Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 17cf2cb1d226b0ba2401304242df7ddd3b6f1ff2 / . / ssl / ssl_cert.c
blob: 3eaf4997c2478d5e019bc81b6fa17268c6161010 [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110/* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */
114
David Benjamin443a1f62015-09-04 15:05:05 -0400[diff] [blame]115#include <openssl/ssl.h>
116
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]117#include <assert.h>
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]118#include <limits.h>
David Benjaminf0ae1702015-04-07 23:05:04 -0400[diff] [blame]119#include <string.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]120
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]121#include <openssl/bn.h>
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]122#include <openssl/buf.h>
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]123#include <openssl/bytestring.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]124#include <openssl/dh.h>
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]125#include <openssl/ec_key.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]126#include <openssl/err.h>
127#include <openssl/mem.h>
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]128#include <openssl/sha.h>
David Benjamin680ca962015-06-18 12:37:23 -0400[diff] [blame]129#include <openssl/x509.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]130#include <openssl/x509v3.h>
131
Adam Langley0da323a2015-05-15 12:49:30 -0700[diff] [blame]132#include "../crypto/internal.h"
David Benjamin2ee94aa2015-04-07 22:38:30 -0400[diff] [blame]133#include "internal.h"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]134
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]135
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]136int SSL_get_ex_data_X509_STORE_CTX_idx(void) {
David Benjaminaa585132015-06-29 23:36:17 -0400[diff] [blame]137 /* The ex_data index to go from |X509_STORE_CTX| to |SSL| always uses the
138 * reserved app_data slot. Before ex_data was introduced, app_data was used.
139 * Avoid breaking any software which assumes |X509_STORE_CTX_get_app_data|
140 * works. */
141 return 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]142}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]143
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]144CERT *ssl_cert_new(void) {
Brian Smith5ba06892016-02-07 09:36:04 -1000[diff] [blame]145 CERT *ret = OPENSSL_malloc(sizeof(CERT));
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]146 if (ret == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]147 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]148 return NULL;
149 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame^]150 OPENSSL_memset(ret, 0, sizeof(CERT));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]151
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]152 return ret;
153}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]154
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]155CERT *ssl_cert_dup(CERT *cert) {
Brian Smith5ba06892016-02-07 09:36:04 -1000[diff] [blame]156 CERT *ret = OPENSSL_malloc(sizeof(CERT));
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]157 if (ret == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]158 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]159 return NULL;
160 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame^]161 OPENSSL_memset(ret, 0, sizeof(CERT));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]162
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]163 if (cert->x509_leaf != NULL) {
164 X509_up_ref(cert->x509_leaf);
165 ret->x509_leaf = cert->x509_leaf;
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]166 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]167
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]168 if (cert->privatekey != NULL) {
Adam Langley310d3f62016-07-12 10:39:20 -0700[diff] [blame]169 EVP_PKEY_up_ref(cert->privatekey);
170 ret->privatekey = cert->privatekey;
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]171 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]172
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]173 if (cert->x509_chain) {
174 ret->x509_chain = X509_chain_up_ref(cert->x509_chain);
175 if (!ret->x509_chain) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]176 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]177 goto err;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]178 }
179 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]180
Tom Thorogood66b2fe82016-03-06 20:08:38 +1030[diff] [blame]181 ret->key_method = cert->key_method;
182
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]183 ret->mask_k = cert->mask_k;
184 ret->mask_a = cert->mask_a;
185
186 if (cert->dh_tmp != NULL) {
187 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
188 if (ret->dh_tmp == NULL) {
189 OPENSSL_PUT_ERROR(SSL, ERR_R_DH_LIB);
190 goto err;
191 }
192 }
193 ret->dh_tmp_cb = cert->dh_tmp_cb;
194
195 if (cert->sigalgs != NULL) {
196 ret->sigalgs =
197 BUF_memdup(cert->sigalgs, cert->num_sigalgs * sizeof(cert->sigalgs[0]));
198 if (ret->sigalgs == NULL) {
199 goto err;
200 }
201 }
202 ret->num_sigalgs = cert->num_sigalgs;
203
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]204 ret->cert_cb = cert->cert_cb;
205 ret->cert_cb_arg = cert->cert_cb_arg;
206
Adam Langleyd323f4b2016-03-01 15:58:14 -0800[diff] [blame]207 if (cert->verify_store != NULL) {
208 X509_STORE_up_ref(cert->verify_store);
209 ret->verify_store = cert->verify_store;
210 }
211
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]212 return ret;
213
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]214err:
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]215 ssl_cert_free(ret);
216 return NULL;
217}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]218
219/* Free up and clear all certificates and chains */
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]220void ssl_cert_clear_certs(CERT *cert) {
221 if (cert == NULL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]222 return;
223 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]224
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]225 X509_free(cert->x509_leaf);
226 cert->x509_leaf = NULL;
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]227 EVP_PKEY_free(cert->privatekey);
228 cert->privatekey = NULL;
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]229 sk_X509_pop_free(cert->x509_chain, X509_free);
230 cert->x509_chain = NULL;
David Benjamin71d2e542015-07-06 00:30:25 -0400[diff] [blame]231 cert->key_method = NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]232}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]233
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]234void ssl_cert_free(CERT *c) {
235 if (c == NULL) {
236 return;
237 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]238
David Benjamin2755a3e2015-04-22 16:17:58 -0400[diff] [blame]239 DH_free(c->dh_tmp);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]240
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]241 ssl_cert_clear_certs(c);
David Benjamind246b812016-07-08 15:07:02 -0700[diff] [blame]242 OPENSSL_free(c->sigalgs);
Adam Langleyd323f4b2016-03-01 15:58:14 -0800[diff] [blame]243 X509_STORE_free(c->verify_store);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]244
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]245 OPENSSL_free(c);
246}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]247
David Benjamina2bda9f2016-12-03 23:29:05 -0500[diff] [blame]248static int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain) {
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]249 sk_X509_pop_free(cert->x509_chain, X509_free);
250 cert->x509_chain = chain;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]251 return 1;
252}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]253
David Benjamina2bda9f2016-12-03 23:29:05 -0500[diff] [blame]254static int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain) {
David Benjamin60da0cd2015-05-03 15:21:28 -0400[diff] [blame]255 STACK_OF(X509) *dchain;
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]256 if (chain == NULL) {
257 return ssl_cert_set0_chain(cert, NULL);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]258 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]259
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]260 dchain = X509_chain_up_ref(chain);
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]261 if (dchain == NULL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]262 return 0;
263 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]264
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]265 if (!ssl_cert_set0_chain(cert, dchain)) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]266 sk_X509_pop_free(dchain, X509_free);
267 return 0;
268 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]269
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]270 return 1;
271}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]272
David Benjamina2bda9f2016-12-03 23:29:05 -0500[diff] [blame]273static int ssl_cert_add0_chain_cert(CERT *cert, X509 *x509) {
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]274 if (cert->x509_chain == NULL) {
275 cert->x509_chain = sk_X509_new_null();
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]276 }
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]277 if (cert->x509_chain == NULL || !sk_X509_push(cert->x509_chain, x509)) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]278 return 0;
279 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]280
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]281 return 1;
282}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]283
David Benjamina2bda9f2016-12-03 23:29:05 -0500[diff] [blame]284static int ssl_cert_add1_chain_cert(CERT *cert, X509 *x509) {
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]285 if (!ssl_cert_add0_chain_cert(cert, x509)) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]286 return 0;
287 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]288
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]289 X509_up_ref(x509);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]290 return 1;
291}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]292
David Benjamina2bda9f2016-12-03 23:29:05 -0500[diff] [blame]293static void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg),
294 void *arg) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]295 c->cert_cb = cb;
296 c->cert_cb_arg = arg;
297}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]298
David Benjamin7aa31d62016-08-08 21:38:32 -0400[diff] [blame]299int ssl_verify_cert_chain(SSL *ssl, long *out_verify_result,
300 STACK_OF(X509) *cert_chain) {
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]301 if (cert_chain == NULL || sk_X509_num(cert_chain) == 0) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]302 return 0;
303 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]304
Adam Langleyd323f4b2016-03-01 15:58:14 -0800[diff] [blame]305 X509_STORE *verify_store = ssl->ctx->cert_store;
306 if (ssl->cert->verify_store != NULL) {
307 verify_store = ssl->cert->verify_store;
308 }
309
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]310 X509 *leaf = sk_X509_value(cert_chain, 0);
311 int ret = 0;
312 X509_STORE_CTX ctx;
Adam Langleyd323f4b2016-03-01 15:58:14 -0800[diff] [blame]313 if (!X509_STORE_CTX_init(&ctx, verify_store, leaf, cert_chain)) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]314 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]315 return 0;
316 }
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]317 if (!X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(),
318 ssl)) {
319 goto err;
320 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]321
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]322 /* We need to inherit the verify parameters. These can be determined by the
323 * context: if its a server it will verify SSL client certificates or vice
324 * versa. */
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]325 X509_STORE_CTX_set_default(&ctx, ssl->server ? "ssl_client" : "ssl_server");
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]326
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]327 /* Anything non-default in "param" should overwrite anything in the ctx. */
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]328 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), ssl->param);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]329
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]330 if (ssl->verify_callback) {
331 X509_STORE_CTX_set_verify_cb(&ctx, ssl->verify_callback);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]332 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]333
David Benjamine455e512016-08-01 20:11:13 -0400[diff] [blame]334 int verify_ret;
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]335 if (ssl->ctx->app_verify_callback != NULL) {
David Benjamine455e512016-08-01 20:11:13 -0400[diff] [blame]336 verify_ret = ssl->ctx->app_verify_callback(&ctx, ssl->ctx->app_verify_arg);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]337 } else {
David Benjamine455e512016-08-01 20:11:13 -0400[diff] [blame]338 verify_ret = X509_verify_cert(&ctx);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]339 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]340
Adam Langleya6cd1852016-08-26 09:38:13 -0700[diff] [blame]341 *out_verify_result = ctx.error;
342
David Benjamine455e512016-08-01 20:11:13 -0400[diff] [blame]343 /* If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result. */
344 if (verify_ret <= 0 && ssl->verify_mode != SSL_VERIFY_NONE) {
David Benjamin7aa31d62016-08-08 21:38:32 -0400[diff] [blame]345 ssl3_send_alert(ssl, SSL3_AL_FATAL, ssl_verify_alarm_type(ctx.error));
David Benjamine455e512016-08-01 20:11:13 -0400[diff] [blame]346 OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_VERIFY_FAILED);
347 goto err;
348 }
349
350 ERR_clear_error();
351 ret = 1;
352
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]353err:
354 X509_STORE_CTX_cleanup(&ctx);
355 return ret;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]356}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]357
David Benjamin60da0cd2015-05-03 15:21:28 -0400[diff] [blame]358static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
359 STACK_OF(X509_NAME) *name_list) {
David Benjamin2755a3e2015-04-22 16:17:58 -0400[diff] [blame]360 sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]361 *ca_list = name_list;
362}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]363
David Benjamin59937042015-09-19 13:04:22 -0400[diff] [blame]364STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *list) {
365 STACK_OF(X509_NAME) *ret = sk_X509_NAME_new_null();
366 if (ret == NULL) {
367 return NULL;
368 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]369
David Benjamin54091232016-09-05 12:47:25 -0400[diff] [blame]370 for (size_t i = 0; i < sk_X509_NAME_num(list); i++) {
David Benjamin59937042015-09-19 13:04:22 -0400[diff] [blame]371 X509_NAME *name = X509_NAME_dup(sk_X509_NAME_value(list, i));
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]372 if (name == NULL || !sk_X509_NAME_push(ret, name)) {
David Benjamin59937042015-09-19 13:04:22 -0400[diff] [blame]373 X509_NAME_free(name);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]374 sk_X509_NAME_pop_free(ret, X509_NAME_free);
375 return NULL;
376 }
377 }
378
379 return ret;
380}
381
David Benjamin59937042015-09-19 13:04:22 -0400[diff] [blame]382void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list) {
383 set_client_CA_list(&ssl->client_CA, name_list);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]384}
385
David Benjamin60da0cd2015-05-03 15:21:28 -0400[diff] [blame]386void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) {
David Benjamin59937042015-09-19 13:04:22 -0400[diff] [blame]387 set_client_CA_list(&ctx->client_CA, name_list);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]388}
389
David Benjamin60da0cd2015-05-03 15:21:28 -0400[diff] [blame]390STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]391 return ctx->client_CA;
392}
393
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]394STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl) {
395 /* For historical reasons, this function is used both to query configuration
396 * state on a server as well as handshake state on a client. However, whether
397 * |ssl| is a client or server is not known until explicitly configured with
398 * |SSL_set_connect_state|. If |handshake_func| is NULL, |ssl| is in an
399 * indeterminate mode and |ssl->server| is unset. */
400 if (ssl->handshake_func != NULL && !ssl->server) {
David Benjamina0486782016-10-06 19:11:32 -0400[diff] [blame]401 if (ssl->s3->hs != NULL) {
402 return ssl->s3->hs->ca_names;
403 }
404
405 return NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]406 }
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]407
408 if (ssl->client_CA != NULL) {
409 return ssl->client_CA;
410 }
411 return ssl->ctx->client_CA;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]412}
413
David Benjamin59937042015-09-19 13:04:22 -0400[diff] [blame]414static int add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x509) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]415 X509_NAME *name;
416
David Benjamin59937042015-09-19 13:04:22 -0400[diff] [blame]417 if (x509 == NULL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]418 return 0;
419 }
420 if (*sk == NULL) {
421 *sk = sk_X509_NAME_new_null();
422 if (*sk == NULL) {
423 return 0;
424 }
425 }
426
David Benjamin59937042015-09-19 13:04:22 -0400[diff] [blame]427 name = X509_NAME_dup(X509_get_subject_name(x509));
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]428 if (name == NULL) {
429 return 0;
430 }
431
432 if (!sk_X509_NAME_push(*sk, name)) {
433 X509_NAME_free(name);
434 return 0;
435 }
436
437 return 1;
438}
439
David Benjamin59937042015-09-19 13:04:22 -0400[diff] [blame]440int SSL_add_client_CA(SSL *ssl, X509 *x509) {
441 return add_client_CA(&ssl->client_CA, x509);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]442}
443
David Benjamin59937042015-09-19 13:04:22 -0400[diff] [blame]444int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x509) {
445 return add_client_CA(&ctx->client_CA, x509);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]446}
447
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]448int ssl_has_certificate(const SSL *ssl) {
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]449 return ssl->cert->x509_leaf != NULL && ssl_has_private_key(ssl);
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]450}
451
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]452X509 *ssl_parse_x509(CBS *cbs) {
453 if (CBS_len(cbs) > LONG_MAX) {
454 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
455 return NULL;
456 }
457 const uint8_t *ptr = CBS_data(cbs);
458 X509 *ret = d2i_X509(NULL, &ptr, (long)CBS_len(cbs));
459 if (ret == NULL) {
460 return NULL;
461 }
462 CBS_skip(cbs, ptr - CBS_data(cbs));
463 return ret;
464}
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]465
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]466STACK_OF(CRYPTO_BUFFER) *ssl_parse_cert_chain(uint8_t *out_alert,
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]467 EVP_PKEY **out_pubkey,
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]468 uint8_t *out_leaf_sha256,
Adam Langleyd519bf62016-12-12 11:16:44 -0800[diff] [blame]469 CBS *cbs,
470 CRYPTO_BUFFER_POOL *pool) {
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]471 *out_pubkey = NULL;
472
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]473 STACK_OF(CRYPTO_BUFFER) *ret = sk_CRYPTO_BUFFER_new_null();
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]474 if (ret == NULL) {
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]475 *out_alert = SSL_AD_INTERNAL_ERROR;
476 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]477 return NULL;
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]478 }
479
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]480 CBS certificate_list;
481 if (!CBS_get_u24_length_prefixed(cbs, &certificate_list)) {
482 *out_alert = SSL_AD_DECODE_ERROR;
483 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
484 goto err;
485 }
486
487 while (CBS_len(&certificate_list) > 0) {
488 CBS certificate;
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]489 if (!CBS_get_u24_length_prefixed(&certificate_list, &certificate) ||
490 CBS_len(&certificate) == 0) {
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]491 *out_alert = SSL_AD_DECODE_ERROR;
492 OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);
493 goto err;
494 }
495
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]496 if (sk_CRYPTO_BUFFER_num(ret) == 0) {
497 *out_pubkey = ssl_cert_parse_pubkey(&certificate);
498 if (*out_pubkey == NULL) {
499 goto err;
500 }
501
502 /* Retain the hash of the leaf certificate if requested. */
503 if (out_leaf_sha256 != NULL) {
504 SHA256(CBS_data(&certificate), CBS_len(&certificate), out_leaf_sha256);
505 }
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]506 }
507
Adam Langleyd519bf62016-12-12 11:16:44 -0800[diff] [blame]508 CRYPTO_BUFFER *buf =
509 CRYPTO_BUFFER_new_from_CBS(&certificate, pool);
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]510 if (buf == NULL) {
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]511 *out_alert = SSL_AD_DECODE_ERROR;
512 goto err;
513 }
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]514
515 if (!sk_CRYPTO_BUFFER_push(ret, buf)) {
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]516 *out_alert = SSL_AD_INTERNAL_ERROR;
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]517 CRYPTO_BUFFER_free(buf);
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]518 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
519 goto err;
520 }
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]521 }
522
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]523 return ret;
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]524
525err:
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]526 EVP_PKEY_free(*out_pubkey);
527 *out_pubkey = NULL;
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]528 sk_CRYPTO_BUFFER_pop_free(ret, CRYPTO_BUFFER_free);
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]529 return NULL;
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]530}
531
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]532int ssl_add_cert_to_cbb(CBB *cbb, X509 *x509) {
533 int len = i2d_X509(x509, NULL);
534 if (len < 0) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]535 return 0;
536 }
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]537 uint8_t *buf;
538 if (!CBB_add_space(cbb, &buf, len)) {
539 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
540 return 0;
Steven Valdezb32a9152016-04-26 12:57:22 -0400[diff] [blame]541 }
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]542 if (buf != NULL && i2d_X509(x509, &buf) < 0) {
543 return 0;
544 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]545 return 1;
546}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]547
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]548static int ssl_add_cert_with_length(CBB *cbb, X509 *x509) {
549 CBB child;
550 return CBB_add_u24_length_prefixed(cbb, &child) &&
551 ssl_add_cert_to_cbb(&child, x509) &&
552 CBB_flush(cbb);
553}
554
555int ssl_add_cert_chain(SSL *ssl, CBB *cbb) {
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]556 if (!ssl_has_certificate(ssl)) {
557 return CBB_add_u24(cbb, 0);
558 }
559
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]560 CERT *cert = ssl->cert;
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]561 X509 *x = cert->x509_leaf;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]562
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]563 CBB child;
564 if (!CBB_add_u24_length_prefixed(cbb, &child)) {
565 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
566 return 0;
567 }
568
569 int no_chain = 0;
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]570 STACK_OF(X509) *chain = cert->x509_chain;
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]571 if ((ssl->mode & SSL_MODE_NO_AUTO_CHAIN) || chain != NULL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]572 no_chain = 1;
573 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]574
David Benjamin605641e2015-05-03 15:14:04 -0400[diff] [blame]575 if (no_chain) {
Steven Valdez57a6f3c2016-06-28 15:37:37 -0400[diff] [blame]576 if (!ssl_add_cert_with_length(&child, x)) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]577 return 0;
578 }
David Benjamin605641e2015-05-03 15:14:04 -0400[diff] [blame]579
David Benjamin54091232016-09-05 12:47:25 -0400[diff] [blame]580 for (size_t i = 0; i < sk_X509_num(chain); i++) {
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]581 x = sk_X509_value(chain, i);
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]582 if (!ssl_add_cert_with_length(&child, x)) {
David Benjamin605641e2015-05-03 15:14:04 -0400[diff] [blame]583 return 0;
584 }
585 }
586 } else {
587 X509_STORE_CTX xs_ctx;
588
David Benjamind27441a2015-08-09 11:05:17 -0400[diff] [blame]589 if (!X509_STORE_CTX_init(&xs_ctx, ssl->ctx->cert_store, x, NULL)) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]590 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
David Benjamin605641e2015-05-03 15:14:04 -0400[diff] [blame]591 return 0;
592 }
593 X509_verify_cert(&xs_ctx);
594 /* Don't leave errors in the queue */
595 ERR_clear_error();
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]596
David Benjamin54091232016-09-05 12:47:25 -0400[diff] [blame]597 for (size_t i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
David Benjamin605641e2015-05-03 15:14:04 -0400[diff] [blame]598 x = sk_X509_value(xs_ctx.chain, i);
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]599 if (!ssl_add_cert_with_length(&child, x)) {
David Benjamin605641e2015-05-03 15:14:04 -0400[diff] [blame]600 X509_STORE_CTX_cleanup(&xs_ctx);
601 return 0;
602 }
603 }
604 X509_STORE_CTX_cleanup(&xs_ctx);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]605 }
606
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]607 return CBB_flush(cbb);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]608}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]609
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]610/* ssl_cert_skip_to_spki parses a DER-encoded, X.509 certificate from |in| and
611 * positions |*out_tbs_cert| to cover the TBSCertificate, starting at the
612 * subjectPublicKeyInfo. */
613static int ssl_cert_skip_to_spki(const CBS *in, CBS *out_tbs_cert) {
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]614 /* From RFC 5280, section 4.1
615 * Certificate ::= SEQUENCE {
616 * tbsCertificate TBSCertificate,
617 * signatureAlgorithm AlgorithmIdentifier,
618 * signatureValue BIT STRING }
619
620 * TBSCertificate ::= SEQUENCE {
621 * version [0] EXPLICIT Version DEFAULT v1,
622 * serialNumber CertificateSerialNumber,
623 * signature AlgorithmIdentifier,
624 * issuer Name,
625 * validity Validity,
626 * subject Name,
627 * subjectPublicKeyInfo SubjectPublicKeyInfo,
628 * ... } */
629 CBS buf = *in;
630
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]631 CBS toplevel;
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]632 if (!CBS_get_asn1(&buf, &toplevel, CBS_ASN1_SEQUENCE) ||
633 CBS_len(&buf) != 0 ||
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]634 !CBS_get_asn1(&toplevel, out_tbs_cert, CBS_ASN1_SEQUENCE) ||
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]635 /* version */
636 !CBS_get_optional_asn1(
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]637 out_tbs_cert, NULL, NULL,
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]638 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
639 /* serialNumber */
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]640 !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_INTEGER) ||
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]641 /* signature algorithm */
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]642 !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]643 /* issuer */
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]644 !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]645 /* validity */
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]646 !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]647 /* subject */
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]648 !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE)) {
649 return 0;
650 }
651
652 return 1;
653}
654
655EVP_PKEY *ssl_cert_parse_pubkey(const CBS *in) {
656 CBS buf = *in, tbs_cert, spki;
657 if (!ssl_cert_skip_to_spki(&buf, &tbs_cert) ||
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]658 !CBS_get_asn1_element(&tbs_cert, &spki, CBS_ASN1_SEQUENCE)) {
659 OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
660 return NULL;
661 }
662
663 return EVP_parse_public_key(&spki);
664}
665
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]666int ssl_cert_check_digital_signature_key_usage(const CBS *in) {
667 CBS buf = *in;
668
669 CBS tbs_cert, outer_extensions;
670 int has_extensions;
671 if (!ssl_cert_skip_to_spki(&buf, &tbs_cert) ||
672 /* subjectPublicKeyInfo */
673 !CBS_get_asn1(&tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
674 /* issuerUniqueID */
675 !CBS_get_optional_asn1(
676 &tbs_cert, NULL, NULL,
677 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 1) ||
678 /* subjectUniqueID */
679 !CBS_get_optional_asn1(
680 &tbs_cert, NULL, NULL,
681 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 2) ||
682 !CBS_get_optional_asn1(
683 &tbs_cert, &outer_extensions, &has_extensions,
684 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3)) {
685 goto parse_err;
686 }
687
688 if (!has_extensions) {
689 return 1;
690 }
691
692 CBS extensions;
693 if (!CBS_get_asn1(&outer_extensions, &extensions, CBS_ASN1_SEQUENCE)) {
694 goto parse_err;
695 }
696
697 while (CBS_len(&extensions) > 0) {
698 CBS extension, oid, contents;
699 if (!CBS_get_asn1(&extensions, &extension, CBS_ASN1_SEQUENCE) ||
700 !CBS_get_asn1(&extension, &oid, CBS_ASN1_OBJECT) ||
701 (CBS_peek_asn1_tag(&extension, CBS_ASN1_BOOLEAN) &&
702 !CBS_get_asn1(&extension, NULL, CBS_ASN1_BOOLEAN)) ||
703 !CBS_get_asn1(&extension, &contents, CBS_ASN1_OCTETSTRING) ||
704 CBS_len(&extension) != 0) {
705 goto parse_err;
706 }
707
708 static const uint8_t kKeyUsageOID[3] = {0x55, 0x1d, 0x0f};
709 if (CBS_len(&oid) != sizeof(kKeyUsageOID) ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame^]710 OPENSSL_memcmp(CBS_data(&oid), kKeyUsageOID, sizeof(kKeyUsageOID)) !=
711 0) {
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]712 continue;
713 }
714
715 CBS bit_string;
716 if (!CBS_get_asn1(&contents, &bit_string, CBS_ASN1_BITSTRING) ||
717 CBS_len(&contents) != 0) {
718 goto parse_err;
719 }
720
721 /* This is the KeyUsage extension. See
722 * https://tools.ietf.org/html/rfc5280#section-4.2.1.3 */
723 if (!CBS_is_valid_asn1_bitstring(&bit_string)) {
724 goto parse_err;
725 }
726
727 if (!CBS_asn1_bitstring_has_bit(&bit_string, 0)) {
728 OPENSSL_PUT_ERROR(SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
729 return 0;
730 }
731
732 return 1;
733 }
734
735 /* No KeyUsage extension found. */
736 return 1;
737
738parse_err:
739 OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
740 return 0;
741}
742
David Benjamine0332e82016-07-13 22:40:36 -0400[diff] [blame]743static int ca_dn_cmp(const X509_NAME **a, const X509_NAME **b) {
744 return X509_NAME_cmp(*a, *b);
745}
746
747STACK_OF(X509_NAME) *
748 ssl_parse_client_CA_list(SSL *ssl, uint8_t *out_alert, CBS *cbs) {
749 STACK_OF(X509_NAME) *ret = sk_X509_NAME_new(ca_dn_cmp);
750 X509_NAME *name = NULL;
751 if (ret == NULL) {
752 *out_alert = SSL_AD_INTERNAL_ERROR;
753 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
754 return NULL;
755 }
756
757 CBS child;
758 if (!CBS_get_u16_length_prefixed(cbs, &child)) {
759 *out_alert = SSL_AD_DECODE_ERROR;
760 OPENSSL_PUT_ERROR(SSL, SSL_R_LENGTH_MISMATCH);
761 goto err;
762 }
763
764 while (CBS_len(&child) > 0) {
765 CBS distinguished_name;
766 if (!CBS_get_u16_length_prefixed(&child, &distinguished_name)) {
767 *out_alert = SSL_AD_DECODE_ERROR;
768 OPENSSL_PUT_ERROR(SSL, SSL_R_CA_DN_TOO_LONG);
769 goto err;
770 }
771
772 const uint8_t *ptr = CBS_data(&distinguished_name);
773 /* A u16 length cannot overflow a long. */
774 name = d2i_X509_NAME(NULL, &ptr, (long)CBS_len(&distinguished_name));
775 if (name == NULL ||
776 ptr != CBS_data(&distinguished_name) + CBS_len(&distinguished_name)) {
777 *out_alert = SSL_AD_DECODE_ERROR;
778 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
779 goto err;
780 }
781
782 if (!sk_X509_NAME_push(ret, name)) {
783 *out_alert = SSL_AD_INTERNAL_ERROR;
784 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
785 goto err;
786 }
787 name = NULL;
788 }
789
790 return ret;
791
792err:
793 X509_NAME_free(name);
794 sk_X509_NAME_pop_free(ret, X509_NAME_free);
795 return NULL;
796}
797
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]798int ssl_add_client_CA_list(SSL *ssl, CBB *cbb) {
799 CBB child, name_cbb;
800 if (!CBB_add_u16_length_prefixed(cbb, &child)) {
801 return 0;
802 }
803
804 STACK_OF(X509_NAME) *sk = SSL_get_client_CA_list(ssl);
805 if (sk == NULL) {
806 return CBB_flush(cbb);
807 }
808
809 for (size_t i = 0; i < sk_X509_NAME_num(sk); i++) {
810 X509_NAME *name = sk_X509_NAME_value(sk, i);
811 int len = i2d_X509_NAME(name, NULL);
812 if (len < 0) {
813 return 0;
814 }
815 uint8_t *ptr;
816 if (!CBB_add_u16_length_prefixed(&child, &name_cbb) ||
817 !CBB_add_space(&name_cbb, &ptr, (size_t)len) ||
818 (len > 0 && i2d_X509_NAME(name, &ptr) < 0)) {
819 return 0;
820 }
821 }
822
823 return CBB_flush(cbb);
824}
825
Adam Langleyd323f4b2016-03-01 15:58:14 -0800[diff] [blame]826static int set_cert_store(X509_STORE **store_ptr, X509_STORE *new_store, int take_ref) {
827 X509_STORE_free(*store_ptr);
828 *store_ptr = new_store;
829
830 if (new_store != NULL && take_ref) {
831 X509_STORE_up_ref(new_store);
832 }
833
834 return 1;
835}
836
837int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
838 return set_cert_store(&ctx->cert->verify_store, store, 0);
839}
840
841int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
842 return set_cert_store(&ctx->cert->verify_store, store, 1);
843}
844
845int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store) {
846 return set_cert_store(&ssl->cert->verify_store, store, 0);
847}
848
849int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store) {
850 return set_cert_store(&ssl->cert->verify_store, store, 1);
851}
852
David Benjamin11c0f8e2015-07-06 00:18:15 -0400[diff] [blame]853int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {
854 return ssl_cert_set0_chain(ctx->cert, chain);
855}
856
857int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {
858 return ssl_cert_set1_chain(ctx->cert, chain);
859}
860
861int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain) {
862 return ssl_cert_set0_chain(ssl->cert, chain);
863}
864
865int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain) {
866 return ssl_cert_set1_chain(ssl->cert, chain);
867}
868
869int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509) {
870 return ssl_cert_add0_chain_cert(ctx->cert, x509);
871}
872
873int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509) {
874 return ssl_cert_add1_chain_cert(ctx->cert, x509);
875}
876
877int SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509) {
878 return SSL_CTX_add0_chain_cert(ctx, x509);
879}
880
881int SSL_add0_chain_cert(SSL *ssl, X509 *x509) {
882 return ssl_cert_add0_chain_cert(ssl->cert, x509);
883}
884
885int SSL_add1_chain_cert(SSL *ssl, X509 *x509) {
886 return ssl_cert_add1_chain_cert(ssl->cert, x509);
887}
888
889int SSL_CTX_clear_chain_certs(SSL_CTX *ctx) {
890 return SSL_CTX_set0_chain(ctx, NULL);
891}
892
893int SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx) {
894 return SSL_CTX_clear_chain_certs(ctx);
895}
896
897int SSL_clear_chain_certs(SSL *ssl) {
898 return SSL_set0_chain(ssl, NULL);
899}
900
David Benjamina2bda9f2016-12-03 23:29:05 -0500[diff] [blame]901void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, void *arg),
902 void *arg) {
903 ssl_cert_set_cert_cb(ctx->cert, cb, arg);
904}
905
906void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), void *arg) {
907 ssl_cert_set_cert_cb(ssl->cert, cb, arg);
908}
909
David Benjamin11c0f8e2015-07-06 00:18:15 -0400[diff] [blame]910int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain) {
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]911 *out_chain = ctx->cert->x509_chain;
David Benjamin11c0f8e2015-07-06 00:18:15 -0400[diff] [blame]912 return 1;
913}
914
915int SSL_CTX_get_extra_chain_certs(const SSL_CTX *ctx,
916 STACK_OF(X509) **out_chain) {
917 return SSL_CTX_get0_chain_certs(ctx, out_chain);
918}
919
920int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) {
Adam Langleyc5ac2b62016-11-07 12:02:35 -0800[diff] [blame]921 *out_chain = ssl->cert->x509_chain;
David Benjamin11c0f8e2015-07-06 00:18:15 -0400[diff] [blame]922 return 1;
923}
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]924
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]925int ssl_check_leaf_certificate(SSL *ssl, EVP_PKEY *pkey,
926 const CRYPTO_BUFFER *leaf) {
David Benjamin938fa7c2016-10-07 00:27:05 -0400[diff] [blame]927 assert(ssl3_protocol_version(ssl) < TLS1_3_VERSION);
928
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]929 /* Check the certificate's type matches the cipher. */
930 const SSL_CIPHER *cipher = ssl->s3->tmp.new_cipher;
931 int expected_type = ssl_cipher_get_key_type(cipher);
932 assert(expected_type != EVP_PKEY_NONE);
933 if (pkey->type != expected_type) {
934 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CERTIFICATE_TYPE);
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]935 return 0;
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]936 }
937
938 if (cipher->algorithm_auth & SSL_aECDSA) {
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]939 CBS leaf_cbs;
940 CBS_init(&leaf_cbs, CRYPTO_BUFFER_data(leaf), CRYPTO_BUFFER_len(leaf));
941 /* ECDSA and ECDH certificates use the same public key format. Instead,
942 * they are distinguished by the key usage extension in the certificate. */
943 if (!ssl_cert_check_digital_signature_key_usage(&leaf_cbs)) {
944 return 0;
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]945 }
946
David Benjamin938fa7c2016-10-07 00:27:05 -0400[diff] [blame]947 EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
948 if (ec_key == NULL) {
949 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT);
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]950 return 0;
David Benjamin938fa7c2016-10-07 00:27:05 -0400[diff] [blame]951 }
952
953 /* Check the key's group and point format are acceptable. */
954 uint16_t group_id;
955 if (!ssl_nid_to_group_id(
956 &group_id, EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key))) ||
957 !tls1_check_group_id(ssl, group_id) ||
958 EC_KEY_get_conv_form(ec_key) != POINT_CONVERSION_UNCOMPRESSED) {
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]959 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT);
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]960 return 0;
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]961 }
962 }
963
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]964 return 1;
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]965}
David Benjamin5edfc8c2016-12-10 15:46:58 -0500[diff] [blame]966
967static int do_client_cert_cb(SSL *ssl, void *arg) {
968 if (ssl_has_certificate(ssl) || ssl->ctx->client_cert_cb == NULL) {
969 return 1;
970 }
971
972 X509 *x509 = NULL;
973 EVP_PKEY *pkey = NULL;
974 int ret = ssl->ctx->client_cert_cb(ssl, &x509, &pkey);
975 if (ret < 0) {
976 return -1;
977 }
978
979 if (ret != 0) {
980 if (!SSL_use_certificate(ssl, x509) ||
981 !SSL_use_PrivateKey(ssl, pkey)) {
982 return 0;
983 }
984 }
985
986 X509_free(x509);
987 EVP_PKEY_free(pkey);
988 return 1;
989}
990
991void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl,
992 X509 **out_x509,
993 EVP_PKEY **out_pkey)) {
994 /* Emulate the old client certificate callback with the new one. */
995 SSL_CTX_set_cert_cb(ctx, do_client_cert_cb, NULL);
996 ctx->client_cert_cb = cb;
997}