Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 34b4c829fd4c0803bb0fca6088814985205f900b / . / ssl / ssl_cert.c
blob: c334ea65b8db2a0f1f870867422828388c47c53e [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110/* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */
114
David Benjamin443a1f62015-09-04 15:05:05 -0400[diff] [blame]115#include <openssl/ssl.h>
116
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]117#include <assert.h>
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]118#include <limits.h>
David Benjaminf0ae1702015-04-07 23:05:04 -0400[diff] [blame]119#include <string.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]120
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]121#include <openssl/bn.h>
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]122#include <openssl/buf.h>
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]123#include <openssl/bytestring.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]124#include <openssl/dh.h>
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]125#include <openssl/ec_key.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]126#include <openssl/err.h>
127#include <openssl/mem.h>
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]128#include <openssl/sha.h>
David Benjamin680ca962015-06-18 12:37:23 -0400[diff] [blame]129#include <openssl/x509.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]130#include <openssl/x509v3.h>
131
Adam Langley0da323a2015-05-15 12:49:30 -0700[diff] [blame]132#include "../crypto/internal.h"
David Benjamin2ee94aa2015-04-07 22:38:30 -0400[diff] [blame]133#include "internal.h"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]134
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]135
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]136int SSL_get_ex_data_X509_STORE_CTX_idx(void) {
David Benjaminaa585132015-06-29 23:36:17 -0400[diff] [blame]137 /* The ex_data index to go from |X509_STORE_CTX| to |SSL| always uses the
138 * reserved app_data slot. Before ex_data was introduced, app_data was used.
139 * Avoid breaking any software which assumes |X509_STORE_CTX_get_app_data|
140 * works. */
141 return 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]142}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]143
Adam Langley3509dac2017-02-01 11:59:18 -0800[diff] [blame]144CERT *ssl_cert_new(const SSL_X509_METHOD *x509_method) {
Brian Smith5ba06892016-02-07 09:36:04 -1000[diff] [blame]145 CERT *ret = OPENSSL_malloc(sizeof(CERT));
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]146 if (ret == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]147 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]148 return NULL;
149 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]150 OPENSSL_memset(ret, 0, sizeof(CERT));
Adam Langley3509dac2017-02-01 11:59:18 -0800[diff] [blame]151 ret->x509_method = x509_method;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]152
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]153 return ret;
154}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]155
Adam Langley3a2b47a2017-01-24 13:59:42 -0800[diff] [blame]156static CRYPTO_BUFFER *buffer_up_ref(CRYPTO_BUFFER *buffer) {
157 CRYPTO_BUFFER_up_ref(buffer);
158 return buffer;
159}
160
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]161CERT *ssl_cert_dup(CERT *cert) {
Brian Smith5ba06892016-02-07 09:36:04 -1000[diff] [blame]162 CERT *ret = OPENSSL_malloc(sizeof(CERT));
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]163 if (ret == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]164 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]165 return NULL;
166 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]167 OPENSSL_memset(ret, 0, sizeof(CERT));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]168
Adam Langley3a2b47a2017-01-24 13:59:42 -0800[diff] [blame]169 ret->chain = sk_CRYPTO_BUFFER_deep_copy(cert->chain, buffer_up_ref,
170 CRYPTO_BUFFER_free);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]171
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]172 if (cert->privatekey != NULL) {
Adam Langley310d3f62016-07-12 10:39:20 -0700[diff] [blame]173 EVP_PKEY_up_ref(cert->privatekey);
174 ret->privatekey = cert->privatekey;
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]175 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]176
Tom Thorogood66b2fe82016-03-06 20:08:38 +1030[diff] [blame]177 ret->key_method = cert->key_method;
Adam Langley3509dac2017-02-01 11:59:18 -0800[diff] [blame]178 ret->x509_method = cert->x509_method;
Tom Thorogood66b2fe82016-03-06 20:08:38 +1030[diff] [blame]179
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]180 if (cert->dh_tmp != NULL) {
181 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
182 if (ret->dh_tmp == NULL) {
183 OPENSSL_PUT_ERROR(SSL, ERR_R_DH_LIB);
184 goto err;
185 }
186 }
187 ret->dh_tmp_cb = cert->dh_tmp_cb;
188
189 if (cert->sigalgs != NULL) {
190 ret->sigalgs =
191 BUF_memdup(cert->sigalgs, cert->num_sigalgs * sizeof(cert->sigalgs[0]));
192 if (ret->sigalgs == NULL) {
193 goto err;
194 }
195 }
196 ret->num_sigalgs = cert->num_sigalgs;
197
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]198 ret->cert_cb = cert->cert_cb;
199 ret->cert_cb_arg = cert->cert_cb_arg;
200
Adam Langleyd323f4b2016-03-01 15:58:14 -0800[diff] [blame]201 if (cert->verify_store != NULL) {
202 X509_STORE_up_ref(cert->verify_store);
203 ret->verify_store = cert->verify_store;
204 }
205
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]206 if (cert->signed_cert_timestamp_list != NULL) {
207 CRYPTO_BUFFER_up_ref(cert->signed_cert_timestamp_list);
208 ret->signed_cert_timestamp_list = cert->signed_cert_timestamp_list;
209 }
210
211 if (cert->ocsp_response != NULL) {
212 CRYPTO_BUFFER_up_ref(cert->ocsp_response);
213 ret->ocsp_response = cert->ocsp_response;
214 }
215
David Benjamin5960a902017-02-14 20:07:11 -0500[diff] [blame]216 ret->sid_ctx_length = cert->sid_ctx_length;
217 OPENSSL_memcpy(ret->sid_ctx, cert->sid_ctx, sizeof(ret->sid_ctx));
218
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]219 return ret;
220
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]221err:
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]222 ssl_cert_free(ret);
223 return NULL;
224}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]225
226/* Free up and clear all certificates and chains */
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]227void ssl_cert_clear_certs(CERT *cert) {
228 if (cert == NULL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]229 return;
230 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]231
Adam Langley3509dac2017-02-01 11:59:18 -0800[diff] [blame]232 cert->x509_method->cert_clear(cert);
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]233
Adam Langley3a2b47a2017-01-24 13:59:42 -0800[diff] [blame]234 sk_CRYPTO_BUFFER_pop_free(cert->chain, CRYPTO_BUFFER_free);
235 cert->chain = NULL;
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]236 EVP_PKEY_free(cert->privatekey);
237 cert->privatekey = NULL;
David Benjamin71d2e542015-07-06 00:30:25 -0400[diff] [blame]238 cert->key_method = NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]239}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]240
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]241void ssl_cert_free(CERT *c) {
242 if (c == NULL) {
243 return;
244 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]245
David Benjamin2755a3e2015-04-22 16:17:58 -0400[diff] [blame]246 DH_free(c->dh_tmp);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]247
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]248 ssl_cert_clear_certs(c);
David Benjamind246b812016-07-08 15:07:02 -0700[diff] [blame]249 OPENSSL_free(c->sigalgs);
Adam Langleyd323f4b2016-03-01 15:58:14 -0800[diff] [blame]250 X509_STORE_free(c->verify_store);
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]251 CRYPTO_BUFFER_free(c->signed_cert_timestamp_list);
252 CRYPTO_BUFFER_free(c->ocsp_response);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]253
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]254 OPENSSL_free(c);
255}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]256
David Benjamina2bda9f2016-12-03 23:29:05 -0500[diff] [blame]257static void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg),
258 void *arg) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]259 c->cert_cb = cb;
260 c->cert_cb_arg = arg;
261}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]262
Adam Langley52940c42017-02-01 12:40:31 -0800[diff] [blame]263int ssl_set_cert(CERT *cert, CRYPTO_BUFFER *buffer) {
264 CBS cert_cbs;
265 CRYPTO_BUFFER_init_CBS(buffer, &cert_cbs);
266 EVP_PKEY *pubkey = ssl_cert_parse_pubkey(&cert_cbs);
267 if (pubkey == NULL) {
268 return 0;
269 }
270
271 if (!ssl_is_key_type_supported(pubkey->type)) {
272 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
273 EVP_PKEY_free(pubkey);
274 return 0;
275 }
276
277 /* An ECC certificate may be usable for ECDH or ECDSA. We only support ECDSA
278 * certificates, so sanity-check the key usage extension. */
279 if (pubkey->type == EVP_PKEY_EC &&
280 !ssl_cert_check_digital_signature_key_usage(&cert_cbs)) {
281 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
282 EVP_PKEY_free(pubkey);
283 return 0;
284 }
285
286 if (cert->privatekey != NULL) {
287 /* Sanity-check that the private key and the certificate match, unless the
288 * key is opaque (in case of, say, a smartcard). */
289 if (!EVP_PKEY_is_opaque(cert->privatekey) &&
290 !ssl_compare_public_and_private_key(pubkey, cert->privatekey)) {
291 /* don't fail for a cert/key mismatch, just free current private key
292 * (when switching to a different cert & key, first this function should
293 * be used, then ssl_set_pkey */
294 EVP_PKEY_free(cert->privatekey);
295 cert->privatekey = NULL;
296 /* clear error queue */
297 ERR_clear_error();
298 }
299 }
300
301 EVP_PKEY_free(pubkey);
302
303 cert->x509_method->cert_flush_cached_leaf(cert);
304
305 if (cert->chain != NULL) {
306 CRYPTO_BUFFER_free(sk_CRYPTO_BUFFER_value(cert->chain, 0));
307 sk_CRYPTO_BUFFER_set(cert->chain, 0, buffer);
308 CRYPTO_BUFFER_up_ref(buffer);
309 return 1;
310 }
311
312 cert->chain = sk_CRYPTO_BUFFER_new_null();
313 if (cert->chain == NULL) {
314 return 0;
315 }
316
317 if (!sk_CRYPTO_BUFFER_push(cert->chain, buffer)) {
318 sk_CRYPTO_BUFFER_free(cert->chain);
319 cert->chain = NULL;
320 return 0;
321 }
322 CRYPTO_BUFFER_up_ref(buffer);
323
324 return 1;
325}
326
327int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, size_t der_len,
328 const uint8_t *der) {
329 CRYPTO_BUFFER *buffer = CRYPTO_BUFFER_new(der, der_len, NULL);
330 if (buffer == NULL) {
331 return 0;
332 }
333
334 const int ok = ssl_set_cert(ctx->cert, buffer);
335 CRYPTO_BUFFER_free(buffer);
336 return ok;
337}
338
339int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *der, size_t der_len) {
340 CRYPTO_BUFFER *buffer = CRYPTO_BUFFER_new(der, der_len, NULL);
341 if (buffer == NULL) {
342 return 0;
343 }
344
345 const int ok = ssl_set_cert(ssl->cert, buffer);
346 CRYPTO_BUFFER_free(buffer);
347 return ok;
348}
349
David Benjamin7aa31d62016-08-08 21:38:32 -0400[diff] [blame]350int ssl_verify_cert_chain(SSL *ssl, long *out_verify_result,
351 STACK_OF(X509) *cert_chain) {
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]352 if (cert_chain == NULL || sk_X509_num(cert_chain) == 0) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]353 return 0;
354 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]355
Adam Langleyd323f4b2016-03-01 15:58:14 -0800[diff] [blame]356 X509_STORE *verify_store = ssl->ctx->cert_store;
357 if (ssl->cert->verify_store != NULL) {
358 verify_store = ssl->cert->verify_store;
359 }
360
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]361 X509 *leaf = sk_X509_value(cert_chain, 0);
362 int ret = 0;
363 X509_STORE_CTX ctx;
Adam Langleyd323f4b2016-03-01 15:58:14 -0800[diff] [blame]364 if (!X509_STORE_CTX_init(&ctx, verify_store, leaf, cert_chain)) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]365 OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]366 return 0;
367 }
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]368 if (!X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(),
369 ssl)) {
370 goto err;
371 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]372
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]373 /* We need to inherit the verify parameters. These can be determined by the
374 * context: if its a server it will verify SSL client certificates or vice
375 * versa. */
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]376 X509_STORE_CTX_set_default(&ctx, ssl->server ? "ssl_client" : "ssl_server");
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]377
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]378 /* Anything non-default in "param" should overwrite anything in the ctx. */
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]379 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), ssl->param);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]380
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]381 if (ssl->verify_callback) {
382 X509_STORE_CTX_set_verify_cb(&ctx, ssl->verify_callback);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]383 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]384
David Benjamine455e512016-08-01 20:11:13 -0400[diff] [blame]385 int verify_ret;
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]386 if (ssl->ctx->app_verify_callback != NULL) {
David Benjamine455e512016-08-01 20:11:13 -0400[diff] [blame]387 verify_ret = ssl->ctx->app_verify_callback(&ctx, ssl->ctx->app_verify_arg);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]388 } else {
David Benjamine455e512016-08-01 20:11:13 -0400[diff] [blame]389 verify_ret = X509_verify_cert(&ctx);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]390 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]391
Adam Langleya6cd1852016-08-26 09:38:13 -0700[diff] [blame]392 *out_verify_result = ctx.error;
393
David Benjamine455e512016-08-01 20:11:13 -0400[diff] [blame]394 /* If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result. */
395 if (verify_ret <= 0 && ssl->verify_mode != SSL_VERIFY_NONE) {
David Benjamin7aa31d62016-08-08 21:38:32 -0400[diff] [blame]396 ssl3_send_alert(ssl, SSL3_AL_FATAL, ssl_verify_alarm_type(ctx.error));
David Benjamine455e512016-08-01 20:11:13 -0400[diff] [blame]397 OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_VERIFY_FAILED);
398 goto err;
399 }
400
401 ERR_clear_error();
402 ret = 1;
403
David Benjamin306ece32015-09-17 13:46:22 -0400[diff] [blame]404err:
405 X509_STORE_CTX_cleanup(&ctx);
406 return ret;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]407}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]408
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]409int ssl_has_certificate(const SSL *ssl) {
Adam Langley3a2b47a2017-01-24 13:59:42 -0800[diff] [blame]410 return ssl->cert->chain != NULL &&
411 sk_CRYPTO_BUFFER_value(ssl->cert->chain, 0) != NULL &&
412 ssl_has_private_key(ssl);
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]413}
414
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]415STACK_OF(CRYPTO_BUFFER) *ssl_parse_cert_chain(uint8_t *out_alert,
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]416 EVP_PKEY **out_pubkey,
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]417 uint8_t *out_leaf_sha256,
Adam Langleyd519bf62016-12-12 11:16:44 -0800[diff] [blame]418 CBS *cbs,
419 CRYPTO_BUFFER_POOL *pool) {
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]420 *out_pubkey = NULL;
421
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]422 STACK_OF(CRYPTO_BUFFER) *ret = sk_CRYPTO_BUFFER_new_null();
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]423 if (ret == NULL) {
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]424 *out_alert = SSL_AD_INTERNAL_ERROR;
425 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]426 return NULL;
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]427 }
428
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]429 CBS certificate_list;
430 if (!CBS_get_u24_length_prefixed(cbs, &certificate_list)) {
431 *out_alert = SSL_AD_DECODE_ERROR;
432 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
433 goto err;
434 }
435
436 while (CBS_len(&certificate_list) > 0) {
437 CBS certificate;
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]438 if (!CBS_get_u24_length_prefixed(&certificate_list, &certificate) ||
439 CBS_len(&certificate) == 0) {
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]440 *out_alert = SSL_AD_DECODE_ERROR;
441 OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);
442 goto err;
443 }
444
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]445 if (sk_CRYPTO_BUFFER_num(ret) == 0) {
446 *out_pubkey = ssl_cert_parse_pubkey(&certificate);
447 if (*out_pubkey == NULL) {
Adam Langley7dccc712017-02-08 08:51:25 -0800[diff] [blame]448 *out_alert = SSL_AD_DECODE_ERROR;
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]449 goto err;
450 }
451
452 /* Retain the hash of the leaf certificate if requested. */
453 if (out_leaf_sha256 != NULL) {
454 SHA256(CBS_data(&certificate), CBS_len(&certificate), out_leaf_sha256);
455 }
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]456 }
457
Adam Langleyd519bf62016-12-12 11:16:44 -0800[diff] [blame]458 CRYPTO_BUFFER *buf =
459 CRYPTO_BUFFER_new_from_CBS(&certificate, pool);
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]460 if (buf == NULL) {
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]461 *out_alert = SSL_AD_DECODE_ERROR;
462 goto err;
463 }
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]464
465 if (!sk_CRYPTO_BUFFER_push(ret, buf)) {
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]466 *out_alert = SSL_AD_INTERNAL_ERROR;
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]467 CRYPTO_BUFFER_free(buf);
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]468 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
469 goto err;
470 }
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]471 }
472
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]473 return ret;
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]474
475err:
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]476 EVP_PKEY_free(*out_pubkey);
477 *out_pubkey = NULL;
Adam Langley68e71242016-12-12 11:06:16 -0800[diff] [blame]478 sk_CRYPTO_BUFFER_pop_free(ret, CRYPTO_BUFFER_free);
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]479 return NULL;
David Benjamin5c900c82016-07-13 23:03:26 -0400[diff] [blame]480}
481
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]482int ssl_add_cert_chain(SSL *ssl, CBB *cbb) {
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]483 if (!ssl_has_certificate(ssl)) {
484 return CBB_add_u24(cbb, 0);
485 }
486
Adam Langley3a2b47a2017-01-24 13:59:42 -0800[diff] [blame]487 CBB certs;
488 if (!CBB_add_u24_length_prefixed(cbb, &certs)) {
489 goto err;
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]490 }
491
Adam Langley3a2b47a2017-01-24 13:59:42 -0800[diff] [blame]492 STACK_OF(CRYPTO_BUFFER) *chain = ssl->cert->chain;
493 for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(chain); i++) {
494 CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(chain, i);
495 CBB child;
496 if (!CBB_add_u24_length_prefixed(&certs, &child) ||
497 !CBB_add_bytes(&child, CRYPTO_BUFFER_data(buffer),
498 CRYPTO_BUFFER_len(buffer)) ||
499 !CBB_flush(&certs)) {
500 goto err;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]501 }
502 }
503
David Benjamin75836432016-06-17 18:48:29 -0400[diff] [blame]504 return CBB_flush(cbb);
Adam Langley3a2b47a2017-01-24 13:59:42 -0800[diff] [blame]505
506err:
507 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
508 return 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]509}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]510
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]511/* ssl_cert_skip_to_spki parses a DER-encoded, X.509 certificate from |in| and
512 * positions |*out_tbs_cert| to cover the TBSCertificate, starting at the
513 * subjectPublicKeyInfo. */
514static int ssl_cert_skip_to_spki(const CBS *in, CBS *out_tbs_cert) {
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]515 /* From RFC 5280, section 4.1
516 * Certificate ::= SEQUENCE {
517 * tbsCertificate TBSCertificate,
518 * signatureAlgorithm AlgorithmIdentifier,
519 * signatureValue BIT STRING }
520
521 * TBSCertificate ::= SEQUENCE {
522 * version [0] EXPLICIT Version DEFAULT v1,
523 * serialNumber CertificateSerialNumber,
524 * signature AlgorithmIdentifier,
525 * issuer Name,
526 * validity Validity,
527 * subject Name,
528 * subjectPublicKeyInfo SubjectPublicKeyInfo,
529 * ... } */
530 CBS buf = *in;
531
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]532 CBS toplevel;
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]533 if (!CBS_get_asn1(&buf, &toplevel, CBS_ASN1_SEQUENCE) ||
534 CBS_len(&buf) != 0 ||
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]535 !CBS_get_asn1(&toplevel, out_tbs_cert, CBS_ASN1_SEQUENCE) ||
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]536 /* version */
537 !CBS_get_optional_asn1(
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]538 out_tbs_cert, NULL, NULL,
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]539 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
540 /* serialNumber */
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]541 !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_INTEGER) ||
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]542 /* signature algorithm */
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]543 !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]544 /* issuer */
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]545 !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]546 /* validity */
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]547 !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]548 /* subject */
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]549 !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE)) {
550 return 0;
551 }
552
553 return 1;
554}
555
556EVP_PKEY *ssl_cert_parse_pubkey(const CBS *in) {
David Benjamin5b410b62017-01-03 08:08:57 -0500[diff] [blame]557 CBS buf = *in, tbs_cert;
558 if (!ssl_cert_skip_to_spki(&buf, &tbs_cert)) {
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]559 OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
560 return NULL;
561 }
562
David Benjamin5b410b62017-01-03 08:08:57 -0500[diff] [blame]563 return EVP_parse_public_key(&tbs_cert);
Adam Langleyd5157222016-12-12 11:37:43 -0800[diff] [blame]564}
565
Adam Langleyc26692c2017-01-25 09:34:42 -0800[diff] [blame]566int ssl_compare_public_and_private_key(const EVP_PKEY *pubkey,
567 const EVP_PKEY *privkey) {
Adam Langley3a2b47a2017-01-24 13:59:42 -0800[diff] [blame]568 int ret = 0;
569
570 switch (EVP_PKEY_cmp(pubkey, privkey)) {
571 case 1:
572 ret = 1;
573 break;
574 case 0:
575 OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH);
576 break;
577 case -1:
578 OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH);
579 break;
580 case -2:
581 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE);
582 default:
583 assert(0);
584 break;
585 }
586
Adam Langley3a2b47a2017-01-24 13:59:42 -0800[diff] [blame]587 return ret;
588}
589
590int ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey) {
591 if (privkey == NULL) {
592 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
593 return 0;
594 }
595
596 if (cert->chain == NULL ||
597 sk_CRYPTO_BUFFER_value(cert->chain, 0) == NULL) {
598 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
599 return 0;
600 }
601
Adam Langleyc26692c2017-01-25 09:34:42 -0800[diff] [blame]602 CBS cert_cbs;
603 CRYPTO_BUFFER_init_CBS(sk_CRYPTO_BUFFER_value(cert->chain, 0), &cert_cbs);
604 EVP_PKEY *pubkey = ssl_cert_parse_pubkey(&cert_cbs);
605 if (!pubkey) {
606 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE);
607 return 0;
608 }
609
610 const int ok = ssl_compare_public_and_private_key(pubkey, privkey);
611 EVP_PKEY_free(pubkey);
612 return ok;
Adam Langley3a2b47a2017-01-24 13:59:42 -0800[diff] [blame]613}
614
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]615int ssl_cert_check_digital_signature_key_usage(const CBS *in) {
616 CBS buf = *in;
617
618 CBS tbs_cert, outer_extensions;
619 int has_extensions;
620 if (!ssl_cert_skip_to_spki(&buf, &tbs_cert) ||
621 /* subjectPublicKeyInfo */
622 !CBS_get_asn1(&tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
623 /* issuerUniqueID */
624 !CBS_get_optional_asn1(
625 &tbs_cert, NULL, NULL,
626 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 1) ||
627 /* subjectUniqueID */
628 !CBS_get_optional_asn1(
629 &tbs_cert, NULL, NULL,
630 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 2) ||
631 !CBS_get_optional_asn1(
632 &tbs_cert, &outer_extensions, &has_extensions,
633 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3)) {
634 goto parse_err;
635 }
636
637 if (!has_extensions) {
638 return 1;
639 }
640
641 CBS extensions;
642 if (!CBS_get_asn1(&outer_extensions, &extensions, CBS_ASN1_SEQUENCE)) {
643 goto parse_err;
644 }
645
646 while (CBS_len(&extensions) > 0) {
647 CBS extension, oid, contents;
648 if (!CBS_get_asn1(&extensions, &extension, CBS_ASN1_SEQUENCE) ||
649 !CBS_get_asn1(&extension, &oid, CBS_ASN1_OBJECT) ||
650 (CBS_peek_asn1_tag(&extension, CBS_ASN1_BOOLEAN) &&
651 !CBS_get_asn1(&extension, NULL, CBS_ASN1_BOOLEAN)) ||
652 !CBS_get_asn1(&extension, &contents, CBS_ASN1_OCTETSTRING) ||
653 CBS_len(&extension) != 0) {
654 goto parse_err;
655 }
656
657 static const uint8_t kKeyUsageOID[3] = {0x55, 0x1d, 0x0f};
658 if (CBS_len(&oid) != sizeof(kKeyUsageOID) ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]659 OPENSSL_memcmp(CBS_data(&oid), kKeyUsageOID, sizeof(kKeyUsageOID)) !=
660 0) {
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]661 continue;
662 }
663
664 CBS bit_string;
665 if (!CBS_get_asn1(&contents, &bit_string, CBS_ASN1_BITSTRING) ||
666 CBS_len(&contents) != 0) {
667 goto parse_err;
668 }
669
670 /* This is the KeyUsage extension. See
671 * https://tools.ietf.org/html/rfc5280#section-4.2.1.3 */
672 if (!CBS_is_valid_asn1_bitstring(&bit_string)) {
673 goto parse_err;
674 }
675
676 if (!CBS_asn1_bitstring_has_bit(&bit_string, 0)) {
677 OPENSSL_PUT_ERROR(SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
678 return 0;
679 }
680
681 return 1;
682 }
683
684 /* No KeyUsage extension found. */
685 return 1;
686
687parse_err:
688 OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
689 return 0;
690}
691
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame^]692STACK_OF(CRYPTO_BUFFER) *
David Benjamine0332e82016-07-13 22:40:36 -0400[diff] [blame]693 ssl_parse_client_CA_list(SSL *ssl, uint8_t *out_alert, CBS *cbs) {
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame^]694 CRYPTO_BUFFER_POOL *const pool = ssl->ctx->pool;
695
696 STACK_OF(CRYPTO_BUFFER) *ret = sk_CRYPTO_BUFFER_new_null();
David Benjamine0332e82016-07-13 22:40:36 -0400[diff] [blame]697 if (ret == NULL) {
698 *out_alert = SSL_AD_INTERNAL_ERROR;
699 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
700 return NULL;
701 }
702
703 CBS child;
704 if (!CBS_get_u16_length_prefixed(cbs, &child)) {
705 *out_alert = SSL_AD_DECODE_ERROR;
706 OPENSSL_PUT_ERROR(SSL, SSL_R_LENGTH_MISMATCH);
707 goto err;
708 }
709
710 while (CBS_len(&child) > 0) {
711 CBS distinguished_name;
712 if (!CBS_get_u16_length_prefixed(&child, &distinguished_name)) {
713 *out_alert = SSL_AD_DECODE_ERROR;
714 OPENSSL_PUT_ERROR(SSL, SSL_R_CA_DN_TOO_LONG);
715 goto err;
716 }
717
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame^]718 CRYPTO_BUFFER *buffer =
719 CRYPTO_BUFFER_new_from_CBS(&distinguished_name, pool);
720 if (buffer == NULL ||
721 !sk_CRYPTO_BUFFER_push(ret, buffer)) {
722 CRYPTO_BUFFER_free(buffer);
David Benjamine0332e82016-07-13 22:40:36 -0400[diff] [blame]723 *out_alert = SSL_AD_INTERNAL_ERROR;
724 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
725 goto err;
726 }
David Benjamine0332e82016-07-13 22:40:36 -0400[diff] [blame]727 }
728
729 return ret;
730
731err:
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame^]732 sk_CRYPTO_BUFFER_pop_free(ret, CRYPTO_BUFFER_free);
David Benjamine0332e82016-07-13 22:40:36 -0400[diff] [blame]733 return NULL;
734}
735
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]736int ssl_add_client_CA_list(SSL *ssl, CBB *cbb) {
737 CBB child, name_cbb;
738 if (!CBB_add_u16_length_prefixed(cbb, &child)) {
739 return 0;
740 }
741
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame^]742 STACK_OF(CRYPTO_BUFFER) *names = ssl->client_CA;
743 if (names == NULL) {
744 names = ssl->ctx->client_CA;
745 }
746 if (names == NULL) {
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]747 return CBB_flush(cbb);
748 }
749
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame^]750 for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(names); i++) {
751 const CRYPTO_BUFFER *name = sk_CRYPTO_BUFFER_value(names, i);
752
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]753 if (!CBB_add_u16_length_prefixed(&child, &name_cbb) ||
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame^]754 !CBB_add_bytes(&name_cbb, CRYPTO_BUFFER_data(name),
755 CRYPTO_BUFFER_len(name))) {
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]756 return 0;
757 }
758 }
759
760 return CBB_flush(cbb);
761}
762
Adam Langleyd323f4b2016-03-01 15:58:14 -0800[diff] [blame]763static int set_cert_store(X509_STORE **store_ptr, X509_STORE *new_store, int take_ref) {
764 X509_STORE_free(*store_ptr);
765 *store_ptr = new_store;
766
767 if (new_store != NULL && take_ref) {
768 X509_STORE_up_ref(new_store);
769 }
770
771 return 1;
772}
773
774int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
775 return set_cert_store(&ctx->cert->verify_store, store, 0);
776}
777
778int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
779 return set_cert_store(&ctx->cert->verify_store, store, 1);
780}
781
782int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store) {
783 return set_cert_store(&ssl->cert->verify_store, store, 0);
784}
785
786int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store) {
787 return set_cert_store(&ssl->cert->verify_store, store, 1);
788}
789
David Benjamina2bda9f2016-12-03 23:29:05 -0500[diff] [blame]790void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, void *arg),
791 void *arg) {
792 ssl_cert_set_cert_cb(ctx->cert, cb, arg);
793}
794
795void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), void *arg) {
796 ssl_cert_set_cert_cb(ssl->cert, cb, arg);
797}
798
David Benjamin45738dd2017-02-09 20:01:26 -0500[diff] [blame]799int ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey,
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]800 const CRYPTO_BUFFER *leaf) {
David Benjamin45738dd2017-02-09 20:01:26 -0500[diff] [blame]801 SSL *const ssl = hs->ssl;
David Benjamin938fa7c2016-10-07 00:27:05 -0400[diff] [blame]802 assert(ssl3_protocol_version(ssl) < TLS1_3_VERSION);
803
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]804 /* Check the certificate's type matches the cipher. */
David Benjamin45738dd2017-02-09 20:01:26 -0500[diff] [blame]805 int expected_type = ssl_cipher_get_key_type(hs->new_cipher);
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]806 assert(expected_type != EVP_PKEY_NONE);
807 if (pkey->type != expected_type) {
808 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CERTIFICATE_TYPE);
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]809 return 0;
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]810 }
811
David Benjamin45738dd2017-02-09 20:01:26 -0500[diff] [blame]812 if (hs->new_cipher->algorithm_auth & SSL_aECDSA) {
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]813 CBS leaf_cbs;
814 CBS_init(&leaf_cbs, CRYPTO_BUFFER_data(leaf), CRYPTO_BUFFER_len(leaf));
815 /* ECDSA and ECDH certificates use the same public key format. Instead,
816 * they are distinguished by the key usage extension in the certificate. */
817 if (!ssl_cert_check_digital_signature_key_usage(&leaf_cbs)) {
818 return 0;
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]819 }
820
David Benjamin938fa7c2016-10-07 00:27:05 -0400[diff] [blame]821 EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
822 if (ec_key == NULL) {
823 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT);
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]824 return 0;
David Benjamin938fa7c2016-10-07 00:27:05 -0400[diff] [blame]825 }
826
827 /* Check the key's group and point format are acceptable. */
828 uint16_t group_id;
829 if (!ssl_nid_to_group_id(
830 &group_id, EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key))) ||
831 !tls1_check_group_id(ssl, group_id) ||
832 EC_KEY_get_conv_form(ec_key) != POINT_CONVERSION_UNCOMPRESSED) {
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]833 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT);
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]834 return 0;
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]835 }
836 }
837
Adam Langley05672202016-12-13 12:05:49 -0800[diff] [blame]838 return 1;
Steven Valdezbf5aa842016-07-15 07:07:40 -0400[diff] [blame]839}
David Benjamin5edfc8c2016-12-10 15:46:58 -0500[diff] [blame]840
841static int do_client_cert_cb(SSL *ssl, void *arg) {
842 if (ssl_has_certificate(ssl) || ssl->ctx->client_cert_cb == NULL) {
843 return 1;
844 }
845
846 X509 *x509 = NULL;
847 EVP_PKEY *pkey = NULL;
848 int ret = ssl->ctx->client_cert_cb(ssl, &x509, &pkey);
849 if (ret < 0) {
850 return -1;
851 }
852
853 if (ret != 0) {
854 if (!SSL_use_certificate(ssl, x509) ||
855 !SSL_use_PrivateKey(ssl, pkey)) {
856 return 0;
857 }
858 }
859
860 X509_free(x509);
861 EVP_PKEY_free(pkey);
862 return 1;
863}
864
865void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl,
866 X509 **out_x509,
867 EVP_PKEY **out_pkey)) {
868 /* Emulate the old client certificate callback with the new one. */
869 SSL_CTX_set_cert_cb(ctx, do_client_cert_cb, NULL);
870 ctx->client_cert_cb = cb;
871}
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]872
873static int set_signed_cert_timestamp_list(CERT *cert, const uint8_t *list,
874 size_t list_len) {
875 CBS sct_list;
876 CBS_init(&sct_list, list, list_len);
877 if (!ssl_is_sct_list_valid(&sct_list)) {
878 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SCT_LIST);
879 return 0;
880 }
881
882 CRYPTO_BUFFER_free(cert->signed_cert_timestamp_list);
883 cert->signed_cert_timestamp_list =
884 CRYPTO_BUFFER_new(CBS_data(&sct_list), CBS_len(&sct_list), NULL);
885 return cert->signed_cert_timestamp_list != NULL;
886}
887
888int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx, const uint8_t *list,
889 size_t list_len) {
890 return set_signed_cert_timestamp_list(ctx->cert, list, list_len);
891}
892
893int SSL_set_signed_cert_timestamp_list(SSL *ssl, const uint8_t *list,
894 size_t list_len) {
895 return set_signed_cert_timestamp_list(ssl->cert, list, list_len);
896}
897
898int SSL_CTX_set_ocsp_response(SSL_CTX *ctx, const uint8_t *response,
899 size_t response_len) {
900 CRYPTO_BUFFER_free(ctx->cert->ocsp_response);
901 ctx->cert->ocsp_response = CRYPTO_BUFFER_new(response, response_len, NULL);
902 return ctx->cert->ocsp_response != NULL;
903}
904
905int SSL_set_ocsp_response(SSL *ssl, const uint8_t *response,
906 size_t response_len) {
907 CRYPTO_BUFFER_free(ssl->cert->ocsp_response);
908 ssl->cert->ocsp_response = CRYPTO_BUFFER_new(response, response_len, NULL);
909 return ssl->cert->ocsp_response != NULL;
910}