1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/x509_certificate.h"
6
7 #include <openssl/asn1.h>
8 #include <openssl/crypto.h>
9 #include <openssl/obj_mac.h>
10 #include <openssl/pem.h>
11 #include <openssl/pkcs7.h>
12 #include <openssl/sha.h>
13 #include <openssl/ssl.h>
14 #include <openssl/x509v3.h>
15
16 #include "base/memory/singleton.h"
17 #include "base/pickle.h"
18 #include "base/sha1.h"
19 #include "base/strings/string_number_conversions.h"
20 #include "base/strings/string_util.h"
21 #include "crypto/openssl_util.h"
22 #include "net/base/net_errors.h"
23 #include "net/base/net_util.h"
24 #include "net/cert/x509_util_openssl.h"
25
26 #if defined(OS_ANDROID)
27 #include "base/logging.h"
28 #include "net/android/network_library.h"
29 #endif
30
31 namespace net {
32
33 namespace {
34
CreateOSCertHandlesFromPKCS7Bytes(const char * data,int length,X509Certificate::OSCertHandles * handles)35 void CreateOSCertHandlesFromPKCS7Bytes(
36 const char* data, int length,
37 X509Certificate::OSCertHandles* handles) {
38 crypto::EnsureOpenSSLInit();
39 const unsigned char* der_data = reinterpret_cast<const unsigned char*>(data);
40 crypto::ScopedOpenSSL<PKCS7, PKCS7_free> pkcs7_cert(
41 d2i_PKCS7(NULL, &der_data, length));
42 if (!pkcs7_cert.get())
43 return;
44
45 STACK_OF(X509)* certs = NULL;
46 int nid = OBJ_obj2nid(pkcs7_cert.get()->type);
47 if (nid == NID_pkcs7_signed) {
48 certs = pkcs7_cert.get()->d.sign->cert;
49 } else if (nid == NID_pkcs7_signedAndEnveloped) {
50 certs = pkcs7_cert.get()->d.signed_and_enveloped->cert;
51 }
52
53 if (certs) {
54 for (int i = 0; i < sk_X509_num(certs); ++i) {
55 X509* x509_cert =
56 X509Certificate::DupOSCertHandle(sk_X509_value(certs, i));
57 handles->push_back(x509_cert);
58 }
59 }
60 }
61
ParsePrincipalValues(X509_NAME * name,int nid,std::vector<std::string> * fields)62 void ParsePrincipalValues(X509_NAME* name,
63 int nid,
64 std::vector<std::string>* fields) {
65 for (int index = -1;
66 (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) {
67 std::string field;
68 if (!x509_util::ParsePrincipalValueByIndex(name, index, &field))
69 break;
70 fields->push_back(field);
71 }
72 }
73
ParsePrincipal(X509Certificate::OSCertHandle cert,X509_NAME * x509_name,CertPrincipal * principal)74 void ParsePrincipal(X509Certificate::OSCertHandle cert,
75 X509_NAME* x509_name,
76 CertPrincipal* principal) {
77 if (!x509_name)
78 return;
79
80 ParsePrincipalValues(x509_name, NID_streetAddress,
81 &principal->street_addresses);
82 ParsePrincipalValues(x509_name, NID_organizationName,
83 &principal->organization_names);
84 ParsePrincipalValues(x509_name, NID_organizationalUnitName,
85 &principal->organization_unit_names);
86 ParsePrincipalValues(x509_name, NID_domainComponent,
87 &principal->domain_components);
88
89 x509_util::ParsePrincipalValueByNID(x509_name, NID_commonName,
90 &principal->common_name);
91 x509_util::ParsePrincipalValueByNID(x509_name, NID_localityName,
92 &principal->locality_name);
93 x509_util::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName,
94 &principal->state_or_province_name);
95 x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName,
96 &principal->country_name);
97 }
98
ParseSubjectAltName(X509Certificate::OSCertHandle cert,std::vector<std::string> * dns_names,std::vector<std::string> * ip_addresses)99 void ParseSubjectAltName(X509Certificate::OSCertHandle cert,
100 std::vector<std::string>* dns_names,
101 std::vector<std::string>* ip_addresses) {
102 DCHECK(dns_names || ip_addresses);
103 int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
104 X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index);
105 if (!alt_name_ext)
106 return;
107
108 crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free> alt_names(
109 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext)));
110 if (!alt_names.get())
111 return;
112
113 for (int i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) {
114 const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i);
115 if (name->type == GEN_DNS && dns_names) {
116 const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName);
117 if (!dns_name)
118 continue;
119 int dns_name_len = ASN1_STRING_length(name->d.dNSName);
120 dns_names->push_back(
121 std::string(reinterpret_cast<const char*>(dns_name), dns_name_len));
122 } else if (name->type == GEN_IPADD && ip_addresses) {
123 const unsigned char* ip_addr = name->d.iPAddress->data;
124 if (!ip_addr)
125 continue;
126 int ip_addr_len = name->d.iPAddress->length;
127 if (ip_addr_len != static_cast<int>(kIPv4AddressSize) &&
128 ip_addr_len != static_cast<int>(kIPv6AddressSize)) {
129 // http://www.ietf.org/rfc/rfc3280.txt requires subjectAltName iPAddress
130 // to have 4 or 16 bytes, whereas in a name constraint it includes a
131 // net mask hence 8 or 32 bytes. Logging to help diagnose any mixup.
132 LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len;
133 continue;
134 }
135 ip_addresses->push_back(
136 std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len));
137 }
138 }
139 }
140
141 struct DERCache {
142 unsigned char* data;
143 int data_length;
144 };
145
DERCache_free(void * parent,void * ptr,CRYPTO_EX_DATA * ad,int idx,long argl,void * argp)146 void DERCache_free(void* parent, void* ptr, CRYPTO_EX_DATA* ad, int idx,
147 long argl, void* argp) {
148 DERCache* der_cache = static_cast<DERCache*>(ptr);
149 if (!der_cache)
150 return;
151 if (der_cache->data)
152 OPENSSL_free(der_cache->data);
153 OPENSSL_free(der_cache);
154 }
155
156 class X509InitSingleton {
157 public:
GetInstance()158 static X509InitSingleton* GetInstance() {
159 // We allow the X509 store to leak, because it is used from a non-joinable
160 // worker that is not stopped on shutdown, hence may still be using
161 // OpenSSL library after the AtExit runner has completed.
162 return Singleton<X509InitSingleton,
163 LeakySingletonTraits<X509InitSingleton> >::get();
164 }
der_cache_ex_index() const165 int der_cache_ex_index() const { return der_cache_ex_index_; }
store() const166 X509_STORE* store() const { return store_.get(); }
167
ResetCertStore()168 void ResetCertStore() {
169 store_.reset(X509_STORE_new());
170 DCHECK(store_.get());
171 X509_STORE_set_default_paths(store_.get());
172 // TODO(joth): Enable CRL (see X509_STORE_set_flags(X509_V_FLAG_CRL_CHECK)).
173 }
174
175 private:
176 friend struct DefaultSingletonTraits<X509InitSingleton>;
X509InitSingleton()177 X509InitSingleton() {
178 crypto::EnsureOpenSSLInit();
179 der_cache_ex_index_ = X509_get_ex_new_index(0, 0, 0, 0, DERCache_free);
180 DCHECK_NE(der_cache_ex_index_, -1);
181 ResetCertStore();
182 }
183
184 int der_cache_ex_index_;
185 crypto::ScopedOpenSSL<X509_STORE, X509_STORE_free> store_;
186
187 DISALLOW_COPY_AND_ASSIGN(X509InitSingleton);
188 };
189
190 // Takes ownership of |data| (which must have been allocated by OpenSSL).
SetDERCache(X509Certificate::OSCertHandle cert,int x509_der_cache_index,unsigned char * data,int data_length)191 DERCache* SetDERCache(X509Certificate::OSCertHandle cert,
192 int x509_der_cache_index,
193 unsigned char* data,
194 int data_length) {
195 DERCache* internal_cache = static_cast<DERCache*>(
196 OPENSSL_malloc(sizeof(*internal_cache)));
197 if (!internal_cache) {
198 // We took ownership of |data|, so we must free if we can't add it to
199 // |cert|.
200 OPENSSL_free(data);
201 return NULL;
202 }
203
204 internal_cache->data = data;
205 internal_cache->data_length = data_length;
206 X509_set_ex_data(cert, x509_der_cache_index, internal_cache);
207 return internal_cache;
208 }
209
210 // Returns true if |der_cache| points to valid data, false otherwise.
211 // (note: the DER-encoded data in |der_cache| is owned by |cert|, callers should
212 // not free it).
GetDERAndCacheIfNeeded(X509Certificate::OSCertHandle cert,DERCache * der_cache)213 bool GetDERAndCacheIfNeeded(X509Certificate::OSCertHandle cert,
214 DERCache* der_cache) {
215 int x509_der_cache_index =
216 X509InitSingleton::GetInstance()->der_cache_ex_index();
217
218 // Re-encoding the DER data via i2d_X509 is an expensive operation, but it's
219 // necessary for comparing two certificates. We re-encode at most once per
220 // certificate and cache the data within the X509 cert using X509_set_ex_data.
221 DERCache* internal_cache = static_cast<DERCache*>(
222 X509_get_ex_data(cert, x509_der_cache_index));
223 if (!internal_cache) {
224 unsigned char* data = NULL;
225 int data_length = i2d_X509(cert, &data);
226 if (data_length <= 0 || !data)
227 return false;
228 internal_cache = SetDERCache(cert, x509_der_cache_index, data, data_length);
229 if (!internal_cache)
230 return false;
231 }
232 *der_cache = *internal_cache;
233 return true;
234 }
235
236 // Used to free a list of X509_NAMEs and the objects it points to.
sk_X509_NAME_free_all(STACK_OF (X509_NAME)* sk)237 void sk_X509_NAME_free_all(STACK_OF(X509_NAME)* sk) {
238 sk_X509_NAME_pop_free(sk, X509_NAME_free);
239 }
240
241 } // namespace
242
243 // static
DupOSCertHandle(OSCertHandle cert_handle)244 X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle(
245 OSCertHandle cert_handle) {
246 DCHECK(cert_handle);
247 // Using X509_dup causes the entire certificate to be reparsed. This
248 // conversion, besides being non-trivial, drops any associated
249 // application-specific data set by X509_set_ex_data. Using CRYPTO_add
250 // just bumps up the ref-count for the cert, without causing any allocations
251 // or deallocations.
252 CRYPTO_add(&cert_handle->references, 1, CRYPTO_LOCK_X509);
253 return cert_handle;
254 }
255
256 // static
FreeOSCertHandle(OSCertHandle cert_handle)257 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
258 // Decrement the ref-count for the cert and, if all references are gone,
259 // free the memory and any application-specific data associated with the
260 // certificate.
261 X509_free(cert_handle);
262 }
263
Initialize()264 void X509Certificate::Initialize() {
265 crypto::EnsureOpenSSLInit();
266 fingerprint_ = CalculateFingerprint(cert_handle_);
267 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
268
269 ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_);
270 if (serial_num) {
271 // ASN1_INTEGERS represent the decoded number, in a format internal to
272 // OpenSSL. Most notably, this may have leading zeroes stripped off for
273 // numbers whose first byte is >= 0x80. Thus, it is necessary to
274 // re-encoded the integer back into DER, which is what the interface
275 // of X509Certificate exposes, to ensure callers get the proper (DER)
276 // value.
277 int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL);
278 unsigned char* buffer = reinterpret_cast<unsigned char*>(
279 WriteInto(&serial_number_, bytes_required + 1));
280 int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer);
281 DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size());
282 }
283
284 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_);
285 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_);
286 x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_);
287 x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_);
288 }
289
290 // static
ResetCertStore()291 void X509Certificate::ResetCertStore() {
292 X509InitSingleton::GetInstance()->ResetCertStore();
293 }
294
295 // static
CalculateFingerprint(OSCertHandle cert)296 SHA1HashValue X509Certificate::CalculateFingerprint(OSCertHandle cert) {
297 SHA1HashValue sha1;
298 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data));
299 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size);
300 CHECK(ret);
301 CHECK_EQ(sha1_size, sizeof(sha1.data));
302 return sha1;
303 }
304
305 // static
CalculateCAFingerprint(const OSCertHandles & intermediates)306 SHA1HashValue X509Certificate::CalculateCAFingerprint(
307 const OSCertHandles& intermediates) {
308 SHA1HashValue sha1;
309 memset(sha1.data, 0, sizeof(sha1.data));
310
311 SHA_CTX sha1_ctx;
312 SHA1_Init(&sha1_ctx);
313 DERCache der_cache;
314 for (size_t i = 0; i < intermediates.size(); ++i) {
315 if (!GetDERAndCacheIfNeeded(intermediates[i], &der_cache))
316 return sha1;
317 SHA1_Update(&sha1_ctx, der_cache.data, der_cache.data_length);
318 }
319 SHA1_Final(sha1.data, &sha1_ctx);
320
321 return sha1;
322 }
323
324 // static
CreateOSCertHandleFromBytes(const char * data,int length)325 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
326 const char* data, int length) {
327 if (length < 0)
328 return NULL;
329 crypto::EnsureOpenSSLInit();
330 const unsigned char* d2i_data =
331 reinterpret_cast<const unsigned char*>(data);
332 // Don't cache this data via SetDERCache as this wire format may be not be
333 // identical from the i2d_X509 roundtrip.
334 X509* cert = d2i_X509(NULL, &d2i_data, length);
335 return cert;
336 }
337
338 // static
CreateOSCertHandlesFromBytes(const char * data,int length,Format format)339 X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes(
340 const char* data, int length, Format format) {
341 OSCertHandles results;
342 if (length < 0)
343 return results;
344
345 switch (format) {
346 case FORMAT_SINGLE_CERTIFICATE: {
347 OSCertHandle handle = CreateOSCertHandleFromBytes(data, length);
348 if (handle)
349 results.push_back(handle);
350 break;
351 }
352 case FORMAT_PKCS7: {
353 CreateOSCertHandlesFromPKCS7Bytes(data, length, &results);
354 break;
355 }
356 default: {
357 NOTREACHED() << "Certificate format " << format << " unimplemented";
358 break;
359 }
360 }
361
362 return results;
363 }
364
GetSubjectAltName(std::vector<std::string> * dns_names,std::vector<std::string> * ip_addrs) const365 void X509Certificate::GetSubjectAltName(
366 std::vector<std::string>* dns_names,
367 std::vector<std::string>* ip_addrs) const {
368 if (dns_names)
369 dns_names->clear();
370 if (ip_addrs)
371 ip_addrs->clear();
372
373 ParseSubjectAltName(cert_handle_, dns_names, ip_addrs);
374 }
375
376 // static
cert_store()377 X509_STORE* X509Certificate::cert_store() {
378 return X509InitSingleton::GetInstance()->store();
379 }
380
381 // static
GetDEREncoded(X509Certificate::OSCertHandle cert_handle,std::string * encoded)382 bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle,
383 std::string* encoded) {
384 DERCache der_cache;
385 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache))
386 return false;
387 encoded->assign(reinterpret_cast<const char*>(der_cache.data),
388 der_cache.data_length);
389 return true;
390 }
391
392 // static
IsSameOSCert(X509Certificate::OSCertHandle a,X509Certificate::OSCertHandle b)393 bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a,
394 X509Certificate::OSCertHandle b) {
395 DCHECK(a && b);
396 if (a == b)
397 return true;
398
399 // X509_cmp only checks the fingerprint, but we want to compare the whole
400 // DER data. Encoding it from OSCertHandle is an expensive operation, so we
401 // cache the DER (if not already cached via X509_set_ex_data).
402 DERCache der_cache_a, der_cache_b;
403
404 return GetDERAndCacheIfNeeded(a, &der_cache_a) &&
405 GetDERAndCacheIfNeeded(b, &der_cache_b) &&
406 der_cache_a.data_length == der_cache_b.data_length &&
407 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0;
408 }
409
410 // static
411 X509Certificate::OSCertHandle
ReadOSCertHandleFromPickle(PickleIterator * pickle_iter)412 X509Certificate::ReadOSCertHandleFromPickle(PickleIterator* pickle_iter) {
413 const char* data;
414 int length;
415 if (!pickle_iter->ReadData(&data, &length))
416 return NULL;
417
418 return CreateOSCertHandleFromBytes(data, length);
419 }
420
421 // static
WriteOSCertHandleToPickle(OSCertHandle cert_handle,Pickle * pickle)422 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
423 Pickle* pickle) {
424 DERCache der_cache;
425 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache))
426 return false;
427
428 return pickle->WriteData(
429 reinterpret_cast<const char*>(der_cache.data),
430 der_cache.data_length);
431 }
432
433 // static
GetPublicKeyInfo(OSCertHandle cert_handle,size_t * size_bits,PublicKeyType * type)434 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
435 size_t* size_bits,
436 PublicKeyType* type) {
437 *type = kPublicKeyTypeUnknown;
438 *size_bits = 0;
439
440 crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> scoped_key(
441 X509_get_pubkey(cert_handle));
442 if (!scoped_key.get())
443 return;
444
445 CHECK(scoped_key.get());
446 EVP_PKEY* key = scoped_key.get();
447
448 switch (key->type) {
449 case EVP_PKEY_RSA:
450 *type = kPublicKeyTypeRSA;
451 *size_bits = EVP_PKEY_size(key) * 8;
452 break;
453 case EVP_PKEY_DSA:
454 *type = kPublicKeyTypeDSA;
455 *size_bits = EVP_PKEY_size(key) * 8;
456 break;
457 case EVP_PKEY_EC:
458 *type = kPublicKeyTypeECDSA;
459 *size_bits = EVP_PKEY_bits(key);
460 break;
461 case EVP_PKEY_DH:
462 *type = kPublicKeyTypeDH;
463 *size_bits = EVP_PKEY_size(key) * 8;
464 break;
465 }
466 }
467
IsIssuedByEncoded(const std::vector<std::string> & valid_issuers)468 bool X509Certificate::IsIssuedByEncoded(
469 const std::vector<std::string>& valid_issuers) {
470 if (valid_issuers.empty())
471 return false;
472
473 // Convert to a temporary list of X509_NAME objects.
474 // It will own the objects it points to.
475 crypto::ScopedOpenSSL<STACK_OF(X509_NAME), sk_X509_NAME_free_all>
476 issuer_names(sk_X509_NAME_new_null());
477 if (!issuer_names.get())
478 return false;
479
480 for (std::vector<std::string>::const_iterator it = valid_issuers.begin();
481 it != valid_issuers.end(); ++it) {
482 const unsigned char* p =
483 reinterpret_cast<const unsigned char*>(it->data());
484 long len = static_cast<long>(it->length());
485 X509_NAME* ca_name = d2i_X509_NAME(NULL, &p, len);
486 if (ca_name == NULL)
487 return false;
488 sk_X509_NAME_push(issuer_names.get(), ca_name);
489 }
490
491 // Create a temporary list of X509_NAME objects corresponding
492 // to the certificate chain. It doesn't own the object it points to.
493 std::vector<X509_NAME*> cert_names;
494 X509_NAME* issuer = X509_get_issuer_name(cert_handle_);
495 if (issuer == NULL)
496 return false;
497
498 cert_names.push_back(issuer);
499 for (OSCertHandles::iterator it = intermediate_ca_certs_.begin();
500 it != intermediate_ca_certs_.end(); ++it) {
501 issuer = X509_get_issuer_name(*it);
502 if (issuer == NULL)
503 return false;
504 cert_names.push_back(issuer);
505 }
506
507 // and 'cert_names'.
508 for (size_t n = 0; n < cert_names.size(); ++n) {
509 for (int m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {
510 X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m);
511 if (X509_NAME_cmp(issuer, cert_names[n]) == 0) {
512 return true;
513 }
514 }
515 }
516
517 return false;
518 }
519
520 } // namespace net
521