[331] | 1 | /*
|
---|
| 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
| 3 | *
|
---|
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
---|
| 6 | * in the file LICENSE in the source distribution or at
|
---|
| 7 | * https://www.openssl.org/source/license.html
|
---|
| 8 | */
|
---|
| 9 |
|
---|
| 10 | /* ====================================================================
|
---|
| 11 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
---|
| 12 | * ECC cipher suite support in OpenSSL originally developed by
|
---|
| 13 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
|
---|
| 14 | */
|
---|
| 15 |
|
---|
| 16 | #include <stdio.h>
|
---|
| 17 |
|
---|
| 18 | #include "e_os.h"
|
---|
| 19 | #ifndef NO_SYS_TYPES_H
|
---|
| 20 | # include <sys/types.h>
|
---|
| 21 | #endif
|
---|
| 22 |
|
---|
| 23 | #include "internal/o_dir.h"
|
---|
| 24 | #include <openssl/lhash.h>
|
---|
| 25 | #include <openssl/bio.h>
|
---|
| 26 | #include <openssl/pem.h>
|
---|
| 27 | #include <openssl/x509v3.h>
|
---|
| 28 | #include <openssl/dh.h>
|
---|
| 29 | #include <openssl/bn.h>
|
---|
| 30 | #include <openssl/crypto.h>
|
---|
| 31 | #include "ssl_locl.h"
|
---|
| 32 | #include "internal/thread_once.h"
|
---|
| 33 |
|
---|
| 34 | static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
|
---|
| 35 | int op, int bits, int nid, void *other,
|
---|
| 36 | void *ex);
|
---|
| 37 |
|
---|
| 38 | static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
|
---|
| 39 | static volatile int ssl_x509_store_ctx_idx = -1;
|
---|
| 40 |
|
---|
| 41 | DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
|
---|
| 42 | {
|
---|
| 43 | ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
|
---|
| 44 | "SSL for verify callback",
|
---|
| 45 | NULL, NULL, NULL);
|
---|
| 46 | return ssl_x509_store_ctx_idx >= 0;
|
---|
| 47 | }
|
---|
| 48 |
|
---|
| 49 | int SSL_get_ex_data_X509_STORE_CTX_idx(void)
|
---|
| 50 | {
|
---|
| 51 |
|
---|
| 52 | if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
|
---|
| 53 | return -1;
|
---|
| 54 | return ssl_x509_store_ctx_idx;
|
---|
| 55 | }
|
---|
| 56 |
|
---|
| 57 | CERT *ssl_cert_new(void)
|
---|
| 58 | {
|
---|
| 59 | CERT *ret = OPENSSL_zalloc(sizeof(*ret));
|
---|
| 60 |
|
---|
| 61 | if (ret == NULL) {
|
---|
| 62 | SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
|
---|
| 63 | return NULL;
|
---|
| 64 | }
|
---|
| 65 |
|
---|
| 66 | ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
|
---|
| 67 | ret->references = 1;
|
---|
| 68 | ret->sec_cb = ssl_security_default_callback;
|
---|
| 69 | ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
|
---|
| 70 | ret->sec_ex = NULL;
|
---|
| 71 | ret->lock = CRYPTO_THREAD_lock_new();
|
---|
| 72 | if (ret->lock == NULL) {
|
---|
| 73 | SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
|
---|
| 74 | OPENSSL_free(ret);
|
---|
| 75 | return NULL;
|
---|
| 76 | }
|
---|
| 77 |
|
---|
| 78 | return ret;
|
---|
| 79 | }
|
---|
| 80 |
|
---|
| 81 | CERT *ssl_cert_dup(CERT *cert)
|
---|
| 82 | {
|
---|
| 83 | CERT *ret = OPENSSL_zalloc(sizeof(*ret));
|
---|
| 84 | int i;
|
---|
| 85 |
|
---|
| 86 | if (ret == NULL) {
|
---|
| 87 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
|
---|
| 88 | return NULL;
|
---|
| 89 | }
|
---|
| 90 |
|
---|
| 91 | ret->references = 1;
|
---|
| 92 | ret->key = &ret->pkeys[cert->key - cert->pkeys];
|
---|
| 93 | ret->lock = CRYPTO_THREAD_lock_new();
|
---|
| 94 | if (ret->lock == NULL) {
|
---|
| 95 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
|
---|
| 96 | OPENSSL_free(ret);
|
---|
| 97 | return NULL;
|
---|
| 98 | }
|
---|
| 99 | #ifndef OPENSSL_NO_DH
|
---|
| 100 | if (cert->dh_tmp != NULL) {
|
---|
| 101 | ret->dh_tmp = cert->dh_tmp;
|
---|
| 102 | EVP_PKEY_up_ref(ret->dh_tmp);
|
---|
| 103 | }
|
---|
| 104 | ret->dh_tmp_cb = cert->dh_tmp_cb;
|
---|
| 105 | ret->dh_tmp_auto = cert->dh_tmp_auto;
|
---|
| 106 | #endif
|
---|
| 107 |
|
---|
| 108 | for (i = 0; i < SSL_PKEY_NUM; i++) {
|
---|
| 109 | CERT_PKEY *cpk = cert->pkeys + i;
|
---|
| 110 | CERT_PKEY *rpk = ret->pkeys + i;
|
---|
| 111 | if (cpk->x509 != NULL) {
|
---|
| 112 | rpk->x509 = cpk->x509;
|
---|
| 113 | X509_up_ref(rpk->x509);
|
---|
| 114 | }
|
---|
| 115 |
|
---|
| 116 | if (cpk->privatekey != NULL) {
|
---|
| 117 | rpk->privatekey = cpk->privatekey;
|
---|
| 118 | EVP_PKEY_up_ref(cpk->privatekey);
|
---|
| 119 | }
|
---|
| 120 |
|
---|
| 121 | if (cpk->chain) {
|
---|
| 122 | rpk->chain = X509_chain_up_ref(cpk->chain);
|
---|
| 123 | if (!rpk->chain) {
|
---|
| 124 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
|
---|
| 125 | goto err;
|
---|
| 126 | }
|
---|
| 127 | }
|
---|
| 128 | if (cert->pkeys[i].serverinfo != NULL) {
|
---|
| 129 | /* Just copy everything. */
|
---|
| 130 | ret->pkeys[i].serverinfo =
|
---|
| 131 | OPENSSL_malloc(cert->pkeys[i].serverinfo_length);
|
---|
| 132 | if (ret->pkeys[i].serverinfo == NULL) {
|
---|
| 133 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
|
---|
| 134 | goto err;
|
---|
| 135 | }
|
---|
| 136 | ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length;
|
---|
| 137 | memcpy(ret->pkeys[i].serverinfo,
|
---|
| 138 | cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length);
|
---|
| 139 | }
|
---|
| 140 | }
|
---|
| 141 |
|
---|
| 142 | /* Configured sigalgs copied across */
|
---|
| 143 | if (cert->conf_sigalgs) {
|
---|
| 144 | ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
|
---|
| 145 | if (ret->conf_sigalgs == NULL)
|
---|
| 146 | goto err;
|
---|
| 147 | memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen);
|
---|
| 148 | ret->conf_sigalgslen = cert->conf_sigalgslen;
|
---|
| 149 | } else
|
---|
| 150 | ret->conf_sigalgs = NULL;
|
---|
| 151 |
|
---|
| 152 | if (cert->client_sigalgs) {
|
---|
| 153 | ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
|
---|
| 154 | if (ret->client_sigalgs == NULL)
|
---|
| 155 | goto err;
|
---|
| 156 | memcpy(ret->client_sigalgs, cert->client_sigalgs,
|
---|
| 157 | cert->client_sigalgslen);
|
---|
| 158 | ret->client_sigalgslen = cert->client_sigalgslen;
|
---|
| 159 | } else
|
---|
| 160 | ret->client_sigalgs = NULL;
|
---|
| 161 | /* Shared sigalgs also NULL */
|
---|
| 162 | ret->shared_sigalgs = NULL;
|
---|
| 163 | /* Copy any custom client certificate types */
|
---|
| 164 | if (cert->ctypes) {
|
---|
| 165 | ret->ctypes = OPENSSL_malloc(cert->ctype_num);
|
---|
| 166 | if (ret->ctypes == NULL)
|
---|
| 167 | goto err;
|
---|
| 168 | memcpy(ret->ctypes, cert->ctypes, cert->ctype_num);
|
---|
| 169 | ret->ctype_num = cert->ctype_num;
|
---|
| 170 | }
|
---|
| 171 |
|
---|
| 172 | ret->cert_flags = cert->cert_flags;
|
---|
| 173 |
|
---|
| 174 | ret->cert_cb = cert->cert_cb;
|
---|
| 175 | ret->cert_cb_arg = cert->cert_cb_arg;
|
---|
| 176 |
|
---|
| 177 | if (cert->verify_store) {
|
---|
| 178 | X509_STORE_up_ref(cert->verify_store);
|
---|
| 179 | ret->verify_store = cert->verify_store;
|
---|
| 180 | }
|
---|
| 181 |
|
---|
| 182 | if (cert->chain_store) {
|
---|
| 183 | X509_STORE_up_ref(cert->chain_store);
|
---|
| 184 | ret->chain_store = cert->chain_store;
|
---|
| 185 | }
|
---|
| 186 |
|
---|
| 187 | ret->sec_cb = cert->sec_cb;
|
---|
| 188 | ret->sec_level = cert->sec_level;
|
---|
| 189 | ret->sec_ex = cert->sec_ex;
|
---|
| 190 |
|
---|
| 191 | if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext))
|
---|
| 192 | goto err;
|
---|
| 193 | if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
|
---|
| 194 | goto err;
|
---|
| 195 | #ifndef OPENSSL_NO_PSK
|
---|
| 196 | if (cert->psk_identity_hint) {
|
---|
| 197 | ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint);
|
---|
| 198 | if (ret->psk_identity_hint == NULL)
|
---|
| 199 | goto err;
|
---|
| 200 | }
|
---|
| 201 | #endif
|
---|
| 202 | return ret;
|
---|
| 203 |
|
---|
| 204 | err:
|
---|
| 205 | ssl_cert_free(ret);
|
---|
| 206 |
|
---|
| 207 | return NULL;
|
---|
| 208 | }
|
---|
| 209 |
|
---|
| 210 | /* Free up and clear all certificates and chains */
|
---|
| 211 |
|
---|
| 212 | void ssl_cert_clear_certs(CERT *c)
|
---|
| 213 | {
|
---|
| 214 | int i;
|
---|
| 215 | if (c == NULL)
|
---|
| 216 | return;
|
---|
| 217 | for (i = 0; i < SSL_PKEY_NUM; i++) {
|
---|
| 218 | CERT_PKEY *cpk = c->pkeys + i;
|
---|
| 219 | X509_free(cpk->x509);
|
---|
| 220 | cpk->x509 = NULL;
|
---|
| 221 | EVP_PKEY_free(cpk->privatekey);
|
---|
| 222 | cpk->privatekey = NULL;
|
---|
| 223 | sk_X509_pop_free(cpk->chain, X509_free);
|
---|
| 224 | cpk->chain = NULL;
|
---|
| 225 | OPENSSL_free(cpk->serverinfo);
|
---|
| 226 | cpk->serverinfo = NULL;
|
---|
| 227 | cpk->serverinfo_length = 0;
|
---|
| 228 | }
|
---|
| 229 | }
|
---|
| 230 |
|
---|
| 231 | void ssl_cert_free(CERT *c)
|
---|
| 232 | {
|
---|
| 233 | int i;
|
---|
| 234 |
|
---|
| 235 | if (c == NULL)
|
---|
| 236 | return;
|
---|
| 237 |
|
---|
| 238 | CRYPTO_atomic_add(&c->references, -1, &i, c->lock);
|
---|
| 239 | REF_PRINT_COUNT("CERT", c);
|
---|
| 240 | if (i > 0)
|
---|
| 241 | return;
|
---|
| 242 | REF_ASSERT_ISNT(i < 0);
|
---|
| 243 |
|
---|
| 244 | #ifndef OPENSSL_NO_DH
|
---|
| 245 | EVP_PKEY_free(c->dh_tmp);
|
---|
| 246 | #endif
|
---|
| 247 |
|
---|
| 248 | ssl_cert_clear_certs(c);
|
---|
| 249 | OPENSSL_free(c->conf_sigalgs);
|
---|
| 250 | OPENSSL_free(c->client_sigalgs);
|
---|
| 251 | OPENSSL_free(c->shared_sigalgs);
|
---|
| 252 | OPENSSL_free(c->ctypes);
|
---|
| 253 | X509_STORE_free(c->verify_store);
|
---|
| 254 | X509_STORE_free(c->chain_store);
|
---|
| 255 | custom_exts_free(&c->cli_ext);
|
---|
| 256 | custom_exts_free(&c->srv_ext);
|
---|
| 257 | #ifndef OPENSSL_NO_PSK
|
---|
| 258 | OPENSSL_free(c->psk_identity_hint);
|
---|
| 259 | #endif
|
---|
| 260 | CRYPTO_THREAD_lock_free(c->lock);
|
---|
| 261 | OPENSSL_free(c);
|
---|
| 262 | }
|
---|
| 263 |
|
---|
| 264 | int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
|
---|
| 265 | {
|
---|
| 266 | int i, r;
|
---|
| 267 | CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
|
---|
| 268 | if (!cpk)
|
---|
| 269 | return 0;
|
---|
| 270 | for (i = 0; i < sk_X509_num(chain); i++) {
|
---|
| 271 | r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
|
---|
| 272 | if (r != 1) {
|
---|
| 273 | SSLerr(SSL_F_SSL_CERT_SET0_CHAIN, r);
|
---|
| 274 | return 0;
|
---|
| 275 | }
|
---|
| 276 | }
|
---|
| 277 | sk_X509_pop_free(cpk->chain, X509_free);
|
---|
| 278 | cpk->chain = chain;
|
---|
| 279 | return 1;
|
---|
| 280 | }
|
---|
| 281 |
|
---|
| 282 | int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
|
---|
| 283 | {
|
---|
| 284 | STACK_OF(X509) *dchain;
|
---|
| 285 | if (!chain)
|
---|
| 286 | return ssl_cert_set0_chain(s, ctx, NULL);
|
---|
| 287 | dchain = X509_chain_up_ref(chain);
|
---|
| 288 | if (!dchain)
|
---|
| 289 | return 0;
|
---|
| 290 | if (!ssl_cert_set0_chain(s, ctx, dchain)) {
|
---|
| 291 | sk_X509_pop_free(dchain, X509_free);
|
---|
| 292 | return 0;
|
---|
| 293 | }
|
---|
| 294 | return 1;
|
---|
| 295 | }
|
---|
| 296 |
|
---|
| 297 | int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
|
---|
| 298 | {
|
---|
| 299 | int r;
|
---|
| 300 | CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
|
---|
| 301 | if (!cpk)
|
---|
| 302 | return 0;
|
---|
| 303 | r = ssl_security_cert(s, ctx, x, 0, 0);
|
---|
| 304 | if (r != 1) {
|
---|
| 305 | SSLerr(SSL_F_SSL_CERT_ADD0_CHAIN_CERT, r);
|
---|
| 306 | return 0;
|
---|
| 307 | }
|
---|
| 308 | if (!cpk->chain)
|
---|
| 309 | cpk->chain = sk_X509_new_null();
|
---|
| 310 | if (!cpk->chain || !sk_X509_push(cpk->chain, x))
|
---|
| 311 | return 0;
|
---|
| 312 | return 1;
|
---|
| 313 | }
|
---|
| 314 |
|
---|
| 315 | int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
|
---|
| 316 | {
|
---|
| 317 | if (!ssl_cert_add0_chain_cert(s, ctx, x))
|
---|
| 318 | return 0;
|
---|
| 319 | X509_up_ref(x);
|
---|
| 320 | return 1;
|
---|
| 321 | }
|
---|
| 322 |
|
---|
| 323 | int ssl_cert_select_current(CERT *c, X509 *x)
|
---|
| 324 | {
|
---|
| 325 | int i;
|
---|
| 326 | if (x == NULL)
|
---|
| 327 | return 0;
|
---|
| 328 | for (i = 0; i < SSL_PKEY_NUM; i++) {
|
---|
| 329 | CERT_PKEY *cpk = c->pkeys + i;
|
---|
| 330 | if (cpk->x509 == x && cpk->privatekey) {
|
---|
| 331 | c->key = cpk;
|
---|
| 332 | return 1;
|
---|
| 333 | }
|
---|
| 334 | }
|
---|
| 335 |
|
---|
| 336 | for (i = 0; i < SSL_PKEY_NUM; i++) {
|
---|
| 337 | CERT_PKEY *cpk = c->pkeys + i;
|
---|
| 338 | if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) {
|
---|
| 339 | c->key = cpk;
|
---|
| 340 | return 1;
|
---|
| 341 | }
|
---|
| 342 | }
|
---|
| 343 | return 0;
|
---|
| 344 | }
|
---|
| 345 |
|
---|
| 346 | int ssl_cert_set_current(CERT *c, long op)
|
---|
| 347 | {
|
---|
| 348 | int i, idx;
|
---|
| 349 | if (!c)
|
---|
| 350 | return 0;
|
---|
| 351 | if (op == SSL_CERT_SET_FIRST)
|
---|
| 352 | idx = 0;
|
---|
| 353 | else if (op == SSL_CERT_SET_NEXT) {
|
---|
| 354 | idx = (int)(c->key - c->pkeys + 1);
|
---|
| 355 | if (idx >= SSL_PKEY_NUM)
|
---|
| 356 | return 0;
|
---|
| 357 | } else
|
---|
| 358 | return 0;
|
---|
| 359 | for (i = idx; i < SSL_PKEY_NUM; i++) {
|
---|
| 360 | CERT_PKEY *cpk = c->pkeys + i;
|
---|
| 361 | if (cpk->x509 && cpk->privatekey) {
|
---|
| 362 | c->key = cpk;
|
---|
| 363 | return 1;
|
---|
| 364 | }
|
---|
| 365 | }
|
---|
| 366 | return 0;
|
---|
| 367 | }
|
---|
| 368 |
|
---|
| 369 | void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
|
---|
| 370 | {
|
---|
| 371 | c->cert_cb = cb;
|
---|
| 372 | c->cert_cb_arg = arg;
|
---|
| 373 | }
|
---|
| 374 |
|
---|
| 375 | int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
|
---|
| 376 | {
|
---|
| 377 | X509 *x;
|
---|
| 378 | int i = 0;
|
---|
| 379 | X509_STORE *verify_store;
|
---|
| 380 | X509_STORE_CTX *ctx = NULL;
|
---|
| 381 | X509_VERIFY_PARAM *param;
|
---|
| 382 |
|
---|
| 383 | if ((sk == NULL) || (sk_X509_num(sk) == 0))
|
---|
| 384 | return 0;
|
---|
| 385 |
|
---|
| 386 | if (s->cert->verify_store)
|
---|
| 387 | verify_store = s->cert->verify_store;
|
---|
| 388 | else
|
---|
| 389 | verify_store = s->ctx->cert_store;
|
---|
| 390 |
|
---|
| 391 | ctx = X509_STORE_CTX_new();
|
---|
| 392 | if (ctx == NULL) {
|
---|
| 393 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
|
---|
| 394 | return 0;
|
---|
| 395 | }
|
---|
| 396 |
|
---|
| 397 | x = sk_X509_value(sk, 0);
|
---|
| 398 | if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
|
---|
| 399 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB);
|
---|
| 400 | goto end;
|
---|
| 401 | }
|
---|
| 402 | param = X509_STORE_CTX_get0_param(ctx);
|
---|
| 403 | /*
|
---|
| 404 | * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
|
---|
| 405 | * point, for now a single @SECLEVEL sets the same policy for TLS crypto
|
---|
| 406 | * and PKI authentication.
|
---|
| 407 | */
|
---|
| 408 | X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
|
---|
| 409 |
|
---|
| 410 | /* Set suite B flags if needed */
|
---|
| 411 | X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
|
---|
| 412 | if (!X509_STORE_CTX_set_ex_data
|
---|
| 413 | (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
|
---|
| 414 | goto end;
|
---|
| 415 | }
|
---|
| 416 |
|
---|
| 417 | /* Verify via DANE if enabled */
|
---|
| 418 | if (DANETLS_ENABLED(&s->dane))
|
---|
| 419 | X509_STORE_CTX_set0_dane(ctx, &s->dane);
|
---|
| 420 |
|
---|
| 421 | /*
|
---|
| 422 | * We need to inherit the verify parameters. These can be determined by
|
---|
| 423 | * the context: if its a server it will verify SSL client certificates or
|
---|
| 424 | * vice versa.
|
---|
| 425 | */
|
---|
| 426 |
|
---|
| 427 | X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
|
---|
| 428 | /*
|
---|
| 429 | * Anything non-default in "s->param" should overwrite anything in the ctx.
|
---|
| 430 | */
|
---|
| 431 | X509_VERIFY_PARAM_set1(param, s->param);
|
---|
| 432 |
|
---|
| 433 | if (s->verify_callback)
|
---|
| 434 | X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
|
---|
| 435 |
|
---|
| 436 | if (s->ctx->app_verify_callback != NULL)
|
---|
| 437 | i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg);
|
---|
| 438 | else
|
---|
| 439 | i = X509_verify_cert(ctx);
|
---|
| 440 |
|
---|
| 441 | s->verify_result = X509_STORE_CTX_get_error(ctx);
|
---|
| 442 | sk_X509_pop_free(s->verified_chain, X509_free);
|
---|
| 443 | s->verified_chain = NULL;
|
---|
| 444 | if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
|
---|
| 445 | s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
|
---|
| 446 | if (s->verified_chain == NULL) {
|
---|
| 447 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
|
---|
| 448 | i = 0;
|
---|
| 449 | }
|
---|
| 450 | }
|
---|
| 451 |
|
---|
| 452 | /* Move peername from the store context params to the SSL handle's */
|
---|
| 453 | X509_VERIFY_PARAM_move_peername(s->param, param);
|
---|
| 454 |
|
---|
| 455 | end:
|
---|
| 456 | X509_STORE_CTX_free(ctx);
|
---|
| 457 | return i;
|
---|
| 458 | }
|
---|
| 459 |
|
---|
| 460 | static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
|
---|
| 461 | STACK_OF(X509_NAME) *name_list)
|
---|
| 462 | {
|
---|
| 463 | sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
|
---|
| 464 | *ca_list = name_list;
|
---|
| 465 | }
|
---|
| 466 |
|
---|
| 467 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
|
---|
| 468 | {
|
---|
| 469 | int i;
|
---|
| 470 | STACK_OF(X509_NAME) *ret;
|
---|
| 471 | X509_NAME *name;
|
---|
| 472 |
|
---|
| 473 | ret = sk_X509_NAME_new_null();
|
---|
| 474 | if (ret == NULL) {
|
---|
| 475 | SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
|
---|
| 476 | return NULL;
|
---|
| 477 | }
|
---|
| 478 | for (i = 0; i < sk_X509_NAME_num(sk); i++) {
|
---|
| 479 | name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
|
---|
| 480 | if (name == NULL || !sk_X509_NAME_push(ret, name)) {
|
---|
| 481 | sk_X509_NAME_pop_free(ret, X509_NAME_free);
|
---|
| 482 | X509_NAME_free(name);
|
---|
| 483 | return NULL;
|
---|
| 484 | }
|
---|
| 485 | }
|
---|
| 486 | return (ret);
|
---|
| 487 | }
|
---|
| 488 |
|
---|
| 489 | void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
|
---|
| 490 | {
|
---|
| 491 | set_client_CA_list(&(s->client_CA), name_list);
|
---|
| 492 | }
|
---|
| 493 |
|
---|
| 494 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
|
---|
| 495 | {
|
---|
| 496 | set_client_CA_list(&(ctx->client_CA), name_list);
|
---|
| 497 | }
|
---|
| 498 |
|
---|
| 499 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
|
---|
| 500 | {
|
---|
| 501 | return (ctx->client_CA);
|
---|
| 502 | }
|
---|
| 503 |
|
---|
| 504 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
|
---|
| 505 | {
|
---|
| 506 | if (!s->server) { /* we are in the client */
|
---|
| 507 | if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL))
|
---|
| 508 | return (s->s3->tmp.ca_names);
|
---|
| 509 | else
|
---|
| 510 | return (NULL);
|
---|
| 511 | } else {
|
---|
| 512 | if (s->client_CA != NULL)
|
---|
| 513 | return (s->client_CA);
|
---|
| 514 | else
|
---|
| 515 | return (s->ctx->client_CA);
|
---|
| 516 | }
|
---|
| 517 | }
|
---|
| 518 |
|
---|
| 519 | static int add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x)
|
---|
| 520 | {
|
---|
| 521 | X509_NAME *name;
|
---|
| 522 |
|
---|
| 523 | if (x == NULL)
|
---|
| 524 | return (0);
|
---|
| 525 | if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL))
|
---|
| 526 | return (0);
|
---|
| 527 |
|
---|
| 528 | if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
|
---|
| 529 | return (0);
|
---|
| 530 |
|
---|
| 531 | if (!sk_X509_NAME_push(*sk, name)) {
|
---|
| 532 | X509_NAME_free(name);
|
---|
| 533 | return (0);
|
---|
| 534 | }
|
---|
| 535 | return (1);
|
---|
| 536 | }
|
---|
| 537 |
|
---|
| 538 | int SSL_add_client_CA(SSL *ssl, X509 *x)
|
---|
| 539 | {
|
---|
| 540 | return (add_client_CA(&(ssl->client_CA), x));
|
---|
| 541 | }
|
---|
| 542 |
|
---|
| 543 | int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
|
---|
| 544 | {
|
---|
| 545 | return (add_client_CA(&(ctx->client_CA), x));
|
---|
| 546 | }
|
---|
| 547 |
|
---|
| 548 | static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
|
---|
| 549 | {
|
---|
| 550 | return (X509_NAME_cmp(*a, *b));
|
---|
| 551 | }
|
---|
| 552 |
|
---|
| 553 | static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
|
---|
| 554 | {
|
---|
| 555 | return X509_NAME_cmp(a, b);
|
---|
| 556 | }
|
---|
| 557 |
|
---|
| 558 | static unsigned long xname_hash(const X509_NAME *a)
|
---|
| 559 | {
|
---|
| 560 | return X509_NAME_hash((X509_NAME *)a);
|
---|
| 561 | }
|
---|
| 562 |
|
---|
| 563 | /**
|
---|
| 564 | * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
|
---|
| 565 | * it doesn't really have anything to do with clients (except that a common use
|
---|
| 566 | * for a stack of CAs is to send it to the client). Actually, it doesn't have
|
---|
| 567 | * much to do with CAs, either, since it will load any old cert.
|
---|
| 568 | * \param file the file containing one or more certs.
|
---|
| 569 | * \return a ::STACK containing the certs.
|
---|
| 570 | */
|
---|
| 571 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
|
---|
| 572 | {
|
---|
| 573 | BIO *in = BIO_new(BIO_s_file());
|
---|
| 574 | X509 *x = NULL;
|
---|
| 575 | X509_NAME *xn = NULL;
|
---|
| 576 | STACK_OF(X509_NAME) *ret = NULL;
|
---|
| 577 | LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
|
---|
| 578 |
|
---|
| 579 | if ((name_hash == NULL) || (in == NULL)) {
|
---|
| 580 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
|
---|
| 581 | goto err;
|
---|
| 582 | }
|
---|
| 583 |
|
---|
| 584 | if (!BIO_read_filename(in, file))
|
---|
| 585 | goto err;
|
---|
| 586 |
|
---|
| 587 | for (;;) {
|
---|
| 588 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
|
---|
| 589 | break;
|
---|
| 590 | if (ret == NULL) {
|
---|
| 591 | ret = sk_X509_NAME_new_null();
|
---|
| 592 | if (ret == NULL) {
|
---|
| 593 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
|
---|
| 594 | goto err;
|
---|
| 595 | }
|
---|
| 596 | }
|
---|
| 597 | if ((xn = X509_get_subject_name(x)) == NULL)
|
---|
| 598 | goto err;
|
---|
| 599 | /* check for duplicates */
|
---|
| 600 | xn = X509_NAME_dup(xn);
|
---|
| 601 | if (xn == NULL)
|
---|
| 602 | goto err;
|
---|
| 603 | if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
|
---|
| 604 | /* Duplicate. */
|
---|
| 605 | X509_NAME_free(xn);
|
---|
| 606 | xn = NULL;
|
---|
| 607 | } else {
|
---|
| 608 | lh_X509_NAME_insert(name_hash, xn);
|
---|
| 609 | if (!sk_X509_NAME_push(ret, xn))
|
---|
| 610 | goto err;
|
---|
| 611 | }
|
---|
| 612 | }
|
---|
| 613 | goto done;
|
---|
| 614 |
|
---|
| 615 | err:
|
---|
| 616 | X509_NAME_free(xn);
|
---|
| 617 | sk_X509_NAME_pop_free(ret, X509_NAME_free);
|
---|
| 618 | ret = NULL;
|
---|
| 619 | done:
|
---|
| 620 | BIO_free(in);
|
---|
| 621 | X509_free(x);
|
---|
| 622 | lh_X509_NAME_free(name_hash);
|
---|
| 623 | if (ret != NULL)
|
---|
| 624 | ERR_clear_error();
|
---|
| 625 | return (ret);
|
---|
| 626 | }
|
---|
| 627 |
|
---|
| 628 | /**
|
---|
| 629 | * Add a file of certs to a stack.
|
---|
| 630 | * \param stack the stack to add to.
|
---|
| 631 | * \param file the file to add from. All certs in this file that are not
|
---|
| 632 | * already in the stack will be added.
|
---|
| 633 | * \return 1 for success, 0 for failure. Note that in the case of failure some
|
---|
| 634 | * certs may have been added to \c stack.
|
---|
| 635 | */
|
---|
| 636 |
|
---|
| 637 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
|
---|
| 638 | const char *file)
|
---|
| 639 | {
|
---|
| 640 | BIO *in;
|
---|
| 641 | X509 *x = NULL;
|
---|
| 642 | X509_NAME *xn = NULL;
|
---|
| 643 | int ret = 1;
|
---|
| 644 | int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b);
|
---|
| 645 |
|
---|
| 646 | oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
|
---|
| 647 |
|
---|
| 648 | in = BIO_new(BIO_s_file());
|
---|
| 649 |
|
---|
| 650 | if (in == NULL) {
|
---|
| 651 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE);
|
---|
| 652 | goto err;
|
---|
| 653 | }
|
---|
| 654 |
|
---|
| 655 | if (!BIO_read_filename(in, file))
|
---|
| 656 | goto err;
|
---|
| 657 |
|
---|
| 658 | for (;;) {
|
---|
| 659 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
|
---|
| 660 | break;
|
---|
| 661 | if ((xn = X509_get_subject_name(x)) == NULL)
|
---|
| 662 | goto err;
|
---|
| 663 | xn = X509_NAME_dup(xn);
|
---|
| 664 | if (xn == NULL)
|
---|
| 665 | goto err;
|
---|
| 666 | if (sk_X509_NAME_find(stack, xn) >= 0) {
|
---|
| 667 | /* Duplicate. */
|
---|
| 668 | X509_NAME_free(xn);
|
---|
| 669 | } else if (!sk_X509_NAME_push(stack, xn)) {
|
---|
| 670 | X509_NAME_free(xn);
|
---|
| 671 | goto err;
|
---|
| 672 | }
|
---|
| 673 | }
|
---|
| 674 |
|
---|
| 675 | ERR_clear_error();
|
---|
| 676 | goto done;
|
---|
| 677 |
|
---|
| 678 | err:
|
---|
| 679 | ret = 0;
|
---|
| 680 | done:
|
---|
| 681 | BIO_free(in);
|
---|
| 682 | X509_free(x);
|
---|
| 683 | (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
|
---|
| 684 | return ret;
|
---|
| 685 | }
|
---|
| 686 |
|
---|
| 687 | /**
|
---|
| 688 | * Add a directory of certs to a stack.
|
---|
| 689 | * \param stack the stack to append to.
|
---|
| 690 | * \param dir the directory to append from. All files in this directory will be
|
---|
| 691 | * examined as potential certs. Any that are acceptable to
|
---|
| 692 | * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
|
---|
| 693 | * included.
|
---|
| 694 | * \return 1 for success, 0 for failure. Note that in the case of failure some
|
---|
| 695 | * certs may have been added to \c stack.
|
---|
| 696 | */
|
---|
| 697 |
|
---|
| 698 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
|
---|
| 699 | const char *dir)
|
---|
| 700 | {
|
---|
| 701 | OPENSSL_DIR_CTX *d = NULL;
|
---|
| 702 | const char *filename;
|
---|
| 703 | int ret = 0;
|
---|
| 704 |
|
---|
| 705 | /* Note that a side effect is that the CAs will be sorted by name */
|
---|
| 706 |
|
---|
| 707 | while ((filename = OPENSSL_DIR_read(&d, dir))) {
|
---|
| 708 | char buf[1024];
|
---|
| 709 | int r;
|
---|
| 710 |
|
---|
| 711 | if (strlen(dir) + strlen(filename) + 2 > sizeof buf) {
|
---|
| 712 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,
|
---|
| 713 | SSL_R_PATH_TOO_LONG);
|
---|
| 714 | goto err;
|
---|
| 715 | }
|
---|
| 716 | #ifdef OPENSSL_SYS_VMS
|
---|
| 717 | r = BIO_snprintf(buf, sizeof buf, "%s%s", dir, filename);
|
---|
| 718 | #else
|
---|
| 719 | r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename);
|
---|
| 720 | #endif
|
---|
| 721 | if (r <= 0 || r >= (int)sizeof(buf))
|
---|
| 722 | goto err;
|
---|
| 723 | if (!SSL_add_file_cert_subjects_to_stack(stack, buf))
|
---|
| 724 | goto err;
|
---|
| 725 | }
|
---|
| 726 |
|
---|
| 727 | if (errno) {
|
---|
| 728 | SYSerr(SYS_F_OPENDIR, get_last_sys_error());
|
---|
| 729 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
|
---|
| 730 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
|
---|
| 731 | goto err;
|
---|
| 732 | }
|
---|
| 733 |
|
---|
| 734 | ret = 1;
|
---|
| 735 |
|
---|
| 736 | err:
|
---|
| 737 | if (d)
|
---|
| 738 | OPENSSL_DIR_end(&d);
|
---|
| 739 |
|
---|
| 740 | return ret;
|
---|
| 741 | }
|
---|
| 742 |
|
---|
| 743 | /* Add a certificate to a BUF_MEM structure */
|
---|
| 744 |
|
---|
| 745 | static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
|
---|
| 746 | {
|
---|
| 747 | int n;
|
---|
| 748 | unsigned char *p;
|
---|
| 749 |
|
---|
| 750 | n = i2d_X509(x, NULL);
|
---|
| 751 | if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
|
---|
| 752 | SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
|
---|
| 753 | return 0;
|
---|
| 754 | }
|
---|
| 755 | p = (unsigned char *)&(buf->data[*l]);
|
---|
| 756 | l2n3(n, p);
|
---|
| 757 | n = i2d_X509(x, &p);
|
---|
| 758 | if (n < 0) {
|
---|
| 759 | /* Shouldn't happen */
|
---|
| 760 | SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
|
---|
| 761 | return 0;
|
---|
| 762 | }
|
---|
| 763 | *l += n + 3;
|
---|
| 764 |
|
---|
| 765 | return 1;
|
---|
| 766 | }
|
---|
| 767 |
|
---|
| 768 | /* Add certificate chain to internal SSL BUF_MEM structure */
|
---|
| 769 | int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
|
---|
| 770 | {
|
---|
| 771 | BUF_MEM *buf = s->init_buf;
|
---|
| 772 | int i, chain_count;
|
---|
| 773 | X509 *x;
|
---|
| 774 | STACK_OF(X509) *extra_certs;
|
---|
| 775 | STACK_OF(X509) *chain = NULL;
|
---|
| 776 | X509_STORE *chain_store;
|
---|
| 777 |
|
---|
| 778 | /* TLSv1 sends a chain with nothing in it, instead of an alert */
|
---|
| 779 | if (!BUF_MEM_grow_clean(buf, 10)) {
|
---|
| 780 | SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_BUF_LIB);
|
---|
| 781 | return 0;
|
---|
| 782 | }
|
---|
| 783 |
|
---|
| 784 | if (!cpk || !cpk->x509)
|
---|
| 785 | return 1;
|
---|
| 786 |
|
---|
| 787 | x = cpk->x509;
|
---|
| 788 |
|
---|
| 789 | /*
|
---|
| 790 | * If we have a certificate specific chain use it, else use parent ctx.
|
---|
| 791 | */
|
---|
| 792 | if (cpk->chain)
|
---|
| 793 | extra_certs = cpk->chain;
|
---|
| 794 | else
|
---|
| 795 | extra_certs = s->ctx->extra_certs;
|
---|
| 796 |
|
---|
| 797 | if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs)
|
---|
| 798 | chain_store = NULL;
|
---|
| 799 | else if (s->cert->chain_store)
|
---|
| 800 | chain_store = s->cert->chain_store;
|
---|
| 801 | else
|
---|
| 802 | chain_store = s->ctx->cert_store;
|
---|
| 803 |
|
---|
| 804 | if (chain_store) {
|
---|
| 805 | X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new();
|
---|
| 806 |
|
---|
| 807 | if (xs_ctx == NULL) {
|
---|
| 808 | SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
|
---|
| 809 | return (0);
|
---|
| 810 | }
|
---|
| 811 | if (!X509_STORE_CTX_init(xs_ctx, chain_store, x, NULL)) {
|
---|
| 812 | X509_STORE_CTX_free(xs_ctx);
|
---|
| 813 | SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_X509_LIB);
|
---|
| 814 | return (0);
|
---|
| 815 | }
|
---|
| 816 | /*
|
---|
| 817 | * It is valid for the chain not to be complete (because normally we
|
---|
| 818 | * don't include the root cert in the chain). Therefore we deliberately
|
---|
| 819 | * ignore the error return from this call. We're not actually verifying
|
---|
| 820 | * the cert - we're just building as much of the chain as we can
|
---|
| 821 | */
|
---|
| 822 | (void)X509_verify_cert(xs_ctx);
|
---|
| 823 | /* Don't leave errors in the queue */
|
---|
| 824 | ERR_clear_error();
|
---|
| 825 | chain = X509_STORE_CTX_get0_chain(xs_ctx);
|
---|
| 826 | i = ssl_security_cert_chain(s, chain, NULL, 0);
|
---|
| 827 | if (i != 1) {
|
---|
| 828 | #if 0
|
---|
| 829 | /* Dummy error calls so mkerr generates them */
|
---|
| 830 | SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_EE_KEY_TOO_SMALL);
|
---|
| 831 | SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_KEY_TOO_SMALL);
|
---|
| 832 | SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_MD_TOO_WEAK);
|
---|
| 833 | #endif
|
---|
| 834 | X509_STORE_CTX_free(xs_ctx);
|
---|
| 835 | SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, i);
|
---|
| 836 | return 0;
|
---|
| 837 | }
|
---|
| 838 | chain_count = sk_X509_num(chain);
|
---|
| 839 | for (i = 0; i < chain_count; i++) {
|
---|
| 840 | x = sk_X509_value(chain, i);
|
---|
| 841 |
|
---|
| 842 | if (!ssl_add_cert_to_buf(buf, l, x)) {
|
---|
| 843 | X509_STORE_CTX_free(xs_ctx);
|
---|
| 844 | return 0;
|
---|
| 845 | }
|
---|
| 846 | }
|
---|
| 847 | X509_STORE_CTX_free(xs_ctx);
|
---|
| 848 | } else {
|
---|
| 849 | i = ssl_security_cert_chain(s, extra_certs, x, 0);
|
---|
| 850 | if (i != 1) {
|
---|
| 851 | SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, i);
|
---|
| 852 | return 0;
|
---|
| 853 | }
|
---|
| 854 | if (!ssl_add_cert_to_buf(buf, l, x))
|
---|
| 855 | return 0;
|
---|
| 856 | for (i = 0; i < sk_X509_num(extra_certs); i++) {
|
---|
| 857 | x = sk_X509_value(extra_certs, i);
|
---|
| 858 | if (!ssl_add_cert_to_buf(buf, l, x))
|
---|
| 859 | return 0;
|
---|
| 860 | }
|
---|
| 861 | }
|
---|
| 862 | return 1;
|
---|
| 863 | }
|
---|
| 864 |
|
---|
| 865 | /* Build a certificate chain for current certificate */
|
---|
| 866 | int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
|
---|
| 867 | {
|
---|
| 868 | CERT *c = s ? s->cert : ctx->cert;
|
---|
| 869 | CERT_PKEY *cpk = c->key;
|
---|
| 870 | X509_STORE *chain_store = NULL;
|
---|
| 871 | X509_STORE_CTX *xs_ctx = NULL;
|
---|
| 872 | STACK_OF(X509) *chain = NULL, *untrusted = NULL;
|
---|
| 873 | X509 *x;
|
---|
| 874 | int i, rv = 0;
|
---|
| 875 | unsigned long error;
|
---|
| 876 |
|
---|
| 877 | if (!cpk->x509) {
|
---|
| 878 | SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_NO_CERTIFICATE_SET);
|
---|
| 879 | goto err;
|
---|
| 880 | }
|
---|
| 881 | /* Rearranging and check the chain: add everything to a store */
|
---|
| 882 | if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {
|
---|
| 883 | chain_store = X509_STORE_new();
|
---|
| 884 | if (chain_store == NULL)
|
---|
| 885 | goto err;
|
---|
| 886 | for (i = 0; i < sk_X509_num(cpk->chain); i++) {
|
---|
| 887 | x = sk_X509_value(cpk->chain, i);
|
---|
| 888 | if (!X509_STORE_add_cert(chain_store, x)) {
|
---|
| 889 | error = ERR_peek_last_error();
|
---|
| 890 | if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
|
---|
| 891 | ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
|
---|
| 892 | goto err;
|
---|
| 893 | ERR_clear_error();
|
---|
| 894 | }
|
---|
| 895 | }
|
---|
| 896 | /* Add EE cert too: it might be self signed */
|
---|
| 897 | if (!X509_STORE_add_cert(chain_store, cpk->x509)) {
|
---|
| 898 | error = ERR_peek_last_error();
|
---|
| 899 | if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
|
---|
| 900 | ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
|
---|
| 901 | goto err;
|
---|
| 902 | ERR_clear_error();
|
---|
| 903 | }
|
---|
| 904 | } else {
|
---|
| 905 | if (c->chain_store)
|
---|
| 906 | chain_store = c->chain_store;
|
---|
| 907 | else if (s)
|
---|
| 908 | chain_store = s->ctx->cert_store;
|
---|
| 909 | else
|
---|
| 910 | chain_store = ctx->cert_store;
|
---|
| 911 |
|
---|
| 912 | if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
|
---|
| 913 | untrusted = cpk->chain;
|
---|
| 914 | }
|
---|
| 915 |
|
---|
| 916 | xs_ctx = X509_STORE_CTX_new();
|
---|
| 917 | if (xs_ctx == NULL) {
|
---|
| 918 | SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
|
---|
| 919 | goto err;
|
---|
| 920 | }
|
---|
| 921 | if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
|
---|
| 922 | SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_X509_LIB);
|
---|
| 923 | goto err;
|
---|
| 924 | }
|
---|
| 925 | /* Set suite B flags if needed */
|
---|
| 926 | X509_STORE_CTX_set_flags(xs_ctx,
|
---|
| 927 | c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
|
---|
| 928 |
|
---|
| 929 | i = X509_verify_cert(xs_ctx);
|
---|
| 930 | if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {
|
---|
| 931 | if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
|
---|
| 932 | ERR_clear_error();
|
---|
| 933 | i = 1;
|
---|
| 934 | rv = 2;
|
---|
| 935 | }
|
---|
| 936 | if (i > 0)
|
---|
| 937 | chain = X509_STORE_CTX_get1_chain(xs_ctx);
|
---|
| 938 | if (i <= 0) {
|
---|
| 939 | SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_CERTIFICATE_VERIFY_FAILED);
|
---|
| 940 | i = X509_STORE_CTX_get_error(xs_ctx);
|
---|
| 941 | ERR_add_error_data(2, "Verify error:",
|
---|
| 942 | X509_verify_cert_error_string(i));
|
---|
| 943 |
|
---|
| 944 | goto err;
|
---|
| 945 | }
|
---|
| 946 | /* Remove EE certificate from chain */
|
---|
| 947 | x = sk_X509_shift(chain);
|
---|
| 948 | X509_free(x);
|
---|
| 949 | if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) {
|
---|
| 950 | if (sk_X509_num(chain) > 0) {
|
---|
| 951 | /* See if last cert is self signed */
|
---|
| 952 | x = sk_X509_value(chain, sk_X509_num(chain) - 1);
|
---|
| 953 | if (X509_get_extension_flags(x) & EXFLAG_SS) {
|
---|
| 954 | x = sk_X509_pop(chain);
|
---|
| 955 | X509_free(x);
|
---|
| 956 | }
|
---|
| 957 | }
|
---|
| 958 | }
|
---|
| 959 | /*
|
---|
| 960 | * Check security level of all CA certificates: EE will have been checked
|
---|
| 961 | * already.
|
---|
| 962 | */
|
---|
| 963 | for (i = 0; i < sk_X509_num(chain); i++) {
|
---|
| 964 | x = sk_X509_value(chain, i);
|
---|
| 965 | rv = ssl_security_cert(s, ctx, x, 0, 0);
|
---|
| 966 | if (rv != 1) {
|
---|
| 967 | SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, rv);
|
---|
| 968 | sk_X509_pop_free(chain, X509_free);
|
---|
| 969 | rv = 0;
|
---|
| 970 | goto err;
|
---|
| 971 | }
|
---|
| 972 | }
|
---|
| 973 | sk_X509_pop_free(cpk->chain, X509_free);
|
---|
| 974 | cpk->chain = chain;
|
---|
| 975 | if (rv == 0)
|
---|
| 976 | rv = 1;
|
---|
| 977 | err:
|
---|
| 978 | if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
|
---|
| 979 | X509_STORE_free(chain_store);
|
---|
| 980 | X509_STORE_CTX_free(xs_ctx);
|
---|
| 981 |
|
---|
| 982 | return rv;
|
---|
| 983 | }
|
---|
| 984 |
|
---|
| 985 | int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
|
---|
| 986 | {
|
---|
| 987 | X509_STORE **pstore;
|
---|
| 988 | if (chain)
|
---|
| 989 | pstore = &c->chain_store;
|
---|
| 990 | else
|
---|
| 991 | pstore = &c->verify_store;
|
---|
| 992 | X509_STORE_free(*pstore);
|
---|
| 993 | *pstore = store;
|
---|
| 994 | if (ref && store)
|
---|
| 995 | X509_STORE_up_ref(store);
|
---|
| 996 | return 1;
|
---|
| 997 | }
|
---|
| 998 |
|
---|
| 999 | static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
|
---|
| 1000 | int op, int bits, int nid, void *other,
|
---|
| 1001 | void *ex)
|
---|
| 1002 | {
|
---|
| 1003 | int level, minbits;
|
---|
| 1004 | static const int minbits_table[5] = { 80, 112, 128, 192, 256 };
|
---|
| 1005 | if (ctx)
|
---|
| 1006 | level = SSL_CTX_get_security_level(ctx);
|
---|
| 1007 | else
|
---|
| 1008 | level = SSL_get_security_level(s);
|
---|
| 1009 |
|
---|
| 1010 | if (level <= 0) {
|
---|
| 1011 | /*
|
---|
| 1012 | * No EDH keys weaker than 1024-bits even at level 0, otherwise,
|
---|
| 1013 | * anything goes.
|
---|
| 1014 | */
|
---|
| 1015 | if (op == SSL_SECOP_TMP_DH && bits < 80)
|
---|
| 1016 | return 0;
|
---|
| 1017 | return 1;
|
---|
| 1018 | }
|
---|
| 1019 | if (level > 5)
|
---|
| 1020 | level = 5;
|
---|
| 1021 | minbits = minbits_table[level - 1];
|
---|
| 1022 | switch (op) {
|
---|
| 1023 | case SSL_SECOP_CIPHER_SUPPORTED:
|
---|
| 1024 | case SSL_SECOP_CIPHER_SHARED:
|
---|
| 1025 | case SSL_SECOP_CIPHER_CHECK:
|
---|
| 1026 | {
|
---|
| 1027 | const SSL_CIPHER *c = other;
|
---|
| 1028 | /* No ciphers below security level */
|
---|
| 1029 | if (bits < minbits)
|
---|
| 1030 | return 0;
|
---|
| 1031 | /* No unauthenticated ciphersuites */
|
---|
| 1032 | if (c->algorithm_auth & SSL_aNULL)
|
---|
| 1033 | return 0;
|
---|
| 1034 | /* No MD5 mac ciphersuites */
|
---|
| 1035 | if (c->algorithm_mac & SSL_MD5)
|
---|
| 1036 | return 0;
|
---|
| 1037 | /* SHA1 HMAC is 160 bits of security */
|
---|
| 1038 | if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
|
---|
| 1039 | return 0;
|
---|
| 1040 | /* Level 2: no RC4 */
|
---|
| 1041 | if (level >= 2 && c->algorithm_enc == SSL_RC4)
|
---|
| 1042 | return 0;
|
---|
| 1043 | /* Level 3: forward secure ciphersuites only */
|
---|
| 1044 | if (level >= 3 && !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
|
---|
| 1045 | return 0;
|
---|
| 1046 | break;
|
---|
| 1047 | }
|
---|
| 1048 | case SSL_SECOP_VERSION:
|
---|
| 1049 | if (!SSL_IS_DTLS(s)) {
|
---|
| 1050 | /* SSLv3 not allowed at level 2 */
|
---|
| 1051 | if (nid <= SSL3_VERSION && level >= 2)
|
---|
| 1052 | return 0;
|
---|
| 1053 | /* TLS v1.1 and above only for level 3 */
|
---|
| 1054 | if (nid <= TLS1_VERSION && level >= 3)
|
---|
| 1055 | return 0;
|
---|
| 1056 | /* TLS v1.2 only for level 4 and above */
|
---|
| 1057 | if (nid <= TLS1_1_VERSION && level >= 4)
|
---|
| 1058 | return 0;
|
---|
| 1059 | } else {
|
---|
| 1060 | /* DTLS v1.2 only for level 4 and above */
|
---|
| 1061 | if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 4)
|
---|
| 1062 | return 0;
|
---|
| 1063 | }
|
---|
| 1064 | break;
|
---|
| 1065 |
|
---|
| 1066 | case SSL_SECOP_COMPRESSION:
|
---|
| 1067 | if (level >= 2)
|
---|
| 1068 | return 0;
|
---|
| 1069 | break;
|
---|
| 1070 | case SSL_SECOP_TICKET:
|
---|
| 1071 | if (level >= 3)
|
---|
| 1072 | return 0;
|
---|
| 1073 | break;
|
---|
| 1074 | default:
|
---|
| 1075 | if (bits < minbits)
|
---|
| 1076 | return 0;
|
---|
| 1077 | }
|
---|
| 1078 | return 1;
|
---|
| 1079 | }
|
---|
| 1080 |
|
---|
| 1081 | int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
|
---|
| 1082 | {
|
---|
| 1083 | return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
|
---|
| 1084 | }
|
---|
| 1085 |
|
---|
| 1086 | int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
|
---|
| 1087 | {
|
---|
| 1088 | return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
|
---|
| 1089 | ctx->cert->sec_ex);
|
---|
| 1090 | }
|
---|