1 /*
2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 #include "internal/e_os.h"
12
13 #include <stdio.h>
14 #include <sys/types.h>
15
16 #include "internal/nelem.h"
17 #include "internal/o_dir.h"
18 #include <openssl/bio.h>
19 #include <openssl/pem.h>
20 #include <openssl/store.h>
21 #include <openssl/x509v3.h>
22 #include <openssl/dh.h>
23 #include <openssl/bn.h>
24 #include <openssl/crypto.h>
25 #include "internal/refcount.h"
26 #include "ssl_local.h"
27 #include "ssl_cert_table.h"
28 #include "internal/thread_once.h"
29 #include "internal/ssl_unwrap.h"
30 #ifndef OPENSSL_NO_POSIX_IO
31 # include <sys/stat.h>
32 # ifdef _WIN32
33 # define stat _stat
34 # endif
35 # ifndef S_ISDIR
36 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
37 # endif
38 #endif
39
40
41 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
42 int op, int bits, int nid, void *other,
43 void *ex);
44
45 static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
46 static volatile int ssl_x509_store_ctx_idx = -1;
47
DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)48 DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
49 {
50 ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
51 "SSL for verify callback",
52 NULL, NULL, NULL);
53 return ssl_x509_store_ctx_idx >= 0;
54 }
55
SSL_get_ex_data_X509_STORE_CTX_idx(void)56 int SSL_get_ex_data_X509_STORE_CTX_idx(void)
57 {
58
59 if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
60 return -1;
61 return ssl_x509_store_ctx_idx;
62 }
63
ssl_cert_new(size_t ssl_pkey_num)64 CERT *ssl_cert_new(size_t ssl_pkey_num)
65 {
66 CERT *ret = NULL;
67
68 /* Should never happen */
69 if (!ossl_assert(ssl_pkey_num >= SSL_PKEY_NUM))
70 return NULL;
71
72 ret = OPENSSL_zalloc(sizeof(*ret));
73 if (ret == NULL)
74 return NULL;
75
76 ret->ssl_pkey_num = ssl_pkey_num;
77 ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
78 if (ret->pkeys == NULL) {
79 OPENSSL_free(ret);
80 return NULL;
81 }
82
83 ret->key = &(ret->pkeys[SSL_PKEY_RSA]);
84 ret->sec_cb = ssl_security_default_callback;
85 ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
86 ret->sec_ex = NULL;
87 if (!CRYPTO_NEW_REF(&ret->references, 1)) {
88 OPENSSL_free(ret->pkeys);
89 OPENSSL_free(ret);
90 return NULL;
91 }
92
93 return ret;
94 }
95
ssl_cert_dup(CERT * cert)96 CERT *ssl_cert_dup(CERT *cert)
97 {
98 CERT *ret = OPENSSL_zalloc(sizeof(*ret));
99 size_t i;
100 #ifndef OPENSSL_NO_COMP_ALG
101 int j;
102 #endif
103
104 if (ret == NULL)
105 return NULL;
106
107 ret->ssl_pkey_num = cert->ssl_pkey_num;
108 ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
109 if (ret->pkeys == NULL) {
110 OPENSSL_free(ret);
111 return NULL;
112 }
113
114 ret->key = &ret->pkeys[cert->key - cert->pkeys];
115 if (!CRYPTO_NEW_REF(&ret->references, 1)) {
116 OPENSSL_free(ret->pkeys);
117 OPENSSL_free(ret);
118 return NULL;
119 }
120
121 if (cert->dh_tmp != NULL) {
122 if (!EVP_PKEY_up_ref(cert->dh_tmp))
123 goto err;
124 ret->dh_tmp = cert->dh_tmp;
125 }
126
127 ret->dh_tmp_cb = cert->dh_tmp_cb;
128 ret->dh_tmp_auto = cert->dh_tmp_auto;
129
130 for (i = 0; i < ret->ssl_pkey_num; i++) {
131 CERT_PKEY *cpk = cert->pkeys + i;
132 CERT_PKEY *rpk = ret->pkeys + i;
133
134 if (cpk->x509 != NULL) {
135 if (!X509_up_ref(cpk->x509))
136 goto err;
137 rpk->x509 = cpk->x509;
138 }
139
140 if (cpk->privatekey != NULL) {
141 if (!EVP_PKEY_up_ref(cpk->privatekey))
142 goto err;
143 rpk->privatekey = cpk->privatekey;
144 }
145
146 if (cpk->chain) {
147 rpk->chain = X509_chain_up_ref(cpk->chain);
148 if (!rpk->chain) {
149 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
150 goto err;
151 }
152 }
153 if (cpk->serverinfo != NULL) {
154 /* Just copy everything. */
155 rpk->serverinfo = OPENSSL_memdup(cpk->serverinfo, cpk->serverinfo_length);
156 if (rpk->serverinfo == NULL)
157 goto err;
158 rpk->serverinfo_length = cpk->serverinfo_length;
159 }
160 #ifndef OPENSSL_NO_COMP_ALG
161 for (j = TLSEXT_comp_cert_none; j < TLSEXT_comp_cert_limit; j++) {
162 if (cpk->comp_cert[j] != NULL) {
163 if (!OSSL_COMP_CERT_up_ref(cpk->comp_cert[j]))
164 goto err;
165 rpk->comp_cert[j] = cpk->comp_cert[j];
166 }
167 }
168 #endif
169 }
170
171 /* Configured sigalgs copied across */
172 if (cert->conf_sigalgs) {
173 ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
174 * sizeof(*cert->conf_sigalgs));
175 if (ret->conf_sigalgs == NULL)
176 goto err;
177 memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
178 cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs));
179 ret->conf_sigalgslen = cert->conf_sigalgslen;
180 } else
181 ret->conf_sigalgs = NULL;
182
183 if (cert->client_sigalgs) {
184 ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen
185 * sizeof(*cert->client_sigalgs));
186 if (ret->client_sigalgs == NULL)
187 goto err;
188 memcpy(ret->client_sigalgs, cert->client_sigalgs,
189 cert->client_sigalgslen * sizeof(*cert->client_sigalgs));
190 ret->client_sigalgslen = cert->client_sigalgslen;
191 } else
192 ret->client_sigalgs = NULL;
193 /* Copy any custom client certificate types */
194 if (cert->ctype) {
195 ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len);
196 if (ret->ctype == NULL)
197 goto err;
198 ret->ctype_len = cert->ctype_len;
199 }
200
201 ret->cert_flags = cert->cert_flags;
202
203 ret->cert_cb = cert->cert_cb;
204 ret->cert_cb_arg = cert->cert_cb_arg;
205
206 if (cert->verify_store) {
207 if (!X509_STORE_up_ref(cert->verify_store))
208 goto err;
209 ret->verify_store = cert->verify_store;
210 }
211
212 if (cert->chain_store) {
213 if (!X509_STORE_up_ref(cert->chain_store))
214 goto err;
215 ret->chain_store = cert->chain_store;
216 }
217
218 ret->sec_cb = cert->sec_cb;
219 ret->sec_level = cert->sec_level;
220 ret->sec_ex = cert->sec_ex;
221
222 if (!custom_exts_copy(&ret->custext, &cert->custext))
223 goto err;
224 #ifndef OPENSSL_NO_PSK
225 if (cert->psk_identity_hint) {
226 ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint);
227 if (ret->psk_identity_hint == NULL)
228 goto err;
229 }
230 #endif
231 return ret;
232
233 err:
234 ssl_cert_free(ret);
235
236 return NULL;
237 }
238
239 /* Free up and clear all certificates and chains */
240
ssl_cert_clear_certs(CERT * c)241 void ssl_cert_clear_certs(CERT *c)
242 {
243 size_t i;
244 #ifndef OPENSSL_NO_COMP_ALG
245 int j;
246 #endif
247
248 if (c == NULL)
249 return;
250 for (i = 0; i < c->ssl_pkey_num; i++) {
251 CERT_PKEY *cpk = c->pkeys + i;
252 X509_free(cpk->x509);
253 cpk->x509 = NULL;
254 EVP_PKEY_free(cpk->privatekey);
255 cpk->privatekey = NULL;
256 OSSL_STACK_OF_X509_free(cpk->chain);
257 cpk->chain = NULL;
258 OPENSSL_free(cpk->serverinfo);
259 cpk->serverinfo = NULL;
260 cpk->serverinfo_length = 0;
261 #ifndef OPENSSL_NO_COMP_ALG
262 for (j = 0; j < TLSEXT_comp_cert_limit; j++) {
263 OSSL_COMP_CERT_free(cpk->comp_cert[j]);
264 cpk->comp_cert[j] = NULL;
265 cpk->cert_comp_used = 0;
266 }
267 #endif
268 }
269 }
270
ssl_cert_free(CERT * c)271 void ssl_cert_free(CERT *c)
272 {
273 int i;
274
275 if (c == NULL)
276 return;
277 CRYPTO_DOWN_REF(&c->references, &i);
278 REF_PRINT_COUNT("CERT", i, c);
279 if (i > 0)
280 return;
281 REF_ASSERT_ISNT(i < 0);
282
283 EVP_PKEY_free(c->dh_tmp);
284
285 ssl_cert_clear_certs(c);
286 OPENSSL_free(c->conf_sigalgs);
287 OPENSSL_free(c->client_sigalgs);
288 OPENSSL_free(c->ctype);
289 X509_STORE_free(c->verify_store);
290 X509_STORE_free(c->chain_store);
291 custom_exts_free(&c->custext);
292 #ifndef OPENSSL_NO_PSK
293 OPENSSL_free(c->psk_identity_hint);
294 #endif
295 OPENSSL_free(c->pkeys);
296 CRYPTO_FREE_REF(&c->references);
297 OPENSSL_free(c);
298 }
299
ssl_cert_set0_chain(SSL_CONNECTION * s,SSL_CTX * ctx,STACK_OF (X509)* chain)300 int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
301 {
302 int i, r;
303 CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key;
304
305 if (!cpk)
306 return 0;
307 for (i = 0; i < sk_X509_num(chain); i++) {
308 X509 *x = sk_X509_value(chain, i);
309
310 r = ssl_security_cert(s, ctx, x, 0, 0);
311 if (r != 1) {
312 ERR_raise(ERR_LIB_SSL, r);
313 return 0;
314 }
315 }
316 OSSL_STACK_OF_X509_free(cpk->chain);
317 cpk->chain = chain;
318 return 1;
319 }
320
ssl_cert_set1_chain(SSL_CONNECTION * s,SSL_CTX * ctx,STACK_OF (X509)* chain)321 int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
322 {
323 STACK_OF(X509) *dchain;
324
325 if (!chain)
326 return ssl_cert_set0_chain(s, ctx, NULL);
327 dchain = X509_chain_up_ref(chain);
328 if (!dchain)
329 return 0;
330 if (!ssl_cert_set0_chain(s, ctx, dchain)) {
331 OSSL_STACK_OF_X509_free(dchain);
332 return 0;
333 }
334 return 1;
335 }
336
ssl_cert_add0_chain_cert(SSL_CONNECTION * s,SSL_CTX * ctx,X509 * x)337 int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
338 {
339 int r;
340 CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
341
342 if (!cpk)
343 return 0;
344 r = ssl_security_cert(s, ctx, x, 0, 0);
345 if (r != 1) {
346 ERR_raise(ERR_LIB_SSL, r);
347 return 0;
348 }
349 if (!cpk->chain)
350 cpk->chain = sk_X509_new_null();
351 if (!cpk->chain || !sk_X509_push(cpk->chain, x))
352 return 0;
353 return 1;
354 }
355
ssl_cert_add1_chain_cert(SSL_CONNECTION * s,SSL_CTX * ctx,X509 * x)356 int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
357 {
358 if (!X509_up_ref(x))
359 return 0;
360 if (!ssl_cert_add0_chain_cert(s, ctx, x)) {
361 X509_free(x);
362 return 0;
363 }
364 return 1;
365 }
366
ssl_cert_select_current(CERT * c,X509 * x)367 int ssl_cert_select_current(CERT *c, X509 *x)
368 {
369 size_t i;
370
371 if (x == NULL)
372 return 0;
373 for (i = 0; i < c->ssl_pkey_num; i++) {
374 CERT_PKEY *cpk = c->pkeys + i;
375 if (cpk->x509 == x && cpk->privatekey) {
376 c->key = cpk;
377 return 1;
378 }
379 }
380
381 for (i = 0; i < c->ssl_pkey_num; i++) {
382 CERT_PKEY *cpk = c->pkeys + i;
383 if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) {
384 c->key = cpk;
385 return 1;
386 }
387 }
388 return 0;
389 }
390
ssl_cert_set_current(CERT * c,long op)391 int ssl_cert_set_current(CERT *c, long op)
392 {
393 size_t i, idx;
394
395 if (!c)
396 return 0;
397 if (op == SSL_CERT_SET_FIRST)
398 idx = 0;
399 else if (op == SSL_CERT_SET_NEXT) {
400 idx = (size_t)(c->key - c->pkeys + 1);
401 if (idx >= c->ssl_pkey_num)
402 return 0;
403 } else
404 return 0;
405 for (i = idx; i < c->ssl_pkey_num; i++) {
406 CERT_PKEY *cpk = c->pkeys + i;
407 if (cpk->x509 && cpk->privatekey) {
408 c->key = cpk;
409 return 1;
410 }
411 }
412 return 0;
413 }
414
ssl_cert_set_cert_cb(CERT * c,int (* cb)(SSL * ssl,void * arg),void * arg)415 void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
416 {
417 c->cert_cb = cb;
418 c->cert_cb_arg = arg;
419 }
420
421 /*
422 * Verify a certificate chain/raw public key
423 * Return codes:
424 * 1: Verify success
425 * 0: Verify failure or error
426 * -1: Retry required
427 */
ssl_verify_internal(SSL_CONNECTION * s,STACK_OF (X509)* sk,EVP_PKEY * rpk)428 static int ssl_verify_internal(SSL_CONNECTION *s, STACK_OF(X509) *sk, EVP_PKEY *rpk)
429 {
430 X509 *x;
431 int i = 0;
432 X509_STORE *verify_store;
433 X509_STORE_CTX *ctx = NULL;
434 X509_VERIFY_PARAM *param;
435 SSL_CTX *sctx;
436
437 /* Something must be passed in */
438 if ((sk == NULL || sk_X509_num(sk) == 0) && rpk == NULL)
439 return 0;
440
441 /* Only one can be set */
442 if (sk != NULL && rpk != NULL)
443 return 0;
444
445 sctx = SSL_CONNECTION_GET_CTX(s);
446 if (s->cert->verify_store)
447 verify_store = s->cert->verify_store;
448 else
449 verify_store = sctx->cert_store;
450
451 ctx = X509_STORE_CTX_new_ex(sctx->libctx, sctx->propq);
452 if (ctx == NULL) {
453 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
454 return 0;
455 }
456
457 if (sk != NULL) {
458 x = sk_X509_value(sk, 0);
459 if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
460 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
461 goto end;
462 }
463 } else {
464 if (!X509_STORE_CTX_init_rpk(ctx, verify_store, rpk)) {
465 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
466 goto end;
467 }
468 }
469 param = X509_STORE_CTX_get0_param(ctx);
470 /*
471 * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
472 * point, for now a single @SECLEVEL sets the same policy for TLS crypto
473 * and PKI authentication.
474 */
475 X509_VERIFY_PARAM_set_auth_level(param,
476 SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)));
477
478 /* Set suite B flags if needed */
479 X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
480 if (!X509_STORE_CTX_set_ex_data(ctx,
481 SSL_get_ex_data_X509_STORE_CTX_idx(),
482 SSL_CONNECTION_GET_USER_SSL(s)))
483 goto end;
484
485 /* Verify via DANE if enabled */
486 if (DANETLS_ENABLED(&s->dane))
487 X509_STORE_CTX_set0_dane(ctx, &s->dane);
488
489 /*
490 * We need to inherit the verify parameters. These can be determined by
491 * the context: if its a server it will verify SSL client certificates or
492 * vice versa.
493 */
494
495 X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
496 /*
497 * Anything non-default in "s->param" should overwrite anything in the ctx.
498 */
499 X509_VERIFY_PARAM_set1(param, s->param);
500
501 if (s->verify_callback)
502 X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
503
504 if (sctx->app_verify_callback != NULL) {
505 i = sctx->app_verify_callback(ctx, sctx->app_verify_arg);
506 } else {
507 i = X509_verify_cert(ctx);
508 /* We treat an error in the same way as a failure to verify */
509 if (i < 0)
510 i = 0;
511 }
512
513 s->verify_result = X509_STORE_CTX_get_error(ctx);
514 OSSL_STACK_OF_X509_free(s->verified_chain);
515 s->verified_chain = NULL;
516
517 if (sk != NULL && X509_STORE_CTX_get0_chain(ctx) != NULL) {
518 s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
519 if (s->verified_chain == NULL) {
520 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
521 i = 0;
522 }
523 }
524
525 /* Move peername from the store context params to the SSL handle's */
526 X509_VERIFY_PARAM_move_peername(s->param, param);
527
528 end:
529 X509_STORE_CTX_free(ctx);
530 return i;
531 }
532
533 /*
534 * Verify a raw public key
535 * Return codes:
536 * 1: Verify success
537 * 0: Verify failure or error
538 * -1: Retry required
539 */
ssl_verify_rpk(SSL_CONNECTION * s,EVP_PKEY * rpk)540 int ssl_verify_rpk(SSL_CONNECTION *s, EVP_PKEY *rpk)
541 {
542 return ssl_verify_internal(s, NULL, rpk);
543 }
544
545 /*
546 * Verify a certificate chain
547 * Return codes:
548 * 1: Verify success
549 * 0: Verify failure or error
550 * -1: Retry required
551 */
ssl_verify_cert_chain(SSL_CONNECTION * s,STACK_OF (X509)* sk)552 int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk)
553 {
554 return ssl_verify_internal(s, sk, NULL);
555 }
556
set0_CA_list(STACK_OF (X509_NAME)** ca_list,STACK_OF (X509_NAME)* name_list)557 static void set0_CA_list(STACK_OF(X509_NAME) **ca_list,
558 STACK_OF(X509_NAME) *name_list)
559 {
560 sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
561 *ca_list = name_list;
562 }
563
STACK_OF(X509_NAME)564 STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
565 {
566 int i;
567 const int num = sk_X509_NAME_num(sk);
568 STACK_OF(X509_NAME) *ret;
569 X509_NAME *name;
570
571 ret = sk_X509_NAME_new_reserve(NULL, num);
572 if (ret == NULL) {
573 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
574 return NULL;
575 }
576 for (i = 0; i < num; i++) {
577 name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
578 if (name == NULL) {
579 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
580 sk_X509_NAME_pop_free(ret, X509_NAME_free);
581 return NULL;
582 }
583 sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */
584 }
585 return ret;
586 }
587
SSL_set0_CA_list(SSL * s,STACK_OF (X509_NAME)* name_list)588 void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
589 {
590 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
591
592 if (sc == NULL)
593 return;
594
595 set0_CA_list(&sc->ca_names, name_list);
596 }
597
SSL_CTX_set0_CA_list(SSL_CTX * ctx,STACK_OF (X509_NAME)* name_list)598 void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
599 {
600 set0_CA_list(&ctx->ca_names, name_list);
601 }
602
STACK_OF(X509_NAME)603 const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
604 {
605 return ctx->ca_names;
606 }
607
STACK_OF(X509_NAME)608 const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
609 {
610 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
611
612 if (sc == NULL)
613 return NULL;
614
615 return sc->ca_names != NULL ? sc->ca_names : s->ctx->ca_names;
616 }
617
SSL_CTX_set_client_CA_list(SSL_CTX * ctx,STACK_OF (X509_NAME)* name_list)618 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
619 {
620 set0_CA_list(&ctx->client_ca_names, name_list);
621 }
622
STACK_OF(X509_NAME)623 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
624 {
625 return ctx->client_ca_names;
626 }
627
SSL_set_client_CA_list(SSL * s,STACK_OF (X509_NAME)* name_list)628 void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
629 {
630 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
631
632 if (sc == NULL)
633 return;
634
635 set0_CA_list(&sc->client_ca_names, name_list);
636 }
637
STACK_OF(X509_NAME)638 const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
639 {
640 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
641
642 if (sc == NULL)
643 return NULL;
644
645 return sc->s3.tmp.peer_ca_names;
646 }
647
STACK_OF(X509_NAME)648 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
649 {
650 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
651
652 if (sc == NULL)
653 return NULL;
654
655 if (!sc->server)
656 return sc->s3.tmp.peer_ca_names;
657 return sc->client_ca_names != NULL ? sc->client_ca_names
658 : s->ctx->client_ca_names;
659 }
660
add_ca_name(STACK_OF (X509_NAME)** sk,const X509 * x)661 static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
662 {
663 X509_NAME *name;
664
665 if (x == NULL)
666 return 0;
667 if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL))
668 return 0;
669
670 if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
671 return 0;
672
673 if (!sk_X509_NAME_push(*sk, name)) {
674 X509_NAME_free(name);
675 return 0;
676 }
677 return 1;
678 }
679
SSL_add1_to_CA_list(SSL * ssl,const X509 * x)680 int SSL_add1_to_CA_list(SSL *ssl, const X509 *x)
681 {
682 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
683
684 if (sc == NULL)
685 return 0;
686
687 return add_ca_name(&sc->ca_names, x);
688 }
689
SSL_CTX_add1_to_CA_list(SSL_CTX * ctx,const X509 * x)690 int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
691 {
692 return add_ca_name(&ctx->ca_names, x);
693 }
694
695 /*
696 * The following two are older names are to be replaced with
697 * SSL(_CTX)_add1_to_CA_list
698 */
SSL_add_client_CA(SSL * ssl,X509 * x)699 int SSL_add_client_CA(SSL *ssl, X509 *x)
700 {
701 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
702
703 if (sc == NULL)
704 return 0;
705
706 return add_ca_name(&sc->client_ca_names, x);
707 }
708
SSL_CTX_add_client_CA(SSL_CTX * ctx,X509 * x)709 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
710 {
711 return add_ca_name(&ctx->client_ca_names, x);
712 }
713
xname_cmp(const X509_NAME * a,const X509_NAME * b)714 static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
715 {
716 unsigned char *abuf = NULL, *bbuf = NULL;
717 int alen, blen, ret;
718
719 /* X509_NAME_cmp() itself casts away constness in this way, so
720 * assume it's safe:
721 */
722 alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
723 blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
724
725 if (alen < 0 || blen < 0)
726 ret = -2;
727 else if (alen != blen)
728 ret = alen - blen;
729 else /* alen == blen */
730 ret = memcmp(abuf, bbuf, alen);
731
732 OPENSSL_free(abuf);
733 OPENSSL_free(bbuf);
734
735 return ret;
736 }
737
xname_sk_cmp(const X509_NAME * const * a,const X509_NAME * const * b)738 static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
739 {
740 return xname_cmp(*a, *b);
741 }
742
xname_hash(const X509_NAME * a)743 static unsigned long xname_hash(const X509_NAME *a)
744 {
745 /* This returns 0 also if SHA1 is not available */
746 return X509_NAME_hash_ex((X509_NAME *)a, NULL, NULL, NULL);
747 }
748
STACK_OF(X509_NAME)749 STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
750 OSSL_LIB_CTX *libctx,
751 const char *propq)
752 {
753 BIO *in = BIO_new(BIO_s_file());
754 X509 *x = NULL;
755 X509_NAME *xn = NULL;
756 STACK_OF(X509_NAME) *ret = NULL;
757 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
758 OSSL_LIB_CTX *prev_libctx = NULL;
759
760 if (file == NULL) {
761 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
762 goto err;
763 }
764 if (name_hash == NULL) {
765 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
766 goto err;
767 }
768 if (in == NULL) {
769 ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
770 goto err;
771 }
772
773 x = X509_new_ex(libctx, propq);
774 if (x == NULL) {
775 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
776 goto err;
777 }
778 if (BIO_read_filename(in, file) <= 0)
779 goto err;
780
781 /* Internally lh_X509_NAME_retrieve() needs the libctx to retrieve SHA1 */
782 prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
783 for (;;) {
784 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
785 break;
786 if (ret == NULL) {
787 ret = sk_X509_NAME_new_null();
788 if (ret == NULL) {
789 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
790 goto err;
791 }
792 }
793 if ((xn = X509_get_subject_name(x)) == NULL)
794 goto err;
795 /* check for duplicates */
796 xn = X509_NAME_dup(xn);
797 if (xn == NULL)
798 goto err;
799 if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
800 /* Duplicate. */
801 X509_NAME_free(xn);
802 xn = NULL;
803 } else {
804 lh_X509_NAME_insert(name_hash, xn);
805 if (!sk_X509_NAME_push(ret, xn))
806 goto err;
807 }
808 }
809 goto done;
810
811 err:
812 X509_NAME_free(xn);
813 sk_X509_NAME_pop_free(ret, X509_NAME_free);
814 ret = NULL;
815 done:
816 /* restore the old libctx */
817 OSSL_LIB_CTX_set0_default(prev_libctx);
818 BIO_free(in);
819 X509_free(x);
820 lh_X509_NAME_free(name_hash);
821 if (ret != NULL)
822 ERR_clear_error();
823 return ret;
824 }
825
STACK_OF(X509_NAME)826 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
827 {
828 return SSL_load_client_CA_file_ex(file, NULL, NULL);
829 }
830
add_file_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * file,LHASH_OF (X509_NAME)* name_hash)831 static int add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
832 const char *file,
833 LHASH_OF(X509_NAME) *name_hash)
834 {
835 BIO *in;
836 X509 *x = NULL;
837 X509_NAME *xn = NULL;
838 int ret = 1;
839
840 in = BIO_new(BIO_s_file());
841
842 if (in == NULL) {
843 ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
844 goto err;
845 }
846
847 if (BIO_read_filename(in, file) <= 0)
848 goto err;
849
850 for (;;) {
851 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
852 break;
853 if ((xn = X509_get_subject_name(x)) == NULL)
854 goto err;
855 xn = X509_NAME_dup(xn);
856 if (xn == NULL)
857 goto err;
858 if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
859 /* Duplicate. */
860 X509_NAME_free(xn);
861 } else if (!sk_X509_NAME_push(stack, xn)) {
862 X509_NAME_free(xn);
863 goto err;
864 } else {
865 /* Successful insert, add to hash table */
866 lh_X509_NAME_insert(name_hash, xn);
867 }
868 }
869
870 ERR_clear_error();
871 goto done;
872
873 err:
874 ret = 0;
875 done:
876 BIO_free(in);
877 X509_free(x);
878 return ret;
879 }
880
SSL_add_file_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * file)881 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
882 const char *file)
883 {
884 X509_NAME *xn = NULL;
885 int ret = 1;
886 int idx = 0;
887 int num = 0;
888 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
889
890 if (file == NULL) {
891 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
892 goto err;
893 }
894
895 if (name_hash == NULL) {
896 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
897 goto err;
898 }
899
900 /*
901 * Pre-populate the lhash with the existing entries of the stack, since
902 * using the LHASH_OF is much faster for duplicate checking. That's because
903 * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
904 * for every single invocation of the comparison function.
905 */
906 num = sk_X509_NAME_num(stack);
907 for (idx = 0; idx < num; idx++) {
908 xn = sk_X509_NAME_value(stack, idx);
909 lh_X509_NAME_insert(name_hash, xn);
910 }
911
912 ret = add_file_cert_subjects_to_stack(stack, file, name_hash);
913 goto done;
914
915 err:
916 ret = 0;
917 done:
918 lh_X509_NAME_free(name_hash);
919 return ret;
920 }
921
SSL_add_dir_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * dir)922 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
923 const char *dir)
924 {
925 OPENSSL_DIR_CTX *d = NULL;
926 const char *filename;
927 int ret = 0;
928 X509_NAME *xn = NULL;
929 int idx = 0;
930 int num = 0;
931 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
932
933 if (name_hash == NULL) {
934 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
935 goto err;
936 }
937
938 /*
939 * Pre-populate the lhash with the existing entries of the stack, since
940 * using the LHASH_OF is much faster for duplicate checking. That's because
941 * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
942 * for every single invocation of the comparison function.
943 */
944 num = sk_X509_NAME_num(stack);
945 for (idx = 0; idx < num; idx++) {
946 xn = sk_X509_NAME_value(stack, idx);
947 lh_X509_NAME_insert(name_hash, xn);
948 }
949
950 while ((filename = OPENSSL_DIR_read(&d, dir))) {
951 char buf[1024];
952 int r;
953 #ifndef OPENSSL_NO_POSIX_IO
954 struct stat st;
955
956 #else
957 /* Cannot use stat so just skip current and parent directories */
958 if (strcmp(filename, ".") == 0 || strcmp(filename, "..") == 0)
959 continue;
960 #endif
961 if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
962 ERR_raise(ERR_LIB_SSL, SSL_R_PATH_TOO_LONG);
963 goto err;
964 }
965 #ifdef OPENSSL_SYS_VMS
966 r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
967 #else
968 r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
969 #endif
970 #ifndef OPENSSL_NO_POSIX_IO
971 /* Skip subdirectories */
972 if (!stat(buf, &st) && S_ISDIR(st.st_mode))
973 continue;
974 #endif
975 if (r <= 0 || r >= (int)sizeof(buf))
976 goto err;
977 if (!add_file_cert_subjects_to_stack(stack, buf, name_hash))
978 goto err;
979 }
980
981 if (errno) {
982 ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
983 "calling OPENSSL_dir_read(%s)", dir);
984 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
985 goto err;
986 }
987
988 ret = 1;
989
990 err:
991 if (d)
992 OPENSSL_DIR_end(&d);
993 lh_X509_NAME_free(name_hash);
994
995 return ret;
996 }
997
add_uris_recursive(STACK_OF (X509_NAME)* stack,const char * uri,int depth)998 static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
999 const char *uri, int depth)
1000 {
1001 int ok = 1;
1002 OSSL_STORE_CTX *ctx = NULL;
1003 X509 *x = NULL;
1004 X509_NAME *xn = NULL;
1005 OSSL_STORE_INFO *info = NULL;
1006
1007 if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL)
1008 goto err;
1009
1010 while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) {
1011 int infotype;
1012
1013 if ((info = OSSL_STORE_load(ctx)) == NULL)
1014 continue;
1015 infotype = OSSL_STORE_INFO_get_type(info);
1016
1017 if (infotype == OSSL_STORE_INFO_NAME) {
1018 /*
1019 * This is an entry in the "directory" represented by the current
1020 * uri. if |depth| allows, dive into it.
1021 */
1022 if (depth > 0)
1023 ok = add_uris_recursive(stack, OSSL_STORE_INFO_get0_NAME(info),
1024 depth - 1);
1025 } else if (infotype == OSSL_STORE_INFO_CERT) {
1026 if ((x = OSSL_STORE_INFO_get0_CERT(info)) == NULL
1027 || (xn = X509_get_subject_name(x)) == NULL
1028 || (xn = X509_NAME_dup(xn)) == NULL)
1029 goto err;
1030 if (sk_X509_NAME_find(stack, xn) >= 0) {
1031 /* Duplicate. */
1032 X509_NAME_free(xn);
1033 } else if (!sk_X509_NAME_push(stack, xn)) {
1034 X509_NAME_free(xn);
1035 goto err;
1036 }
1037 }
1038
1039 OSSL_STORE_INFO_free(info);
1040 info = NULL;
1041 }
1042
1043 ERR_clear_error();
1044 goto done;
1045
1046 err:
1047 ok = 0;
1048 OSSL_STORE_INFO_free(info);
1049 done:
1050 OSSL_STORE_close(ctx);
1051
1052 return ok;
1053 }
1054
SSL_add_store_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * store)1055 int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
1056 const char *store)
1057 {
1058 int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b)
1059 = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
1060 int ret = add_uris_recursive(stack, store, 1);
1061
1062 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
1063 return ret;
1064 }
1065
1066 /* Build a certificate chain for current certificate */
ssl_build_cert_chain(SSL_CONNECTION * s,SSL_CTX * ctx,int flags)1067 int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags)
1068 {
1069 CERT *c = s != NULL ? s->cert : ctx->cert;
1070 CERT_PKEY *cpk = c->key;
1071 X509_STORE *chain_store = NULL;
1072 X509_STORE_CTX *xs_ctx = NULL;
1073 STACK_OF(X509) *chain = NULL, *untrusted = NULL;
1074 X509 *x;
1075 SSL_CTX *real_ctx = (s == NULL) ? ctx : SSL_CONNECTION_GET_CTX(s);
1076 int i, rv = 0;
1077
1078 if (cpk->x509 == NULL) {
1079 ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET);
1080 goto err;
1081 }
1082 /* Rearranging and check the chain: add everything to a store */
1083 if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {
1084 chain_store = X509_STORE_new();
1085 if (chain_store == NULL)
1086 goto err;
1087 for (i = 0; i < sk_X509_num(cpk->chain); i++) {
1088 x = sk_X509_value(cpk->chain, i);
1089 if (!X509_STORE_add_cert(chain_store, x))
1090 goto err;
1091 }
1092 /* Add EE cert too: it might be self signed */
1093 if (!X509_STORE_add_cert(chain_store, cpk->x509))
1094 goto err;
1095 } else {
1096 if (c->chain_store != NULL)
1097 chain_store = c->chain_store;
1098 else
1099 chain_store = real_ctx->cert_store;
1100
1101 if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
1102 untrusted = cpk->chain;
1103 }
1104
1105 xs_ctx = X509_STORE_CTX_new_ex(real_ctx->libctx, real_ctx->propq);
1106 if (xs_ctx == NULL) {
1107 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1108 goto err;
1109 }
1110 if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
1111 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1112 goto err;
1113 }
1114 /* Set suite B flags if needed */
1115 X509_STORE_CTX_set_flags(xs_ctx,
1116 c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
1117
1118 i = X509_verify_cert(xs_ctx);
1119 if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {
1120 if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
1121 ERR_clear_error();
1122 i = 1;
1123 rv = 2;
1124 }
1125 if (i > 0)
1126 chain = X509_STORE_CTX_get1_chain(xs_ctx);
1127 if (i <= 0) {
1128 i = X509_STORE_CTX_get_error(xs_ctx);
1129 ERR_raise_data(ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED,
1130 "Verify error:%s", X509_verify_cert_error_string(i));
1131
1132 goto err;
1133 }
1134 /* Remove EE certificate from chain */
1135 x = sk_X509_shift(chain);
1136 X509_free(x);
1137 if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) {
1138 if (sk_X509_num(chain) > 0) {
1139 /* See if last cert is self signed */
1140 x = sk_X509_value(chain, sk_X509_num(chain) - 1);
1141 if (X509_get_extension_flags(x) & EXFLAG_SS) {
1142 x = sk_X509_pop(chain);
1143 X509_free(x);
1144 }
1145 }
1146 }
1147 /*
1148 * Check security level of all CA certificates: EE will have been checked
1149 * already.
1150 */
1151 for (i = 0; i < sk_X509_num(chain); i++) {
1152 x = sk_X509_value(chain, i);
1153 rv = ssl_security_cert(s, ctx, x, 0, 0);
1154 if (rv != 1) {
1155 ERR_raise(ERR_LIB_SSL, rv);
1156 OSSL_STACK_OF_X509_free(chain);
1157 rv = 0;
1158 goto err;
1159 }
1160 }
1161 OSSL_STACK_OF_X509_free(cpk->chain);
1162 cpk->chain = chain;
1163 if (rv == 0)
1164 rv = 1;
1165 err:
1166 if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
1167 X509_STORE_free(chain_store);
1168 X509_STORE_CTX_free(xs_ctx);
1169
1170 return rv;
1171 }
1172
ssl_cert_set_cert_store(CERT * c,X509_STORE * store,int chain,int ref)1173 int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
1174 {
1175 X509_STORE **pstore;
1176
1177 if (ref && store && !X509_STORE_up_ref(store))
1178 return 0;
1179
1180 if (chain)
1181 pstore = &c->chain_store;
1182 else
1183 pstore = &c->verify_store;
1184 X509_STORE_free(*pstore);
1185 *pstore = store;
1186
1187 return 1;
1188 }
1189
ssl_cert_get_cert_store(CERT * c,X509_STORE ** pstore,int chain)1190 int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain)
1191 {
1192 *pstore = (chain ? c->chain_store : c->verify_store);
1193 return 1;
1194 }
1195
ssl_get_security_level_bits(const SSL * s,const SSL_CTX * ctx,int * levelp)1196 int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
1197 {
1198 int level;
1199 /*
1200 * note that there's a corresponding minbits_table
1201 * in crypto/x509/x509_vfy.c that's used for checking the security level
1202 * of RSA and DSA keys
1203 */
1204 static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
1205
1206 if (ctx != NULL)
1207 level = SSL_CTX_get_security_level(ctx);
1208 else
1209 level = SSL_get_security_level(s);
1210
1211 if (level > 5)
1212 level = 5;
1213 else if (level < 0)
1214 level = 0;
1215
1216 if (levelp != NULL)
1217 *levelp = level;
1218
1219 return minbits_table[level];
1220 }
1221
ssl_security_default_callback(const SSL * s,const SSL_CTX * ctx,int op,int bits,int nid,void * other,void * ex)1222 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
1223 int op, int bits, int nid, void *other,
1224 void *ex)
1225 {
1226 int level, minbits, pfs_mask;
1227 const SSL_CONNECTION *sc;
1228
1229 minbits = ssl_get_security_level_bits(s, ctx, &level);
1230
1231 if (level == 0) {
1232 /*
1233 * No EDH keys weaker than 1024-bits even at level 0, otherwise,
1234 * anything goes.
1235 */
1236 if (op == SSL_SECOP_TMP_DH && bits < 80)
1237 return 0;
1238 return 1;
1239 }
1240 switch (op) {
1241 case SSL_SECOP_CIPHER_SUPPORTED:
1242 case SSL_SECOP_CIPHER_SHARED:
1243 case SSL_SECOP_CIPHER_CHECK:
1244 {
1245 const SSL_CIPHER *c = other;
1246 /* No ciphers below security level */
1247 if (bits < minbits)
1248 return 0;
1249 /* No unauthenticated ciphersuites */
1250 if (c->algorithm_auth & SSL_aNULL)
1251 return 0;
1252 /* No MD5 mac ciphersuites */
1253 if (c->algorithm_mac & SSL_MD5)
1254 return 0;
1255 /* SHA1 HMAC is 160 bits of security */
1256 if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
1257 return 0;
1258 /* Level 3: forward secure ciphersuites only */
1259 pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK;
1260 if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
1261 !(c->algorithm_mkey & pfs_mask))
1262 return 0;
1263 break;
1264 }
1265 case SSL_SECOP_VERSION:
1266 if ((sc = SSL_CONNECTION_FROM_CONST_SSL(s)) == NULL)
1267 return 0;
1268 if (!SSL_CONNECTION_IS_DTLS(sc)) {
1269 /* SSLv3, TLS v1.0 and TLS v1.1 only allowed at level 0 */
1270 if (nid <= TLS1_1_VERSION && level > 0)
1271 return 0;
1272 } else {
1273 /* DTLS v1.0 only allowed at level 0 */
1274 if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level > 0)
1275 return 0;
1276 }
1277 break;
1278
1279 case SSL_SECOP_COMPRESSION:
1280 if (level >= 2)
1281 return 0;
1282 break;
1283 case SSL_SECOP_TICKET:
1284 if (level >= 3)
1285 return 0;
1286 break;
1287 default:
1288 if (bits < minbits)
1289 return 0;
1290 }
1291 return 1;
1292 }
1293
ssl_security(const SSL_CONNECTION * s,int op,int bits,int nid,void * other)1294 int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other)
1295 {
1296 return s->cert->sec_cb(SSL_CONNECTION_GET_USER_SSL(s), NULL, op, bits, nid,
1297 other, s->cert->sec_ex);
1298 }
1299
ssl_ctx_security(const SSL_CTX * ctx,int op,int bits,int nid,void * other)1300 int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
1301 {
1302 return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
1303 ctx->cert->sec_ex);
1304 }
1305
ssl_cert_lookup_by_nid(int nid,size_t * pidx,SSL_CTX * ctx)1306 int ssl_cert_lookup_by_nid(int nid, size_t *pidx, SSL_CTX *ctx)
1307 {
1308 size_t i;
1309
1310 for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
1311 if (ssl_cert_info[i].nid == nid) {
1312 *pidx = i;
1313 return 1;
1314 }
1315 }
1316 for (i = 0; i < ctx->sigalg_list_len; i++) {
1317 if (ctx->ssl_cert_info[i].nid == nid) {
1318 *pidx = SSL_PKEY_NUM + i;
1319 return 1;
1320 }
1321 }
1322 return 0;
1323 }
1324
ssl_cert_lookup_by_pkey(const EVP_PKEY * pk,size_t * pidx,SSL_CTX * ctx)1325 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx, SSL_CTX *ctx)
1326 {
1327 size_t i;
1328
1329 /* check classic pk types */
1330 for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
1331 const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i];
1332
1333 if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid))
1334 || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) {
1335 if (pidx != NULL)
1336 *pidx = i;
1337 return tmp_lu;
1338 }
1339 }
1340 /* check provider-loaded pk types */
1341 for (i = 0; i < ctx->sigalg_list_len; i++) {
1342 SSL_CERT_LOOKUP *tmp_lu = &(ctx->ssl_cert_info[i]);
1343
1344 if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid))
1345 || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) {
1346 if (pidx != NULL)
1347 *pidx = SSL_PKEY_NUM + i;
1348 return &ctx->ssl_cert_info[i];
1349 }
1350 }
1351
1352 return NULL;
1353 }
1354
ssl_cert_lookup_by_idx(size_t idx,SSL_CTX * ctx)1355 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx, SSL_CTX *ctx)
1356 {
1357 if (idx >= (OSSL_NELEM(ssl_cert_info) + ctx->sigalg_list_len))
1358 return NULL;
1359 else if (idx >= (OSSL_NELEM(ssl_cert_info)))
1360 return &(ctx->ssl_cert_info[idx - SSL_PKEY_NUM]);
1361 return &ssl_cert_info[idx];
1362 }
1363