1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115 /* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
141 #include <openssl/ssl.h>
142
143 #include <assert.h>
144
145 #include <openssl/asn1.h>
146 #include <openssl/bytestring.h>
147 #include <openssl/err.h>
148 #include <openssl/pem.h>
149 #include <openssl/stack.h>
150 #include <openssl/x509.h>
151 #include <openssl/x509v3.h>
152 #include <openssl/x509_vfy.h>
153
154 #include "internal.h"
155 #include "../crypto/internal.h"
156
157
158 BSSL_NAMESPACE_BEGIN
159
160 // check_ssl_x509_method asserts that |ssl| has the X509-based method
161 // installed. Calling an X509-based method on an |ssl| with a different method
162 // will likely misbehave and possibly crash or leak memory.
check_ssl_x509_method(const SSL * ssl)163 static void check_ssl_x509_method(const SSL *ssl) {
164 assert(ssl == NULL || ssl->ctx->x509_method == &ssl_crypto_x509_method);
165 }
166
167 // check_ssl_ctx_x509_method acts like |check_ssl_x509_method|, but for an
168 // |SSL_CTX|.
check_ssl_ctx_x509_method(const SSL_CTX * ctx)169 static void check_ssl_ctx_x509_method(const SSL_CTX *ctx) {
170 assert(ctx == NULL || ctx->x509_method == &ssl_crypto_x509_method);
171 }
172
173 // x509_to_buffer returns a |CRYPTO_BUFFER| that contains the serialised
174 // contents of |x509|.
x509_to_buffer(X509 * x509)175 static UniquePtr<CRYPTO_BUFFER> x509_to_buffer(X509 *x509) {
176 uint8_t *buf = NULL;
177 int cert_len = i2d_X509(x509, &buf);
178 if (cert_len <= 0) {
179 return 0;
180 }
181
182 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(buf, cert_len, NULL));
183 OPENSSL_free(buf);
184
185 return buffer;
186 }
187
188 // new_leafless_chain returns a fresh stack of buffers set to {NULL}.
new_leafless_chain(void)189 static UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_leafless_chain(void) {
190 UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain(sk_CRYPTO_BUFFER_new_null());
191 if (!chain ||
192 !sk_CRYPTO_BUFFER_push(chain.get(), nullptr)) {
193 return nullptr;
194 }
195
196 return chain;
197 }
198
199 // ssl_cert_set_chain sets elements 1.. of |cert->chain| to the serialised
200 // forms of elements of |chain|. It returns one on success or zero on error, in
201 // which case no change to |cert->chain| is made. It preverses the existing
202 // leaf from |cert->chain|, if any.
ssl_cert_set_chain(CERT * cert,STACK_OF (X509)* chain)203 static bool ssl_cert_set_chain(CERT *cert, STACK_OF(X509) *chain) {
204 UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_chain;
205
206 if (cert->chain != nullptr) {
207 new_chain.reset(sk_CRYPTO_BUFFER_new_null());
208 if (!new_chain) {
209 return false;
210 }
211
212 // |leaf| might be NULL if it's a “leafless” chain.
213 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);
214 if (!PushToStack(new_chain.get(), UpRef(leaf))) {
215 return false;
216 }
217 }
218
219 for (X509 *x509 : chain) {
220 if (!new_chain) {
221 new_chain = new_leafless_chain();
222 if (!new_chain) {
223 return false;
224 }
225 }
226
227 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509);
228 if (!buffer ||
229 !PushToStack(new_chain.get(), std::move(buffer))) {
230 return false;
231 }
232 }
233
234 cert->chain = std::move(new_chain);
235 return true;
236 }
237
ssl_crypto_x509_cert_flush_cached_leaf(CERT * cert)238 static void ssl_crypto_x509_cert_flush_cached_leaf(CERT *cert) {
239 X509_free(cert->x509_leaf);
240 cert->x509_leaf = nullptr;
241 }
242
ssl_crypto_x509_cert_flush_cached_chain(CERT * cert)243 static void ssl_crypto_x509_cert_flush_cached_chain(CERT *cert) {
244 sk_X509_pop_free(cert->x509_chain, X509_free);
245 cert->x509_chain = nullptr;
246 }
247
ssl_crypto_x509_check_client_CA_list(STACK_OF (CRYPTO_BUFFER)* names)248 static bool ssl_crypto_x509_check_client_CA_list(
249 STACK_OF(CRYPTO_BUFFER) *names) {
250 for (const CRYPTO_BUFFER *buffer : names) {
251 const uint8_t *inp = CRYPTO_BUFFER_data(buffer);
252 UniquePtr<X509_NAME> name(
253 d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));
254 if (name == nullptr ||
255 inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer)) {
256 return false;
257 }
258 }
259
260 return true;
261 }
262
ssl_crypto_x509_cert_clear(CERT * cert)263 static void ssl_crypto_x509_cert_clear(CERT *cert) {
264 ssl_crypto_x509_cert_flush_cached_leaf(cert);
265 ssl_crypto_x509_cert_flush_cached_chain(cert);
266
267 X509_free(cert->x509_stash);
268 cert->x509_stash = nullptr;
269 }
270
ssl_crypto_x509_cert_free(CERT * cert)271 static void ssl_crypto_x509_cert_free(CERT *cert) {
272 ssl_crypto_x509_cert_clear(cert);
273 X509_STORE_free(cert->verify_store);
274 }
275
ssl_crypto_x509_cert_dup(CERT * new_cert,const CERT * cert)276 static void ssl_crypto_x509_cert_dup(CERT *new_cert, const CERT *cert) {
277 if (cert->verify_store != nullptr) {
278 X509_STORE_up_ref(cert->verify_store);
279 new_cert->verify_store = cert->verify_store;
280 }
281 }
282
ssl_crypto_x509_session_cache_objects(SSL_SESSION * sess)283 static bool ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) {
284 bssl::UniquePtr<STACK_OF(X509)> chain, chain_without_leaf;
285 if (sk_CRYPTO_BUFFER_num(sess->certs.get()) > 0) {
286 chain.reset(sk_X509_new_null());
287 if (!chain) {
288 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
289 return false;
290 }
291 if (sess->is_server) {
292 // chain_without_leaf is only needed for server sessions. See
293 // |SSL_get_peer_cert_chain|.
294 chain_without_leaf.reset(sk_X509_new_null());
295 if (!chain_without_leaf) {
296 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
297 return false;
298 }
299 }
300 }
301
302 bssl::UniquePtr<X509> leaf;
303 for (CRYPTO_BUFFER *cert : sess->certs.get()) {
304 UniquePtr<X509> x509(X509_parse_from_buffer(cert));
305 if (!x509) {
306 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
307 return false;
308 }
309 if (leaf == nullptr) {
310 leaf = UpRef(x509);
311 } else if (chain_without_leaf &&
312 !PushToStack(chain_without_leaf.get(), UpRef(x509))) {
313 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
314 return false;
315 }
316 if (!PushToStack(chain.get(), std::move(x509))) {
317 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
318 return false;
319 }
320 }
321
322 sk_X509_pop_free(sess->x509_chain, X509_free);
323 sess->x509_chain = chain.release();
324
325 sk_X509_pop_free(sess->x509_chain_without_leaf, X509_free);
326 sess->x509_chain_without_leaf = chain_without_leaf.release();
327
328 X509_free(sess->x509_peer);
329 sess->x509_peer = leaf.release();
330 return true;
331 }
332
ssl_crypto_x509_session_dup(SSL_SESSION * new_session,const SSL_SESSION * session)333 static bool ssl_crypto_x509_session_dup(SSL_SESSION *new_session,
334 const SSL_SESSION *session) {
335 new_session->x509_peer = UpRef(session->x509_peer).release();
336 if (session->x509_chain != nullptr) {
337 new_session->x509_chain = X509_chain_up_ref(session->x509_chain);
338 if (new_session->x509_chain == nullptr) {
339 return false;
340 }
341 }
342 if (session->x509_chain_without_leaf != nullptr) {
343 new_session->x509_chain_without_leaf =
344 X509_chain_up_ref(session->x509_chain_without_leaf);
345 if (new_session->x509_chain_without_leaf == nullptr) {
346 return false;
347 }
348 }
349
350 return true;
351 }
352
ssl_crypto_x509_session_clear(SSL_SESSION * session)353 static void ssl_crypto_x509_session_clear(SSL_SESSION *session) {
354 X509_free(session->x509_peer);
355 session->x509_peer = nullptr;
356 sk_X509_pop_free(session->x509_chain, X509_free);
357 session->x509_chain = nullptr;
358 sk_X509_pop_free(session->x509_chain_without_leaf, X509_free);
359 session->x509_chain_without_leaf = nullptr;
360 }
361
ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION * session,SSL_HANDSHAKE * hs,uint8_t * out_alert)362 static bool ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION *session,
363 SSL_HANDSHAKE *hs,
364 uint8_t *out_alert) {
365 *out_alert = SSL_AD_INTERNAL_ERROR;
366 STACK_OF(X509) *const cert_chain = session->x509_chain;
367 if (cert_chain == nullptr || sk_X509_num(cert_chain) == 0) {
368 return false;
369 }
370
371 SSL *const ssl = hs->ssl;
372 SSL_CTX *ssl_ctx = ssl->ctx.get();
373 X509_STORE *verify_store = ssl_ctx->cert_store;
374 if (hs->config->cert->verify_store != nullptr) {
375 verify_store = hs->config->cert->verify_store;
376 }
377
378 X509 *leaf = sk_X509_value(cert_chain, 0);
379 const char *name;
380 size_t name_len;
381 SSL_get0_ech_name_override(ssl, &name, &name_len);
382 UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
383 if (!ctx ||
384 !X509_STORE_CTX_init(ctx.get(), verify_store, leaf, cert_chain) ||
385 !X509_STORE_CTX_set_ex_data(ctx.get(),
386 SSL_get_ex_data_X509_STORE_CTX_idx(), ssl) ||
387 // We need to inherit the verify parameters. These can be determined by
388 // the context: if its a server it will verify SSL client certificates or
389 // vice versa.
390 !X509_STORE_CTX_set_default(ctx.get(),
391 ssl->server ? "ssl_client" : "ssl_server") ||
392 // Anything non-default in "param" should overwrite anything in the ctx.
393 !X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(ctx.get()),
394 hs->config->param) ||
395 // ClientHelloOuter connections use a different name.
396 (name_len != 0 &&
397 !X509_VERIFY_PARAM_set1_host(X509_STORE_CTX_get0_param(ctx.get()), name,
398 name_len))) {
399 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
400 return false;
401 }
402
403 if (hs->config->verify_callback) {
404 X509_STORE_CTX_set_verify_cb(ctx.get(), hs->config->verify_callback);
405 }
406
407 int verify_ret;
408 if (ssl_ctx->app_verify_callback != nullptr) {
409 verify_ret =
410 ssl_ctx->app_verify_callback(ctx.get(), ssl_ctx->app_verify_arg);
411 } else {
412 verify_ret = X509_verify_cert(ctx.get());
413 }
414
415 session->verify_result = X509_STORE_CTX_get_error(ctx.get());
416
417 // If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result.
418 if (verify_ret <= 0 && hs->config->verify_mode != SSL_VERIFY_NONE) {
419 *out_alert = SSL_alert_from_verify_result(session->verify_result);
420 return false;
421 }
422
423 ERR_clear_error();
424 return true;
425 }
426
ssl_crypto_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE * hs)427 static void ssl_crypto_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE *hs) {
428 sk_X509_NAME_pop_free(hs->cached_x509_ca_names, X509_NAME_free);
429 hs->cached_x509_ca_names = nullptr;
430 }
431
ssl_crypto_x509_ssl_new(SSL_HANDSHAKE * hs)432 static bool ssl_crypto_x509_ssl_new(SSL_HANDSHAKE *hs) {
433 hs->config->param = X509_VERIFY_PARAM_new();
434 if (hs->config->param == nullptr) {
435 return false;
436 }
437 X509_VERIFY_PARAM_inherit(hs->config->param, hs->ssl->ctx->param);
438 return true;
439 }
440
ssl_crypto_x509_ssl_flush_cached_client_CA(SSL_CONFIG * cfg)441 static void ssl_crypto_x509_ssl_flush_cached_client_CA(SSL_CONFIG *cfg) {
442 sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);
443 cfg->cached_x509_client_CA = nullptr;
444 }
445
ssl_crypto_x509_ssl_config_free(SSL_CONFIG * cfg)446 static void ssl_crypto_x509_ssl_config_free(SSL_CONFIG *cfg) {
447 sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);
448 cfg->cached_x509_client_CA = nullptr;
449 X509_VERIFY_PARAM_free(cfg->param);
450 }
451
ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE * hs)452 static bool ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) {
453 // Only build a chain if there are no intermediates configured and the feature
454 // isn't disabled.
455 if ((hs->ssl->mode & SSL_MODE_NO_AUTO_CHAIN) ||
456 !ssl_has_certificate(hs) || hs->config->cert->chain == NULL ||
457 sk_CRYPTO_BUFFER_num(hs->config->cert->chain.get()) > 1) {
458 return true;
459 }
460
461 UniquePtr<X509> leaf(X509_parse_from_buffer(
462 sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0)));
463 if (!leaf) {
464 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
465 return false;
466 }
467
468 UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
469 if (!ctx || !X509_STORE_CTX_init(ctx.get(), hs->ssl->ctx->cert_store,
470 leaf.get(), nullptr)) {
471 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
472 return false;
473 }
474
475 // Attempt to build a chain, ignoring the result.
476 X509_verify_cert(ctx.get());
477 ERR_clear_error();
478
479 // Remove the leaf from the generated chain.
480 UniquePtr<STACK_OF(X509)> chain(X509_STORE_CTX_get1_chain(ctx.get()));
481 if (!chain) {
482 return false;
483 }
484 X509_free(sk_X509_shift(chain.get()));
485
486 if (!ssl_cert_set_chain(hs->config->cert.get(), chain.get())) {
487 return false;
488 }
489
490 ssl_crypto_x509_cert_flush_cached_chain(hs->config->cert.get());
491
492 return true;
493 }
494
ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX * ctx)495 static void ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {
496 sk_X509_NAME_pop_free(ctx->cached_x509_client_CA, X509_NAME_free);
497 ctx->cached_x509_client_CA = nullptr;
498 }
499
ssl_crypto_x509_ssl_ctx_new(SSL_CTX * ctx)500 static bool ssl_crypto_x509_ssl_ctx_new(SSL_CTX *ctx) {
501 ctx->cert_store = X509_STORE_new();
502 ctx->param = X509_VERIFY_PARAM_new();
503 return (ctx->cert_store != nullptr && ctx->param != nullptr);
504 }
505
ssl_crypto_x509_ssl_ctx_free(SSL_CTX * ctx)506 static void ssl_crypto_x509_ssl_ctx_free(SSL_CTX *ctx) {
507 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(ctx);
508 X509_VERIFY_PARAM_free(ctx->param);
509 X509_STORE_free(ctx->cert_store);
510 }
511
512 const SSL_X509_METHOD ssl_crypto_x509_method = {
513 ssl_crypto_x509_check_client_CA_list,
514 ssl_crypto_x509_cert_clear,
515 ssl_crypto_x509_cert_free,
516 ssl_crypto_x509_cert_dup,
517 ssl_crypto_x509_cert_flush_cached_chain,
518 ssl_crypto_x509_cert_flush_cached_leaf,
519 ssl_crypto_x509_session_cache_objects,
520 ssl_crypto_x509_session_dup,
521 ssl_crypto_x509_session_clear,
522 ssl_crypto_x509_session_verify_cert_chain,
523 ssl_crypto_x509_hs_flush_cached_ca_names,
524 ssl_crypto_x509_ssl_new,
525 ssl_crypto_x509_ssl_config_free,
526 ssl_crypto_x509_ssl_flush_cached_client_CA,
527 ssl_crypto_x509_ssl_auto_chain_if_needed,
528 ssl_crypto_x509_ssl_ctx_new,
529 ssl_crypto_x509_ssl_ctx_free,
530 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA,
531 };
532
533 BSSL_NAMESPACE_END
534
535 using namespace bssl;
536
SSL_get_peer_certificate(const SSL * ssl)537 X509 *SSL_get_peer_certificate(const SSL *ssl) {
538 check_ssl_x509_method(ssl);
539 if (ssl == NULL) {
540 return NULL;
541 }
542 SSL_SESSION *session = SSL_get_session(ssl);
543 if (session == NULL || session->x509_peer == NULL) {
544 return NULL;
545 }
546 X509_up_ref(session->x509_peer);
547 return session->x509_peer;
548 }
549
STACK_OF(X509)550 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl) {
551 check_ssl_x509_method(ssl);
552 if (ssl == nullptr) {
553 return nullptr;
554 }
555 SSL_SESSION *session = SSL_get_session(ssl);
556 if (session == nullptr) {
557 return nullptr;
558 }
559
560 // OpenSSL historically didn't include the leaf certificate in the returned
561 // certificate chain, but only for servers.
562 return ssl->server ? session->x509_chain_without_leaf : session->x509_chain;
563 }
564
STACK_OF(X509)565 STACK_OF(X509) *SSL_get_peer_full_cert_chain(const SSL *ssl) {
566 check_ssl_x509_method(ssl);
567 SSL_SESSION *session = SSL_get_session(ssl);
568 if (session == NULL) {
569 return NULL;
570 }
571
572 return session->x509_chain;
573 }
574
SSL_CTX_set_purpose(SSL_CTX * ctx,int purpose)575 int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose) {
576 check_ssl_ctx_x509_method(ctx);
577 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
578 }
579
SSL_set_purpose(SSL * ssl,int purpose)580 int SSL_set_purpose(SSL *ssl, int purpose) {
581 check_ssl_x509_method(ssl);
582 if (!ssl->config) {
583 return 0;
584 }
585 return X509_VERIFY_PARAM_set_purpose(ssl->config->param, purpose);
586 }
587
SSL_CTX_set_trust(SSL_CTX * ctx,int trust)588 int SSL_CTX_set_trust(SSL_CTX *ctx, int trust) {
589 check_ssl_ctx_x509_method(ctx);
590 return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
591 }
592
SSL_set_trust(SSL * ssl,int trust)593 int SSL_set_trust(SSL *ssl, int trust) {
594 check_ssl_x509_method(ssl);
595 if (!ssl->config) {
596 return 0;
597 }
598 return X509_VERIFY_PARAM_set_trust(ssl->config->param, trust);
599 }
600
SSL_CTX_set1_param(SSL_CTX * ctx,const X509_VERIFY_PARAM * param)601 int SSL_CTX_set1_param(SSL_CTX *ctx, const X509_VERIFY_PARAM *param) {
602 check_ssl_ctx_x509_method(ctx);
603 return X509_VERIFY_PARAM_set1(ctx->param, param);
604 }
605
SSL_set1_param(SSL * ssl,const X509_VERIFY_PARAM * param)606 int SSL_set1_param(SSL *ssl, const X509_VERIFY_PARAM *param) {
607 check_ssl_x509_method(ssl);
608 if (!ssl->config) {
609 return 0;
610 }
611 return X509_VERIFY_PARAM_set1(ssl->config->param, param);
612 }
613
SSL_CTX_get0_param(SSL_CTX * ctx)614 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) {
615 check_ssl_ctx_x509_method(ctx);
616 return ctx->param;
617 }
618
SSL_get0_param(SSL * ssl)619 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) {
620 check_ssl_x509_method(ssl);
621 if (!ssl->config) {
622 assert(ssl->config);
623 return 0;
624 }
625 return ssl->config->param;
626 }
627
SSL_get_verify_depth(const SSL * ssl)628 int SSL_get_verify_depth(const SSL *ssl) {
629 check_ssl_x509_method(ssl);
630 if (!ssl->config) {
631 assert(ssl->config);
632 return 0;
633 }
634 return X509_VERIFY_PARAM_get_depth(ssl->config->param);
635 }
636
SSL_get_verify_callback(const SSL * ssl)637 int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *) {
638 check_ssl_x509_method(ssl);
639 if (!ssl->config) {
640 assert(ssl->config);
641 return 0;
642 }
643 return ssl->config->verify_callback;
644 }
645
SSL_CTX_get_verify_mode(const SSL_CTX * ctx)646 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) {
647 check_ssl_ctx_x509_method(ctx);
648 return ctx->verify_mode;
649 }
650
SSL_CTX_get_verify_depth(const SSL_CTX * ctx)651 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) {
652 check_ssl_ctx_x509_method(ctx);
653 return X509_VERIFY_PARAM_get_depth(ctx->param);
654 }
655
SSL_CTX_get_verify_callback(const SSL_CTX * ctx)656 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(
657 int ok, X509_STORE_CTX *store_ctx) {
658 check_ssl_ctx_x509_method(ctx);
659 return ctx->default_verify_callback;
660 }
661
SSL_set_verify(SSL * ssl,int mode,int (* callback)(int ok,X509_STORE_CTX * store_ctx))662 void SSL_set_verify(SSL *ssl, int mode,
663 int (*callback)(int ok, X509_STORE_CTX *store_ctx)) {
664 check_ssl_x509_method(ssl);
665 if (!ssl->config) {
666 return;
667 }
668 ssl->config->verify_mode = mode;
669 if (callback != NULL) {
670 ssl->config->verify_callback = callback;
671 }
672 }
673
SSL_set_verify_depth(SSL * ssl,int depth)674 void SSL_set_verify_depth(SSL *ssl, int depth) {
675 check_ssl_x509_method(ssl);
676 if (!ssl->config) {
677 return;
678 }
679 X509_VERIFY_PARAM_set_depth(ssl->config->param, depth);
680 }
681
SSL_CTX_set_cert_verify_callback(SSL_CTX * ctx,int (* cb)(X509_STORE_CTX * store_ctx,void * arg),void * arg)682 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
683 int (*cb)(X509_STORE_CTX *store_ctx,
684 void *arg),
685 void *arg) {
686 check_ssl_ctx_x509_method(ctx);
687 ctx->app_verify_callback = cb;
688 ctx->app_verify_arg = arg;
689 }
690
SSL_CTX_set_verify(SSL_CTX * ctx,int mode,int (* cb)(int,X509_STORE_CTX *))691 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
692 int (*cb)(int, X509_STORE_CTX *)) {
693 check_ssl_ctx_x509_method(ctx);
694 ctx->verify_mode = mode;
695 ctx->default_verify_callback = cb;
696 }
697
SSL_CTX_set_verify_depth(SSL_CTX * ctx,int depth)698 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) {
699 check_ssl_ctx_x509_method(ctx);
700 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
701 }
702
SSL_CTX_set_default_verify_paths(SSL_CTX * ctx)703 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) {
704 check_ssl_ctx_x509_method(ctx);
705 return X509_STORE_set_default_paths(ctx->cert_store);
706 }
707
SSL_CTX_load_verify_locations(SSL_CTX * ctx,const char * ca_file,const char * ca_dir)708 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *ca_file,
709 const char *ca_dir) {
710 check_ssl_ctx_x509_method(ctx);
711 return X509_STORE_load_locations(ctx->cert_store, ca_file, ca_dir);
712 }
713
SSL_get_verify_result(const SSL * ssl)714 long SSL_get_verify_result(const SSL *ssl) {
715 check_ssl_x509_method(ssl);
716 SSL_SESSION *session = SSL_get_session(ssl);
717 if (session == NULL) {
718 return X509_V_ERR_INVALID_CALL;
719 }
720 return session->verify_result;
721 }
722
SSL_CTX_get_cert_store(const SSL_CTX * ctx)723 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
724 check_ssl_ctx_x509_method(ctx);
725 return ctx->cert_store;
726 }
727
SSL_CTX_set_cert_store(SSL_CTX * ctx,X509_STORE * store)728 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) {
729 check_ssl_ctx_x509_method(ctx);
730 X509_STORE_free(ctx->cert_store);
731 ctx->cert_store = store;
732 }
733
ssl_use_certificate(CERT * cert,X509 * x)734 static int ssl_use_certificate(CERT *cert, X509 *x) {
735 if (x == NULL) {
736 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
737 return 0;
738 }
739
740 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x);
741 if (!buffer) {
742 return 0;
743 }
744
745 return ssl_set_cert(cert, std::move(buffer));
746 }
747
SSL_use_certificate(SSL * ssl,X509 * x)748 int SSL_use_certificate(SSL *ssl, X509 *x) {
749 check_ssl_x509_method(ssl);
750 if (!ssl->config) {
751 return 0;
752 }
753 return ssl_use_certificate(ssl->config->cert.get(), x);
754 }
755
SSL_CTX_use_certificate(SSL_CTX * ctx,X509 * x)756 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) {
757 check_ssl_ctx_x509_method(ctx);
758 return ssl_use_certificate(ctx->cert.get(), x);
759 }
760
761 // ssl_cert_cache_leaf_cert sets |cert->x509_leaf|, if currently NULL, from the
762 // first element of |cert->chain|.
ssl_cert_cache_leaf_cert(CERT * cert)763 static int ssl_cert_cache_leaf_cert(CERT *cert) {
764 assert(cert->x509_method);
765
766 if (cert->x509_leaf != NULL ||
767 cert->chain == NULL) {
768 return 1;
769 }
770
771 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);
772 if (!leaf) {
773 return 1;
774 }
775
776 cert->x509_leaf = X509_parse_from_buffer(leaf);
777 return cert->x509_leaf != NULL;
778 }
779
ssl_cert_get0_leaf(CERT * cert)780 static X509 *ssl_cert_get0_leaf(CERT *cert) {
781 if (cert->x509_leaf == NULL &&
782 !ssl_cert_cache_leaf_cert(cert)) {
783 return NULL;
784 }
785
786 return cert->x509_leaf;
787 }
788
SSL_get_certificate(const SSL * ssl)789 X509 *SSL_get_certificate(const SSL *ssl) {
790 check_ssl_x509_method(ssl);
791 if (!ssl->config) {
792 assert(ssl->config);
793 return 0;
794 }
795 return ssl_cert_get0_leaf(ssl->config->cert.get());
796 }
797
SSL_CTX_get0_certificate(const SSL_CTX * ctx)798 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) {
799 check_ssl_ctx_x509_method(ctx);
800 MutexWriteLock lock(const_cast<CRYPTO_MUTEX*>(&ctx->lock));
801 return ssl_cert_get0_leaf(ctx->cert.get());
802 }
803
ssl_cert_set0_chain(CERT * cert,STACK_OF (X509)* chain)804 static int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain) {
805 if (!ssl_cert_set_chain(cert, chain)) {
806 return 0;
807 }
808
809 sk_X509_pop_free(chain, X509_free);
810 ssl_crypto_x509_cert_flush_cached_chain(cert);
811 return 1;
812 }
813
ssl_cert_set1_chain(CERT * cert,STACK_OF (X509)* chain)814 static int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain) {
815 if (!ssl_cert_set_chain(cert, chain)) {
816 return 0;
817 }
818
819 ssl_crypto_x509_cert_flush_cached_chain(cert);
820 return 1;
821 }
822
ssl_cert_append_cert(CERT * cert,X509 * x509)823 static int ssl_cert_append_cert(CERT *cert, X509 *x509) {
824 assert(cert->x509_method);
825
826 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509);
827 if (!buffer) {
828 return 0;
829 }
830
831 if (cert->chain != NULL) {
832 return PushToStack(cert->chain.get(), std::move(buffer));
833 }
834
835 cert->chain = new_leafless_chain();
836 if (!cert->chain ||
837 !PushToStack(cert->chain.get(), std::move(buffer))) {
838 cert->chain.reset();
839 return 0;
840 }
841
842 return 1;
843 }
844
ssl_cert_add0_chain_cert(CERT * cert,X509 * x509)845 static int ssl_cert_add0_chain_cert(CERT *cert, X509 *x509) {
846 if (!ssl_cert_append_cert(cert, x509)) {
847 return 0;
848 }
849
850 X509_free(cert->x509_stash);
851 cert->x509_stash = x509;
852 ssl_crypto_x509_cert_flush_cached_chain(cert);
853 return 1;
854 }
855
ssl_cert_add1_chain_cert(CERT * cert,X509 * x509)856 static int ssl_cert_add1_chain_cert(CERT *cert, X509 *x509) {
857 if (!ssl_cert_append_cert(cert, x509)) {
858 return 0;
859 }
860
861 ssl_crypto_x509_cert_flush_cached_chain(cert);
862 return 1;
863 }
864
SSL_CTX_set0_chain(SSL_CTX * ctx,STACK_OF (X509)* chain)865 int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {
866 check_ssl_ctx_x509_method(ctx);
867 return ssl_cert_set0_chain(ctx->cert.get(), chain);
868 }
869
SSL_CTX_set1_chain(SSL_CTX * ctx,STACK_OF (X509)* chain)870 int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {
871 check_ssl_ctx_x509_method(ctx);
872 return ssl_cert_set1_chain(ctx->cert.get(), chain);
873 }
874
SSL_set0_chain(SSL * ssl,STACK_OF (X509)* chain)875 int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain) {
876 check_ssl_x509_method(ssl);
877 if (!ssl->config) {
878 return 0;
879 }
880 return ssl_cert_set0_chain(ssl->config->cert.get(), chain);
881 }
882
SSL_set1_chain(SSL * ssl,STACK_OF (X509)* chain)883 int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain) {
884 check_ssl_x509_method(ssl);
885 if (!ssl->config) {
886 return 0;
887 }
888 return ssl_cert_set1_chain(ssl->config->cert.get(), chain);
889 }
890
SSL_CTX_add0_chain_cert(SSL_CTX * ctx,X509 * x509)891 int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509) {
892 check_ssl_ctx_x509_method(ctx);
893 return ssl_cert_add0_chain_cert(ctx->cert.get(), x509);
894 }
895
SSL_CTX_add1_chain_cert(SSL_CTX * ctx,X509 * x509)896 int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509) {
897 check_ssl_ctx_x509_method(ctx);
898 return ssl_cert_add1_chain_cert(ctx->cert.get(), x509);
899 }
900
SSL_CTX_add_extra_chain_cert(SSL_CTX * ctx,X509 * x509)901 int SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509) {
902 check_ssl_ctx_x509_method(ctx);
903 return SSL_CTX_add0_chain_cert(ctx, x509);
904 }
905
SSL_add0_chain_cert(SSL * ssl,X509 * x509)906 int SSL_add0_chain_cert(SSL *ssl, X509 *x509) {
907 check_ssl_x509_method(ssl);
908 if (!ssl->config) {
909 return 0;
910 }
911 return ssl_cert_add0_chain_cert(ssl->config->cert.get(), x509);
912 }
913
SSL_add1_chain_cert(SSL * ssl,X509 * x509)914 int SSL_add1_chain_cert(SSL *ssl, X509 *x509) {
915 check_ssl_x509_method(ssl);
916 if (!ssl->config) {
917 return 0;
918 }
919 return ssl_cert_add1_chain_cert(ssl->config->cert.get(), x509);
920 }
921
SSL_CTX_clear_chain_certs(SSL_CTX * ctx)922 int SSL_CTX_clear_chain_certs(SSL_CTX *ctx) {
923 check_ssl_ctx_x509_method(ctx);
924 return SSL_CTX_set0_chain(ctx, NULL);
925 }
926
SSL_CTX_clear_extra_chain_certs(SSL_CTX * ctx)927 int SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx) {
928 check_ssl_ctx_x509_method(ctx);
929 return SSL_CTX_clear_chain_certs(ctx);
930 }
931
SSL_clear_chain_certs(SSL * ssl)932 int SSL_clear_chain_certs(SSL *ssl) {
933 check_ssl_x509_method(ssl);
934 return SSL_set0_chain(ssl, NULL);
935 }
936
937 // ssl_cert_cache_chain_certs fills in |cert->x509_chain| from elements 1.. of
938 // |cert->chain|.
ssl_cert_cache_chain_certs(CERT * cert)939 static int ssl_cert_cache_chain_certs(CERT *cert) {
940 assert(cert->x509_method);
941
942 if (cert->x509_chain != nullptr ||
943 cert->chain == nullptr ||
944 sk_CRYPTO_BUFFER_num(cert->chain.get()) < 2) {
945 return 1;
946 }
947
948 UniquePtr<STACK_OF(X509)> chain(sk_X509_new_null());
949 if (!chain) {
950 return 0;
951 }
952
953 for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(cert->chain.get()); i++) {
954 CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(cert->chain.get(), i);
955 UniquePtr<X509> x509(X509_parse_from_buffer(buffer));
956 if (!x509 ||
957 !PushToStack(chain.get(), std::move(x509))) {
958 return 0;
959 }
960 }
961
962 cert->x509_chain = chain.release();
963 return 1;
964 }
965
SSL_CTX_get0_chain_certs(const SSL_CTX * ctx,STACK_OF (X509)** out_chain)966 int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain) {
967 check_ssl_ctx_x509_method(ctx);
968 MutexWriteLock lock(const_cast<CRYPTO_MUTEX*>(&ctx->lock));
969 if (!ssl_cert_cache_chain_certs(ctx->cert.get())) {
970 *out_chain = NULL;
971 return 0;
972 }
973
974 *out_chain = ctx->cert->x509_chain;
975 return 1;
976 }
977
SSL_CTX_get_extra_chain_certs(const SSL_CTX * ctx,STACK_OF (X509)** out_chain)978 int SSL_CTX_get_extra_chain_certs(const SSL_CTX *ctx,
979 STACK_OF(X509) **out_chain) {
980 return SSL_CTX_get0_chain_certs(ctx, out_chain);
981 }
982
SSL_get0_chain_certs(const SSL * ssl,STACK_OF (X509)** out_chain)983 int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) {
984 check_ssl_x509_method(ssl);
985 if (!ssl->config) {
986 assert(ssl->config);
987 return 0;
988 }
989 if (!ssl_cert_cache_chain_certs(ssl->config->cert.get())) {
990 *out_chain = NULL;
991 return 0;
992 }
993
994 *out_chain = ssl->config->cert->x509_chain;
995 return 1;
996 }
997
d2i_SSL_SESSION_bio(BIO * bio,SSL_SESSION ** out)998 SSL_SESSION *d2i_SSL_SESSION_bio(BIO *bio, SSL_SESSION **out) {
999 uint8_t *data;
1000 size_t len;
1001 if (!BIO_read_asn1(bio, &data, &len, 1024 * 1024)) {
1002 return 0;
1003 }
1004 bssl::UniquePtr<uint8_t> free_data(data);
1005 const uint8_t *ptr = data;
1006 return d2i_SSL_SESSION(out, &ptr, static_cast<long>(len));
1007 }
1008
i2d_SSL_SESSION_bio(BIO * bio,const SSL_SESSION * session)1009 int i2d_SSL_SESSION_bio(BIO *bio, const SSL_SESSION *session) {
1010 uint8_t *data;
1011 size_t len;
1012 if (!SSL_SESSION_to_bytes(session, &data, &len)) {
1013 return 0;
1014 }
1015 bssl::UniquePtr<uint8_t> free_data(data);
1016 return BIO_write_all(bio, data, len);
1017 }
1018
IMPLEMENT_PEM_rw(SSL_SESSION,SSL_SESSION,PEM_STRING_SSL_SESSION,SSL_SESSION)1019 IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
1020
1021 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {
1022 if (length < 0) {
1023 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1024 return NULL;
1025 }
1026
1027 CBS cbs;
1028 CBS_init(&cbs, *pp, length);
1029
1030 UniquePtr<SSL_SESSION> ret = SSL_SESSION_parse(&cbs, &ssl_crypto_x509_method,
1031 NULL /* no buffer pool */);
1032 if (!ret) {
1033 return NULL;
1034 }
1035
1036 if (a) {
1037 SSL_SESSION_free(*a);
1038 *a = ret.get();
1039 }
1040 *pp = CBS_data(&cbs);
1041 return ret.release();
1042 }
1043
STACK_OF(X509_NAME)1044 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *list) {
1045 return sk_X509_NAME_deep_copy(list, X509_NAME_dup, X509_NAME_free);
1046 }
1047
set_client_CA_list(UniquePtr<STACK_OF (CRYPTO_BUFFER)> * ca_list,const STACK_OF (X509_NAME)* name_list,CRYPTO_BUFFER_POOL * pool)1048 static void set_client_CA_list(UniquePtr<STACK_OF(CRYPTO_BUFFER)> *ca_list,
1049 const STACK_OF(X509_NAME) *name_list,
1050 CRYPTO_BUFFER_POOL *pool) {
1051 UniquePtr<STACK_OF(CRYPTO_BUFFER)> buffers(sk_CRYPTO_BUFFER_new_null());
1052 if (!buffers) {
1053 return;
1054 }
1055
1056 for (X509_NAME *name : name_list) {
1057 uint8_t *outp = NULL;
1058 int len = i2d_X509_NAME(name, &outp);
1059 if (len < 0) {
1060 return;
1061 }
1062
1063 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(outp, len, pool));
1064 OPENSSL_free(outp);
1065 if (!buffer ||
1066 !PushToStack(buffers.get(), std::move(buffer))) {
1067 return;
1068 }
1069 }
1070
1071 *ca_list = std::move(buffers);
1072 }
1073
SSL_set_client_CA_list(SSL * ssl,STACK_OF (X509_NAME)* name_list)1074 void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list) {
1075 check_ssl_x509_method(ssl);
1076 if (!ssl->config) {
1077 return;
1078 }
1079 ssl->ctx->x509_method->ssl_flush_cached_client_CA(ssl->config.get());
1080 set_client_CA_list(&ssl->config->client_CA, name_list, ssl->ctx->pool);
1081 sk_X509_NAME_pop_free(name_list, X509_NAME_free);
1082 }
1083
SSL_CTX_set_client_CA_list(SSL_CTX * ctx,STACK_OF (X509_NAME)* name_list)1084 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) {
1085 check_ssl_ctx_x509_method(ctx);
1086 ctx->x509_method->ssl_ctx_flush_cached_client_CA(ctx);
1087 set_client_CA_list(&ctx->client_CA, name_list, ctx->pool);
1088 sk_X509_NAME_pop_free(name_list, X509_NAME_free);
1089 }
1090
STACK_OF(X509_NAME)1091 static STACK_OF(X509_NAME) *
1092 buffer_names_to_x509(const STACK_OF(CRYPTO_BUFFER) *names,
1093 STACK_OF(X509_NAME) **cached) {
1094 if (names == NULL) {
1095 return NULL;
1096 }
1097
1098 if (*cached != NULL) {
1099 return *cached;
1100 }
1101
1102 UniquePtr<STACK_OF(X509_NAME)> new_cache(sk_X509_NAME_new_null());
1103 if (!new_cache) {
1104 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1105 return NULL;
1106 }
1107
1108 for (const CRYPTO_BUFFER *buffer : names) {
1109 const uint8_t *inp = CRYPTO_BUFFER_data(buffer);
1110 UniquePtr<X509_NAME> name(
1111 d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));
1112 if (!name ||
1113 inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer) ||
1114 !PushToStack(new_cache.get(), std::move(name))) {
1115 return NULL;
1116 }
1117 }
1118
1119 *cached = new_cache.release();
1120 return *cached;
1121 }
1122
STACK_OF(X509_NAME)1123 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl) {
1124 check_ssl_x509_method(ssl);
1125 if (!ssl->config) {
1126 assert(ssl->config);
1127 return NULL;
1128 }
1129 // For historical reasons, this function is used both to query configuration
1130 // state on a server as well as handshake state on a client. However, whether
1131 // |ssl| is a client or server is not known until explicitly configured with
1132 // |SSL_set_connect_state|. If |do_handshake| is NULL, |ssl| is in an
1133 // indeterminate mode and |ssl->server| is unset.
1134 if (ssl->do_handshake != NULL && !ssl->server) {
1135 if (ssl->s3->hs != NULL) {
1136 return buffer_names_to_x509(ssl->s3->hs->ca_names.get(),
1137 &ssl->s3->hs->cached_x509_ca_names);
1138 }
1139
1140 return NULL;
1141 }
1142
1143 if (ssl->config->client_CA != NULL) {
1144 return buffer_names_to_x509(
1145 ssl->config->client_CA.get(),
1146 (STACK_OF(X509_NAME) **)&ssl->config->cached_x509_client_CA);
1147 }
1148 return SSL_CTX_get_client_CA_list(ssl->ctx.get());
1149 }
1150
STACK_OF(X509_NAME)1151 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) {
1152 check_ssl_ctx_x509_method(ctx);
1153 // This is a logically const operation that may be called on multiple threads,
1154 // so it needs to lock around updating |cached_x509_client_CA|.
1155 MutexWriteLock lock(const_cast<CRYPTO_MUTEX *>(&ctx->lock));
1156 return buffer_names_to_x509(
1157 ctx->client_CA.get(),
1158 const_cast<STACK_OF(X509_NAME) **>(&ctx->cached_x509_client_CA));
1159 }
1160
add_client_CA(UniquePtr<STACK_OF (CRYPTO_BUFFER)> * names,X509 * x509,CRYPTO_BUFFER_POOL * pool)1161 static int add_client_CA(UniquePtr<STACK_OF(CRYPTO_BUFFER)> *names, X509 *x509,
1162 CRYPTO_BUFFER_POOL *pool) {
1163 if (x509 == NULL) {
1164 return 0;
1165 }
1166
1167 uint8_t *outp = NULL;
1168 int len = i2d_X509_NAME(X509_get_subject_name(x509), &outp);
1169 if (len < 0) {
1170 return 0;
1171 }
1172
1173 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(outp, len, pool));
1174 OPENSSL_free(outp);
1175 if (!buffer) {
1176 return 0;
1177 }
1178
1179 int alloced = 0;
1180 if (*names == nullptr) {
1181 names->reset(sk_CRYPTO_BUFFER_new_null());
1182 alloced = 1;
1183
1184 if (*names == NULL) {
1185 return 0;
1186 }
1187 }
1188
1189 if (!PushToStack(names->get(), std::move(buffer))) {
1190 if (alloced) {
1191 names->reset();
1192 }
1193 return 0;
1194 }
1195
1196 return 1;
1197 }
1198
SSL_add_client_CA(SSL * ssl,X509 * x509)1199 int SSL_add_client_CA(SSL *ssl, X509 *x509) {
1200 check_ssl_x509_method(ssl);
1201 if (!ssl->config) {
1202 return 0;
1203 }
1204 if (!add_client_CA(&ssl->config->client_CA, x509, ssl->ctx->pool)) {
1205 return 0;
1206 }
1207
1208 ssl_crypto_x509_ssl_flush_cached_client_CA(ssl->config.get());
1209 return 1;
1210 }
1211
SSL_CTX_add_client_CA(SSL_CTX * ctx,X509 * x509)1212 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x509) {
1213 check_ssl_ctx_x509_method(ctx);
1214 if (!add_client_CA(&ctx->client_CA, x509, ctx->pool)) {
1215 return 0;
1216 }
1217
1218 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(ctx);
1219 return 1;
1220 }
1221
do_client_cert_cb(SSL * ssl,void * arg)1222 static int do_client_cert_cb(SSL *ssl, void *arg) {
1223 // Should only be called during handshake, but check to be sure.
1224 if (!ssl->config) {
1225 assert(ssl->config);
1226 return -1;
1227 }
1228
1229 if (ssl_has_certificate(ssl->s3->hs.get()) ||
1230 ssl->ctx->client_cert_cb == NULL) {
1231 return 1;
1232 }
1233
1234 X509 *x509 = NULL;
1235 EVP_PKEY *pkey = NULL;
1236 int ret = ssl->ctx->client_cert_cb(ssl, &x509, &pkey);
1237 if (ret < 0) {
1238 return -1;
1239 }
1240 UniquePtr<X509> free_x509(x509);
1241 UniquePtr<EVP_PKEY> free_pkey(pkey);
1242
1243 if (ret != 0) {
1244 if (!SSL_use_certificate(ssl, x509) ||
1245 !SSL_use_PrivateKey(ssl, pkey)) {
1246 return 0;
1247 }
1248 }
1249
1250 return 1;
1251 }
1252
SSL_CTX_set_client_cert_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,X509 ** out_x509,EVP_PKEY ** out_pkey))1253 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl,
1254 X509 **out_x509,
1255 EVP_PKEY **out_pkey)) {
1256 check_ssl_ctx_x509_method(ctx);
1257 // Emulate the old client certificate callback with the new one.
1258 SSL_CTX_set_cert_cb(ctx, do_client_cert_cb, NULL);
1259 ctx->client_cert_cb = cb;
1260 }
1261
set_cert_store(X509_STORE ** store_ptr,X509_STORE * new_store,int take_ref)1262 static int set_cert_store(X509_STORE **store_ptr, X509_STORE *new_store,
1263 int take_ref) {
1264 X509_STORE_free(*store_ptr);
1265 *store_ptr = new_store;
1266
1267 if (new_store != NULL && take_ref) {
1268 X509_STORE_up_ref(new_store);
1269 }
1270
1271 return 1;
1272 }
1273
SSL_get_ex_data_X509_STORE_CTX_idx(void)1274 int SSL_get_ex_data_X509_STORE_CTX_idx(void) {
1275 // The ex_data index to go from |X509_STORE_CTX| to |SSL| always uses the
1276 // reserved app_data slot. Before ex_data was introduced, app_data was used.
1277 // Avoid breaking any software which assumes |X509_STORE_CTX_get_app_data|
1278 // works.
1279 return 0;
1280 }
1281
SSL_CTX_set0_verify_cert_store(SSL_CTX * ctx,X509_STORE * store)1282 int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
1283 check_ssl_ctx_x509_method(ctx);
1284 return set_cert_store(&ctx->cert->verify_store, store, 0);
1285 }
1286
SSL_CTX_set1_verify_cert_store(SSL_CTX * ctx,X509_STORE * store)1287 int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
1288 check_ssl_ctx_x509_method(ctx);
1289 return set_cert_store(&ctx->cert->verify_store, store, 1);
1290 }
1291
SSL_set0_verify_cert_store(SSL * ssl,X509_STORE * store)1292 int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store) {
1293 check_ssl_x509_method(ssl);
1294 if (!ssl->config) {
1295 return 0;
1296 }
1297 return set_cert_store(&ssl->config->cert->verify_store, store, 0);
1298 }
1299
SSL_set1_verify_cert_store(SSL * ssl,X509_STORE * store)1300 int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store) {
1301 check_ssl_x509_method(ssl);
1302 if (!ssl->config) {
1303 return 0;
1304 }
1305 return set_cert_store(&ssl->config->cert->verify_store, store, 1);
1306 }
1307
SSL_alert_from_verify_result(long result)1308 int SSL_alert_from_verify_result(long result) {
1309 switch (result) {
1310 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
1311 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1312 case X509_V_ERR_INVALID_CA:
1313 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
1314 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1315 case X509_V_ERR_UNABLE_TO_GET_CRL:
1316 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
1317 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
1318 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1319 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1320 return SSL_AD_UNKNOWN_CA;
1321
1322 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
1323 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
1324 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
1325 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
1326 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
1327 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
1328 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
1329 case X509_V_ERR_CERT_UNTRUSTED:
1330 case X509_V_ERR_CERT_REJECTED:
1331 case X509_V_ERR_HOSTNAME_MISMATCH:
1332 case X509_V_ERR_EMAIL_MISMATCH:
1333 case X509_V_ERR_IP_ADDRESS_MISMATCH:
1334 return SSL_AD_BAD_CERTIFICATE;
1335
1336 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
1337 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
1338 return SSL_AD_DECRYPT_ERROR;
1339
1340 case X509_V_ERR_CERT_HAS_EXPIRED:
1341 case X509_V_ERR_CERT_NOT_YET_VALID:
1342 case X509_V_ERR_CRL_HAS_EXPIRED:
1343 case X509_V_ERR_CRL_NOT_YET_VALID:
1344 return SSL_AD_CERTIFICATE_EXPIRED;
1345
1346 case X509_V_ERR_CERT_REVOKED:
1347 return SSL_AD_CERTIFICATE_REVOKED;
1348
1349 case X509_V_ERR_UNSPECIFIED:
1350 case X509_V_ERR_OUT_OF_MEM:
1351 case X509_V_ERR_INVALID_CALL:
1352 case X509_V_ERR_STORE_LOOKUP:
1353 return SSL_AD_INTERNAL_ERROR;
1354
1355 case X509_V_ERR_APPLICATION_VERIFICATION:
1356 return SSL_AD_HANDSHAKE_FAILURE;
1357
1358 case X509_V_ERR_INVALID_PURPOSE:
1359 return SSL_AD_UNSUPPORTED_CERTIFICATE;
1360
1361 default:
1362 return SSL_AD_CERTIFICATE_UNKNOWN;
1363 }
1364 }
1365