(
248 STACK_OF(CRYPTO_BUFFER) *names) {
249 for (const CRYPTO_BUFFER *buffer : names) {
250 const uint8_t *inp = CRYPTO_BUFFER_data(buffer);
251 UniquePtr<X509_NAME> name(
252 d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));
253 if (name == nullptr ||
254 inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer)) {
255 return false;
256 }
257 }
258
259 return true;
260 }
261
ssl_crypto_x509_cert_clear(CERT * cert)262 static void ssl_crypto_x509_cert_clear(CERT *cert) {
263 ssl_crypto_x509_cert_flush_cached_leaf(cert);
264 ssl_crypto_x509_cert_flush_cached_chain(cert);
265
266 X509_free(cert->x509_stash);
267 cert->x509_stash = nullptr;
268 }
269
ssl_crypto_x509_cert_free(CERT * cert)270 static void ssl_crypto_x509_cert_free(CERT *cert) {
271 ssl_crypto_x509_cert_clear(cert);
272 X509_STORE_free(cert->verify_store);
273 }
274
ssl_crypto_x509_cert_dup(CERT * new_cert,const CERT * cert)275 static void ssl_crypto_x509_cert_dup(CERT *new_cert, const CERT *cert) {
276 if (cert->verify_store != nullptr) {
277 X509_STORE_up_ref(cert->verify_store);
278 new_cert->verify_store = cert->verify_store;
279 }
280 }
281
ssl_crypto_x509_session_cache_objects(SSL_SESSION * sess)282 static bool ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) {
283 bssl::UniquePtr<STACK_OF(X509)> chain, chain_without_leaf;
284 if (sk_CRYPTO_BUFFER_num(sess->certs.get()) > 0) {
285 chain.reset(sk_X509_new_null());
286 if (!chain) {
287 return false;
288 }
289 if (sess->is_server) {
290 // chain_without_leaf is only needed for server sessions. See
291 // |SSL_get_peer_cert_chain|.
292 chain_without_leaf.reset(sk_X509_new_null());
293 if (!chain_without_leaf) {
294 return false;
295 }
296 }
297 }
298
299 bssl::UniquePtr<X509> leaf;
300 for (CRYPTO_BUFFER *cert : sess->certs.get()) {
301 UniquePtr<X509> x509(X509_parse_from_buffer(cert));
302 if (!x509) {
303 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
304 return false;
305 }
306 if (leaf == nullptr) {
307 leaf = UpRef(x509);
308 } else if (chain_without_leaf &&
309 !PushToStack(chain_without_leaf.get(), UpRef(x509))) {
310 return false;
311 }
312 if (!PushToStack(chain.get(), std::move(x509))) {
313 return false;
314 }
315 }
316
317 sk_X509_pop_free(sess->x509_chain, X509_free);
318 sess->x509_chain = chain.release();
319
320 sk_X509_pop_free(sess->x509_chain_without_leaf, X509_free);
321 sess->x509_chain_without_leaf = chain_without_leaf.release();
322
323 X509_free(sess->x509_peer);
324 sess->x509_peer = leaf.release();
325 return true;
326 }
327
ssl_crypto_x509_session_dup(SSL_SESSION * new_session,const SSL_SESSION * session)328 static bool ssl_crypto_x509_session_dup(SSL_SESSION *new_session,
329 const SSL_SESSION *session) {
330 new_session->x509_peer = UpRef(session->x509_peer).release();
331 if (session->x509_chain != nullptr) {
332 new_session->x509_chain = X509_chain_up_ref(session->x509_chain);
333 if (new_session->x509_chain == nullptr) {
334 return false;
335 }
336 }
337 if (session->x509_chain_without_leaf != nullptr) {
338 new_session->x509_chain_without_leaf =
339 X509_chain_up_ref(session->x509_chain_without_leaf);
340 if (new_session->x509_chain_without_leaf == nullptr) {
341 return false;
342 }
343 }
344
345 return true;
346 }
347
ssl_crypto_x509_session_clear(SSL_SESSION * session)348 static void ssl_crypto_x509_session_clear(SSL_SESSION *session) {
349 X509_free(session->x509_peer);
350 session->x509_peer = nullptr;
351 sk_X509_pop_free(session->x509_chain, X509_free);
352 session->x509_chain = nullptr;
353 sk_X509_pop_free(session->x509_chain_without_leaf, X509_free);
354 session->x509_chain_without_leaf = nullptr;
355 }
356
ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION * session,SSL_HANDSHAKE * hs,uint8_t * out_alert)357 static bool ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION *session,
358 SSL_HANDSHAKE *hs,
359 uint8_t *out_alert) {
360 *out_alert = SSL_AD_INTERNAL_ERROR;
361 STACK_OF(X509) *const cert_chain = session->x509_chain;
362 if (cert_chain == nullptr || sk_X509_num(cert_chain) == 0) {
363 return false;
364 }
365
366 SSL *const ssl = hs->ssl;
367 SSL_CTX *ssl_ctx = ssl->ctx.get();
368 X509_STORE *verify_store = ssl_ctx->cert_store;
369 if (hs->config->cert->verify_store != nullptr) {
370 verify_store = hs->config->cert->verify_store;
371 }
372
373 X509 *leaf = sk_X509_value(cert_chain, 0);
374 const char *name;
375 size_t name_len;
376 SSL_get0_ech_name_override(ssl, &name, &name_len);
377 UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
378 if (!ctx ||
379 !X509_STORE_CTX_init(ctx.get(), verify_store, leaf, cert_chain) ||
380 !X509_STORE_CTX_set_ex_data(ctx.get(),
381 SSL_get_ex_data_X509_STORE_CTX_idx(), ssl) ||
382 // We need to inherit the verify parameters. These can be determined by
383 // the context: if its a server it will verify SSL client certificates or
384 // vice versa.
385 !X509_STORE_CTX_set_default(ctx.get(),
386 ssl->server ? "ssl_client" : "ssl_server") ||
387 // Anything non-default in "param" should overwrite anything in the ctx.
388 !X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(ctx.get()),
389 hs->config->param) ||
390 // ClientHelloOuter connections use a different name.
391 (name_len != 0 &&
392 !X509_VERIFY_PARAM_set1_host(X509_STORE_CTX_get0_param(ctx.get()), name,
393 name_len))) {
394 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
395 return false;
396 }
397
398 if (hs->config->verify_callback) {
399 X509_STORE_CTX_set_verify_cb(ctx.get(), hs->config->verify_callback);
400 }
401
402 int verify_ret;
403 if (ssl_ctx->app_verify_callback != nullptr) {
404 verify_ret =
405 ssl_ctx->app_verify_callback(ctx.get(), ssl_ctx->app_verify_arg);
406 } else {
407 verify_ret = X509_verify_cert(ctx.get());
408 }
409
410 session->verify_result = X509_STORE_CTX_get_error(ctx.get());
411
412 // If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result.
413 if (verify_ret <= 0 && hs->config->verify_mode != SSL_VERIFY_NONE) {
414 *out_alert = SSL_alert_from_verify_result(session->verify_result);
415 return false;
416 }
417
418 ERR_clear_error();
419 return true;
420 }
421
ssl_crypto_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE * hs)422 static void ssl_crypto_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE *hs) {
423 sk_X509_NAME_pop_free(hs->cached_x509_ca_names, X509_NAME_free);
424 hs->cached_x509_ca_names = nullptr;
425 }
426
ssl_crypto_x509_ssl_new(SSL_HANDSHAKE * hs)427 static bool ssl_crypto_x509_ssl_new(SSL_HANDSHAKE *hs) {
428 hs->config->param = X509_VERIFY_PARAM_new();
429 if (hs->config->param == nullptr) {
430 return false;
431 }
432 X509_VERIFY_PARAM_inherit(hs->config->param, hs->ssl->ctx->param);
433 return true;
434 }
435
ssl_crypto_x509_ssl_flush_cached_client_CA(SSL_CONFIG * cfg)436 static void ssl_crypto_x509_ssl_flush_cached_client_CA(SSL_CONFIG *cfg) {
437 sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);
438 cfg->cached_x509_client_CA = nullptr;
439 }
440
ssl_crypto_x509_ssl_config_free(SSL_CONFIG * cfg)441 static void ssl_crypto_x509_ssl_config_free(SSL_CONFIG *cfg) {
442 sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);
443 cfg->cached_x509_client_CA = nullptr;
444 X509_VERIFY_PARAM_free(cfg->param);
445 }
446
ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE * hs)447 static bool ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) {
448 // Only build a chain if there are no intermediates configured and the feature
449 // isn't disabled.
450 if ((hs->ssl->mode & SSL_MODE_NO_AUTO_CHAIN) ||
451 !ssl_has_certificate(hs) || hs->config->cert->chain == NULL ||
452 sk_CRYPTO_BUFFER_num(hs->config->cert->chain.get()) > 1) {
453 return true;
454 }
455
456 UniquePtr<X509> leaf(X509_parse_from_buffer(
457 sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0)));
458 if (!leaf) {
459 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
460 return false;
461 }
462
463 UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
464 if (!ctx || !X509_STORE_CTX_init(ctx.get(), hs->ssl->ctx->cert_store,
465 leaf.get(), nullptr)) {
466 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
467 return false;
468 }
469
470 // Attempt to build a chain, ignoring the result.
471 X509_verify_cert(ctx.get());
472 ERR_clear_error();
473
474 // Remove the leaf from the generated chain.
475 UniquePtr<STACK_OF(X509)> chain(X509_STORE_CTX_get1_chain(ctx.get()));
476 if (!chain) {
477 return false;
478 }
479 X509_free(sk_X509_shift(chain.get()));
480
481 if (!ssl_cert_set_chain(hs->config->cert.get(), chain.get())) {
482 return false;
483 }
484
485 ssl_crypto_x509_cert_flush_cached_chain(hs->config->cert.get());
486
487 return true;
488 }
489
ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX * ctx)490 static void ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {
491 sk_X509_NAME_pop_free(ctx->cached_x509_client_CA, X509_NAME_free);
492 ctx->cached_x509_client_CA = nullptr;
493 }
494
ssl_crypto_x509_ssl_ctx_new(SSL_CTX * ctx)495 static bool ssl_crypto_x509_ssl_ctx_new(SSL_CTX *ctx) {
496 ctx->cert_store = X509_STORE_new();
497 ctx->param = X509_VERIFY_PARAM_new();
498 return (ctx->cert_store != nullptr && ctx->param != nullptr);
499 }
500
ssl_crypto_x509_ssl_ctx_free(SSL_CTX * ctx)501 static void ssl_crypto_x509_ssl_ctx_free(SSL_CTX *ctx) {
502 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(ctx);
503 X509_VERIFY_PARAM_free(ctx->param);
504 X509_STORE_free(ctx->cert_store);
505 }
506
507 const SSL_X509_METHOD ssl_crypto_x509_method = {
508 ssl_crypto_x509_check_client_CA_list,
509 ssl_crypto_x509_cert_clear,
510 ssl_crypto_x509_cert_free,
511 ssl_crypto_x509_cert_dup,
512 ssl_crypto_x509_cert_flush_cached_chain,
513 ssl_crypto_x509_cert_flush_cached_leaf,
514 ssl_crypto_x509_session_cache_objects,
515 ssl_crypto_x509_session_dup,
516 ssl_crypto_x509_session_clear,
517 ssl_crypto_x509_session_verify_cert_chain,
518 ssl_crypto_x509_hs_flush_cached_ca_names,
519 ssl_crypto_x509_ssl_new,
520 ssl_crypto_x509_ssl_config_free,
521 ssl_crypto_x509_ssl_flush_cached_client_CA,
522 ssl_crypto_x509_ssl_auto_chain_if_needed,
523 ssl_crypto_x509_ssl_ctx_new,
524 ssl_crypto_x509_ssl_ctx_free,
525 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA,
526 };
527
528 BSSL_NAMESPACE_END
529
530 using namespace bssl;
531
SSL_get_peer_certificate(const SSL * ssl)532 X509 *SSL_get_peer_certificate(const SSL *ssl) {
533 check_ssl_x509_method(ssl);
534 if (ssl == NULL) {
535 return NULL;
536 }
537 SSL_SESSION *session = SSL_get_session(ssl);
538 if (session == NULL || session->x509_peer == NULL) {
539 return NULL;
540 }
541 X509_up_ref(session->x509_peer);
542 return session->x509_peer;
543 }
544
STACK_OF(X509)545 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl) {
546 check_ssl_x509_method(ssl);
547 if (ssl == nullptr) {
548 return nullptr;
549 }
550 SSL_SESSION *session = SSL_get_session(ssl);
551 if (session == nullptr) {
552 return nullptr;
553 }
554
555 // OpenSSL historically didn't include the leaf certificate in the returned
556 // certificate chain, but only for servers.
557 return ssl->server ? session->x509_chain_without_leaf : session->x509_chain;
558 }
559
STACK_OF(X509)560 STACK_OF(X509) *SSL_get_peer_full_cert_chain(const SSL *ssl) {
561 check_ssl_x509_method(ssl);
562 SSL_SESSION *session = SSL_get_session(ssl);
563 if (session == NULL) {
564 return NULL;
565 }
566
567 return session->x509_chain;
568 }
569
SSL_CTX_set_purpose(SSL_CTX * ctx,int purpose)570 int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose) {
571 check_ssl_ctx_x509_method(ctx);
572 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
573 }
574
SSL_set_purpose(SSL * ssl,int purpose)575 int SSL_set_purpose(SSL *ssl, int purpose) {
576 check_ssl_x509_method(ssl);
577 if (!ssl->config) {
578 return 0;
579 }
580 return X509_VERIFY_PARAM_set_purpose(ssl->config->param, purpose);
581 }
582
SSL_CTX_set_trust(SSL_CTX * ctx,int trust)583 int SSL_CTX_set_trust(SSL_CTX *ctx, int trust) {
584 check_ssl_ctx_x509_method(ctx);
585 return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
586 }
587
SSL_set_trust(SSL * ssl,int trust)588 int SSL_set_trust(SSL *ssl, int trust) {
589 check_ssl_x509_method(ssl);
590 if (!ssl->config) {
591 return 0;
592 }
593 return X509_VERIFY_PARAM_set_trust(ssl->config->param, trust);
594 }
595
SSL_CTX_set1_param(SSL_CTX * ctx,const X509_VERIFY_PARAM * param)596 int SSL_CTX_set1_param(SSL_CTX *ctx, const X509_VERIFY_PARAM *param) {
597 check_ssl_ctx_x509_method(ctx);
598 return X509_VERIFY_PARAM_set1(ctx->param, param);
599 }
600
SSL_set1_param(SSL * ssl,const X509_VERIFY_PARAM * param)601 int SSL_set1_param(SSL *ssl, const X509_VERIFY_PARAM *param) {
602 check_ssl_x509_method(ssl);
603 if (!ssl->config) {
604 return 0;
605 }
606 return X509_VERIFY_PARAM_set1(ssl->config->param, param);
607 }
608
SSL_CTX_get0_param(SSL_CTX * ctx)609 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) {
610 check_ssl_ctx_x509_method(ctx);
611 return ctx->param;
612 }
613
SSL_get0_param(SSL * ssl)614 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) {
615 check_ssl_x509_method(ssl);
616 if (!ssl->config) {
617 assert(ssl->config);
618 return 0;
619 }
620 return ssl->config->param;
621 }
622
SSL_get_verify_depth(const SSL * ssl)623 int SSL_get_verify_depth(const SSL *ssl) {
624 check_ssl_x509_method(ssl);
625 if (!ssl->config) {
626 assert(ssl->config);
627 return 0;
628 }
629 return X509_VERIFY_PARAM_get_depth(ssl->config->param);
630 }
631
SSL_get_verify_callback(const SSL * ssl)632 int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *) {
633 check_ssl_x509_method(ssl);
634 if (!ssl->config) {
635 assert(ssl->config);
636 return 0;
637 }
638 return ssl->config->verify_callback;
639 }
640
SSL_CTX_get_verify_mode(const SSL_CTX * ctx)641 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) {
642 check_ssl_ctx_x509_method(ctx);
643 return ctx->verify_mode;
644 }
645
SSL_CTX_get_verify_depth(const SSL_CTX * ctx)646 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) {
647 check_ssl_ctx_x509_method(ctx);
648 return X509_VERIFY_PARAM_get_depth(ctx->param);
649 }
650
SSL_CTX_get_verify_callback(const SSL_CTX * ctx)651 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(
652 int ok, X509_STORE_CTX *store_ctx) {
653 check_ssl_ctx_x509_method(ctx);
654 return ctx->default_verify_callback;
655 }
656
SSL_set_verify(SSL * ssl,int mode,int (* callback)(int ok,X509_STORE_CTX * store_ctx))657 void SSL_set_verify(SSL *ssl, int mode,
658 int (*callback)(int ok, X509_STORE_CTX *store_ctx)) {
659 check_ssl_x509_method(ssl);
660 if (!ssl->config) {
661 return;
662 }
663 ssl->config->verify_mode = mode;
664 if (callback != NULL) {
665 ssl->config->verify_callback = callback;
666 }
667 }
668
SSL_set_verify_depth(SSL * ssl,int depth)669 void SSL_set_verify_depth(SSL *ssl, int depth) {
670 check_ssl_x509_method(ssl);
671 if (!ssl->config) {
672 return;
673 }
674 X509_VERIFY_PARAM_set_depth(ssl->config->param, depth);
675 }
676
SSL_CTX_set_cert_verify_callback(SSL_CTX * ctx,int (* cb)(X509_STORE_CTX * store_ctx,void * arg),void * arg)677 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
678 int (*cb)(X509_STORE_CTX *store_ctx,
679 void *arg),
680 void *arg) {
681 check_ssl_ctx_x509_method(ctx);
682 ctx->app_verify_callback = cb;
683 ctx->app_verify_arg = arg;
684 }
685
SSL_CTX_set_verify(SSL_CTX * ctx,int mode,int (* cb)(int,X509_STORE_CTX *))686 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
687 int (*cb)(int, X509_STORE_CTX *)) {
688 check_ssl_ctx_x509_method(ctx);
689 ctx->verify_mode = mode;
690 ctx->default_verify_callback = cb;
691 }
692
SSL_CTX_set_verify_depth(SSL_CTX * ctx,int depth)693 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) {
694 check_ssl_ctx_x509_method(ctx);
695 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
696 }
697
SSL_CTX_set_default_verify_paths(SSL_CTX * ctx)698 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) {
699 check_ssl_ctx_x509_method(ctx);
700 return X509_STORE_set_default_paths(ctx->cert_store);
701 }
702
SSL_CTX_load_verify_locations(SSL_CTX * ctx,const char * ca_file,const char * ca_dir)703 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *ca_file,
704 const char *ca_dir) {
705 check_ssl_ctx_x509_method(ctx);
706 return X509_STORE_load_locations(ctx->cert_store, ca_file, ca_dir);
707 }
708
SSL_get_verify_result(const SSL * ssl)709 long SSL_get_verify_result(const SSL *ssl) {
710 check_ssl_x509_method(ssl);
711 SSL_SESSION *session = SSL_get_session(ssl);
712 if (session == NULL) {
713 return X509_V_ERR_INVALID_CALL;
714 }
715 return session->verify_result;
716 }
717
SSL_CTX_get_cert_store(const SSL_CTX * ctx)718 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
719 check_ssl_ctx_x509_method(ctx);
720 return ctx->cert_store;
721 }
722
SSL_CTX_set_cert_store(SSL_CTX * ctx,X509_STORE * store)723 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) {
724 check_ssl_ctx_x509_method(ctx);
725 X509_STORE_free(ctx->cert_store);
726 ctx->cert_store = store;
727 }
728
ssl_use_certificate(CERT * cert,X509 * x)729 static int ssl_use_certificate(CERT *cert, X509 *x) {
730 if (x == NULL) {
731 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
732 return 0;
733 }
734
735 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x);
736 if (!buffer) {
737 return 0;
738 }
739
740 return ssl_set_cert(cert, std::move(buffer));
741 }
742
SSL_use_certificate(SSL * ssl,X509 * x)743 int SSL_use_certificate(SSL *ssl, X509 *x) {
744 check_ssl_x509_method(ssl);
745 if (!ssl->config) {
746 return 0;
747 }
748 return ssl_use_certificate(ssl->config->cert.get(), x);
749 }
750
SSL_CTX_use_certificate(SSL_CTX * ctx,X509 * x)751 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) {
752 check_ssl_ctx_x509_method(ctx);
753 return ssl_use_certificate(ctx->cert.get(), x);
754 }
755
756 // ssl_cert_cache_leaf_cert sets |cert->x509_leaf|, if currently NULL, from the
757 // first element of |cert->chain|.
ssl_cert_cache_leaf_cert(CERT * cert)758 static int ssl_cert_cache_leaf_cert(CERT *cert) {
759 assert(cert->x509_method);
760
761 if (cert->x509_leaf != NULL ||
762 cert->chain == NULL) {
763 return 1;
764 }
765
766 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);
767 if (!leaf) {
768 return 1;
769 }
770
771 cert->x509_leaf = X509_parse_from_buffer(leaf);
772 return cert->x509_leaf != NULL;
773 }
774
ssl_cert_get0_leaf(CERT * cert)775 static X509 *ssl_cert_get0_leaf(CERT *cert) {
776 if (cert->x509_leaf == NULL &&
777 !ssl_cert_cache_leaf_cert(cert)) {
778 return NULL;
779 }
780
781 return cert->x509_leaf;
782 }
783
SSL_get_certificate(const SSL * ssl)784 X509 *SSL_get_certificate(const SSL *ssl) {
785 check_ssl_x509_method(ssl);
786 if (!ssl->config) {
787 assert(ssl->config);
788 return 0;
789 }
790 return ssl_cert_get0_leaf(ssl->config->cert.get());
791 }
792
SSL_CTX_get0_certificate(const SSL_CTX * ctx)793 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) {
794 check_ssl_ctx_x509_method(ctx);
795 MutexWriteLock lock(const_cast<CRYPTO_MUTEX*>(&ctx->lock));
796 return ssl_cert_get0_leaf(ctx->cert.get());
797 }
798
ssl_cert_set0_chain(CERT * cert,STACK_OF (X509)* chain)799 static int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain) {
800 if (!ssl_cert_set_chain(cert, chain)) {
801 return 0;
802 }
803
804 sk_X509_pop_free(chain, X509_free);
805 ssl_crypto_x509_cert_flush_cached_chain(cert);
806 return 1;
807 }
808
ssl_cert_set1_chain(CERT * cert,STACK_OF (X509)* chain)809 static int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain) {
810 if (!ssl_cert_set_chain(cert, chain)) {
811 return 0;
812 }
813
814 ssl_crypto_x509_cert_flush_cached_chain(cert);
815 return 1;
816 }
817
ssl_cert_append_cert(CERT * cert,X509 * x509)818 static int ssl_cert_append_cert(CERT *cert, X509 *x509) {
819 assert(cert->x509_method);
820
821 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509);
822 if (!buffer) {
823 return 0;
824 }
825
826 if (cert->chain != NULL) {
827 return PushToStack(cert->chain.get(), std::move(buffer));
828 }
829
830 cert->chain = new_leafless_chain();
831 if (!cert->chain ||
832 !PushToStack(cert->chain.get(), std::move(buffer))) {
833 cert->chain.reset();
834 return 0;
835 }
836
837 return 1;
838 }
839
ssl_cert_add0_chain_cert(CERT * cert,X509 * x509)840 static int ssl_cert_add0_chain_cert(CERT *cert, X509 *x509) {
841 if (!ssl_cert_append_cert(cert, x509)) {
842 return 0;
843 }
844
845 X509_free(cert->x509_stash);
846 cert->x509_stash = x509;
847 ssl_crypto_x509_cert_flush_cached_chain(cert);
848 return 1;
849 }
850
ssl_cert_add1_chain_cert(CERT * cert,X509 * x509)851 static int ssl_cert_add1_chain_cert(CERT *cert, X509 *x509) {
852 if (!ssl_cert_append_cert(cert, x509)) {
853 return 0;
854 }
855
856 ssl_crypto_x509_cert_flush_cached_chain(cert);
857 return 1;
858 }
859
SSL_CTX_set0_chain(SSL_CTX * ctx,STACK_OF (X509)* chain)860 int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {
861 check_ssl_ctx_x509_method(ctx);
862 return ssl_cert_set0_chain(ctx->cert.get(), chain);
863 }
864
SSL_CTX_set1_chain(SSL_CTX * ctx,STACK_OF (X509)* chain)865 int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {
866 check_ssl_ctx_x509_method(ctx);
867 return ssl_cert_set1_chain(ctx->cert.get(), chain);
868 }
869
SSL_set0_chain(SSL * ssl,STACK_OF (X509)* chain)870 int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain) {
871 check_ssl_x509_method(ssl);
872 if (!ssl->config) {
873 return 0;
874 }
875 return ssl_cert_set0_chain(ssl->config->cert.get(), chain);
876 }
877
SSL_set1_chain(SSL * ssl,STACK_OF (X509)* chain)878 int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain) {
879 check_ssl_x509_method(ssl);
880 if (!ssl->config) {
881 return 0;
882 }
883 return ssl_cert_set1_chain(ssl->config->cert.get(), chain);
884 }
885
SSL_CTX_add0_chain_cert(SSL_CTX * ctx,X509 * x509)886 int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509) {
887 check_ssl_ctx_x509_method(ctx);
888 return ssl_cert_add0_chain_cert(ctx->cert.get(), x509);
889 }
890
SSL_CTX_add1_chain_cert(SSL_CTX * ctx,X509 * x509)891 int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509) {
892 check_ssl_ctx_x509_method(ctx);
893 return ssl_cert_add1_chain_cert(ctx->cert.get(), x509);
894 }
895
SSL_CTX_add_extra_chain_cert(SSL_CTX * ctx,X509 * x509)896 int SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509) {
897 check_ssl_ctx_x509_method(ctx);
898 return SSL_CTX_add0_chain_cert(ctx, x509);
899 }
900
SSL_add0_chain_cert(SSL * ssl,X509 * x509)901 int SSL_add0_chain_cert(SSL *ssl, X509 *x509) {
902 check_ssl_x509_method(ssl);
903 if (!ssl->config) {
904 return 0;
905 }
906 return ssl_cert_add0_chain_cert(ssl->config->cert.get(), x509);
907 }
908
SSL_add1_chain_cert(SSL * ssl,X509 * x509)909 int SSL_add1_chain_cert(SSL *ssl, X509 *x509) {
910 check_ssl_x509_method(ssl);
911 if (!ssl->config) {
912 return 0;
913 }
914 return ssl_cert_add1_chain_cert(ssl->config->cert.get(), x509);
915 }
916
SSL_CTX_clear_chain_certs(SSL_CTX * ctx)917 int SSL_CTX_clear_chain_certs(SSL_CTX *ctx) {
918 check_ssl_ctx_x509_method(ctx);
919 return SSL_CTX_set0_chain(ctx, NULL);
920 }
921
SSL_CTX_clear_extra_chain_certs(SSL_CTX * ctx)922 int SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx) {
923 check_ssl_ctx_x509_method(ctx);
924 return SSL_CTX_clear_chain_certs(ctx);
925 }
926
SSL_clear_chain_certs(SSL * ssl)927 int SSL_clear_chain_certs(SSL *ssl) {
928 check_ssl_x509_method(ssl);
929 return SSL_set0_chain(ssl, NULL);
930 }
931
932 // ssl_cert_cache_chain_certs fills in |cert->x509_chain| from elements 1.. of
933 // |cert->chain|.
ssl_cert_cache_chain_certs(CERT * cert)934 static int ssl_cert_cache_chain_certs(CERT *cert) {
935 assert(cert->x509_method);
936
937 if (cert->x509_chain != nullptr ||
938 cert->chain == nullptr ||
939 sk_CRYPTO_BUFFER_num(cert->chain.get()) < 2) {
940 return 1;
941 }
942
943 UniquePtr<STACK_OF(X509)> chain(sk_X509_new_null());
944 if (!chain) {
945 return 0;
946 }
947
948 for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(cert->chain.get()); i++) {
949 CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(cert->chain.get(), i);
950 UniquePtr<X509> x509(X509_parse_from_buffer(buffer));
951 if (!x509 ||
952 !PushToStack(chain.get(), std::move(x509))) {
953 return 0;
954 }
955 }
956
957 cert->x509_chain = chain.release();
958 return 1;
959 }
960
SSL_CTX_get0_chain_certs(const SSL_CTX * ctx,STACK_OF (X509)** out_chain)961 int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain) {
962 check_ssl_ctx_x509_method(ctx);
963 MutexWriteLock lock(const_cast<CRYPTO_MUTEX*>(&ctx->lock));
964 if (!ssl_cert_cache_chain_certs(ctx->cert.get())) {
965 *out_chain = NULL;
966 return 0;
967 }
968
969 *out_chain = ctx->cert->x509_chain;
970 return 1;
971 }
972
SSL_CTX_get_extra_chain_certs(const SSL_CTX * ctx,STACK_OF (X509)** out_chain)973 int SSL_CTX_get_extra_chain_certs(const SSL_CTX *ctx,
974 STACK_OF(X509) **out_chain) {
975 return SSL_CTX_get0_chain_certs(ctx, out_chain);
976 }
977
SSL_get0_chain_certs(const SSL * ssl,STACK_OF (X509)** out_chain)978 int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) {
979 check_ssl_x509_method(ssl);
980 if (!ssl->config) {
981 assert(ssl->config);
982 return 0;
983 }
984 if (!ssl_cert_cache_chain_certs(ssl->config->cert.get())) {
985 *out_chain = NULL;
986 return 0;
987 }
988
989 *out_chain = ssl->config->cert->x509_chain;
990 return 1;
991 }
992
d2i_SSL_SESSION_bio(BIO * bio,SSL_SESSION ** out)993 SSL_SESSION *d2i_SSL_SESSION_bio(BIO *bio, SSL_SESSION **out) {
994 uint8_t *data;
995 size_t len;
996 if (!BIO_read_asn1(bio, &data, &len, 1024 * 1024)) {
997 return 0;
998 }
999 bssl::UniquePtr<uint8_t> free_data(data);
1000 const uint8_t *ptr = data;
1001 return d2i_SSL_SESSION(out, &ptr, static_cast<long>(len));
1002 }
1003
i2d_SSL_SESSION_bio(BIO * bio,const SSL_SESSION * session)1004 int i2d_SSL_SESSION_bio(BIO *bio, const SSL_SESSION *session) {
1005 uint8_t *data;
1006 size_t len;
1007 if (!SSL_SESSION_to_bytes(session, &data, &len)) {
1008 return 0;
1009 }
1010 bssl::UniquePtr<uint8_t> free_data(data);
1011 return BIO_write_all(bio, data, len);
1012 }
1013
IMPLEMENT_PEM_rw(SSL_SESSION,SSL_SESSION,PEM_STRING_SSL_SESSION,SSL_SESSION)1014 IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
1015
1016 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {
1017 if (length < 0) {
1018 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1019 return NULL;
1020 }
1021
1022 CBS cbs;
1023 CBS_init(&cbs, *pp, length);
1024
1025 UniquePtr<SSL_SESSION> ret = SSL_SESSION_parse(&cbs, &ssl_crypto_x509_method,
1026 NULL /* no buffer pool */);
1027 if (!ret) {
1028 return NULL;
1029 }
1030
1031 if (a) {
1032 SSL_SESSION_free(*a);
1033 *a = ret.get();
1034 }
1035 *pp = CBS_data(&cbs);
1036 return ret.release();
1037 }
1038
STACK_OF(X509_NAME)1039 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *list) {
1040 // TODO(https://crbug.com/boringssl/407): |X509_NAME_dup| should be const.
1041 auto name_dup = [](const X509_NAME *name) {
1042 return X509_NAME_dup(const_cast<X509_NAME *>(name));
1043 };
1044 return sk_X509_NAME_deep_copy(list, name_dup, X509_NAME_free);
1045 }
1046
set_client_CA_list(UniquePtr<STACK_OF (CRYPTO_BUFFER)> * ca_list,const STACK_OF (X509_NAME)* name_list,CRYPTO_BUFFER_POOL * pool)1047 static void set_client_CA_list(UniquePtr<STACK_OF(CRYPTO_BUFFER)> *ca_list,
1048 const STACK_OF(X509_NAME) *name_list,
1049 CRYPTO_BUFFER_POOL *pool) {
1050 UniquePtr<STACK_OF(CRYPTO_BUFFER)> buffers(sk_CRYPTO_BUFFER_new_null());
1051 if (!buffers) {
1052 return;
1053 }
1054
1055 for (X509_NAME *name : name_list) {
1056 uint8_t *outp = NULL;
1057 int len = i2d_X509_NAME(name, &outp);
1058 if (len < 0) {
1059 return;
1060 }
1061
1062 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(outp, len, pool));
1063 OPENSSL_free(outp);
1064 if (!buffer ||
1065 !PushToStack(buffers.get(), std::move(buffer))) {
1066 return;
1067 }
1068 }
1069
1070 *ca_list = std::move(buffers);
1071 }
1072
SSL_set_client_CA_list(SSL * ssl,STACK_OF (X509_NAME)* name_list)1073 void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list) {
1074 check_ssl_x509_method(ssl);
1075 if (!ssl->config) {
1076 return;
1077 }
1078 ssl->ctx->x509_method->ssl_flush_cached_client_CA(ssl->config.get());
1079 set_client_CA_list(&ssl->config->client_CA, name_list, ssl->ctx->pool);
1080 sk_X509_NAME_pop_free(name_list, X509_NAME_free);
1081 }
1082
SSL_CTX_set_client_CA_list(SSL_CTX * ctx,STACK_OF (X509_NAME)* name_list)1083 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) {
1084 check_ssl_ctx_x509_method(ctx);
1085 ctx->x509_method->ssl_ctx_flush_cached_client_CA(ctx);
1086 set_client_CA_list(&ctx->client_CA, name_list, ctx->pool);
1087 sk_X509_NAME_pop_free(name_list, X509_NAME_free);
1088 }
1089
STACK_OF(X509_NAME)1090 static STACK_OF(X509_NAME) *
1091 buffer_names_to_x509(const STACK_OF(CRYPTO_BUFFER) *names,
1092 STACK_OF(X509_NAME) **cached) {
1093 if (names == NULL) {
1094 return NULL;
1095 }
1096
1097 if (*cached != NULL) {
1098 return *cached;
1099 }
1100
1101 UniquePtr<STACK_OF(X509_NAME)> new_cache(sk_X509_NAME_new_null());
1102 if (!new_cache) {
1103 return NULL;
1104 }
1105
1106 for (const CRYPTO_BUFFER *buffer : names) {
1107 const uint8_t *inp = CRYPTO_BUFFER_data(buffer);
1108 UniquePtr<X509_NAME> name(
1109 d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));
1110 if (!name ||
1111 inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer) ||
1112 !PushToStack(new_cache.get(), std::move(name))) {
1113 return NULL;
1114 }
1115 }
1116
1117 *cached = new_cache.release();
1118 return *cached;
1119 }
1120
STACK_OF(X509_NAME)1121 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl) {
1122 check_ssl_x509_method(ssl);
1123 if (!ssl->config) {
1124 assert(ssl->config);
1125 return NULL;
1126 }
1127 // For historical reasons, this function is used both to query configuration
1128 // state on a server as well as handshake state on a client. However, whether
1129 // |ssl| is a client or server is not known until explicitly configured with
1130 // |SSL_set_connect_state|. If |do_handshake| is NULL, |ssl| is in an
1131 // indeterminate mode and |ssl->server| is unset.
1132 if (ssl->do_handshake != NULL && !ssl->server) {
1133 if (ssl->s3->hs != NULL) {
1134 return buffer_names_to_x509(ssl->s3->hs->ca_names.get(),
1135 &ssl->s3->hs->cached_x509_ca_names);
1136 }
1137
1138 return NULL;
1139 }
1140
1141 if (ssl->config->client_CA != NULL) {
1142 return buffer_names_to_x509(
1143 ssl->config->client_CA.get(),
1144 (STACK_OF(X509_NAME) **)&ssl->config->cached_x509_client_CA);
1145 }
1146 return SSL_CTX_get_client_CA_list(ssl->ctx.get());
1147 }
1148
STACK_OF(X509_NAME)1149 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) {
1150 check_ssl_ctx_x509_method(ctx);
1151 // This is a logically const operation that may be called on multiple threads,
1152 // so it needs to lock around updating |cached_x509_client_CA|.
1153 MutexWriteLock lock(const_cast<CRYPTO_MUTEX *>(&ctx->lock));
1154 return buffer_names_to_x509(
1155 ctx->client_CA.get(),
1156 const_cast<STACK_OF(X509_NAME) **>(&ctx->cached_x509_client_CA));
1157 }
1158
add_client_CA(UniquePtr<STACK_OF (CRYPTO_BUFFER)> * names,X509 * x509,CRYPTO_BUFFER_POOL * pool)1159 static int add_client_CA(UniquePtr<STACK_OF(CRYPTO_BUFFER)> *names, X509 *x509,
1160 CRYPTO_BUFFER_POOL *pool) {
1161 if (x509 == NULL) {
1162 return 0;
1163 }
1164
1165 uint8_t *outp = NULL;
1166 int len = i2d_X509_NAME(X509_get_subject_name(x509), &outp);
1167 if (len < 0) {
1168 return 0;
1169 }
1170
1171 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(outp, len, pool));
1172 OPENSSL_free(outp);
1173 if (!buffer) {
1174 return 0;
1175 }
1176
1177 int alloced = 0;
1178 if (*names == nullptr) {
1179 names->reset(sk_CRYPTO_BUFFER_new_null());
1180 alloced = 1;
1181
1182 if (*names == NULL) {
1183 return 0;
1184 }
1185 }
1186
1187 if (!PushToStack(names->get(), std::move(buffer))) {
1188 if (alloced) {
1189 names->reset();
1190 }
1191 return 0;
1192 }
1193
1194 return 1;
1195 }
1196
SSL_add_client_CA(SSL * ssl,X509 * x509)1197 int SSL_add_client_CA(SSL *ssl, X509 *x509) {
1198 check_ssl_x509_method(ssl);
1199 if (!ssl->config) {
1200 return 0;
1201 }
1202 if (!add_client_CA(&ssl->config->client_CA, x509, ssl->ctx->pool)) {
1203 return 0;
1204 }
1205
1206 ssl_crypto_x509_ssl_flush_cached_client_CA(ssl->config.get());
1207 return 1;
1208 }
1209
SSL_CTX_add_client_CA(SSL_CTX * ctx,X509 * x509)1210 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x509) {
1211 check_ssl_ctx_x509_method(ctx);
1212 if (!add_client_CA(&ctx->client_CA, x509, ctx->pool)) {
1213 return 0;
1214 }
1215
1216 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(ctx);
1217 return 1;
1218 }
1219
do_client_cert_cb(SSL * ssl,void * arg)1220 static int do_client_cert_cb(SSL *ssl, void *arg) {
1221 // Should only be called during handshake, but check to be sure.
1222 if (!ssl->config) {
1223 assert(ssl->config);
1224 return -1;
1225 }
1226
1227 if (ssl_has_certificate(ssl->s3->hs.get()) ||
1228 ssl->ctx->client_cert_cb == NULL) {
1229 return 1;
1230 }
1231
1232 X509 *x509 = NULL;
1233 EVP_PKEY *pkey = NULL;
1234 int ret = ssl->ctx->client_cert_cb(ssl, &x509, &pkey);
1235 if (ret < 0) {
1236 return -1;
1237 }
1238 UniquePtr<X509> free_x509(x509);
1239 UniquePtr<EVP_PKEY> free_pkey(pkey);
1240
1241 if (ret != 0) {
1242 if (!SSL_use_certificate(ssl, x509) ||
1243 !SSL_use_PrivateKey(ssl, pkey)) {
1244 return 0;
1245 }
1246 }
1247
1248 return 1;
1249 }
1250
SSL_CTX_set_client_cert_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,X509 ** out_x509,EVP_PKEY ** out_pkey))1251 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl,
1252 X509 **out_x509,
1253 EVP_PKEY **out_pkey)) {
1254 check_ssl_ctx_x509_method(ctx);
1255 // Emulate the old client certificate callback with the new one.
1256 SSL_CTX_set_cert_cb(ctx, do_client_cert_cb, NULL);
1257 ctx->client_cert_cb = cb;
1258 }
1259
set_cert_store(X509_STORE ** store_ptr,X509_STORE * new_store,int take_ref)1260 static int set_cert_store(X509_STORE **store_ptr, X509_STORE *new_store,
1261 int take_ref) {
1262 X509_STORE_free(*store_ptr);
1263 *store_ptr = new_store;
1264
1265 if (new_store != NULL && take_ref) {
1266 X509_STORE_up_ref(new_store);
1267 }
1268
1269 return 1;
1270 }
1271
SSL_get_ex_data_X509_STORE_CTX_idx(void)1272 int SSL_get_ex_data_X509_STORE_CTX_idx(void) {
1273 // The ex_data index to go from |X509_STORE_CTX| to |SSL| always uses the
1274 // reserved app_data slot. Before ex_data was introduced, app_data was used.
1275 // Avoid breaking any software which assumes |X509_STORE_CTX_get_app_data|
1276 // works.
1277 return 0;
1278 }
1279
SSL_CTX_set0_verify_cert_store(SSL_CTX * ctx,X509_STORE * store)1280 int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
1281 check_ssl_ctx_x509_method(ctx);
1282 return set_cert_store(&ctx->cert->verify_store, store, 0);
1283 }
1284
SSL_CTX_set1_verify_cert_store(SSL_CTX * ctx,X509_STORE * store)1285 int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
1286 check_ssl_ctx_x509_method(ctx);
1287 return set_cert_store(&ctx->cert->verify_store, store, 1);
1288 }
1289
SSL_set0_verify_cert_store(SSL * ssl,X509_STORE * store)1290 int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store) {
1291 check_ssl_x509_method(ssl);
1292 if (!ssl->config) {
1293 return 0;
1294 }
1295 return set_cert_store(&ssl->config->cert->verify_store, store, 0);
1296 }
1297
SSL_set1_verify_cert_store(SSL * ssl,X509_STORE * store)1298 int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store) {
1299 check_ssl_x509_method(ssl);
1300 if (!ssl->config) {
1301 return 0;
1302 }
1303 return set_cert_store(&ssl->config->cert->verify_store, store, 1);
1304 }
1305
SSL_set1_host(SSL * ssl,const char * hostname)1306 int SSL_set1_host(SSL *ssl, const char *hostname) {
1307 check_ssl_x509_method(ssl);
1308 if (!ssl->config) {
1309 return 0;
1310 }
1311 return X509_VERIFY_PARAM_set1_host(ssl->config->param, hostname,
1312 strlen(hostname));
1313 }
1314
SSL_set_hostflags(SSL * ssl,unsigned flags)1315 void SSL_set_hostflags(SSL *ssl, unsigned flags) {
1316 check_ssl_x509_method(ssl);
1317 if (!ssl->config) {
1318 return;
1319 }
1320 X509_VERIFY_PARAM_set_hostflags(ssl->config->param, flags);
1321 }
1322
SSL_alert_from_verify_result(long result)1323 int SSL_alert_from_verify_result(long result) {
1324 switch (result) {
1325 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
1326 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1327 case X509_V_ERR_INVALID_CA:
1328 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
1329 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1330 case X509_V_ERR_UNABLE_TO_GET_CRL:
1331 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
1332 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
1333 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1334 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1335 return SSL_AD_UNKNOWN_CA;
1336
1337 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
1338 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
1339 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
1340 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
1341 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
1342 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
1343 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
1344 case X509_V_ERR_CERT_UNTRUSTED:
1345 case X509_V_ERR_CERT_REJECTED:
1346 case X509_V_ERR_HOSTNAME_MISMATCH:
1347 case X509_V_ERR_EMAIL_MISMATCH:
1348 case X509_V_ERR_IP_ADDRESS_MISMATCH:
1349 return SSL_AD_BAD_CERTIFICATE;
1350
1351 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
1352 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
1353 return SSL_AD_DECRYPT_ERROR;
1354
1355 case X509_V_ERR_CERT_HAS_EXPIRED:
1356 case X509_V_ERR_CERT_NOT_YET_VALID:
1357 case X509_V_ERR_CRL_HAS_EXPIRED:
1358 case X509_V_ERR_CRL_NOT_YET_VALID:
1359 return SSL_AD_CERTIFICATE_EXPIRED;
1360
1361 case X509_V_ERR_CERT_REVOKED:
1362 return SSL_AD_CERTIFICATE_REVOKED;
1363
1364 case X509_V_ERR_UNSPECIFIED:
1365 case X509_V_ERR_OUT_OF_MEM:
1366 case X509_V_ERR_INVALID_CALL:
1367 case X509_V_ERR_STORE_LOOKUP:
1368 return SSL_AD_INTERNAL_ERROR;
1369
1370 case X509_V_ERR_APPLICATION_VERIFICATION:
1371 return SSL_AD_HANDSHAKE_FAILURE;
1372
1373 case X509_V_ERR_INVALID_PURPOSE:
1374 return SSL_AD_UNSUPPORTED_CERTIFICATE;
1375
1376 default:
1377 return SSL_AD_CERTIFICATE_UNKNOWN;
1378 }
1379 }
1380