xref: /freebsd/crypto/openssl/ssl/ssl_cert_comp.c (revision e7be843b4a162e68651d3911f0357ed464915629) 
1 /*
2  * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include "ssl_local.h"
12 #include "internal/e_os.h"
13 #include "internal/refcount.h"
14 #include "internal/ssl_unwrap.h"
15 
ossl_calculate_comp_expansion(int alg,size_t length)16 size_t ossl_calculate_comp_expansion(int alg, size_t length)
17 {
18     size_t ret;
19     /*
20      * Uncompressibility expansion:
21      * ZLIB: N + 11 + 5 * (N >> 14)
22      * Brotli: per RFC7932: N + 5 + 3 * (N >> 16)
23      * ZSTD: N + 4 + 14 + 3 * (N >> 17) + 4
24      */
25 
26     switch (alg) {
27     case TLSEXT_comp_cert_zlib:
28         ret = length + 11 + 5 * (length >> 14);
29         break;
30     case TLSEXT_comp_cert_brotli:
31         ret = length + 5 + 3 * (length >> 16);
32         break;
33     case TLSEXT_comp_cert_zstd:
34         ret = length + 22 + 3 * (length >> 17);
35         break;
36     default:
37         return 0;
38     }
39     /* Check for overflow */
40     if (ret < length)
41         return 0;
42     return ret;
43 }
44 
ossl_comp_has_alg(int a)45 int ossl_comp_has_alg(int a)
46 {
47 #ifndef OPENSSL_NO_COMP_ALG
48     /* 0 means "any" algorithm */
49     if ((a == 0 || a == TLSEXT_comp_cert_brotli) && BIO_f_brotli() != NULL)
50         return 1;
51     if ((a == 0 || a == TLSEXT_comp_cert_zstd) && BIO_f_zstd() != NULL)
52         return 1;
53     if ((a == 0 || a == TLSEXT_comp_cert_zlib) && BIO_f_zlib() != NULL)
54         return 1;
55 #endif
56     return 0;
57 }
58 
59 /* New operation Helper routine */
60 #ifndef OPENSSL_NO_COMP_ALG
OSSL_COMP_CERT_new(unsigned char * data,size_t len,size_t orig_len,int alg)61 static OSSL_COMP_CERT *OSSL_COMP_CERT_new(unsigned char *data, size_t len, size_t orig_len, int alg)
62 {
63     OSSL_COMP_CERT *ret = NULL;
64 
65     if (!ossl_comp_has_alg(alg)
66             || data == NULL
67             || (ret = OPENSSL_zalloc(sizeof(*ret))) == NULL
68             || !CRYPTO_NEW_REF(&ret->references, 1))
69         goto err;
70 
71     ret->data = data;
72     ret->len = len;
73     ret->orig_len = orig_len;
74     ret->alg = alg;
75     return ret;
76  err:
77     ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
78     OPENSSL_free(data);
79     OPENSSL_free(ret);
80     return NULL;
81 }
82 
OSSL_COMP_CERT_from_compressed_data(unsigned char * data,size_t len,size_t orig_len,int alg)83 __owur static OSSL_COMP_CERT *OSSL_COMP_CERT_from_compressed_data(unsigned char *data, size_t len,
84                                                                   size_t orig_len, int alg)
85 {
86     return OSSL_COMP_CERT_new(OPENSSL_memdup(data, len), len, orig_len, alg);
87 }
88 
OSSL_COMP_CERT_from_uncompressed_data(unsigned char * data,size_t len,int alg)89 __owur static OSSL_COMP_CERT *OSSL_COMP_CERT_from_uncompressed_data(unsigned char *data, size_t len,
90                                                                     int alg)
91 {
92     OSSL_COMP_CERT *ret = NULL;
93     size_t max_length;
94     int comp_length;
95     COMP_METHOD *method;
96     unsigned char *comp_data = NULL;
97     COMP_CTX *comp_ctx = NULL;
98 
99     switch (alg) {
100     case TLSEXT_comp_cert_brotli:
101         method = COMP_brotli_oneshot();
102         break;
103     case TLSEXT_comp_cert_zlib:
104         method = COMP_zlib_oneshot();
105         break;
106     case TLSEXT_comp_cert_zstd:
107         method = COMP_zstd_oneshot();
108         break;
109     default:
110         goto err;
111     }
112 
113     if ((max_length = ossl_calculate_comp_expansion(alg, len)) == 0
114           || method == NULL
115           || (comp_ctx = COMP_CTX_new(method)) == NULL
116           || (comp_data = OPENSSL_zalloc(max_length)) == NULL)
117         goto err;
118 
119     comp_length = COMP_compress_block(comp_ctx, comp_data, max_length, data, len);
120     if (comp_length <= 0)
121         goto err;
122 
123     ret = OSSL_COMP_CERT_new(comp_data, comp_length, len, alg);
124     comp_data = NULL;
125 
126  err:
127     OPENSSL_free(comp_data);
128     COMP_CTX_free(comp_ctx);
129     return ret;
130 }
131 
OSSL_COMP_CERT_free(OSSL_COMP_CERT * cc)132 void OSSL_COMP_CERT_free(OSSL_COMP_CERT *cc)
133 {
134     int i;
135 
136     if (cc == NULL)
137         return;
138 
139     CRYPTO_DOWN_REF(&cc->references, &i);
140     REF_PRINT_COUNT("OSSL_COMP_CERT", i, cc);
141     if (i > 0)
142         return;
143     REF_ASSERT_ISNT(i < 0);
144 
145     OPENSSL_free(cc->data);
146     CRYPTO_FREE_REF(&cc->references);
147     OPENSSL_free(cc);
148 }
OSSL_COMP_CERT_up_ref(OSSL_COMP_CERT * cc)149 int OSSL_COMP_CERT_up_ref(OSSL_COMP_CERT *cc)
150 {
151     int i;
152 
153     if (CRYPTO_UP_REF(&cc->references, &i) <= 0)
154         return 0;
155 
156     REF_PRINT_COUNT("OSSL_COMP_CERT", i, cc);
157     REF_ASSERT_ISNT(i < 2);
158     return ((i > 1) ? 1 : 0);
159 }
160 
ssl_set_cert_comp_pref(int * prefs,int * algs,size_t len)161 static int ssl_set_cert_comp_pref(int *prefs, int *algs, size_t len)
162 {
163     size_t j = 0;
164     size_t i;
165     int found = 0;
166     int already_set[TLSEXT_comp_cert_limit];
167     int tmp_prefs[TLSEXT_comp_cert_limit];
168 
169     /* Note that |len| is the number of |algs| elements */
170     /* clear all algorithms */
171     if (len == 0 || algs == NULL) {
172         memset(prefs, 0, sizeof(tmp_prefs));
173         return 1;
174     }
175 
176     /* This will 0-terminate the array */
177     memset(tmp_prefs, 0, sizeof(tmp_prefs));
178     memset(already_set, 0, sizeof(already_set));
179     /* Include only those algorithms we support, ignoring duplicates and unknowns */
180     for (i = 0; i < len; i++) {
181         if (algs[i] != 0 && ossl_comp_has_alg(algs[i])) {
182             /* Check for duplicate */
183             if (already_set[algs[i]])
184                 return 0;
185             tmp_prefs[j++] = algs[i];
186             already_set[algs[i]] = 1;
187             found = 1;
188         }
189     }
190     if (found)
191         memcpy(prefs, tmp_prefs, sizeof(tmp_prefs));
192     return found;
193 }
194 
ssl_get_cert_to_compress(SSL * ssl,CERT_PKEY * cpk,unsigned char ** data)195 static size_t ssl_get_cert_to_compress(SSL *ssl, CERT_PKEY *cpk, unsigned char **data)
196 {
197     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
198     WPACKET tmppkt;
199     BUF_MEM buf = { 0 };
200     size_t ret = 0;
201 
202     if (sc == NULL
203             || cpk == NULL
204             || !sc->server
205             || !SSL_in_before(ssl))
206         return 0;
207 
208     /* Use the |tmppkt| for the to-be-compressed data */
209     if (!WPACKET_init(&tmppkt, &buf))
210         goto out;
211 
212     /* no context present, add 0-length context */
213     if (!WPACKET_put_bytes_u8(&tmppkt, 0))
214         goto out;
215 
216     /*
217      * ssl3_output_cert_chain() may generate an SSLfatal() error,
218      * for this case, we want to ignore it, argument for_comp = 1
219      */
220     if (!ssl3_output_cert_chain(sc, &tmppkt, cpk, 1))
221         goto out;
222     WPACKET_get_total_written(&tmppkt, &ret);
223 
224  out:
225     WPACKET_cleanup(&tmppkt);
226     if (ret != 0 && data != NULL)
227         *data = (unsigned char *)buf.data;
228     else
229         OPENSSL_free(buf.data);
230     return ret;
231 }
232 
ssl_compress_one_cert(SSL * ssl,CERT_PKEY * cpk,int alg)233 static int ssl_compress_one_cert(SSL *ssl, CERT_PKEY *cpk, int alg)
234 {
235     unsigned char *cert_data = NULL;
236     OSSL_COMP_CERT *comp_cert = NULL;
237     size_t length;
238 
239     if (cpk == NULL
240             || alg == TLSEXT_comp_cert_none
241             || !ossl_comp_has_alg(alg))
242         return 0;
243 
244     if ((length = ssl_get_cert_to_compress(ssl, cpk, &cert_data)) == 0)
245         return 0;
246     comp_cert = OSSL_COMP_CERT_from_uncompressed_data(cert_data, length, alg);
247     OPENSSL_free(cert_data);
248     if (comp_cert == NULL)
249         return 0;
250 
251     OSSL_COMP_CERT_free(cpk->comp_cert[alg]);
252     cpk->comp_cert[alg] = comp_cert;
253     return 1;
254 }
255 
256 /* alg_in can be 0, meaning any/all algorithms */
ssl_compress_certs(SSL * ssl,CERT_PKEY * cpks,int alg_in)257 static int ssl_compress_certs(SSL *ssl, CERT_PKEY *cpks, int alg_in)
258 {
259     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
260     int i;
261     int j;
262     int alg;
263     int count = 0;
264 
265     if (sc == NULL
266             || cpks == NULL
267             || !ossl_comp_has_alg(alg_in))
268         return 0;
269 
270     /* Look through the preferences to see what we have */
271     for (i = 0; i < TLSEXT_comp_cert_limit; i++) {
272         /*
273          * alg = 0 means compress for everything, but only for algorithms enabled
274          * alg != 0 means compress for that algorithm if enabled
275          */
276         alg = sc->cert_comp_prefs[i];
277         if ((alg_in == 0 && alg != TLSEXT_comp_cert_none)
278                 || (alg_in != 0 && alg == alg_in)) {
279 
280             for (j = 0; j < SSL_PKEY_NUM; j++) {
281                 /* No cert, move on */
282                 if (cpks[j].x509 == NULL)
283                     continue;
284 
285                 if (!ssl_compress_one_cert(ssl, &cpks[j], alg))
286                     return 0;
287 
288                 /* if the cert expanded, set the value in the CERT_PKEY to NULL */
289                 if (cpks[j].comp_cert[alg]->len >= cpks[j].comp_cert[alg]->orig_len) {
290                     OSSL_COMP_CERT_free(cpks[j].comp_cert[alg]);
291                     cpks[j].comp_cert[alg] = NULL;
292                 } else {
293                     count++;
294                 }
295             }
296         }
297     }
298     return (count > 0);
299 }
300 
ssl_get_compressed_cert(SSL * ssl,CERT_PKEY * cpk,int alg,unsigned char ** data,size_t * orig_len)301 static size_t ssl_get_compressed_cert(SSL *ssl, CERT_PKEY *cpk, int alg, unsigned char **data,
302                                       size_t *orig_len)
303 {
304     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
305     size_t cert_len = 0;
306     size_t comp_len = 0;
307     unsigned char *cert_data = NULL;
308     OSSL_COMP_CERT *comp_cert = NULL;
309 
310     if (sc == NULL
311             || cpk == NULL
312             || data == NULL
313             || orig_len == NULL
314             || !sc->server
315             || !SSL_in_before(ssl)
316             || !ossl_comp_has_alg(alg))
317         return 0;
318 
319     if ((cert_len = ssl_get_cert_to_compress(ssl, cpk, &cert_data)) == 0)
320         goto err;
321 
322     comp_cert = OSSL_COMP_CERT_from_uncompressed_data(cert_data, cert_len, alg);
323     OPENSSL_free(cert_data);
324     if (comp_cert == NULL)
325         goto err;
326 
327     comp_len = comp_cert->len;
328     *orig_len = comp_cert->orig_len;
329     *data = comp_cert->data;
330     comp_cert->data = NULL;
331  err:
332     OSSL_COMP_CERT_free(comp_cert);
333     return comp_len;
334 }
335 
ossl_set1_compressed_cert(CERT * cert,int algorithm,unsigned char * comp_data,size_t comp_length,size_t orig_length)336 static int ossl_set1_compressed_cert(CERT *cert, int algorithm,
337                                      unsigned char *comp_data, size_t comp_length,
338                                      size_t orig_length)
339 {
340     OSSL_COMP_CERT *comp_cert;
341 
342     /* No explicit cert set */
343     if (cert == NULL || cert->key == NULL)
344         return 0;
345 
346     comp_cert = OSSL_COMP_CERT_from_compressed_data(comp_data, comp_length,
347                                                     orig_length, algorithm);
348     if (comp_cert == NULL)
349         return 0;
350 
351     OSSL_COMP_CERT_free(cert->key->comp_cert[algorithm]);
352     cert->key->comp_cert[algorithm] = comp_cert;
353 
354     return 1;
355 }
356 #endif
357 
358 /*-
359  * Public API
360  */
SSL_CTX_set1_cert_comp_preference(SSL_CTX * ctx,int * algs,size_t len)361 int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len)
362 {
363 #ifndef OPENSSL_NO_COMP_ALG
364     return ssl_set_cert_comp_pref(ctx->cert_comp_prefs, algs, len);
365 #else
366     return 0;
367 #endif
368 }
369 
SSL_set1_cert_comp_preference(SSL * ssl,int * algs,size_t len)370 int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len)
371 {
372 #ifndef OPENSSL_NO_COMP_ALG
373     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
374 
375     if (sc == NULL)
376         return 0;
377     return ssl_set_cert_comp_pref(sc->cert_comp_prefs, algs, len);
378 #else
379     return 0;
380 #endif
381 }
382 
SSL_compress_certs(SSL * ssl,int alg)383 int SSL_compress_certs(SSL *ssl, int alg)
384 {
385 #ifndef OPENSSL_NO_COMP_ALG
386     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
387 
388     if (sc == NULL || sc->cert == NULL)
389         return 0;
390 
391     return ssl_compress_certs(ssl, sc->cert->pkeys, alg);
392 #endif
393     return 0;
394 }
395 
SSL_CTX_compress_certs(SSL_CTX * ctx,int alg)396 int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg)
397 {
398     int ret = 0;
399 #ifndef OPENSSL_NO_COMP_ALG
400     SSL *new = SSL_new(ctx);
401 
402     if (new == NULL)
403         return 0;
404 
405     ret = ssl_compress_certs(new, ctx->cert->pkeys, alg);
406     SSL_free(new);
407 #endif
408     return ret;
409 }
410 
SSL_get1_compressed_cert(SSL * ssl,int alg,unsigned char ** data,size_t * orig_len)411 size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len)
412 {
413 #ifndef OPENSSL_NO_COMP_ALG
414     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
415     CERT_PKEY *cpk = NULL;
416 
417     if (sc == NULL)
418         return 0;
419 
420     if (sc->cert != NULL)
421         cpk = sc->cert->key;
422     else
423         cpk = ssl->ctx->cert->key;
424 
425     return ssl_get_compressed_cert(ssl, cpk, alg, data, orig_len);
426 #else
427     return 0;
428 #endif
429 }
430 
SSL_CTX_get1_compressed_cert(SSL_CTX * ctx,int alg,unsigned char ** data,size_t * orig_len)431 size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len)
432 {
433 #ifndef OPENSSL_NO_COMP_ALG
434     size_t ret;
435     SSL *new = SSL_new(ctx);
436 
437     ret = ssl_get_compressed_cert(new, ctx->cert->key, alg, data, orig_len);
438     SSL_free(new);
439     return ret;
440 #else
441         return 0;
442 #endif
443 }
444 
SSL_CTX_set1_compressed_cert(SSL_CTX * ctx,int algorithm,unsigned char * comp_data,size_t comp_length,size_t orig_length)445 int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
446                                  size_t comp_length, size_t orig_length)
447 {
448 #ifndef OPENSSL_NO_COMP_ALG
449     return ossl_set1_compressed_cert(ctx->cert, algorithm, comp_data, comp_length, orig_length);
450 #else
451     return 0;
452 #endif
453 }
454 
SSL_set1_compressed_cert(SSL * ssl,int algorithm,unsigned char * comp_data,size_t comp_length,size_t orig_length)455 int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
456                              size_t comp_length, size_t orig_length)
457 {
458 #ifndef OPENSSL_NO_COMP_ALG
459     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
460 
461     /* Cannot set a pre-compressed certificate on a client */
462     if (sc == NULL || !sc->server)
463         return 0;
464 
465     return ossl_set1_compressed_cert(sc->cert, algorithm, comp_data, comp_length, orig_length);
466 #else
467     return 0;
468 #endif
469 }
470