1 /* 2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 * 5 * Licensed under the OpenSSL license (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11 #include <stdio.h> 12 #include <sys/types.h> 13 14 #include "internal/nelem.h" 15 #include "internal/o_dir.h" 16 #include <openssl/bio.h> 17 #include <openssl/pem.h> 18 #include <openssl/x509v3.h> 19 #include <openssl/dh.h> 20 #include <openssl/bn.h> 21 #include <openssl/crypto.h> 22 #include "internal/refcount.h" 23 #include "ssl_locl.h" 24 #include "ssl_cert_table.h" 25 #include "internal/thread_once.h" 26 27 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, 28 int op, int bits, int nid, void *other, 29 void *ex); 30 31 static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT; 32 static volatile int ssl_x509_store_ctx_idx = -1; 33 34 DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init) 35 { 36 ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0, 37 "SSL for verify callback", 38 NULL, NULL, NULL); 39 return ssl_x509_store_ctx_idx >= 0; 40 } 41 42 int SSL_get_ex_data_X509_STORE_CTX_idx(void) 43 { 44 45 if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init)) 46 return -1; 47 return ssl_x509_store_ctx_idx; 48 } 49 50 CERT *ssl_cert_new(void) 51 { 52 CERT *ret = OPENSSL_zalloc(sizeof(*ret)); 53 54 if (ret == NULL) { 55 SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); 56 return NULL; 57 } 58 59 ret->key = &(ret->pkeys[SSL_PKEY_RSA]); 60 ret->references = 1; 61 ret->sec_cb = ssl_security_default_callback; 62 ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL; 63 ret->sec_ex = NULL; 64 ret->lock = CRYPTO_THREAD_lock_new(); 65 if (ret->lock == NULL) { 66 SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); 67 OPENSSL_free(ret); 68 return NULL; 69 } 70 71 return ret; 72 } 73 74 CERT *ssl_cert_dup(CERT *cert) 75 { 76 CERT *ret = OPENSSL_zalloc(sizeof(*ret)); 77 int i; 78 79 if (ret == NULL) { 80 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); 81 return NULL; 82 } 83 84 ret->references = 1; 85 ret->key = &ret->pkeys[cert->key - cert->pkeys]; 86 ret->lock = CRYPTO_THREAD_lock_new(); 87 if (ret->lock == NULL) { 88 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); 89 OPENSSL_free(ret); 90 return NULL; 91 } 92 #ifndef OPENSSL_NO_DH 93 if (cert->dh_tmp != NULL) { 94 ret->dh_tmp = cert->dh_tmp; 95 EVP_PKEY_up_ref(ret->dh_tmp); 96 } 97 ret->dh_tmp_cb = cert->dh_tmp_cb; 98 ret->dh_tmp_auto = cert->dh_tmp_auto; 99 #endif 100 101 for (i = 0; i < SSL_PKEY_NUM; i++) { 102 CERT_PKEY *cpk = cert->pkeys + i; 103 CERT_PKEY *rpk = ret->pkeys + i; 104 if (cpk->x509 != NULL) { 105 rpk->x509 = cpk->x509; 106 X509_up_ref(rpk->x509); 107 } 108 109 if (cpk->privatekey != NULL) { 110 rpk->privatekey = cpk->privatekey; 111 EVP_PKEY_up_ref(cpk->privatekey); 112 } 113 114 if (cpk->chain) { 115 rpk->chain = X509_chain_up_ref(cpk->chain); 116 if (!rpk->chain) { 117 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); 118 goto err; 119 } 120 } 121 if (cert->pkeys[i].serverinfo != NULL) { 122 /* Just copy everything. */ 123 ret->pkeys[i].serverinfo = 124 OPENSSL_malloc(cert->pkeys[i].serverinfo_length); 125 if (ret->pkeys[i].serverinfo == NULL) { 126 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); 127 goto err; 128 } 129 ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length; 130 memcpy(ret->pkeys[i].serverinfo, 131 cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length); 132 } 133 } 134 135 /* Configured sigalgs copied across */ 136 if (cert->conf_sigalgs) { 137 ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen 138 * sizeof(*cert->conf_sigalgs)); 139 if (ret->conf_sigalgs == NULL) 140 goto err; 141 memcpy(ret->conf_sigalgs, cert->conf_sigalgs, 142 cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); 143 ret->conf_sigalgslen = cert->conf_sigalgslen; 144 } else 145 ret->conf_sigalgs = NULL; 146 147 if (cert->client_sigalgs) { 148 ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen 149 * sizeof(*cert->client_sigalgs)); 150 if (ret->client_sigalgs == NULL) 151 goto err; 152 memcpy(ret->client_sigalgs, cert->client_sigalgs, 153 cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); 154 ret->client_sigalgslen = cert->client_sigalgslen; 155 } else 156 ret->client_sigalgs = NULL; 157 /* Shared sigalgs also NULL */ 158 ret->shared_sigalgs = NULL; 159 /* Copy any custom client certificate types */ 160 if (cert->ctype) { 161 ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len); 162 if (ret->ctype == NULL) 163 goto err; 164 ret->ctype_len = cert->ctype_len; 165 } 166 167 ret->cert_flags = cert->cert_flags; 168 169 ret->cert_cb = cert->cert_cb; 170 ret->cert_cb_arg = cert->cert_cb_arg; 171 172 if (cert->verify_store) { 173 X509_STORE_up_ref(cert->verify_store); 174 ret->verify_store = cert->verify_store; 175 } 176 177 if (cert->chain_store) { 178 X509_STORE_up_ref(cert->chain_store); 179 ret->chain_store = cert->chain_store; 180 } 181 182 ret->sec_cb = cert->sec_cb; 183 ret->sec_level = cert->sec_level; 184 ret->sec_ex = cert->sec_ex; 185 186 if (!custom_exts_copy(&ret->custext, &cert->custext)) 187 goto err; 188 #ifndef OPENSSL_NO_PSK 189 if (cert->psk_identity_hint) { 190 ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint); 191 if (ret->psk_identity_hint == NULL) 192 goto err; 193 } 194 #endif 195 return ret; 196 197 err: 198 ssl_cert_free(ret); 199 200 return NULL; 201 } 202 203 /* Free up and clear all certificates and chains */ 204 205 void ssl_cert_clear_certs(CERT *c) 206 { 207 int i; 208 if (c == NULL) 209 return; 210 for (i = 0; i < SSL_PKEY_NUM; i++) { 211 CERT_PKEY *cpk = c->pkeys + i; 212 X509_free(cpk->x509); 213 cpk->x509 = NULL; 214 EVP_PKEY_free(cpk->privatekey); 215 cpk->privatekey = NULL; 216 sk_X509_pop_free(cpk->chain, X509_free); 217 cpk->chain = NULL; 218 OPENSSL_free(cpk->serverinfo); 219 cpk->serverinfo = NULL; 220 cpk->serverinfo_length = 0; 221 } 222 } 223 224 void ssl_cert_free(CERT *c) 225 { 226 int i; 227 228 if (c == NULL) 229 return; 230 CRYPTO_DOWN_REF(&c->references, &i, c->lock); 231 REF_PRINT_COUNT("CERT", c); 232 if (i > 0) 233 return; 234 REF_ASSERT_ISNT(i < 0); 235 236 #ifndef OPENSSL_NO_DH 237 EVP_PKEY_free(c->dh_tmp); 238 #endif 239 240 ssl_cert_clear_certs(c); 241 OPENSSL_free(c->conf_sigalgs); 242 OPENSSL_free(c->client_sigalgs); 243 OPENSSL_free(c->shared_sigalgs); 244 OPENSSL_free(c->ctype); 245 X509_STORE_free(c->verify_store); 246 X509_STORE_free(c->chain_store); 247 custom_exts_free(&c->custext); 248 #ifndef OPENSSL_NO_PSK 249 OPENSSL_free(c->psk_identity_hint); 250 #endif 251 CRYPTO_THREAD_lock_free(c->lock); 252 OPENSSL_free(c); 253 } 254 255 int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) 256 { 257 int i, r; 258 CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key; 259 if (!cpk) 260 return 0; 261 for (i = 0; i < sk_X509_num(chain); i++) { 262 r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0); 263 if (r != 1) { 264 SSLerr(SSL_F_SSL_CERT_SET0_CHAIN, r); 265 return 0; 266 } 267 } 268 sk_X509_pop_free(cpk->chain, X509_free); 269 cpk->chain = chain; 270 return 1; 271 } 272 273 int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) 274 { 275 STACK_OF(X509) *dchain; 276 if (!chain) 277 return ssl_cert_set0_chain(s, ctx, NULL); 278 dchain = X509_chain_up_ref(chain); 279 if (!dchain) 280 return 0; 281 if (!ssl_cert_set0_chain(s, ctx, dchain)) { 282 sk_X509_pop_free(dchain, X509_free); 283 return 0; 284 } 285 return 1; 286 } 287 288 int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x) 289 { 290 int r; 291 CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key; 292 if (!cpk) 293 return 0; 294 r = ssl_security_cert(s, ctx, x, 0, 0); 295 if (r != 1) { 296 SSLerr(SSL_F_SSL_CERT_ADD0_CHAIN_CERT, r); 297 return 0; 298 } 299 if (!cpk->chain) 300 cpk->chain = sk_X509_new_null(); 301 if (!cpk->chain || !sk_X509_push(cpk->chain, x)) 302 return 0; 303 return 1; 304 } 305 306 int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x) 307 { 308 if (!ssl_cert_add0_chain_cert(s, ctx, x)) 309 return 0; 310 X509_up_ref(x); 311 return 1; 312 } 313 314 int ssl_cert_select_current(CERT *c, X509 *x) 315 { 316 int i; 317 if (x == NULL) 318 return 0; 319 for (i = 0; i < SSL_PKEY_NUM; i++) { 320 CERT_PKEY *cpk = c->pkeys + i; 321 if (cpk->x509 == x && cpk->privatekey) { 322 c->key = cpk; 323 return 1; 324 } 325 } 326 327 for (i = 0; i < SSL_PKEY_NUM; i++) { 328 CERT_PKEY *cpk = c->pkeys + i; 329 if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) { 330 c->key = cpk; 331 return 1; 332 } 333 } 334 return 0; 335 } 336 337 int ssl_cert_set_current(CERT *c, long op) 338 { 339 int i, idx; 340 if (!c) 341 return 0; 342 if (op == SSL_CERT_SET_FIRST) 343 idx = 0; 344 else if (op == SSL_CERT_SET_NEXT) { 345 idx = (int)(c->key - c->pkeys + 1); 346 if (idx >= SSL_PKEY_NUM) 347 return 0; 348 } else 349 return 0; 350 for (i = idx; i < SSL_PKEY_NUM; i++) { 351 CERT_PKEY *cpk = c->pkeys + i; 352 if (cpk->x509 && cpk->privatekey) { 353 c->key = cpk; 354 return 1; 355 } 356 } 357 return 0; 358 } 359 360 void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg) 361 { 362 c->cert_cb = cb; 363 c->cert_cb_arg = arg; 364 } 365 366 int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) 367 { 368 X509 *x; 369 int i = 0; 370 X509_STORE *verify_store; 371 X509_STORE_CTX *ctx = NULL; 372 X509_VERIFY_PARAM *param; 373 374 if ((sk == NULL) || (sk_X509_num(sk) == 0)) 375 return 0; 376 377 if (s->cert->verify_store) 378 verify_store = s->cert->verify_store; 379 else 380 verify_store = s->ctx->cert_store; 381 382 ctx = X509_STORE_CTX_new(); 383 if (ctx == NULL) { 384 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE); 385 return 0; 386 } 387 388 x = sk_X509_value(sk, 0); 389 if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) { 390 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); 391 goto end; 392 } 393 param = X509_STORE_CTX_get0_param(ctx); 394 /* 395 * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some 396 * point, for now a single @SECLEVEL sets the same policy for TLS crypto 397 * and PKI authentication. 398 */ 399 X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s)); 400 401 /* Set suite B flags if needed */ 402 X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s)); 403 if (!X509_STORE_CTX_set_ex_data 404 (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { 405 goto end; 406 } 407 408 /* Verify via DANE if enabled */ 409 if (DANETLS_ENABLED(&s->dane)) 410 X509_STORE_CTX_set0_dane(ctx, &s->dane); 411 412 /* 413 * We need to inherit the verify parameters. These can be determined by 414 * the context: if its a server it will verify SSL client certificates or 415 * vice versa. 416 */ 417 418 X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server"); 419 /* 420 * Anything non-default in "s->param" should overwrite anything in the ctx. 421 */ 422 X509_VERIFY_PARAM_set1(param, s->param); 423 424 if (s->verify_callback) 425 X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback); 426 427 if (s->ctx->app_verify_callback != NULL) 428 i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg); 429 else 430 i = X509_verify_cert(ctx); 431 432 s->verify_result = X509_STORE_CTX_get_error(ctx); 433 sk_X509_pop_free(s->verified_chain, X509_free); 434 s->verified_chain = NULL; 435 if (X509_STORE_CTX_get0_chain(ctx) != NULL) { 436 s->verified_chain = X509_STORE_CTX_get1_chain(ctx); 437 if (s->verified_chain == NULL) { 438 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE); 439 i = 0; 440 } 441 } 442 443 /* Move peername from the store context params to the SSL handle's */ 444 X509_VERIFY_PARAM_move_peername(s->param, param); 445 446 end: 447 X509_STORE_CTX_free(ctx); 448 return i; 449 } 450 451 static void set0_CA_list(STACK_OF(X509_NAME) **ca_list, 452 STACK_OF(X509_NAME) *name_list) 453 { 454 sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); 455 *ca_list = name_list; 456 } 457 458 STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk) 459 { 460 int i; 461 const int num = sk_X509_NAME_num(sk); 462 STACK_OF(X509_NAME) *ret; 463 X509_NAME *name; 464 465 ret = sk_X509_NAME_new_reserve(NULL, num); 466 if (ret == NULL) { 467 SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE); 468 return NULL; 469 } 470 for (i = 0; i < num; i++) { 471 name = X509_NAME_dup(sk_X509_NAME_value(sk, i)); 472 if (name == NULL) { 473 SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE); 474 sk_X509_NAME_pop_free(ret, X509_NAME_free); 475 return NULL; 476 } 477 sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */ 478 } 479 return ret; 480 } 481 482 void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) 483 { 484 set0_CA_list(&s->ca_names, name_list); 485 } 486 487 void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) 488 { 489 set0_CA_list(&ctx->ca_names, name_list); 490 } 491 492 const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx) 493 { 494 return ctx->ca_names; 495 } 496 497 const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s) 498 { 499 return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names; 500 } 501 502 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) 503 { 504 set0_CA_list(&ctx->client_ca_names, name_list); 505 } 506 507 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) 508 { 509 return ctx->client_ca_names; 510 } 511 512 void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) 513 { 514 set0_CA_list(&s->client_ca_names, name_list); 515 } 516 517 const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s) 518 { 519 return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL; 520 } 521 522 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) 523 { 524 if (!s->server) 525 return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL; 526 return s->client_ca_names != NULL ? s->client_ca_names 527 : s->ctx->client_ca_names; 528 } 529 530 static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x) 531 { 532 X509_NAME *name; 533 534 if (x == NULL) 535 return 0; 536 if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL)) 537 return 0; 538 539 if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL) 540 return 0; 541 542 if (!sk_X509_NAME_push(*sk, name)) { 543 X509_NAME_free(name); 544 return 0; 545 } 546 return 1; 547 } 548 549 int SSL_add1_to_CA_list(SSL *ssl, const X509 *x) 550 { 551 return add_ca_name(&ssl->ca_names, x); 552 } 553 554 int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x) 555 { 556 return add_ca_name(&ctx->ca_names, x); 557 } 558 559 /* 560 * The following two are older names are to be replaced with 561 * SSL(_CTX)_add1_to_CA_list 562 */ 563 int SSL_add_client_CA(SSL *ssl, X509 *x) 564 { 565 return add_ca_name(&ssl->client_ca_names, x); 566 } 567 568 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) 569 { 570 return add_ca_name(&ctx->client_ca_names, x); 571 } 572 573 static int xname_cmp(const X509_NAME *a, const X509_NAME *b) 574 { 575 unsigned char *abuf = NULL, *bbuf = NULL; 576 int alen, blen, ret; 577 578 /* X509_NAME_cmp() itself casts away constness in this way, so 579 * assume it's safe: 580 */ 581 alen = i2d_X509_NAME((X509_NAME *)a, &abuf); 582 blen = i2d_X509_NAME((X509_NAME *)b, &bbuf); 583 584 if (alen < 0 || blen < 0) 585 ret = -2; 586 else if (alen != blen) 587 ret = alen - blen; 588 else /* alen == blen */ 589 ret = memcmp(abuf, bbuf, alen); 590 591 OPENSSL_free(abuf); 592 OPENSSL_free(bbuf); 593 594 return ret; 595 } 596 597 static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b) 598 { 599 return xname_cmp(*a, *b); 600 } 601 602 static unsigned long xname_hash(const X509_NAME *a) 603 { 604 return X509_NAME_hash((X509_NAME *)a); 605 } 606 607 /** 608 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; 609 * it doesn't really have anything to do with clients (except that a common use 610 * for a stack of CAs is to send it to the client). Actually, it doesn't have 611 * much to do with CAs, either, since it will load any old cert. 612 * \param file the file containing one or more certs. 613 * \return a ::STACK containing the certs. 614 */ 615 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) 616 { 617 BIO *in = BIO_new(BIO_s_file()); 618 X509 *x = NULL; 619 X509_NAME *xn = NULL; 620 STACK_OF(X509_NAME) *ret = NULL; 621 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp); 622 623 if ((name_hash == NULL) || (in == NULL)) { 624 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); 625 goto err; 626 } 627 628 if (!BIO_read_filename(in, file)) 629 goto err; 630 631 for (;;) { 632 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) 633 break; 634 if (ret == NULL) { 635 ret = sk_X509_NAME_new_null(); 636 if (ret == NULL) { 637 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); 638 goto err; 639 } 640 } 641 if ((xn = X509_get_subject_name(x)) == NULL) 642 goto err; 643 /* check for duplicates */ 644 xn = X509_NAME_dup(xn); 645 if (xn == NULL) 646 goto err; 647 if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) { 648 /* Duplicate. */ 649 X509_NAME_free(xn); 650 xn = NULL; 651 } else { 652 lh_X509_NAME_insert(name_hash, xn); 653 if (!sk_X509_NAME_push(ret, xn)) 654 goto err; 655 } 656 } 657 goto done; 658 659 err: 660 X509_NAME_free(xn); 661 sk_X509_NAME_pop_free(ret, X509_NAME_free); 662 ret = NULL; 663 done: 664 BIO_free(in); 665 X509_free(x); 666 lh_X509_NAME_free(name_hash); 667 if (ret != NULL) 668 ERR_clear_error(); 669 return ret; 670 } 671 672 /** 673 * Add a file of certs to a stack. 674 * \param stack the stack to add to. 675 * \param file the file to add from. All certs in this file that are not 676 * already in the stack will be added. 677 * \return 1 for success, 0 for failure. Note that in the case of failure some 678 * certs may have been added to \c stack. 679 */ 680 681 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, 682 const char *file) 683 { 684 BIO *in; 685 X509 *x = NULL; 686 X509_NAME *xn = NULL; 687 int ret = 1; 688 int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b); 689 690 oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp); 691 692 in = BIO_new(BIO_s_file()); 693 694 if (in == NULL) { 695 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE); 696 goto err; 697 } 698 699 if (!BIO_read_filename(in, file)) 700 goto err; 701 702 for (;;) { 703 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) 704 break; 705 if ((xn = X509_get_subject_name(x)) == NULL) 706 goto err; 707 xn = X509_NAME_dup(xn); 708 if (xn == NULL) 709 goto err; 710 if (sk_X509_NAME_find(stack, xn) >= 0) { 711 /* Duplicate. */ 712 X509_NAME_free(xn); 713 } else if (!sk_X509_NAME_push(stack, xn)) { 714 X509_NAME_free(xn); 715 goto err; 716 } 717 } 718 719 ERR_clear_error(); 720 goto done; 721 722 err: 723 ret = 0; 724 done: 725 BIO_free(in); 726 X509_free(x); 727 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); 728 return ret; 729 } 730 731 /** 732 * Add a directory of certs to a stack. 733 * \param stack the stack to append to. 734 * \param dir the directory to append from. All files in this directory will be 735 * examined as potential certs. Any that are acceptable to 736 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be 737 * included. 738 * \return 1 for success, 0 for failure. Note that in the case of failure some 739 * certs may have been added to \c stack. 740 */ 741 742 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, 743 const char *dir) 744 { 745 OPENSSL_DIR_CTX *d = NULL; 746 const char *filename; 747 int ret = 0; 748 749 /* Note that a side effect is that the CAs will be sorted by name */ 750 751 while ((filename = OPENSSL_DIR_read(&d, dir))) { 752 char buf[1024]; 753 int r; 754 755 if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) { 756 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, 757 SSL_R_PATH_TOO_LONG); 758 goto err; 759 } 760 #ifdef OPENSSL_SYS_VMS 761 r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename); 762 #else 763 r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename); 764 #endif 765 if (r <= 0 || r >= (int)sizeof(buf)) 766 goto err; 767 if (!SSL_add_file_cert_subjects_to_stack(stack, buf)) 768 goto err; 769 } 770 771 if (errno) { 772 SYSerr(SYS_F_OPENDIR, get_last_sys_error()); 773 ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); 774 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); 775 goto err; 776 } 777 778 ret = 1; 779 780 err: 781 if (d) 782 OPENSSL_DIR_end(&d); 783 784 return ret; 785 } 786 787 /* Build a certificate chain for current certificate */ 788 int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) 789 { 790 CERT *c = s ? s->cert : ctx->cert; 791 CERT_PKEY *cpk = c->key; 792 X509_STORE *chain_store = NULL; 793 X509_STORE_CTX *xs_ctx = NULL; 794 STACK_OF(X509) *chain = NULL, *untrusted = NULL; 795 X509 *x; 796 int i, rv = 0; 797 798 if (!cpk->x509) { 799 SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_NO_CERTIFICATE_SET); 800 goto err; 801 } 802 /* Rearranging and check the chain: add everything to a store */ 803 if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) { 804 chain_store = X509_STORE_new(); 805 if (chain_store == NULL) 806 goto err; 807 for (i = 0; i < sk_X509_num(cpk->chain); i++) { 808 x = sk_X509_value(cpk->chain, i); 809 if (!X509_STORE_add_cert(chain_store, x)) 810 goto err; 811 } 812 /* Add EE cert too: it might be self signed */ 813 if (!X509_STORE_add_cert(chain_store, cpk->x509)) 814 goto err; 815 } else { 816 if (c->chain_store) 817 chain_store = c->chain_store; 818 else if (s) 819 chain_store = s->ctx->cert_store; 820 else 821 chain_store = ctx->cert_store; 822 823 if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED) 824 untrusted = cpk->chain; 825 } 826 827 xs_ctx = X509_STORE_CTX_new(); 828 if (xs_ctx == NULL) { 829 SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE); 830 goto err; 831 } 832 if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) { 833 SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_X509_LIB); 834 goto err; 835 } 836 /* Set suite B flags if needed */ 837 X509_STORE_CTX_set_flags(xs_ctx, 838 c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS); 839 840 i = X509_verify_cert(xs_ctx); 841 if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) { 842 if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR) 843 ERR_clear_error(); 844 i = 1; 845 rv = 2; 846 } 847 if (i > 0) 848 chain = X509_STORE_CTX_get1_chain(xs_ctx); 849 if (i <= 0) { 850 SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_CERTIFICATE_VERIFY_FAILED); 851 i = X509_STORE_CTX_get_error(xs_ctx); 852 ERR_add_error_data(2, "Verify error:", 853 X509_verify_cert_error_string(i)); 854 855 goto err; 856 } 857 /* Remove EE certificate from chain */ 858 x = sk_X509_shift(chain); 859 X509_free(x); 860 if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) { 861 if (sk_X509_num(chain) > 0) { 862 /* See if last cert is self signed */ 863 x = sk_X509_value(chain, sk_X509_num(chain) - 1); 864 if (X509_get_extension_flags(x) & EXFLAG_SS) { 865 x = sk_X509_pop(chain); 866 X509_free(x); 867 } 868 } 869 } 870 /* 871 * Check security level of all CA certificates: EE will have been checked 872 * already. 873 */ 874 for (i = 0; i < sk_X509_num(chain); i++) { 875 x = sk_X509_value(chain, i); 876 rv = ssl_security_cert(s, ctx, x, 0, 0); 877 if (rv != 1) { 878 SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, rv); 879 sk_X509_pop_free(chain, X509_free); 880 rv = 0; 881 goto err; 882 } 883 } 884 sk_X509_pop_free(cpk->chain, X509_free); 885 cpk->chain = chain; 886 if (rv == 0) 887 rv = 1; 888 err: 889 if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) 890 X509_STORE_free(chain_store); 891 X509_STORE_CTX_free(xs_ctx); 892 893 return rv; 894 } 895 896 int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref) 897 { 898 X509_STORE **pstore; 899 if (chain) 900 pstore = &c->chain_store; 901 else 902 pstore = &c->verify_store; 903 X509_STORE_free(*pstore); 904 *pstore = store; 905 if (ref && store) 906 X509_STORE_up_ref(store); 907 return 1; 908 } 909 910 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, 911 int op, int bits, int nid, void *other, 912 void *ex) 913 { 914 int level, minbits; 915 static const int minbits_table[5] = { 80, 112, 128, 192, 256 }; 916 if (ctx) 917 level = SSL_CTX_get_security_level(ctx); 918 else 919 level = SSL_get_security_level(s); 920 921 if (level <= 0) { 922 /* 923 * No EDH keys weaker than 1024-bits even at level 0, otherwise, 924 * anything goes. 925 */ 926 if (op == SSL_SECOP_TMP_DH && bits < 80) 927 return 0; 928 return 1; 929 } 930 if (level > 5) 931 level = 5; 932 minbits = minbits_table[level - 1]; 933 switch (op) { 934 case SSL_SECOP_CIPHER_SUPPORTED: 935 case SSL_SECOP_CIPHER_SHARED: 936 case SSL_SECOP_CIPHER_CHECK: 937 { 938 const SSL_CIPHER *c = other; 939 /* No ciphers below security level */ 940 if (bits < minbits) 941 return 0; 942 /* No unauthenticated ciphersuites */ 943 if (c->algorithm_auth & SSL_aNULL) 944 return 0; 945 /* No MD5 mac ciphersuites */ 946 if (c->algorithm_mac & SSL_MD5) 947 return 0; 948 /* SHA1 HMAC is 160 bits of security */ 949 if (minbits > 160 && c->algorithm_mac & SSL_SHA1) 950 return 0; 951 /* Level 2: no RC4 */ 952 if (level >= 2 && c->algorithm_enc == SSL_RC4) 953 return 0; 954 /* Level 3: forward secure ciphersuites only */ 955 if (level >= 3 && c->min_tls != TLS1_3_VERSION && 956 !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) 957 return 0; 958 break; 959 } 960 case SSL_SECOP_VERSION: 961 if (!SSL_IS_DTLS(s)) { 962 /* SSLv3 not allowed at level 2 */ 963 if (nid <= SSL3_VERSION && level >= 2) 964 return 0; 965 /* TLS v1.1 and above only for level 3 */ 966 if (nid <= TLS1_VERSION && level >= 3) 967 return 0; 968 /* TLS v1.2 only for level 4 and above */ 969 if (nid <= TLS1_1_VERSION && level >= 4) 970 return 0; 971 } else { 972 /* DTLS v1.2 only for level 4 and above */ 973 if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 4) 974 return 0; 975 } 976 break; 977 978 case SSL_SECOP_COMPRESSION: 979 if (level >= 2) 980 return 0; 981 break; 982 case SSL_SECOP_TICKET: 983 if (level >= 3) 984 return 0; 985 break; 986 default: 987 if (bits < minbits) 988 return 0; 989 } 990 return 1; 991 } 992 993 int ssl_security(const SSL *s, int op, int bits, int nid, void *other) 994 { 995 return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex); 996 } 997 998 int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other) 999 { 1000 return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other, 1001 ctx->cert->sec_ex); 1002 } 1003 1004 int ssl_cert_lookup_by_nid(int nid, size_t *pidx) 1005 { 1006 size_t i; 1007 1008 for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) { 1009 if (ssl_cert_info[i].nid == nid) { 1010 *pidx = i; 1011 return 1; 1012 } 1013 } 1014 1015 return 0; 1016 } 1017 1018 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx) 1019 { 1020 int nid = EVP_PKEY_id(pk); 1021 size_t tmpidx; 1022 1023 if (nid == NID_undef) 1024 return NULL; 1025 1026 if (!ssl_cert_lookup_by_nid(nid, &tmpidx)) 1027 return NULL; 1028 1029 if (pidx != NULL) 1030 *pidx = tmpidx; 1031 1032 return &ssl_cert_info[tmpidx]; 1033 } 1034 1035 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx) 1036 { 1037 if (idx >= OSSL_NELEM(ssl_cert_info)) 1038 return NULL; 1039 return &ssl_cert_info[idx]; 1040 } 1041