1 /*
2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 #include "internal/e_os.h"
12
13 #include <stdio.h>
14 #include <sys/types.h>
15
16 #include "internal/nelem.h"
17 #include "internal/o_dir.h"
18 #include <openssl/bio.h>
19 #include <openssl/pem.h>
20 #include <openssl/store.h>
21 #include <openssl/x509v3.h>
22 #include <openssl/dh.h>
23 #include <openssl/bn.h>
24 #include <openssl/crypto.h>
25 #include "internal/refcount.h"
26 #include "ssl_local.h"
27 #include "ssl_cert_table.h"
28 #include "internal/thread_once.h"
29 #include "internal/ssl_unwrap.h"
30 #ifndef OPENSSL_NO_POSIX_IO
31 # include <sys/stat.h>
32 # ifdef _WIN32
33 # define stat _stat
34 # endif
35 # ifndef S_ISDIR
36 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
37 # endif
38 #endif
39
40
41 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
42 int op, int bits, int nid, void *other,
43 void *ex);
44
45 static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
46 static volatile int ssl_x509_store_ctx_idx = -1;
47
DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)48 DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
49 {
50 ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
51 "SSL for verify callback",
52 NULL, NULL, NULL);
53 return ssl_x509_store_ctx_idx >= 0;
54 }
55
SSL_get_ex_data_X509_STORE_CTX_idx(void)56 int SSL_get_ex_data_X509_STORE_CTX_idx(void)
57 {
58
59 if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
60 return -1;
61 return ssl_x509_store_ctx_idx;
62 }
63
ssl_cert_new(size_t ssl_pkey_num)64 CERT *ssl_cert_new(size_t ssl_pkey_num)
65 {
66 CERT *ret = NULL;
67
68 /* Should never happen */
69 if (!ossl_assert(ssl_pkey_num >= SSL_PKEY_NUM))
70 return NULL;
71
72 ret = OPENSSL_zalloc(sizeof(*ret));
73 if (ret == NULL)
74 return NULL;
75
76 ret->ssl_pkey_num = ssl_pkey_num;
77 ret->pkeys = OPENSSL_calloc(ret->ssl_pkey_num, sizeof(CERT_PKEY));
78 if (ret->pkeys == NULL) {
79 OPENSSL_free(ret);
80 return NULL;
81 }
82
83 ret->key = &(ret->pkeys[SSL_PKEY_RSA]);
84 ret->sec_cb = ssl_security_default_callback;
85 ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
86 ret->sec_ex = NULL;
87 if (!CRYPTO_NEW_REF(&ret->references, 1)) {
88 OPENSSL_free(ret->pkeys);
89 OPENSSL_free(ret);
90 return NULL;
91 }
92
93 return ret;
94 }
95
ssl_cert_dup(CERT * cert)96 CERT *ssl_cert_dup(CERT *cert)
97 {
98 CERT *ret = OPENSSL_zalloc(sizeof(*ret));
99 size_t i;
100 #ifndef OPENSSL_NO_COMP_ALG
101 int j;
102 #endif
103
104 if (ret == NULL)
105 return NULL;
106
107 ret->ssl_pkey_num = cert->ssl_pkey_num;
108 ret->pkeys = OPENSSL_calloc(ret->ssl_pkey_num, sizeof(CERT_PKEY));
109 if (ret->pkeys == NULL) {
110 OPENSSL_free(ret);
111 return NULL;
112 }
113
114 ret->key = &ret->pkeys[cert->key - cert->pkeys];
115 if (!CRYPTO_NEW_REF(&ret->references, 1)) {
116 OPENSSL_free(ret->pkeys);
117 OPENSSL_free(ret);
118 return NULL;
119 }
120
121 if (cert->dh_tmp != NULL) {
122 if (!EVP_PKEY_up_ref(cert->dh_tmp))
123 goto err;
124 ret->dh_tmp = cert->dh_tmp;
125 }
126
127 ret->dh_tmp_cb = cert->dh_tmp_cb;
128 ret->dh_tmp_auto = cert->dh_tmp_auto;
129
130 for (i = 0; i < ret->ssl_pkey_num; i++) {
131 CERT_PKEY *cpk = cert->pkeys + i;
132 CERT_PKEY *rpk = ret->pkeys + i;
133
134 if (cpk->x509 != NULL) {
135 if (!X509_up_ref(cpk->x509))
136 goto err;
137 rpk->x509 = cpk->x509;
138 }
139
140 if (cpk->privatekey != NULL) {
141 if (!EVP_PKEY_up_ref(cpk->privatekey))
142 goto err;
143 rpk->privatekey = cpk->privatekey;
144 }
145
146 if (cpk->chain) {
147 rpk->chain = X509_chain_up_ref(cpk->chain);
148 if (!rpk->chain) {
149 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
150 goto err;
151 }
152 }
153 if (cpk->serverinfo != NULL) {
154 /* Just copy everything. */
155 rpk->serverinfo = OPENSSL_memdup(cpk->serverinfo, cpk->serverinfo_length);
156 if (rpk->serverinfo == NULL)
157 goto err;
158 rpk->serverinfo_length = cpk->serverinfo_length;
159 }
160 #ifndef OPENSSL_NO_COMP_ALG
161 for (j = TLSEXT_comp_cert_none; j < TLSEXT_comp_cert_limit; j++) {
162 if (cpk->comp_cert[j] != NULL) {
163 if (!OSSL_COMP_CERT_up_ref(cpk->comp_cert[j]))
164 goto err;
165 rpk->comp_cert[j] = cpk->comp_cert[j];
166 }
167 }
168 #endif
169 }
170
171 /* Configured sigalgs copied across */
172 if (cert->conf_sigalgs) {
173 ret->conf_sigalgs = OPENSSL_malloc_array(cert->conf_sigalgslen,
174 sizeof(*cert->conf_sigalgs));
175 if (ret->conf_sigalgs == NULL)
176 goto err;
177 memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
178 cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs));
179 ret->conf_sigalgslen = cert->conf_sigalgslen;
180 } else
181 ret->conf_sigalgs = NULL;
182
183 if (cert->client_sigalgs) {
184 ret->client_sigalgs =
185 OPENSSL_malloc_array(cert->client_sigalgslen,
186 sizeof(*cert->client_sigalgs));
187 if (ret->client_sigalgs == NULL)
188 goto err;
189 memcpy(ret->client_sigalgs, cert->client_sigalgs,
190 cert->client_sigalgslen * sizeof(*cert->client_sigalgs));
191 ret->client_sigalgslen = cert->client_sigalgslen;
192 } else
193 ret->client_sigalgs = NULL;
194 /* Copy any custom client certificate types */
195 if (cert->ctype) {
196 ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len);
197 if (ret->ctype == NULL)
198 goto err;
199 ret->ctype_len = cert->ctype_len;
200 }
201
202 ret->cert_flags = cert->cert_flags;
203
204 ret->cert_cb = cert->cert_cb;
205 ret->cert_cb_arg = cert->cert_cb_arg;
206
207 if (cert->verify_store) {
208 if (!X509_STORE_up_ref(cert->verify_store))
209 goto err;
210 ret->verify_store = cert->verify_store;
211 }
212
213 if (cert->chain_store) {
214 if (!X509_STORE_up_ref(cert->chain_store))
215 goto err;
216 ret->chain_store = cert->chain_store;
217 }
218
219 ret->sec_cb = cert->sec_cb;
220 ret->sec_level = cert->sec_level;
221 ret->sec_ex = cert->sec_ex;
222
223 if (!custom_exts_copy(&ret->custext, &cert->custext))
224 goto err;
225 #ifndef OPENSSL_NO_PSK
226 if (cert->psk_identity_hint) {
227 ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint);
228 if (ret->psk_identity_hint == NULL)
229 goto err;
230 }
231 #endif
232 return ret;
233
234 err:
235 ssl_cert_free(ret);
236
237 return NULL;
238 }
239
240 /* Free up and clear all certificates and chains */
241
ssl_cert_clear_certs(CERT * c)242 void ssl_cert_clear_certs(CERT *c)
243 {
244 size_t i;
245 #ifndef OPENSSL_NO_COMP_ALG
246 int j;
247 #endif
248
249 if (c == NULL)
250 return;
251 for (i = 0; i < c->ssl_pkey_num; i++) {
252 CERT_PKEY *cpk = c->pkeys + i;
253 X509_free(cpk->x509);
254 cpk->x509 = NULL;
255 EVP_PKEY_free(cpk->privatekey);
256 cpk->privatekey = NULL;
257 OSSL_STACK_OF_X509_free(cpk->chain);
258 cpk->chain = NULL;
259 OPENSSL_free(cpk->serverinfo);
260 cpk->serverinfo = NULL;
261 cpk->serverinfo_length = 0;
262 #ifndef OPENSSL_NO_COMP_ALG
263 for (j = 0; j < TLSEXT_comp_cert_limit; j++) {
264 OSSL_COMP_CERT_free(cpk->comp_cert[j]);
265 cpk->comp_cert[j] = NULL;
266 cpk->cert_comp_used = 0;
267 }
268 #endif
269 }
270 }
271
ssl_cert_free(CERT * c)272 void ssl_cert_free(CERT *c)
273 {
274 int i;
275
276 if (c == NULL)
277 return;
278 CRYPTO_DOWN_REF(&c->references, &i);
279 REF_PRINT_COUNT("CERT", i, c);
280 if (i > 0)
281 return;
282 REF_ASSERT_ISNT(i < 0);
283
284 EVP_PKEY_free(c->dh_tmp);
285
286 ssl_cert_clear_certs(c);
287 OPENSSL_free(c->conf_sigalgs);
288 OPENSSL_free(c->client_sigalgs);
289 OPENSSL_free(c->ctype);
290 X509_STORE_free(c->verify_store);
291 X509_STORE_free(c->chain_store);
292 custom_exts_free(&c->custext);
293 #ifndef OPENSSL_NO_PSK
294 OPENSSL_free(c->psk_identity_hint);
295 #endif
296 OPENSSL_free(c->pkeys);
297 CRYPTO_FREE_REF(&c->references);
298 OPENSSL_free(c);
299 }
300
ssl_cert_set0_chain(SSL_CONNECTION * s,SSL_CTX * ctx,STACK_OF (X509)* chain)301 int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
302 {
303 int i, r;
304 CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key;
305
306 if (!cpk)
307 return 0;
308 for (i = 0; i < sk_X509_num(chain); i++) {
309 X509 *x = sk_X509_value(chain, i);
310
311 r = ssl_security_cert(s, ctx, x, 0, 0);
312 if (r != 1) {
313 ERR_raise(ERR_LIB_SSL, r);
314 return 0;
315 }
316 }
317 OSSL_STACK_OF_X509_free(cpk->chain);
318 cpk->chain = chain;
319 return 1;
320 }
321
ssl_cert_set1_chain(SSL_CONNECTION * s,SSL_CTX * ctx,STACK_OF (X509)* chain)322 int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
323 {
324 STACK_OF(X509) *dchain;
325
326 if (!chain)
327 return ssl_cert_set0_chain(s, ctx, NULL);
328 dchain = X509_chain_up_ref(chain);
329 if (!dchain)
330 return 0;
331 if (!ssl_cert_set0_chain(s, ctx, dchain)) {
332 OSSL_STACK_OF_X509_free(dchain);
333 return 0;
334 }
335 return 1;
336 }
337
ssl_cert_add0_chain_cert(SSL_CONNECTION * s,SSL_CTX * ctx,X509 * x)338 int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
339 {
340 int r;
341 CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
342
343 if (!cpk)
344 return 0;
345 r = ssl_security_cert(s, ctx, x, 0, 0);
346 if (r != 1) {
347 ERR_raise(ERR_LIB_SSL, r);
348 return 0;
349 }
350 if (!cpk->chain)
351 cpk->chain = sk_X509_new_null();
352 if (!cpk->chain || !sk_X509_push(cpk->chain, x))
353 return 0;
354 return 1;
355 }
356
ssl_cert_add1_chain_cert(SSL_CONNECTION * s,SSL_CTX * ctx,X509 * x)357 int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
358 {
359 if (!X509_up_ref(x))
360 return 0;
361 if (!ssl_cert_add0_chain_cert(s, ctx, x)) {
362 X509_free(x);
363 return 0;
364 }
365 return 1;
366 }
367
ssl_cert_select_current(CERT * c,X509 * x)368 int ssl_cert_select_current(CERT *c, X509 *x)
369 {
370 size_t i;
371
372 if (x == NULL)
373 return 0;
374 for (i = 0; i < c->ssl_pkey_num; i++) {
375 CERT_PKEY *cpk = c->pkeys + i;
376 if (cpk->x509 == x && cpk->privatekey) {
377 c->key = cpk;
378 return 1;
379 }
380 }
381
382 for (i = 0; i < c->ssl_pkey_num; i++) {
383 CERT_PKEY *cpk = c->pkeys + i;
384 if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) {
385 c->key = cpk;
386 return 1;
387 }
388 }
389 return 0;
390 }
391
ssl_cert_set_current(CERT * c,long op)392 int ssl_cert_set_current(CERT *c, long op)
393 {
394 size_t i, idx;
395
396 if (!c)
397 return 0;
398 if (op == SSL_CERT_SET_FIRST)
399 idx = 0;
400 else if (op == SSL_CERT_SET_NEXT) {
401 idx = (size_t)(c->key - c->pkeys + 1);
402 if (idx >= c->ssl_pkey_num)
403 return 0;
404 } else
405 return 0;
406 for (i = idx; i < c->ssl_pkey_num; i++) {
407 CERT_PKEY *cpk = c->pkeys + i;
408 if (cpk->x509 && cpk->privatekey) {
409 c->key = cpk;
410 return 1;
411 }
412 }
413 return 0;
414 }
415
ssl_cert_set_cert_cb(CERT * c,int (* cb)(SSL * ssl,void * arg),void * arg)416 void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
417 {
418 c->cert_cb = cb;
419 c->cert_cb_arg = arg;
420 }
421
422 /*
423 * Verify a certificate chain/raw public key
424 * Return codes:
425 * 1: Verify success
426 * 0: Verify failure or error
427 * -1: Retry required
428 */
ssl_verify_internal(SSL_CONNECTION * s,STACK_OF (X509)* sk,EVP_PKEY * rpk)429 static int ssl_verify_internal(SSL_CONNECTION *s, STACK_OF(X509) *sk, EVP_PKEY *rpk)
430 {
431 X509 *x;
432 int i = 0;
433 X509_STORE *verify_store;
434 X509_STORE_CTX *ctx = NULL;
435 X509_VERIFY_PARAM *param;
436 SSL_CTX *sctx;
437 #ifndef OPENSSL_NO_OCSP
438 SSL *ssl;
439 #endif
440
441 /* Something must be passed in */
442 if ((sk == NULL || sk_X509_num(sk) == 0) && rpk == NULL)
443 return 0;
444
445 /* Only one can be set */
446 if (sk != NULL && rpk != NULL)
447 return 0;
448
449 sctx = SSL_CONNECTION_GET_CTX(s);
450 if (s->cert->verify_store)
451 verify_store = s->cert->verify_store;
452 else
453 verify_store = sctx->cert_store;
454
455 ctx = X509_STORE_CTX_new_ex(sctx->libctx, sctx->propq);
456 if (ctx == NULL) {
457 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
458 return 0;
459 }
460
461 if (sk != NULL) {
462 x = sk_X509_value(sk, 0);
463 if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
464 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
465 goto end;
466 }
467 } else {
468 if (!X509_STORE_CTX_init_rpk(ctx, verify_store, rpk)) {
469 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
470 goto end;
471 }
472 }
473 param = X509_STORE_CTX_get0_param(ctx);
474 /*
475 * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
476 * point, for now a single @SECLEVEL sets the same policy for TLS crypto
477 * and PKI authentication.
478 */
479 X509_VERIFY_PARAM_set_auth_level(param,
480 SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)));
481
482 /* Set suite B flags if needed */
483 X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
484 if (!X509_STORE_CTX_set_ex_data(ctx,
485 SSL_get_ex_data_X509_STORE_CTX_idx(),
486 SSL_CONNECTION_GET_USER_SSL(s)))
487 goto end;
488
489 /* Verify via DANE if enabled */
490 if (DANETLS_ENABLED(&s->dane))
491 X509_STORE_CTX_set0_dane(ctx, &s->dane);
492
493 /*
494 * Set OCSP Responses for verification:
495 * This function is called in the SERVER_CERTIFICATE message, in TLS 1.2
496 * the OCSP responses are sent in the CERT_STATUS message after that.
497 * Therefore the verification code currently only works in TLS 1.3.
498 */
499 #ifndef OPENSSL_NO_OCSP
500 ssl = SSL_CONNECTION_GET_SSL(s);
501 /*
502 * TODO(DTLS-1.3): in future DTLS should also be considered
503 */
504 if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) {
505 /* ignore status_request_v2 if TLS version < 1.3 */
506 int status = SSL_get_tlsext_status_type(ssl);
507
508 if (status == TLSEXT_STATUSTYPE_ocsp)
509 X509_STORE_CTX_set_ocsp_resp(ctx, s->ext.ocsp.resp_ex);
510 }
511 #endif
512
513 /*
514 * We need to inherit the verify parameters. These can be determined by
515 * the context: if its a server it will verify SSL client certificates or
516 * vice versa.
517 */
518
519 X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
520 /*
521 * Anything non-default in "s->param" should overwrite anything in the ctx.
522 */
523 X509_VERIFY_PARAM_set1(param, s->param);
524
525 if (s->verify_callback)
526 X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
527
528 if (sctx->app_verify_callback != NULL) {
529 i = sctx->app_verify_callback(ctx, sctx->app_verify_arg);
530 } else {
531 i = X509_verify_cert(ctx);
532 /* We treat an error in the same way as a failure to verify */
533 if (i < 0)
534 i = 0;
535 }
536
537 s->verify_result = X509_STORE_CTX_get_error(ctx);
538 OSSL_STACK_OF_X509_free(s->verified_chain);
539 s->verified_chain = NULL;
540
541 if (sk != NULL && X509_STORE_CTX_get0_chain(ctx) != NULL) {
542 s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
543 if (s->verified_chain == NULL) {
544 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
545 i = 0;
546 }
547 }
548
549 /* Move peername from the store context params to the SSL handle's */
550 X509_VERIFY_PARAM_move_peername(s->param, param);
551
552 end:
553 X509_STORE_CTX_free(ctx);
554 return i;
555 }
556
557 /*
558 * Verify a raw public key
559 * Return codes:
560 * 1: Verify success
561 * 0: Verify failure or error
562 * -1: Retry required
563 */
ssl_verify_rpk(SSL_CONNECTION * s,EVP_PKEY * rpk)564 int ssl_verify_rpk(SSL_CONNECTION *s, EVP_PKEY *rpk)
565 {
566 return ssl_verify_internal(s, NULL, rpk);
567 }
568
569 /*
570 * Verify a certificate chain
571 * Return codes:
572 * 1: Verify success
573 * 0: Verify failure or error
574 * -1: Retry required
575 */
ssl_verify_cert_chain(SSL_CONNECTION * s,STACK_OF (X509)* sk)576 int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk)
577 {
578 return ssl_verify_internal(s, sk, NULL);
579 }
580
set0_CA_list(STACK_OF (X509_NAME)** ca_list,STACK_OF (X509_NAME)* name_list)581 static void set0_CA_list(STACK_OF(X509_NAME) **ca_list,
582 STACK_OF(X509_NAME) *name_list)
583 {
584 sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
585 *ca_list = name_list;
586 }
587
STACK_OF(X509_NAME)588 STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
589 {
590 int i;
591 const int num = sk_X509_NAME_num(sk);
592 STACK_OF(X509_NAME) *ret;
593 X509_NAME *name;
594
595 ret = sk_X509_NAME_new_reserve(NULL, num);
596 if (ret == NULL) {
597 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
598 return NULL;
599 }
600 for (i = 0; i < num; i++) {
601 name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
602 if (name == NULL) {
603 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
604 sk_X509_NAME_pop_free(ret, X509_NAME_free);
605 return NULL;
606 }
607 sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */
608 }
609 return ret;
610 }
611
SSL_set0_CA_list(SSL * s,STACK_OF (X509_NAME)* name_list)612 void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
613 {
614 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
615
616 if (sc == NULL)
617 return;
618
619 set0_CA_list(&sc->ca_names, name_list);
620 }
621
SSL_CTX_set0_CA_list(SSL_CTX * ctx,STACK_OF (X509_NAME)* name_list)622 void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
623 {
624 set0_CA_list(&ctx->ca_names, name_list);
625 }
626
STACK_OF(X509_NAME)627 const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
628 {
629 return ctx->ca_names;
630 }
631
STACK_OF(X509_NAME)632 const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
633 {
634 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
635
636 if (sc == NULL)
637 return NULL;
638
639 return sc->ca_names != NULL ? sc->ca_names : s->ctx->ca_names;
640 }
641
SSL_CTX_set_client_CA_list(SSL_CTX * ctx,STACK_OF (X509_NAME)* name_list)642 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
643 {
644 set0_CA_list(&ctx->client_ca_names, name_list);
645 }
646
STACK_OF(X509_NAME)647 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
648 {
649 return ctx->client_ca_names;
650 }
651
SSL_set_client_CA_list(SSL * s,STACK_OF (X509_NAME)* name_list)652 void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
653 {
654 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
655
656 if (sc == NULL)
657 return;
658
659 set0_CA_list(&sc->client_ca_names, name_list);
660 }
661
STACK_OF(X509_NAME)662 const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
663 {
664 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
665
666 if (sc == NULL)
667 return NULL;
668
669 return sc->s3.tmp.peer_ca_names;
670 }
671
STACK_OF(X509_NAME)672 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
673 {
674 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
675
676 if (sc == NULL)
677 return NULL;
678
679 if (!sc->server)
680 return sc->s3.tmp.peer_ca_names;
681 return sc->client_ca_names != NULL ? sc->client_ca_names
682 : s->ctx->client_ca_names;
683 }
684
add_ca_name(STACK_OF (X509_NAME)** sk,const X509 * x)685 static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
686 {
687 X509_NAME *name;
688
689 if (x == NULL)
690 return 0;
691 if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL))
692 return 0;
693
694 if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
695 return 0;
696
697 if (!sk_X509_NAME_push(*sk, name)) {
698 X509_NAME_free(name);
699 return 0;
700 }
701 return 1;
702 }
703
SSL_add1_to_CA_list(SSL * ssl,const X509 * x)704 int SSL_add1_to_CA_list(SSL *ssl, const X509 *x)
705 {
706 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
707
708 if (sc == NULL)
709 return 0;
710
711 return add_ca_name(&sc->ca_names, x);
712 }
713
SSL_CTX_add1_to_CA_list(SSL_CTX * ctx,const X509 * x)714 int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
715 {
716 return add_ca_name(&ctx->ca_names, x);
717 }
718
719 /*
720 * The following two are older names are to be replaced with
721 * SSL(_CTX)_add1_to_CA_list
722 */
SSL_add_client_CA(SSL * ssl,X509 * x)723 int SSL_add_client_CA(SSL *ssl, X509 *x)
724 {
725 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
726
727 if (sc == NULL)
728 return 0;
729
730 return add_ca_name(&sc->client_ca_names, x);
731 }
732
SSL_CTX_add_client_CA(SSL_CTX * ctx,X509 * x)733 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
734 {
735 return add_ca_name(&ctx->client_ca_names, x);
736 }
737
xname_cmp(const X509_NAME * a,const X509_NAME * b)738 static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
739 {
740 unsigned char *abuf = NULL, *bbuf = NULL;
741 int alen, blen, ret;
742
743 /* X509_NAME_cmp() itself casts away constness in this way, so
744 * assume it's safe:
745 */
746 alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
747 blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
748
749 if (alen < 0 || blen < 0)
750 ret = -2;
751 else if (alen != blen)
752 ret = alen - blen;
753 else /* alen == blen */
754 ret = memcmp(abuf, bbuf, alen);
755
756 OPENSSL_free(abuf);
757 OPENSSL_free(bbuf);
758
759 return ret;
760 }
761
xname_sk_cmp(const X509_NAME * const * a,const X509_NAME * const * b)762 static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
763 {
764 return xname_cmp(*a, *b);
765 }
766
xname_hash(const X509_NAME * a)767 static unsigned long xname_hash(const X509_NAME *a)
768 {
769 /* This returns 0 also if SHA1 is not available */
770 return X509_NAME_hash_ex((X509_NAME *)a, NULL, NULL, NULL);
771 }
772
STACK_OF(X509_NAME)773 STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
774 OSSL_LIB_CTX *libctx,
775 const char *propq)
776 {
777 BIO *in = BIO_new(BIO_s_file());
778 X509 *x = NULL;
779 X509_NAME *xn = NULL;
780 STACK_OF(X509_NAME) *ret = NULL;
781 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
782 OSSL_LIB_CTX *prev_libctx = NULL;
783
784 if (file == NULL) {
785 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
786 goto err;
787 }
788 if (name_hash == NULL) {
789 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
790 goto err;
791 }
792 if (in == NULL) {
793 ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
794 goto err;
795 }
796
797 x = X509_new_ex(libctx, propq);
798 if (x == NULL) {
799 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
800 goto err;
801 }
802 if (BIO_read_filename(in, file) <= 0)
803 goto err;
804
805 /* Internally lh_X509_NAME_retrieve() needs the libctx to retrieve SHA1 */
806 prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
807 for (;;) {
808 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
809 break;
810 if (ret == NULL) {
811 ret = sk_X509_NAME_new_null();
812 if (ret == NULL) {
813 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
814 goto err;
815 }
816 }
817 if ((xn = X509_get_subject_name(x)) == NULL)
818 goto err;
819 /* check for duplicates */
820 xn = X509_NAME_dup(xn);
821 if (xn == NULL)
822 goto err;
823 if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
824 /* Duplicate. */
825 X509_NAME_free(xn);
826 xn = NULL;
827 } else {
828 lh_X509_NAME_insert(name_hash, xn);
829 if (!sk_X509_NAME_push(ret, xn))
830 goto err;
831 }
832 }
833 goto done;
834
835 err:
836 X509_NAME_free(xn);
837 sk_X509_NAME_pop_free(ret, X509_NAME_free);
838 ret = NULL;
839 done:
840 /* restore the old libctx */
841 OSSL_LIB_CTX_set0_default(prev_libctx);
842 BIO_free(in);
843 X509_free(x);
844 lh_X509_NAME_free(name_hash);
845 if (ret != NULL)
846 ERR_clear_error();
847 return ret;
848 }
849
STACK_OF(X509_NAME)850 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
851 {
852 return SSL_load_client_CA_file_ex(file, NULL, NULL);
853 }
854
add_file_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * file,LHASH_OF (X509_NAME)* name_hash)855 static int add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
856 const char *file,
857 LHASH_OF(X509_NAME) *name_hash)
858 {
859 BIO *in;
860 X509 *x = NULL;
861 X509_NAME *xn = NULL;
862 int ret = 1;
863
864 in = BIO_new(BIO_s_file());
865
866 if (in == NULL) {
867 ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
868 goto err;
869 }
870
871 if (BIO_read_filename(in, file) <= 0)
872 goto err;
873
874 for (;;) {
875 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
876 break;
877 if ((xn = X509_get_subject_name(x)) == NULL)
878 goto err;
879 xn = X509_NAME_dup(xn);
880 if (xn == NULL)
881 goto err;
882 if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
883 /* Duplicate. */
884 X509_NAME_free(xn);
885 } else if (!sk_X509_NAME_push(stack, xn)) {
886 X509_NAME_free(xn);
887 goto err;
888 } else {
889 /* Successful insert, add to hash table */
890 lh_X509_NAME_insert(name_hash, xn);
891 }
892 }
893
894 ERR_clear_error();
895 goto done;
896
897 err:
898 ret = 0;
899 done:
900 BIO_free(in);
901 X509_free(x);
902 return ret;
903 }
904
SSL_add_file_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * file)905 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
906 const char *file)
907 {
908 X509_NAME *xn = NULL;
909 int ret = 1;
910 int idx = 0;
911 int num = 0;
912 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
913
914 if (file == NULL) {
915 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
916 goto err;
917 }
918
919 if (name_hash == NULL) {
920 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
921 goto err;
922 }
923
924 /*
925 * Pre-populate the lhash with the existing entries of the stack, since
926 * using the LHASH_OF is much faster for duplicate checking. That's because
927 * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
928 * for every single invocation of the comparison function.
929 */
930 num = sk_X509_NAME_num(stack);
931 for (idx = 0; idx < num; idx++) {
932 xn = sk_X509_NAME_value(stack, idx);
933 lh_X509_NAME_insert(name_hash, xn);
934 }
935
936 ret = add_file_cert_subjects_to_stack(stack, file, name_hash);
937 goto done;
938
939 err:
940 ret = 0;
941 done:
942 lh_X509_NAME_free(name_hash);
943 return ret;
944 }
945
SSL_add_dir_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * dir)946 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
947 const char *dir)
948 {
949 OPENSSL_DIR_CTX *d = NULL;
950 const char *filename;
951 int ret = 0;
952 X509_NAME *xn = NULL;
953 int idx = 0;
954 int num = 0;
955 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
956
957 if (name_hash == NULL) {
958 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
959 goto err;
960 }
961
962 /*
963 * Pre-populate the lhash with the existing entries of the stack, since
964 * using the LHASH_OF is much faster for duplicate checking. That's because
965 * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
966 * for every single invocation of the comparison function.
967 */
968 num = sk_X509_NAME_num(stack);
969 for (idx = 0; idx < num; idx++) {
970 xn = sk_X509_NAME_value(stack, idx);
971 lh_X509_NAME_insert(name_hash, xn);
972 }
973
974 while ((filename = OPENSSL_DIR_read(&d, dir))) {
975 char buf[1024];
976 int r;
977 #ifndef OPENSSL_NO_POSIX_IO
978 struct stat st;
979
980 #else
981 /* Cannot use stat so just skip current and parent directories */
982 if (strcmp(filename, ".") == 0 || strcmp(filename, "..") == 0)
983 continue;
984 #endif
985 if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
986 ERR_raise(ERR_LIB_SSL, SSL_R_PATH_TOO_LONG);
987 goto err;
988 }
989 #ifdef OPENSSL_SYS_VMS
990 r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
991 #else
992 r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
993 #endif
994 #ifndef OPENSSL_NO_POSIX_IO
995 /* Skip subdirectories */
996 if (!stat(buf, &st) && S_ISDIR(st.st_mode))
997 continue;
998 #endif
999 if (r <= 0 || r >= (int)sizeof(buf))
1000 goto err;
1001 if (!add_file_cert_subjects_to_stack(stack, buf, name_hash))
1002 goto err;
1003 }
1004
1005 if (errno) {
1006 ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
1007 "calling OPENSSL_dir_read(%s)", dir);
1008 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
1009 goto err;
1010 }
1011
1012 ret = 1;
1013
1014 err:
1015 if (d)
1016 OPENSSL_DIR_end(&d);
1017 lh_X509_NAME_free(name_hash);
1018
1019 return ret;
1020 }
1021
add_uris_recursive(STACK_OF (X509_NAME)* stack,const char * uri,int depth)1022 static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
1023 const char *uri, int depth)
1024 {
1025 int ok = 1;
1026 OSSL_STORE_CTX *ctx = NULL;
1027 X509 *x = NULL;
1028 X509_NAME *xn = NULL;
1029 OSSL_STORE_INFO *info = NULL;
1030
1031 if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL)
1032 goto err;
1033
1034 while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) {
1035 int infotype;
1036
1037 if ((info = OSSL_STORE_load(ctx)) == NULL)
1038 continue;
1039 infotype = OSSL_STORE_INFO_get_type(info);
1040
1041 if (infotype == OSSL_STORE_INFO_NAME) {
1042 /*
1043 * This is an entry in the "directory" represented by the current
1044 * uri. if |depth| allows, dive into it.
1045 */
1046 if (depth > 0)
1047 ok = add_uris_recursive(stack, OSSL_STORE_INFO_get0_NAME(info),
1048 depth - 1);
1049 } else if (infotype == OSSL_STORE_INFO_CERT) {
1050 if ((x = OSSL_STORE_INFO_get0_CERT(info)) == NULL
1051 || (xn = X509_get_subject_name(x)) == NULL
1052 || (xn = X509_NAME_dup(xn)) == NULL)
1053 goto err;
1054 if (sk_X509_NAME_find(stack, xn) >= 0) {
1055 /* Duplicate. */
1056 X509_NAME_free(xn);
1057 } else if (!sk_X509_NAME_push(stack, xn)) {
1058 X509_NAME_free(xn);
1059 goto err;
1060 }
1061 }
1062
1063 OSSL_STORE_INFO_free(info);
1064 info = NULL;
1065 }
1066
1067 ERR_clear_error();
1068 goto done;
1069
1070 err:
1071 ok = 0;
1072 OSSL_STORE_INFO_free(info);
1073 done:
1074 OSSL_STORE_close(ctx);
1075
1076 return ok;
1077 }
1078
SSL_add_store_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * store)1079 int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
1080 const char *store)
1081 {
1082 int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b)
1083 = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
1084 int ret = add_uris_recursive(stack, store, 1);
1085
1086 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
1087 return ret;
1088 }
1089
1090 /* Build a certificate chain for current certificate */
ssl_build_cert_chain(SSL_CONNECTION * s,SSL_CTX * ctx,int flags)1091 int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags)
1092 {
1093 CERT *c = s != NULL ? s->cert : ctx->cert;
1094 CERT_PKEY *cpk = c->key;
1095 X509_STORE *chain_store = NULL;
1096 X509_STORE_CTX *xs_ctx = NULL;
1097 STACK_OF(X509) *chain = NULL, *untrusted = NULL;
1098 X509 *x;
1099 SSL_CTX *real_ctx = (s == NULL) ? ctx : SSL_CONNECTION_GET_CTX(s);
1100 int i, rv = 0;
1101
1102 if (cpk->x509 == NULL) {
1103 ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET);
1104 goto err;
1105 }
1106 /* Rearranging and check the chain: add everything to a store */
1107 if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {
1108 chain_store = X509_STORE_new();
1109 if (chain_store == NULL)
1110 goto err;
1111 for (i = 0; i < sk_X509_num(cpk->chain); i++) {
1112 x = sk_X509_value(cpk->chain, i);
1113 if (!X509_STORE_add_cert(chain_store, x))
1114 goto err;
1115 }
1116 /* Add EE cert too: it might be self signed */
1117 if (!X509_STORE_add_cert(chain_store, cpk->x509))
1118 goto err;
1119 } else {
1120 if (c->chain_store != NULL)
1121 chain_store = c->chain_store;
1122 else
1123 chain_store = real_ctx->cert_store;
1124
1125 if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
1126 untrusted = cpk->chain;
1127 }
1128
1129 xs_ctx = X509_STORE_CTX_new_ex(real_ctx->libctx, real_ctx->propq);
1130 if (xs_ctx == NULL) {
1131 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1132 goto err;
1133 }
1134 if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
1135 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1136 goto err;
1137 }
1138 /* Set suite B flags if needed */
1139 X509_STORE_CTX_set_flags(xs_ctx,
1140 c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
1141
1142 i = X509_verify_cert(xs_ctx);
1143 if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {
1144 if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
1145 ERR_clear_error();
1146 i = 1;
1147 rv = 2;
1148 }
1149 if (i > 0)
1150 chain = X509_STORE_CTX_get1_chain(xs_ctx);
1151 if (i <= 0) {
1152 i = X509_STORE_CTX_get_error(xs_ctx);
1153 ERR_raise_data(ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED,
1154 "Verify error:%s", X509_verify_cert_error_string(i));
1155
1156 goto err;
1157 }
1158 /* Remove EE certificate from chain */
1159 x = sk_X509_shift(chain);
1160 X509_free(x);
1161 if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) {
1162 if (sk_X509_num(chain) > 0) {
1163 /* See if last cert is self signed */
1164 x = sk_X509_value(chain, sk_X509_num(chain) - 1);
1165 if (X509_get_extension_flags(x) & EXFLAG_SS) {
1166 x = sk_X509_pop(chain);
1167 X509_free(x);
1168 }
1169 }
1170 }
1171 /*
1172 * Check security level of all CA certificates: EE will have been checked
1173 * already.
1174 */
1175 for (i = 0; i < sk_X509_num(chain); i++) {
1176 x = sk_X509_value(chain, i);
1177 rv = ssl_security_cert(s, ctx, x, 0, 0);
1178 if (rv != 1) {
1179 ERR_raise(ERR_LIB_SSL, rv);
1180 OSSL_STACK_OF_X509_free(chain);
1181 rv = 0;
1182 goto err;
1183 }
1184 }
1185 OSSL_STACK_OF_X509_free(cpk->chain);
1186 cpk->chain = chain;
1187 if (rv == 0)
1188 rv = 1;
1189 err:
1190 if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
1191 X509_STORE_free(chain_store);
1192 X509_STORE_CTX_free(xs_ctx);
1193
1194 return rv;
1195 }
1196
ssl_cert_set_cert_store(CERT * c,X509_STORE * store,int chain,int ref)1197 int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
1198 {
1199 X509_STORE **pstore;
1200
1201 if (ref && store && !X509_STORE_up_ref(store))
1202 return 0;
1203
1204 if (chain)
1205 pstore = &c->chain_store;
1206 else
1207 pstore = &c->verify_store;
1208 X509_STORE_free(*pstore);
1209 *pstore = store;
1210
1211 return 1;
1212 }
1213
ssl_cert_get_cert_store(CERT * c,X509_STORE ** pstore,int chain)1214 int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain)
1215 {
1216 *pstore = (chain ? c->chain_store : c->verify_store);
1217 return 1;
1218 }
1219
ssl_get_security_level_bits(const SSL * s,const SSL_CTX * ctx,int * levelp)1220 int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
1221 {
1222 int level;
1223 /*
1224 * note that there's a corresponding minbits_table
1225 * in crypto/x509/x509_vfy.c that's used for checking the security level
1226 * of RSA and DSA keys
1227 */
1228 static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
1229
1230 if (ctx != NULL)
1231 level = SSL_CTX_get_security_level(ctx);
1232 else
1233 level = SSL_get_security_level(s);
1234
1235 if (level > 5)
1236 level = 5;
1237 else if (level < 0)
1238 level = 0;
1239
1240 if (levelp != NULL)
1241 *levelp = level;
1242
1243 return minbits_table[level];
1244 }
1245
ssl_security_default_callback(const SSL * s,const SSL_CTX * ctx,int op,int bits,int nid,void * other,void * ex)1246 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
1247 int op, int bits, int nid, void *other,
1248 void *ex)
1249 {
1250 int level, minbits, pfs_mask;
1251 const SSL_CONNECTION *sc;
1252
1253 minbits = ssl_get_security_level_bits(s, ctx, &level);
1254
1255 if (level == 0) {
1256 /*
1257 * No EDH keys weaker than 1024-bits even at level 0, otherwise,
1258 * anything goes.
1259 */
1260 if (op == SSL_SECOP_TMP_DH && bits < 80)
1261 return 0;
1262 return 1;
1263 }
1264 switch (op) {
1265 case SSL_SECOP_CIPHER_SUPPORTED:
1266 case SSL_SECOP_CIPHER_SHARED:
1267 case SSL_SECOP_CIPHER_CHECK:
1268 {
1269 const SSL_CIPHER *c = other;
1270 /* No ciphers below security level */
1271 if (bits < minbits)
1272 return 0;
1273 /* No unauthenticated ciphersuites */
1274 if (c->algorithm_auth & SSL_aNULL)
1275 return 0;
1276 /* No MD5 mac ciphersuites */
1277 if (c->algorithm_mac & SSL_MD5)
1278 return 0;
1279 /* SHA1 HMAC is 160 bits of security */
1280 if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
1281 return 0;
1282 /* Level 3: forward secure ciphersuites only */
1283 pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK;
1284 if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
1285 !(c->algorithm_mkey & pfs_mask))
1286 return 0;
1287 break;
1288 }
1289 case SSL_SECOP_VERSION:
1290 if ((sc = SSL_CONNECTION_FROM_CONST_SSL(s)) == NULL)
1291 return 0;
1292 if (!SSL_CONNECTION_IS_DTLS(sc)) {
1293 /* SSLv3, TLS v1.0 and TLS v1.1 only allowed at level 0 */
1294 if (nid <= TLS1_1_VERSION && level > 0)
1295 return 0;
1296 } else {
1297 /* DTLS v1.0 only allowed at level 0 */
1298 if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level > 0)
1299 return 0;
1300 }
1301 break;
1302
1303 case SSL_SECOP_COMPRESSION:
1304 if (level >= 2)
1305 return 0;
1306 break;
1307 case SSL_SECOP_TICKET:
1308 if (level >= 3)
1309 return 0;
1310 break;
1311 default:
1312 if (bits < minbits)
1313 return 0;
1314 }
1315 return 1;
1316 }
1317
ssl_security(const SSL_CONNECTION * s,int op,int bits,int nid,void * other)1318 int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other)
1319 {
1320 return s->cert->sec_cb(SSL_CONNECTION_GET_USER_SSL(s), NULL, op, bits, nid,
1321 other, s->cert->sec_ex);
1322 }
1323
ssl_ctx_security(const SSL_CTX * ctx,int op,int bits,int nid,void * other)1324 int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
1325 {
1326 return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
1327 ctx->cert->sec_ex);
1328 }
1329
ssl_cert_lookup_by_nid(int nid,size_t * pidx,SSL_CTX * ctx)1330 int ssl_cert_lookup_by_nid(int nid, size_t *pidx, SSL_CTX *ctx)
1331 {
1332 size_t i;
1333
1334 for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
1335 if (ssl_cert_info[i].nid == nid) {
1336 *pidx = i;
1337 return 1;
1338 }
1339 }
1340 for (i = 0; i < ctx->sigalg_list_len; i++) {
1341 if (ctx->ssl_cert_info[i].nid == nid) {
1342 *pidx = SSL_PKEY_NUM + i;
1343 return 1;
1344 }
1345 }
1346 return 0;
1347 }
1348
ssl_cert_lookup_by_pkey(const EVP_PKEY * pk,size_t * pidx,SSL_CTX * ctx)1349 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx, SSL_CTX *ctx)
1350 {
1351 size_t i;
1352
1353 /* check classic pk types */
1354 for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
1355 const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i];
1356
1357 if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid))
1358 || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) {
1359 if (pidx != NULL)
1360 *pidx = i;
1361 return tmp_lu;
1362 }
1363 }
1364 /* check provider-loaded pk types */
1365 for (i = 0; i < ctx->sigalg_list_len; i++) {
1366 SSL_CERT_LOOKUP *tmp_lu = &(ctx->ssl_cert_info[i]);
1367
1368 if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid))
1369 || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) {
1370 if (pidx != NULL)
1371 *pidx = SSL_PKEY_NUM + i;
1372 return &ctx->ssl_cert_info[i];
1373 }
1374 }
1375
1376 return NULL;
1377 }
1378
ssl_cert_lookup_by_idx(size_t idx,SSL_CTX * ctx)1379 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx, SSL_CTX *ctx)
1380 {
1381 if (idx >= (OSSL_NELEM(ssl_cert_info) + ctx->sigalg_list_len))
1382 return NULL;
1383 else if (idx >= (OSSL_NELEM(ssl_cert_info)))
1384 return &(ctx->ssl_cert_info[idx - SSL_PKEY_NUM]);
1385 return &ssl_cert_info[idx];
1386 }
1387