1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115 /* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
141 #include <openssl/ssl.h>
142
143 #include <assert.h>
144
145 #include <openssl/asn1.h>
146 #include <openssl/bytestring.h>
147 #include <openssl/err.h>
148 #include <openssl/pem.h>
149 #include <openssl/stack.h>
150 #include <openssl/x509.h>
151 #include <openssl/x509v3.h>
152 #include <openssl/x509_vfy.h>
153
154 #include "internal.h"
155 #include "../crypto/internal.h"
156
157
158 BSSL_NAMESPACE_BEGIN
159
160 // check_ssl_x509_method asserts that |ssl| has the X509-based method
161 // installed. Calling an X509-based method on an |ssl| with a different method
162 // will likely misbehave and possibly crash or leak memory.
check_ssl_x509_method(const SSL * ssl)163 static void check_ssl_x509_method(const SSL *ssl) {
164 assert(ssl == NULL || ssl->ctx->x509_method == &ssl_crypto_x509_method);
165 }
166
167 // check_ssl_ctx_x509_method acts like |check_ssl_x509_method|, but for an
168 // |SSL_CTX|.
check_ssl_ctx_x509_method(const SSL_CTX * ctx)169 static void check_ssl_ctx_x509_method(const SSL_CTX *ctx) {
170 assert(ctx == NULL || ctx->x509_method == &ssl_crypto_x509_method);
171 }
172
173 // x509_to_buffer returns a |CRYPTO_BUFFER| that contains the serialised
174 // contents of |x509|.
x509_to_buffer(X509 * x509)175 static UniquePtr<CRYPTO_BUFFER> x509_to_buffer(X509 *x509) {
176 uint8_t *buf = NULL;
177 int cert_len = i2d_X509(x509, &buf);
178 if (cert_len <= 0) {
179 return 0;
180 }
181
182 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(buf, cert_len, NULL));
183 OPENSSL_free(buf);
184
185 return buffer;
186 }
187
188 // new_leafless_chain returns a fresh stack of buffers set to {NULL}.
new_leafless_chain(void)189 static UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_leafless_chain(void) {
190 UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain(sk_CRYPTO_BUFFER_new_null());
191 if (!chain ||
192 !sk_CRYPTO_BUFFER_push(chain.get(), nullptr)) {
193 return nullptr;
194 }
195
196 return chain;
197 }
198
199 // ssl_cert_set_chain sets elements 1.. of |cert->chain| to the serialised
200 // forms of elements of |chain|. It returns one on success or zero on error, in
201 // which case no change to |cert->chain| is made. It preverses the existing
202 // leaf from |cert->chain|, if any.
ssl_cert_set_chain(CERT * cert,STACK_OF (X509)* chain)203 static bool ssl_cert_set_chain(CERT *cert, STACK_OF(X509) *chain) {
204 UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_chain;
205
206 if (cert->chain != nullptr) {
207 new_chain.reset(sk_CRYPTO_BUFFER_new_null());
208 if (!new_chain) {
209 return false;
210 }
211
212 // |leaf| might be NULL if it's a “leafless” chain.
213 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);
214 if (!PushToStack(new_chain.get(), UpRef(leaf))) {
215 return false;
216 }
217 }
218
219 for (X509 *x509 : chain) {
220 if (!new_chain) {
221 new_chain = new_leafless_chain();
222 if (!new_chain) {
223 return false;
224 }
225 }
226
227 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509);
228 if (!buffer ||
229 !PushToStack(new_chain.get(), std::move(buffer))) {
230 return false;
231 }
232 }
233
234 cert->chain = std::move(new_chain);
235 return true;
236 }
237
ssl_crypto_x509_cert_flush_cached_leaf(CERT * cert)238 static void ssl_crypto_x509_cert_flush_cached_leaf(CERT *cert) {
239 X509_free(cert->x509_leaf);
240 cert->x509_leaf = nullptr;
241 }
242
ssl_crypto_x509_cert_flush_cached_chain(CERT * cert)243 static void ssl_crypto_x509_cert_flush_cached_chain(CERT *cert) {
244 sk_X509_pop_free(cert->x509_chain, X509_free);
245 cert->x509_chain = nullptr;
246 }
247
ssl_crypto_x509_check_client_CA_list(STACK_OF (CRYPTO_BUFFER)* names)248 static bool ssl_crypto_x509_check_client_CA_list(
249 STACK_OF(CRYPTO_BUFFER) *names) {
250 for (const CRYPTO_BUFFER *buffer : names) {
251 const uint8_t *inp = CRYPTO_BUFFER_data(buffer);
252 UniquePtr<X509_NAME> name(
253 d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));
254 if (name == nullptr ||
255 inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer)) {
256 return false;
257 }
258 }
259
260 return true;
261 }
262
ssl_crypto_x509_cert_clear(CERT * cert)263 static void ssl_crypto_x509_cert_clear(CERT *cert) {
264 ssl_crypto_x509_cert_flush_cached_leaf(cert);
265 ssl_crypto_x509_cert_flush_cached_chain(cert);
266
267 X509_free(cert->x509_stash);
268 cert->x509_stash = nullptr;
269 }
270
ssl_crypto_x509_cert_free(CERT * cert)271 static void ssl_crypto_x509_cert_free(CERT *cert) {
272 ssl_crypto_x509_cert_clear(cert);
273 X509_STORE_free(cert->verify_store);
274 }
275
ssl_crypto_x509_cert_dup(CERT * new_cert,const CERT * cert)276 static void ssl_crypto_x509_cert_dup(CERT *new_cert, const CERT *cert) {
277 if (cert->verify_store != nullptr) {
278 X509_STORE_up_ref(cert->verify_store);
279 new_cert->verify_store = cert->verify_store;
280 }
281 }
282
ssl_crypto_x509_session_cache_objects(SSL_SESSION * sess)283 static bool ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) {
284 bssl::UniquePtr<STACK_OF(X509)> chain, chain_without_leaf;
285 if (sk_CRYPTO_BUFFER_num(sess->certs.get()) > 0) {
286 chain.reset(sk_X509_new_null());
287 if (!chain) {
288 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
289 return false;
290 }
291 if (sess->is_server) {
292 // chain_without_leaf is only needed for server sessions. See
293 // |SSL_get_peer_cert_chain|.
294 chain_without_leaf.reset(sk_X509_new_null());
295 if (!chain_without_leaf) {
296 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
297 return false;
298 }
299 }
300 }
301
302 bssl::UniquePtr<X509> leaf;
303 for (CRYPTO_BUFFER *cert : sess->certs.get()) {
304 UniquePtr<X509> x509(X509_parse_from_buffer(cert));
305 if (!x509) {
306 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
307 return false;
308 }
309 if (leaf == nullptr) {
310 leaf = UpRef(x509);
311 } else if (chain_without_leaf &&
312 !PushToStack(chain_without_leaf.get(), UpRef(x509))) {
313 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
314 return false;
315 }
316 if (!PushToStack(chain.get(), std::move(x509))) {
317 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
318 return false;
319 }
320 }
321
322 sk_X509_pop_free(sess->x509_chain, X509_free);
323 sess->x509_chain = chain.release();
324
325 sk_X509_pop_free(sess->x509_chain_without_leaf, X509_free);
326 sess->x509_chain_without_leaf = chain_without_leaf.release();
327
328 X509_free(sess->x509_peer);
329 sess->x509_peer = leaf.release();
330 return true;
331 }
332
ssl_crypto_x509_session_dup(SSL_SESSION * new_session,const SSL_SESSION * session)333 static bool ssl_crypto_x509_session_dup(SSL_SESSION *new_session,
334 const SSL_SESSION *session) {
335 new_session->x509_peer = UpRef(session->x509_peer).release();
336 if (session->x509_chain != nullptr) {
337 new_session->x509_chain = X509_chain_up_ref(session->x509_chain);
338 if (new_session->x509_chain == nullptr) {
339 return false;
340 }
341 }
342 if (session->x509_chain_without_leaf != nullptr) {
343 new_session->x509_chain_without_leaf =
344 X509_chain_up_ref(session->x509_chain_without_leaf);
345 if (new_session->x509_chain_without_leaf == nullptr) {
346 return false;
347 }
348 }
349
350 return true;
351 }
352
ssl_crypto_x509_session_clear(SSL_SESSION * session)353 static void ssl_crypto_x509_session_clear(SSL_SESSION *session) {
354 X509_free(session->x509_peer);
355 session->x509_peer = nullptr;
356 sk_X509_pop_free(session->x509_chain, X509_free);
357 session->x509_chain = nullptr;
358 sk_X509_pop_free(session->x509_chain_without_leaf, X509_free);
359 session->x509_chain_without_leaf = nullptr;
360 }
361
ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION * session,SSL_HANDSHAKE * hs,uint8_t * out_alert)362 static bool ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION *session,
363 SSL_HANDSHAKE *hs,
364 uint8_t *out_alert) {
365 *out_alert = SSL_AD_INTERNAL_ERROR;
366 STACK_OF(X509) *const cert_chain = session->x509_chain;
367 if (cert_chain == nullptr || sk_X509_num(cert_chain) == 0) {
368 return false;
369 }
370
371 SSL_CTX *ssl_ctx = hs->ssl->ctx.get();
372 X509_STORE *verify_store = ssl_ctx->cert_store;
373 if (hs->config->cert->verify_store != nullptr) {
374 verify_store = hs->config->cert->verify_store;
375 }
376
377 X509 *leaf = sk_X509_value(cert_chain, 0);
378 ScopedX509_STORE_CTX ctx;
379 if (!X509_STORE_CTX_init(ctx.get(), verify_store, leaf, cert_chain) ||
380 !X509_STORE_CTX_set_ex_data(
381 ctx.get(), SSL_get_ex_data_X509_STORE_CTX_idx(), hs->ssl) ||
382 // We need to inherit the verify parameters. These can be determined by
383 // the context: if its a server it will verify SSL client certificates or
384 // vice versa.
385 !X509_STORE_CTX_set_default(
386 ctx.get(), hs->ssl->server ? "ssl_client" : "ssl_server") ||
387 // Anything non-default in "param" should overwrite anything in the ctx.
388 !X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(ctx.get()),
389 hs->config->param)) {
390 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
391 return false;
392 }
393
394 if (hs->config->verify_callback) {
395 X509_STORE_CTX_set_verify_cb(ctx.get(), hs->config->verify_callback);
396 }
397
398 int verify_ret;
399 if (ssl_ctx->app_verify_callback != nullptr) {
400 verify_ret =
401 ssl_ctx->app_verify_callback(ctx.get(), ssl_ctx->app_verify_arg);
402 } else {
403 verify_ret = X509_verify_cert(ctx.get());
404 }
405
406 session->verify_result = ctx->error;
407
408 // If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result.
409 if (verify_ret <= 0 && hs->config->verify_mode != SSL_VERIFY_NONE) {
410 *out_alert = SSL_alert_from_verify_result(ctx->error);
411 return false;
412 }
413
414 ERR_clear_error();
415 return true;
416 }
417
ssl_crypto_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE * hs)418 static void ssl_crypto_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE *hs) {
419 sk_X509_NAME_pop_free(hs->cached_x509_ca_names, X509_NAME_free);
420 hs->cached_x509_ca_names = nullptr;
421 }
422
ssl_crypto_x509_ssl_new(SSL_HANDSHAKE * hs)423 static bool ssl_crypto_x509_ssl_new(SSL_HANDSHAKE *hs) {
424 hs->config->param = X509_VERIFY_PARAM_new();
425 if (hs->config->param == nullptr) {
426 return false;
427 }
428 X509_VERIFY_PARAM_inherit(hs->config->param, hs->ssl->ctx->param);
429 return true;
430 }
431
ssl_crypto_x509_ssl_flush_cached_client_CA(SSL_CONFIG * cfg)432 static void ssl_crypto_x509_ssl_flush_cached_client_CA(SSL_CONFIG *cfg) {
433 sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);
434 cfg->cached_x509_client_CA = nullptr;
435 }
436
ssl_crypto_x509_ssl_config_free(SSL_CONFIG * cfg)437 static void ssl_crypto_x509_ssl_config_free(SSL_CONFIG *cfg) {
438 sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);
439 cfg->cached_x509_client_CA = nullptr;
440 X509_VERIFY_PARAM_free(cfg->param);
441 }
442
ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE * hs)443 static bool ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) {
444 // Only build a chain if there are no intermediates configured and the feature
445 // isn't disabled.
446 if ((hs->ssl->mode & SSL_MODE_NO_AUTO_CHAIN) ||
447 !ssl_has_certificate(hs) || hs->config->cert->chain == NULL ||
448 sk_CRYPTO_BUFFER_num(hs->config->cert->chain.get()) > 1) {
449 return true;
450 }
451
452 UniquePtr<X509> leaf(X509_parse_from_buffer(
453 sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0)));
454 if (!leaf) {
455 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
456 return false;
457 }
458
459 ScopedX509_STORE_CTX ctx;
460 if (!X509_STORE_CTX_init(ctx.get(), hs->ssl->ctx->cert_store, leaf.get(),
461 NULL)) {
462 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
463 return false;
464 }
465
466 // Attempt to build a chain, ignoring the result.
467 X509_verify_cert(ctx.get());
468 ERR_clear_error();
469
470 // Remove the leaf from the generated chain.
471 X509_free(sk_X509_shift(ctx->chain));
472
473 if (!ssl_cert_set_chain(hs->config->cert.get(), ctx->chain)) {
474 return false;
475 }
476
477 ssl_crypto_x509_cert_flush_cached_chain(hs->config->cert.get());
478
479 return true;
480 }
481
ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX * ctx)482 static void ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {
483 sk_X509_NAME_pop_free(ctx->cached_x509_client_CA, X509_NAME_free);
484 ctx->cached_x509_client_CA = nullptr;
485 }
486
ssl_crypto_x509_ssl_ctx_new(SSL_CTX * ctx)487 static bool ssl_crypto_x509_ssl_ctx_new(SSL_CTX *ctx) {
488 ctx->cert_store = X509_STORE_new();
489 ctx->param = X509_VERIFY_PARAM_new();
490 return (ctx->cert_store != nullptr && ctx->param != nullptr);
491 }
492
ssl_crypto_x509_ssl_ctx_free(SSL_CTX * ctx)493 static void ssl_crypto_x509_ssl_ctx_free(SSL_CTX *ctx) {
494 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(ctx);
495 X509_VERIFY_PARAM_free(ctx->param);
496 X509_STORE_free(ctx->cert_store);
497 }
498
499 const SSL_X509_METHOD ssl_crypto_x509_method = {
500 ssl_crypto_x509_check_client_CA_list,
501 ssl_crypto_x509_cert_clear,
502 ssl_crypto_x509_cert_free,
503 ssl_crypto_x509_cert_dup,
504 ssl_crypto_x509_cert_flush_cached_chain,
505 ssl_crypto_x509_cert_flush_cached_leaf,
506 ssl_crypto_x509_session_cache_objects,
507 ssl_crypto_x509_session_dup,
508 ssl_crypto_x509_session_clear,
509 ssl_crypto_x509_session_verify_cert_chain,
510 ssl_crypto_x509_hs_flush_cached_ca_names,
511 ssl_crypto_x509_ssl_new,
512 ssl_crypto_x509_ssl_config_free,
513 ssl_crypto_x509_ssl_flush_cached_client_CA,
514 ssl_crypto_x509_ssl_auto_chain_if_needed,
515 ssl_crypto_x509_ssl_ctx_new,
516 ssl_crypto_x509_ssl_ctx_free,
517 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA,
518 };
519
520 BSSL_NAMESPACE_END
521
522 using namespace bssl;
523
SSL_get_peer_certificate(const SSL * ssl)524 X509 *SSL_get_peer_certificate(const SSL *ssl) {
525 check_ssl_x509_method(ssl);
526 if (ssl == NULL) {
527 return NULL;
528 }
529 SSL_SESSION *session = SSL_get_session(ssl);
530 if (session == NULL || session->x509_peer == NULL) {
531 return NULL;
532 }
533 X509_up_ref(session->x509_peer);
534 return session->x509_peer;
535 }
536
STACK_OF(X509)537 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl) {
538 check_ssl_x509_method(ssl);
539 if (ssl == nullptr) {
540 return nullptr;
541 }
542 SSL_SESSION *session = SSL_get_session(ssl);
543 if (session == nullptr) {
544 return nullptr;
545 }
546
547 // OpenSSL historically didn't include the leaf certificate in the returned
548 // certificate chain, but only for servers.
549 return ssl->server ? session->x509_chain_without_leaf : session->x509_chain;
550 }
551
STACK_OF(X509)552 STACK_OF(X509) *SSL_get_peer_full_cert_chain(const SSL *ssl) {
553 check_ssl_x509_method(ssl);
554 SSL_SESSION *session = SSL_get_session(ssl);
555 if (session == NULL) {
556 return NULL;
557 }
558
559 return session->x509_chain;
560 }
561
SSL_CTX_set_purpose(SSL_CTX * ctx,int purpose)562 int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose) {
563 check_ssl_ctx_x509_method(ctx);
564 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
565 }
566
SSL_set_purpose(SSL * ssl,int purpose)567 int SSL_set_purpose(SSL *ssl, int purpose) {
568 check_ssl_x509_method(ssl);
569 if (!ssl->config) {
570 return 0;
571 }
572 return X509_VERIFY_PARAM_set_purpose(ssl->config->param, purpose);
573 }
574
SSL_CTX_set_trust(SSL_CTX * ctx,int trust)575 int SSL_CTX_set_trust(SSL_CTX *ctx, int trust) {
576 check_ssl_ctx_x509_method(ctx);
577 return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
578 }
579
SSL_set_trust(SSL * ssl,int trust)580 int SSL_set_trust(SSL *ssl, int trust) {
581 check_ssl_x509_method(ssl);
582 if (!ssl->config) {
583 return 0;
584 }
585 return X509_VERIFY_PARAM_set_trust(ssl->config->param, trust);
586 }
587
SSL_CTX_set1_param(SSL_CTX * ctx,const X509_VERIFY_PARAM * param)588 int SSL_CTX_set1_param(SSL_CTX *ctx, const X509_VERIFY_PARAM *param) {
589 check_ssl_ctx_x509_method(ctx);
590 return X509_VERIFY_PARAM_set1(ctx->param, param);
591 }
592
SSL_set1_param(SSL * ssl,const X509_VERIFY_PARAM * param)593 int SSL_set1_param(SSL *ssl, const X509_VERIFY_PARAM *param) {
594 check_ssl_x509_method(ssl);
595 if (!ssl->config) {
596 return 0;
597 }
598 return X509_VERIFY_PARAM_set1(ssl->config->param, param);
599 }
600
SSL_CTX_get0_param(SSL_CTX * ctx)601 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) {
602 check_ssl_ctx_x509_method(ctx);
603 return ctx->param;
604 }
605
SSL_get0_param(SSL * ssl)606 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) {
607 check_ssl_x509_method(ssl);
608 if (!ssl->config) {
609 assert(ssl->config);
610 return 0;
611 }
612 return ssl->config->param;
613 }
614
SSL_get_verify_depth(const SSL * ssl)615 int SSL_get_verify_depth(const SSL *ssl) {
616 check_ssl_x509_method(ssl);
617 if (!ssl->config) {
618 assert(ssl->config);
619 return 0;
620 }
621 return X509_VERIFY_PARAM_get_depth(ssl->config->param);
622 }
623
SSL_get_verify_callback(const SSL * ssl)624 int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *) {
625 check_ssl_x509_method(ssl);
626 if (!ssl->config) {
627 assert(ssl->config);
628 return 0;
629 }
630 return ssl->config->verify_callback;
631 }
632
SSL_CTX_get_verify_mode(const SSL_CTX * ctx)633 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) {
634 check_ssl_ctx_x509_method(ctx);
635 return ctx->verify_mode;
636 }
637
SSL_CTX_get_verify_depth(const SSL_CTX * ctx)638 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) {
639 check_ssl_ctx_x509_method(ctx);
640 return X509_VERIFY_PARAM_get_depth(ctx->param);
641 }
642
SSL_CTX_get_verify_callback(const SSL_CTX * ctx)643 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(
644 int ok, X509_STORE_CTX *store_ctx) {
645 check_ssl_ctx_x509_method(ctx);
646 return ctx->default_verify_callback;
647 }
648
SSL_set_verify(SSL * ssl,int mode,int (* callback)(int ok,X509_STORE_CTX * store_ctx))649 void SSL_set_verify(SSL *ssl, int mode,
650 int (*callback)(int ok, X509_STORE_CTX *store_ctx)) {
651 check_ssl_x509_method(ssl);
652 if (!ssl->config) {
653 return;
654 }
655 ssl->config->verify_mode = mode;
656 if (callback != NULL) {
657 ssl->config->verify_callback = callback;
658 }
659 }
660
SSL_set_verify_depth(SSL * ssl,int depth)661 void SSL_set_verify_depth(SSL *ssl, int depth) {
662 check_ssl_x509_method(ssl);
663 if (!ssl->config) {
664 return;
665 }
666 X509_VERIFY_PARAM_set_depth(ssl->config->param, depth);
667 }
668
SSL_CTX_set_cert_verify_callback(SSL_CTX * ctx,int (* cb)(X509_STORE_CTX * store_ctx,void * arg),void * arg)669 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
670 int (*cb)(X509_STORE_CTX *store_ctx,
671 void *arg),
672 void *arg) {
673 check_ssl_ctx_x509_method(ctx);
674 ctx->app_verify_callback = cb;
675 ctx->app_verify_arg = arg;
676 }
677
SSL_CTX_set_verify(SSL_CTX * ctx,int mode,int (* cb)(int,X509_STORE_CTX *))678 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
679 int (*cb)(int, X509_STORE_CTX *)) {
680 check_ssl_ctx_x509_method(ctx);
681 ctx->verify_mode = mode;
682 ctx->default_verify_callback = cb;
683 }
684
SSL_CTX_set_verify_depth(SSL_CTX * ctx,int depth)685 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) {
686 check_ssl_ctx_x509_method(ctx);
687 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
688 }
689
SSL_CTX_set_default_verify_paths(SSL_CTX * ctx)690 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) {
691 check_ssl_ctx_x509_method(ctx);
692 return X509_STORE_set_default_paths(ctx->cert_store);
693 }
694
SSL_CTX_load_verify_locations(SSL_CTX * ctx,const char * ca_file,const char * ca_dir)695 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *ca_file,
696 const char *ca_dir) {
697 check_ssl_ctx_x509_method(ctx);
698 return X509_STORE_load_locations(ctx->cert_store, ca_file, ca_dir);
699 }
700
SSL_set_verify_result(SSL * ssl,long result)701 void SSL_set_verify_result(SSL *ssl, long result) {
702 check_ssl_x509_method(ssl);
703 if (result != X509_V_OK) {
704 abort();
705 }
706 }
707
SSL_get_verify_result(const SSL * ssl)708 long SSL_get_verify_result(const SSL *ssl) {
709 check_ssl_x509_method(ssl);
710 SSL_SESSION *session = SSL_get_session(ssl);
711 if (session == NULL) {
712 return X509_V_ERR_INVALID_CALL;
713 }
714 return session->verify_result;
715 }
716
SSL_CTX_get_cert_store(const SSL_CTX * ctx)717 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
718 check_ssl_ctx_x509_method(ctx);
719 return ctx->cert_store;
720 }
721
SSL_CTX_set_cert_store(SSL_CTX * ctx,X509_STORE * store)722 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) {
723 check_ssl_ctx_x509_method(ctx);
724 X509_STORE_free(ctx->cert_store);
725 ctx->cert_store = store;
726 }
727
ssl_use_certificate(CERT * cert,X509 * x)728 static int ssl_use_certificate(CERT *cert, X509 *x) {
729 if (x == NULL) {
730 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
731 return 0;
732 }
733
734 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x);
735 if (!buffer) {
736 return 0;
737 }
738
739 return ssl_set_cert(cert, std::move(buffer));
740 }
741
SSL_use_certificate(SSL * ssl,X509 * x)742 int SSL_use_certificate(SSL *ssl, X509 *x) {
743 check_ssl_x509_method(ssl);
744 if (!ssl->config) {
745 return 0;
746 }
747 return ssl_use_certificate(ssl->config->cert.get(), x);
748 }
749
SSL_CTX_use_certificate(SSL_CTX * ctx,X509 * x)750 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) {
751 check_ssl_ctx_x509_method(ctx);
752 return ssl_use_certificate(ctx->cert.get(), x);
753 }
754
755 // ssl_cert_cache_leaf_cert sets |cert->x509_leaf|, if currently NULL, from the
756 // first element of |cert->chain|.
ssl_cert_cache_leaf_cert(CERT * cert)757 static int ssl_cert_cache_leaf_cert(CERT *cert) {
758 assert(cert->x509_method);
759
760 if (cert->x509_leaf != NULL ||
761 cert->chain == NULL) {
762 return 1;
763 }
764
765 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);
766 if (!leaf) {
767 return 1;
768 }
769
770 cert->x509_leaf = X509_parse_from_buffer(leaf);
771 return cert->x509_leaf != NULL;
772 }
773
ssl_cert_get0_leaf(CERT * cert)774 static X509 *ssl_cert_get0_leaf(CERT *cert) {
775 if (cert->x509_leaf == NULL &&
776 !ssl_cert_cache_leaf_cert(cert)) {
777 return NULL;
778 }
779
780 return cert->x509_leaf;
781 }
782
SSL_get_certificate(const SSL * ssl)783 X509 *SSL_get_certificate(const SSL *ssl) {
784 check_ssl_x509_method(ssl);
785 if (!ssl->config) {
786 assert(ssl->config);
787 return 0;
788 }
789 return ssl_cert_get0_leaf(ssl->config->cert.get());
790 }
791
SSL_CTX_get0_certificate(const SSL_CTX * ctx)792 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) {
793 check_ssl_ctx_x509_method(ctx);
794 MutexWriteLock lock(const_cast<CRYPTO_MUTEX*>(&ctx->lock));
795 return ssl_cert_get0_leaf(ctx->cert.get());
796 }
797
ssl_cert_set0_chain(CERT * cert,STACK_OF (X509)* chain)798 static int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain) {
799 if (!ssl_cert_set_chain(cert, chain)) {
800 return 0;
801 }
802
803 sk_X509_pop_free(chain, X509_free);
804 ssl_crypto_x509_cert_flush_cached_chain(cert);
805 return 1;
806 }
807
ssl_cert_set1_chain(CERT * cert,STACK_OF (X509)* chain)808 static int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain) {
809 if (!ssl_cert_set_chain(cert, chain)) {
810 return 0;
811 }
812
813 ssl_crypto_x509_cert_flush_cached_chain(cert);
814 return 1;
815 }
816
ssl_cert_append_cert(CERT * cert,X509 * x509)817 static int ssl_cert_append_cert(CERT *cert, X509 *x509) {
818 assert(cert->x509_method);
819
820 UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509);
821 if (!buffer) {
822 return 0;
823 }
824
825 if (cert->chain != NULL) {
826 return PushToStack(cert->chain.get(), std::move(buffer));
827 }
828
829 cert->chain = new_leafless_chain();
830 if (!cert->chain ||
831 !PushToStack(cert->chain.get(), std::move(buffer))) {
832 cert->chain.reset();
833 return 0;
834 }
835
836 return 1;
837 }
838
ssl_cert_add0_chain_cert(CERT * cert,X509 * x509)839 static int ssl_cert_add0_chain_cert(CERT *cert, X509 *x509) {
840 if (!ssl_cert_append_cert(cert, x509)) {
841 return 0;
842 }
843
844 X509_free(cert->x509_stash);
845 cert->x509_stash = x509;
846 ssl_crypto_x509_cert_flush_cached_chain(cert);
847 return 1;
848 }
849
ssl_cert_add1_chain_cert(CERT * cert,X509 * x509)850 static int ssl_cert_add1_chain_cert(CERT *cert, X509 *x509) {
851 if (!ssl_cert_append_cert(cert, x509)) {
852 return 0;
853 }
854
855 ssl_crypto_x509_cert_flush_cached_chain(cert);
856 return 1;
857 }
858
SSL_CTX_set0_chain(SSL_CTX * ctx,STACK_OF (X509)* chain)859 int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {
860 check_ssl_ctx_x509_method(ctx);
861 return ssl_cert_set0_chain(ctx->cert.get(), chain);
862 }
863
SSL_CTX_set1_chain(SSL_CTX * ctx,STACK_OF (X509)* chain)864 int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {
865 check_ssl_ctx_x509_method(ctx);
866 return ssl_cert_set1_chain(ctx->cert.get(), chain);
867 }
868
SSL_set0_chain(SSL * ssl,STACK_OF (X509)* chain)869 int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain) {
870 check_ssl_x509_method(ssl);
871 if (!ssl->config) {
872 return 0;
873 }
874 return ssl_cert_set0_chain(ssl->config->cert.get(), chain);
875 }
876
SSL_set1_chain(SSL * ssl,STACK_OF (X509)* chain)877 int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain) {
878 check_ssl_x509_method(ssl);
879 if (!ssl->config) {
880 return 0;
881 }
882 return ssl_cert_set1_chain(ssl->config->cert.get(), chain);
883 }
884
SSL_CTX_add0_chain_cert(SSL_CTX * ctx,X509 * x509)885 int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509) {
886 check_ssl_ctx_x509_method(ctx);
887 return ssl_cert_add0_chain_cert(ctx->cert.get(), x509);
888 }
889
SSL_CTX_add1_chain_cert(SSL_CTX * ctx,X509 * x509)890 int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509) {
891 check_ssl_ctx_x509_method(ctx);
892 return ssl_cert_add1_chain_cert(ctx->cert.get(), x509);
893 }
894
SSL_CTX_add_extra_chain_cert(SSL_CTX * ctx,X509 * x509)895 int SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509) {
896 check_ssl_ctx_x509_method(ctx);
897 return SSL_CTX_add0_chain_cert(ctx, x509);
898 }
899
SSL_add0_chain_cert(SSL * ssl,X509 * x509)900 int SSL_add0_chain_cert(SSL *ssl, X509 *x509) {
901 check_ssl_x509_method(ssl);
902 if (!ssl->config) {
903 return 0;
904 }
905 return ssl_cert_add0_chain_cert(ssl->config->cert.get(), x509);
906 }
907
SSL_add1_chain_cert(SSL * ssl,X509 * x509)908 int SSL_add1_chain_cert(SSL *ssl, X509 *x509) {
909 check_ssl_x509_method(ssl);
910 if (!ssl->config) {
911 return 0;
912 }
913 return ssl_cert_add1_chain_cert(ssl->config->cert.get(), x509);
914 }
915
SSL_CTX_clear_chain_certs(SSL_CTX * ctx)916 int SSL_CTX_clear_chain_certs(SSL_CTX *ctx) {
917 check_ssl_ctx_x509_method(ctx);
918 return SSL_CTX_set0_chain(ctx, NULL);
919 }
920
SSL_CTX_clear_extra_chain_certs(SSL_CTX * ctx)921 int SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx) {
922 check_ssl_ctx_x509_method(ctx);
923 return SSL_CTX_clear_chain_certs(ctx);
924 }
925
SSL_clear_chain_certs(SSL * ssl)926 int SSL_clear_chain_certs(SSL *ssl) {
927 check_ssl_x509_method(ssl);
928 return SSL_set0_chain(ssl, NULL);
929 }
930
931 // ssl_cert_cache_chain_certs fills in |cert->x509_chain| from elements 1.. of
932 // |cert->chain|.
ssl_cert_cache_chain_certs(CERT * cert)933 static int ssl_cert_cache_chain_certs(CERT *cert) {
934 assert(cert->x509_method);
935
936 if (cert->x509_chain != nullptr ||
937 cert->chain == nullptr ||
938 sk_CRYPTO_BUFFER_num(cert->chain.get()) < 2) {
939 return 1;
940 }
941
942 UniquePtr<STACK_OF(X509)> chain(sk_X509_new_null());
943 if (!chain) {
944 return 0;
945 }
946
947 for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(cert->chain.get()); i++) {
948 CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(cert->chain.get(), i);
949 UniquePtr<X509> x509(X509_parse_from_buffer(buffer));
950 if (!x509 ||
951 !PushToStack(chain.get(), std::move(x509))) {
952 return 0;
953 }
954 }
955
956 cert->x509_chain = chain.release();
957 return 1;
958 }
959
SSL_CTX_get0_chain_certs(const SSL_CTX * ctx,STACK_OF (X509)** out_chain)960 int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain) {
961 check_ssl_ctx_x509_method(ctx);
962 MutexWriteLock lock(const_cast<CRYPTO_MUTEX*>(&ctx->lock));
963 if (!ssl_cert_cache_chain_certs(ctx->cert.get())) {
964 *out_chain = NULL;
965 return 0;
966 }
967
968 *out_chain = ctx->cert->x509_chain;
969 return 1;
970 }
971
SSL_CTX_get_extra_chain_certs(const SSL_CTX * ctx,STACK_OF (X509)** out_chain)972 int SSL_CTX_get_extra_chain_certs(const SSL_CTX *ctx,
973 STACK_OF(X509) **out_chain) {
974 return SSL_CTX_get0_chain_certs(ctx, out_chain);
975 }
976
SSL_get0_chain_certs(const SSL * ssl,STACK_OF (X509)** out_chain)977 int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) {
978 check_ssl_x509_method(ssl);
979 if (!ssl->config) {
980 assert(ssl->config);
981 return 0;
982 }
983 if (!ssl_cert_cache_chain_certs(ssl->config->cert.get())) {
984 *out_chain = NULL;
985 return 0;
986 }
987
988 *out_chain = ssl->config->cert->x509_chain;
989 return 1;
990 }
991
d2i_SSL_SESSION_bio(BIO * bio,SSL_SESSION ** out)992 SSL_SESSION *d2i_SSL_SESSION_bio(BIO *bio, SSL_SESSION **out) {
993 uint8_t *data;
994 size_t len;
995 if (!BIO_read_asn1(bio, &data, &len, 1024 * 1024)) {
996 return 0;
997 }
998 bssl::UniquePtr<uint8_t> free_data(data);
999 const uint8_t *ptr = data;
1000 return d2i_SSL_SESSION(out, &ptr, static_cast<long>(len));
1001 }
1002
i2d_SSL_SESSION_bio(BIO * bio,const SSL_SESSION * session)1003 int i2d_SSL_SESSION_bio(BIO *bio, const SSL_SESSION *session) {
1004 uint8_t *data;
1005 size_t len;
1006 if (!SSL_SESSION_to_bytes(session, &data, &len)) {
1007 return 0;
1008 }
1009 bssl::UniquePtr<uint8_t> free_data(data);
1010 return BIO_write_all(bio, data, len);
1011 }
1012
IMPLEMENT_PEM_rw(SSL_SESSION,SSL_SESSION,PEM_STRING_SSL_SESSION,SSL_SESSION)1013 IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
1014
1015 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {
1016 if (length < 0) {
1017 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1018 return NULL;
1019 }
1020
1021 CBS cbs;
1022 CBS_init(&cbs, *pp, length);
1023
1024 UniquePtr<SSL_SESSION> ret = SSL_SESSION_parse(&cbs, &ssl_crypto_x509_method,
1025 NULL /* no buffer pool */);
1026 if (!ret) {
1027 return NULL;
1028 }
1029
1030 if (a) {
1031 SSL_SESSION_free(*a);
1032 *a = ret.get();
1033 }
1034 *pp = CBS_data(&cbs);
1035 return ret.release();
1036 }
1037
STACK_OF(X509_NAME)1038 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *list) {
1039 return sk_X509_NAME_deep_copy(list, X509_NAME_dup, X509_NAME_free);
1040 }
1041
set_client_CA_list(UniquePtr<STACK_OF (CRYPTO_BUFFER)> * ca_list,const STACK_OF (X509_NAME)* name_list,CRYPTO_BUFFER_POOL * pool)1042 static void set_client_CA_list(UniquePtr<STACK_OF(CRYPTO_BUFFER)> *ca_list,
1043 const STACK_OF(X509_NAME) *name_list,
1044 CRYPTO_BUFFER_POOL *pool) {
1045 UniquePtr<STACK_OF(CRYPTO_BUFFER)> buffers(sk_CRYPTO_BUFFER_new_null());
1046 if (!buffers) {
1047 return;
1048 }
1049
1050 for (X509_NAME *name : name_list) {
1051 uint8_t *outp = NULL;
1052 int len = i2d_X509_NAME(name, &outp);
1053 if (len < 0) {
1054 return;
1055 }
1056
1057 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(outp, len, pool));
1058 OPENSSL_free(outp);
1059 if (!buffer ||
1060 !PushToStack(buffers.get(), std::move(buffer))) {
1061 return;
1062 }
1063 }
1064
1065 *ca_list = std::move(buffers);
1066 }
1067
SSL_set_client_CA_list(SSL * ssl,STACK_OF (X509_NAME)* name_list)1068 void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list) {
1069 check_ssl_x509_method(ssl);
1070 if (!ssl->config) {
1071 return;
1072 }
1073 ssl->ctx->x509_method->ssl_flush_cached_client_CA(ssl->config.get());
1074 set_client_CA_list(&ssl->config->client_CA, name_list, ssl->ctx->pool);
1075 sk_X509_NAME_pop_free(name_list, X509_NAME_free);
1076 }
1077
SSL_CTX_set_client_CA_list(SSL_CTX * ctx,STACK_OF (X509_NAME)* name_list)1078 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) {
1079 check_ssl_ctx_x509_method(ctx);
1080 ctx->x509_method->ssl_ctx_flush_cached_client_CA(ctx);
1081 set_client_CA_list(&ctx->client_CA, name_list, ctx->pool);
1082 sk_X509_NAME_pop_free(name_list, X509_NAME_free);
1083 }
1084
STACK_OF(X509_NAME)1085 static STACK_OF(X509_NAME) *
1086 buffer_names_to_x509(const STACK_OF(CRYPTO_BUFFER) *names,
1087 STACK_OF(X509_NAME) **cached) {
1088 if (names == NULL) {
1089 return NULL;
1090 }
1091
1092 if (*cached != NULL) {
1093 return *cached;
1094 }
1095
1096 UniquePtr<STACK_OF(X509_NAME)> new_cache(sk_X509_NAME_new_null());
1097 if (!new_cache) {
1098 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1099 return NULL;
1100 }
1101
1102 for (const CRYPTO_BUFFER *buffer : names) {
1103 const uint8_t *inp = CRYPTO_BUFFER_data(buffer);
1104 UniquePtr<X509_NAME> name(
1105 d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));
1106 if (!name ||
1107 inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer) ||
1108 !PushToStack(new_cache.get(), std::move(name))) {
1109 return NULL;
1110 }
1111 }
1112
1113 *cached = new_cache.release();
1114 return *cached;
1115 }
1116
STACK_OF(X509_NAME)1117 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl) {
1118 check_ssl_x509_method(ssl);
1119 if (!ssl->config) {
1120 assert(ssl->config);
1121 return NULL;
1122 }
1123 // For historical reasons, this function is used both to query configuration
1124 // state on a server as well as handshake state on a client. However, whether
1125 // |ssl| is a client or server is not known until explicitly configured with
1126 // |SSL_set_connect_state|. If |do_handshake| is NULL, |ssl| is in an
1127 // indeterminate mode and |ssl->server| is unset.
1128 if (ssl->do_handshake != NULL && !ssl->server) {
1129 if (ssl->s3->hs != NULL) {
1130 return buffer_names_to_x509(ssl->s3->hs->ca_names.get(),
1131 &ssl->s3->hs->cached_x509_ca_names);
1132 }
1133
1134 return NULL;
1135 }
1136
1137 if (ssl->config->client_CA != NULL) {
1138 return buffer_names_to_x509(
1139 ssl->config->client_CA.get(),
1140 (STACK_OF(X509_NAME) **)&ssl->config->cached_x509_client_CA);
1141 }
1142 return SSL_CTX_get_client_CA_list(ssl->ctx.get());
1143 }
1144
STACK_OF(X509_NAME)1145 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) {
1146 check_ssl_ctx_x509_method(ctx);
1147 // This is a logically const operation that may be called on multiple threads,
1148 // so it needs to lock around updating |cached_x509_client_CA|.
1149 MutexWriteLock lock(const_cast<CRYPTO_MUTEX *>(&ctx->lock));
1150 return buffer_names_to_x509(
1151 ctx->client_CA.get(),
1152 const_cast<STACK_OF(X509_NAME) **>(&ctx->cached_x509_client_CA));
1153 }
1154
add_client_CA(UniquePtr<STACK_OF (CRYPTO_BUFFER)> * names,X509 * x509,CRYPTO_BUFFER_POOL * pool)1155 static int add_client_CA(UniquePtr<STACK_OF(CRYPTO_BUFFER)> *names, X509 *x509,
1156 CRYPTO_BUFFER_POOL *pool) {
1157 if (x509 == NULL) {
1158 return 0;
1159 }
1160
1161 uint8_t *outp = NULL;
1162 int len = i2d_X509_NAME(X509_get_subject_name(x509), &outp);
1163 if (len < 0) {
1164 return 0;
1165 }
1166
1167 UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(outp, len, pool));
1168 OPENSSL_free(outp);
1169 if (!buffer) {
1170 return 0;
1171 }
1172
1173 int alloced = 0;
1174 if (*names == nullptr) {
1175 names->reset(sk_CRYPTO_BUFFER_new_null());
1176 alloced = 1;
1177
1178 if (*names == NULL) {
1179 return 0;
1180 }
1181 }
1182
1183 if (!PushToStack(names->get(), std::move(buffer))) {
1184 if (alloced) {
1185 names->reset();
1186 }
1187 return 0;
1188 }
1189
1190 return 1;
1191 }
1192
SSL_add_client_CA(SSL * ssl,X509 * x509)1193 int SSL_add_client_CA(SSL *ssl, X509 *x509) {
1194 check_ssl_x509_method(ssl);
1195 if (!ssl->config) {
1196 return 0;
1197 }
1198 if (!add_client_CA(&ssl->config->client_CA, x509, ssl->ctx->pool)) {
1199 return 0;
1200 }
1201
1202 ssl_crypto_x509_ssl_flush_cached_client_CA(ssl->config.get());
1203 return 1;
1204 }
1205
SSL_CTX_add_client_CA(SSL_CTX * ctx,X509 * x509)1206 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x509) {
1207 check_ssl_ctx_x509_method(ctx);
1208 if (!add_client_CA(&ctx->client_CA, x509, ctx->pool)) {
1209 return 0;
1210 }
1211
1212 ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(ctx);
1213 return 1;
1214 }
1215
do_client_cert_cb(SSL * ssl,void * arg)1216 static int do_client_cert_cb(SSL *ssl, void *arg) {
1217 // Should only be called during handshake, but check to be sure.
1218 if (!ssl->config) {
1219 assert(ssl->config);
1220 return -1;
1221 }
1222
1223 if (ssl_has_certificate(ssl->s3->hs.get()) ||
1224 ssl->ctx->client_cert_cb == NULL) {
1225 return 1;
1226 }
1227
1228 X509 *x509 = NULL;
1229 EVP_PKEY *pkey = NULL;
1230 int ret = ssl->ctx->client_cert_cb(ssl, &x509, &pkey);
1231 if (ret < 0) {
1232 return -1;
1233 }
1234 UniquePtr<X509> free_x509(x509);
1235 UniquePtr<EVP_PKEY> free_pkey(pkey);
1236
1237 if (ret != 0) {
1238 if (!SSL_use_certificate(ssl, x509) ||
1239 !SSL_use_PrivateKey(ssl, pkey)) {
1240 return 0;
1241 }
1242 }
1243
1244 return 1;
1245 }
1246
SSL_CTX_set_client_cert_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,X509 ** out_x509,EVP_PKEY ** out_pkey))1247 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl,
1248 X509 **out_x509,
1249 EVP_PKEY **out_pkey)) {
1250 check_ssl_ctx_x509_method(ctx);
1251 // Emulate the old client certificate callback with the new one.
1252 SSL_CTX_set_cert_cb(ctx, do_client_cert_cb, NULL);
1253 ctx->client_cert_cb = cb;
1254 }
1255
set_cert_store(X509_STORE ** store_ptr,X509_STORE * new_store,int take_ref)1256 static int set_cert_store(X509_STORE **store_ptr, X509_STORE *new_store,
1257 int take_ref) {
1258 X509_STORE_free(*store_ptr);
1259 *store_ptr = new_store;
1260
1261 if (new_store != NULL && take_ref) {
1262 X509_STORE_up_ref(new_store);
1263 }
1264
1265 return 1;
1266 }
1267
SSL_get_ex_data_X509_STORE_CTX_idx(void)1268 int SSL_get_ex_data_X509_STORE_CTX_idx(void) {
1269 // The ex_data index to go from |X509_STORE_CTX| to |SSL| always uses the
1270 // reserved app_data slot. Before ex_data was introduced, app_data was used.
1271 // Avoid breaking any software which assumes |X509_STORE_CTX_get_app_data|
1272 // works.
1273 return 0;
1274 }
1275
SSL_CTX_set0_verify_cert_store(SSL_CTX * ctx,X509_STORE * store)1276 int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
1277 check_ssl_ctx_x509_method(ctx);
1278 return set_cert_store(&ctx->cert->verify_store, store, 0);
1279 }
1280
SSL_CTX_set1_verify_cert_store(SSL_CTX * ctx,X509_STORE * store)1281 int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
1282 check_ssl_ctx_x509_method(ctx);
1283 return set_cert_store(&ctx->cert->verify_store, store, 1);
1284 }
1285
SSL_set0_verify_cert_store(SSL * ssl,X509_STORE * store)1286 int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store) {
1287 check_ssl_x509_method(ssl);
1288 if (!ssl->config) {
1289 return 0;
1290 }
1291 return set_cert_store(&ssl->config->cert->verify_store, store, 0);
1292 }
1293
SSL_set1_verify_cert_store(SSL * ssl,X509_STORE * store)1294 int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store) {
1295 check_ssl_x509_method(ssl);
1296 if (!ssl->config) {
1297 return 0;
1298 }
1299 return set_cert_store(&ssl->config->cert->verify_store, store, 1);
1300 }
1301
SSL_alert_from_verify_result(long result)1302 int SSL_alert_from_verify_result(long result) {
1303 switch (result) {
1304 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
1305 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1306 case X509_V_ERR_INVALID_CA:
1307 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
1308 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1309 case X509_V_ERR_UNABLE_TO_GET_CRL:
1310 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
1311 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
1312 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1313 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1314 return SSL_AD_UNKNOWN_CA;
1315
1316 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
1317 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
1318 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
1319 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
1320 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
1321 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
1322 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
1323 case X509_V_ERR_CERT_UNTRUSTED:
1324 case X509_V_ERR_CERT_REJECTED:
1325 case X509_V_ERR_HOSTNAME_MISMATCH:
1326 case X509_V_ERR_EMAIL_MISMATCH:
1327 case X509_V_ERR_IP_ADDRESS_MISMATCH:
1328 return SSL_AD_BAD_CERTIFICATE;
1329
1330 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
1331 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
1332 return SSL_AD_DECRYPT_ERROR;
1333
1334 case X509_V_ERR_CERT_HAS_EXPIRED:
1335 case X509_V_ERR_CERT_NOT_YET_VALID:
1336 case X509_V_ERR_CRL_HAS_EXPIRED:
1337 case X509_V_ERR_CRL_NOT_YET_VALID:
1338 return SSL_AD_CERTIFICATE_EXPIRED;
1339
1340 case X509_V_ERR_CERT_REVOKED:
1341 return SSL_AD_CERTIFICATE_REVOKED;
1342
1343 case X509_V_ERR_UNSPECIFIED:
1344 case X509_V_ERR_OUT_OF_MEM:
1345 case X509_V_ERR_INVALID_CALL:
1346 case X509_V_ERR_STORE_LOOKUP:
1347 return SSL_AD_INTERNAL_ERROR;
1348
1349 case X509_V_ERR_APPLICATION_VERIFICATION:
1350 return SSL_AD_HANDSHAKE_FAILURE;
1351
1352 case X509_V_ERR_INVALID_PURPOSE:
1353 return SSL_AD_UNSUPPORTED_CERTIFICATE;
1354
1355 default:
1356 return SSL_AD_CERTIFICATE_UNKNOWN;
1357 }
1358 }
1359