]>
Commit | Line | Data |
---|---|---|
bbc27441 | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
bbc27441 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
f7f3304a | 9 | #include "squid.h" |
95d2589c | 10 | #include "ssl/gadgets.h" |
cb4f4424 | 11 | |
a594dbfa CT |
12 | #if HAVE_OPENSSL_X509V3_H |
13 | #include <openssl/x509v3.h> | |
14 | #endif | |
95d2589c | 15 | |
95d2589c CT |
16 | EVP_PKEY * Ssl::createSslPrivateKey() |
17 | { | |
18 | Ssl::EVP_PKEY_Pointer pkey(EVP_PKEY_new()); | |
19 | ||
20 | if (!pkey) | |
21 | return NULL; | |
22 | ||
2a268a06 CT |
23 | BIGNUM_Pointer bn(BN_new()); |
24 | if (!bn) | |
25 | return NULL; | |
26 | ||
27 | if (!BN_set_word(bn.get(), RSA_F4)) | |
28 | return NULL; | |
29 | ||
30 | Ssl::RSA_Pointer rsa(RSA_new()); | |
31 | if (!rsa) | |
32 | return NULL; | |
ac756c8c | 33 | |
2a268a06 CT |
34 | int num = 2048; // Maybe use 4096 RSA keys, or better make it configurable? |
35 | if (!RSA_generate_key_ex(rsa.get(), num, bn.get(), NULL)) | |
36 | return NULL; | |
95d2589c CT |
37 | |
38 | if (!rsa) | |
39 | return NULL; | |
40 | ||
41 | if (!EVP_PKEY_assign_RSA(pkey.get(), (rsa.get()))) | |
42 | return NULL; | |
43 | ||
44 | rsa.release(); | |
45 | return pkey.release(); | |
46 | } | |
47 | ||
95d2589c CT |
48 | /** |
49 | \ingroup ServerProtocolSSLInternal | |
50 | * Set serial random serial number or set random serial number. | |
51 | */ | |
52 | static bool setSerialNumber(ASN1_INTEGER *ai, BIGNUM const* serial) | |
53 | { | |
54 | if (!ai) | |
55 | return false; | |
56 | Ssl::BIGNUM_Pointer bn(BN_new()); | |
57 | if (serial) { | |
58 | bn.reset(BN_dup(serial)); | |
59 | } else { | |
60 | if (!bn) | |
61 | return false; | |
62 | ||
63 | if (!BN_pseudo_rand(bn.get(), 64, 0, 0)) | |
64 | return false; | |
65 | } | |
66 | ||
67 | if (ai && !BN_to_ASN1_INTEGER(bn.get(), ai)) | |
68 | return false; | |
69 | return true; | |
70 | } | |
71 | ||
f97700a0 | 72 | bool Ssl::writeCertAndPrivateKeyToMemory(Security::CertPointer const & cert, Ssl::EVP_PKEY_Pointer const & pkey, std::string & bufferToWrite) |
95d2589c CT |
73 | { |
74 | bufferToWrite.clear(); | |
75 | if (!pkey || !cert) | |
76 | return false; | |
77 | BIO_Pointer bio(BIO_new(BIO_s_mem())); | |
78 | if (!bio) | |
79 | return false; | |
80 | ||
81 | if (!PEM_write_bio_X509 (bio.get(), cert.get())) | |
82 | return false; | |
83 | ||
84 | if (!PEM_write_bio_PrivateKey(bio.get(), pkey.get(), NULL, NULL, 0, NULL, NULL)) | |
85 | return false; | |
86 | ||
87 | char *ptr = NULL; | |
88 | long len = BIO_get_mem_data(bio.get(), &ptr); | |
89 | if (!ptr) | |
90 | return false; | |
91 | ||
92 | bufferToWrite = std::string(ptr, len); | |
93 | return true; | |
94 | } | |
95 | ||
f97700a0 | 96 | bool Ssl::appendCertToMemory(Security::CertPointer const & cert, std::string & bufferToWrite) |
9a90aace CT |
97 | { |
98 | if (!cert) | |
99 | return false; | |
100 | ||
101 | BIO_Pointer bio(BIO_new(BIO_s_mem())); | |
102 | if (!bio) | |
103 | return false; | |
104 | ||
105 | if (!PEM_write_bio_X509 (bio.get(), cert.get())) | |
106 | return false; | |
107 | ||
108 | char *ptr = NULL; | |
109 | long len = BIO_get_mem_data(bio.get(), &ptr); | |
110 | if (!ptr) | |
111 | return false; | |
112 | ||
87f237a9 | 113 | if (!bufferToWrite.empty()) |
9a90aace CT |
114 | bufferToWrite.append(" "); // add a space... |
115 | ||
116 | bufferToWrite.append(ptr, len); | |
117 | return true; | |
118 | } | |
119 | ||
f97700a0 | 120 | bool Ssl::writeCertAndPrivateKeyToFile(Security::CertPointer const & cert, Ssl::EVP_PKEY_Pointer const & pkey, char const * filename) |
95d2589c CT |
121 | { |
122 | if (!pkey || !cert) | |
123 | return false; | |
124 | ||
093deea9 | 125 | Ssl::BIO_Pointer bio(BIO_new(BIO_s_file())); |
95d2589c CT |
126 | if (!bio) |
127 | return false; | |
128 | if (!BIO_write_filename(bio.get(), const_cast<char *>(filename))) | |
129 | return false; | |
130 | ||
131 | if (!PEM_write_bio_X509(bio.get(), cert.get())) | |
132 | return false; | |
133 | ||
134 | if (!PEM_write_bio_PrivateKey(bio.get(), pkey.get(), NULL, NULL, 0, NULL, NULL)) | |
135 | return false; | |
136 | ||
137 | return true; | |
138 | } | |
139 | ||
f97700a0 | 140 | bool Ssl::readCertAndPrivateKeyFromMemory(Security::CertPointer & cert, Ssl::EVP_PKEY_Pointer & pkey, char const * bufferToRead) |
95d2589c CT |
141 | { |
142 | Ssl::BIO_Pointer bio(BIO_new(BIO_s_mem())); | |
143 | BIO_puts(bio.get(), bufferToRead); | |
144 | ||
145 | X509 * certPtr = NULL; | |
35b3559c | 146 | cert.resetWithoutLocking(PEM_read_bio_X509(bio.get(), &certPtr, 0, 0)); |
95d2589c CT |
147 | if (!cert) |
148 | return false; | |
149 | ||
150 | EVP_PKEY * pkeyPtr = NULL; | |
35b3559c | 151 | pkey.resetWithoutLocking(PEM_read_bio_PrivateKey(bio.get(), &pkeyPtr, 0, 0)); |
95d2589c CT |
152 | if (!pkey) |
153 | return false; | |
154 | ||
155 | return true; | |
156 | } | |
157 | ||
f97700a0 | 158 | bool Ssl::readCertFromMemory(Security::CertPointer & cert, char const * bufferToRead) |
9a90aace CT |
159 | { |
160 | Ssl::BIO_Pointer bio(BIO_new(BIO_s_mem())); | |
161 | BIO_puts(bio.get(), bufferToRead); | |
162 | ||
163 | X509 * certPtr = NULL; | |
35b3559c | 164 | cert.resetWithoutLocking(PEM_read_bio_X509(bio.get(), &certPtr, 0, 0)); |
9a90aace CT |
165 | if (!cert) |
166 | return false; | |
167 | ||
168 | return true; | |
169 | } | |
170 | ||
bf94620c CT |
171 | // According to RFC 5280 (Section A.1), the common name length in a certificate |
172 | // can be at most 64 characters | |
173 | static const size_t MaxCnLen = 64; | |
174 | ||
fb2178bb | 175 | // Replace certs common name with the given |
f97700a0 | 176 | static bool replaceCommonName(Security::CertPointer & cert, std::string const &rawCn) |
fb2178bb | 177 | { |
4a962df3 AR |
178 | std::string cn = rawCn; |
179 | ||
bf94620c CT |
180 | if (cn.length() > MaxCnLen) { |
181 | // In the case the length od CN is more than the maximum supported size | |
182 | // try to use the first upper level domain. | |
183 | size_t pos = 0; | |
184 | do { | |
185 | pos = cn.find('.', pos + 1); | |
87f237a9 | 186 | } while (pos != std::string::npos && (cn.length() - pos + 2) > MaxCnLen); |
bf94620c CT |
187 | |
188 | // If no short domain found or this domain is a toplevel domain | |
189 | // we failed to find a good cn name. | |
190 | if (pos == std::string::npos || cn.find('.', pos + 1) == std::string::npos) | |
191 | return false; | |
192 | ||
4a962df3 | 193 | std::string fixedCn(1, '*'); |
bf94620c | 194 | fixedCn.append(cn.c_str() + pos); |
4a962df3 | 195 | cn = fixedCn; |
bf94620c CT |
196 | } |
197 | ||
4a962df3 AR |
198 | // Assume [] surround an IPv6 address and strip them because browsers such |
199 | // as Firefox, Chromium, and Safari prefer bare IPv6 addresses in CNs. | |
200 | if (cn.length() > 2 && *cn.begin() == '[' && *cn.rbegin() == ']') | |
201 | cn = cn.substr(1, cn.size()-2); | |
202 | ||
fb2178bb CT |
203 | X509_NAME *name = X509_get_subject_name(cert.get()); |
204 | if (!name) | |
205 | return false; | |
206 | // Remove the CN part: | |
207 | int loc = X509_NAME_get_index_by_NID(name, NID_commonName, -1); | |
aebe6888 CT |
208 | if (loc >=0) { |
209 | X509_NAME_ENTRY *tmp = X509_NAME_get_entry(name, loc); | |
210 | X509_NAME_delete_entry(name, loc); | |
211 | X509_NAME_ENTRY_free(tmp); | |
212 | } | |
fb2178bb CT |
213 | |
214 | // Add a new CN | |
215 | return X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, | |
4a962df3 | 216 | (unsigned char *)(cn.c_str()), -1, -1, 0); |
fb2178bb CT |
217 | } |
218 | ||
aebe6888 CT |
219 | const char *Ssl::CertSignAlgorithmStr[] = { |
220 | "signTrusted", | |
87f237a9 | 221 | "signUntrusted", |
aebe6888 CT |
222 | "signSelf", |
223 | NULL | |
224 | }; | |
225 | ||
fb2178bb CT |
226 | const char *Ssl::CertAdaptAlgorithmStr[] = { |
227 | "setValidAfter", | |
228 | "setValidBefore", | |
229 | "setCommonName", | |
230 | NULL | |
231 | }; | |
232 | ||
a0b971d5 | 233 | Ssl::CertificateProperties::CertificateProperties(): |
f53969cc SM |
234 | setValidAfter(false), |
235 | setValidBefore(false), | |
236 | setCommonName(false), | |
237 | signAlgorithm(Ssl::algSignEnd), | |
238 | signHash(NULL) | |
aebe6888 CT |
239 | {} |
240 | ||
06997a38 CT |
241 | std::string & Ssl::CertificateProperties::dbKey() const |
242 | { | |
243 | static std::string certKey; | |
7fc31d31 | 244 | certKey.clear(); |
06997a38 CT |
245 | certKey.reserve(4096); |
246 | if (mimicCert.get()) { | |
247 | char buf[1024]; | |
7fc31d31 | 248 | certKey.append(X509_NAME_oneline(X509_get_subject_name(mimicCert.get()), buf, sizeof(buf))); |
06997a38 CT |
249 | } |
250 | ||
7fc31d31 AR |
251 | if (certKey.empty()) { |
252 | certKey.append("/CN=", 4); | |
253 | certKey.append(commonName); | |
254 | } | |
06997a38 CT |
255 | |
256 | if (setValidAfter) | |
257 | certKey.append("+SetValidAfter=on", 17); | |
258 | ||
259 | if (setValidBefore) | |
260 | certKey.append("+SetValidBefore=on", 18); | |
261 | ||
262 | if (setCommonName) { | |
263 | certKey.append("+SetCommonName=", 15); | |
264 | certKey.append(commonName); | |
265 | } | |
266 | ||
267 | if (signAlgorithm != Ssl::algSignEnd) { | |
268 | certKey.append("+Sign=", 6); | |
269 | certKey.append(certSignAlgorithm(signAlgorithm)); | |
270 | } | |
271 | ||
3c26b00a CT |
272 | if (signHash != NULL) { |
273 | certKey.append("+SignHash=", 10); | |
274 | certKey.append(EVP_MD_name(signHash)); | |
275 | } | |
276 | ||
06997a38 CT |
277 | return certKey; |
278 | } | |
279 | ||
5f1318b1 CT |
280 | /// Check if mimicCert certificate has the Authority Key Identifier extension |
281 | /// and if yes add the extension to cert certificate with the same fields if | |
5ff0af8e | 282 | /// possible. If the issuerCert certificate does not have the Subject Key |
5f1318b1 CT |
283 | /// Identifier extension (required to build the keyIdentifier field of |
284 | /// AuthorityKeyIdentifier) then the authorityCertIssuer and | |
285 | /// authorityCertSerialNumber fields added. | |
286 | static bool | |
287 | mimicAuthorityKeyId(Security::CertPointer &cert, Security::CertPointer const &mimicCert, Security::CertPointer const &issuerCert) | |
288 | { | |
289 | if (!mimicCert.get() || !issuerCert.get()) | |
290 | return false; | |
291 | ||
292 | Ssl::AUTHORITY_KEYID_Pointer akid((AUTHORITY_KEYID *)X509_get_ext_d2i(mimicCert.get(), NID_authority_key_identifier, nullptr, nullptr)); | |
293 | ||
294 | bool addKeyId = false, addIssuer = false; | |
295 | if (akid.get()) { | |
296 | addKeyId = (akid.get()->keyid != nullptr); | |
297 | addIssuer = (akid.get()->issuer && akid.get()->serial); | |
298 | } | |
299 | ||
300 | if (!addKeyId && !addIssuer) | |
301 | return false; // No need to add AuthorityKeyIdentifier | |
302 | ||
303 | Ssl::ASN1_OCTET_STRING_Pointer issuerKeyId; | |
304 | if (addKeyId) { | |
305 | X509_EXTENSION *ext; | |
306 | // Check if the issuer has the Subject Key Identifier extension | |
307 | const int indx = X509_get_ext_by_NID(issuerCert.get(), NID_subject_key_identifier, -1); | |
308 | if (indx >= 0 && (ext = X509_get_ext(issuerCert.get(), indx))) { | |
309 | issuerKeyId.reset((ASN1_OCTET_STRING *)X509V3_EXT_d2i(ext)); | |
310 | } | |
311 | } | |
312 | ||
313 | Ssl::X509_NAME_Pointer issuerName; | |
314 | Ssl::ASN1_INT_Pointer issuerSerial; | |
315 | if (issuerKeyId.get() == nullptr || addIssuer) { | |
316 | issuerName.reset(X509_NAME_dup(X509_get_issuer_name(issuerCert.get()))); | |
2a268a06 | 317 | issuerSerial.reset(ASN1_INTEGER_dup(X509_get_serialNumber(issuerCert.get()))); |
5f1318b1 CT |
318 | } |
319 | ||
320 | Ssl::AUTHORITY_KEYID_Pointer theAuthKeyId(AUTHORITY_KEYID_new()); | |
321 | if (!theAuthKeyId.get()) | |
322 | return false; | |
323 | theAuthKeyId.get()->keyid = issuerKeyId.release(); | |
324 | if (issuerName && issuerSerial) { | |
325 | Ssl::GENERAL_NAME_STACK_Pointer genNames(sk_GENERAL_NAME_new_null()); | |
326 | if (genNames.get()) { | |
327 | if (GENERAL_NAME *aname = GENERAL_NAME_new()) { | |
328 | sk_GENERAL_NAME_push(genNames.get(), aname); | |
329 | aname->type = GEN_DIRNAME; | |
330 | aname->d.dirn = issuerName.release(); | |
331 | theAuthKeyId.get()->issuer = genNames.release(); | |
332 | theAuthKeyId.get()->serial = issuerSerial.release(); | |
333 | } | |
334 | } | |
335 | } | |
336 | ||
337 | // The Authority Key Identifier extension should include KeyId or/and both | |
338 | /// issuer name and issuer serial | |
339 | if (!theAuthKeyId.get()->keyid && (!theAuthKeyId.get()->issuer || !theAuthKeyId.get()->serial)) | |
340 | return false; | |
341 | ||
342 | const X509V3_EXT_METHOD *method = X509V3_EXT_get_nid(NID_authority_key_identifier); | |
343 | if (!method) | |
344 | return false; | |
345 | ||
346 | unsigned char *ext_der = NULL; | |
347 | int ext_len = ASN1_item_i2d((ASN1_VALUE *)theAuthKeyId.get(), &ext_der, ASN1_ITEM_ptr(method->it)); | |
2a268a06 | 348 | Ssl::ASN1_OCTET_STRING_Pointer extOct(ASN1_OCTET_STRING_new()); |
5f1318b1 CT |
349 | extOct.get()->data = ext_der; |
350 | extOct.get()->length = ext_len; | |
351 | Ssl::X509_EXTENSION_Pointer extAuthKeyId(X509_EXTENSION_create_by_NID(NULL, NID_authority_key_identifier, 0, extOct.get())); | |
352 | if (!extAuthKeyId.get()) | |
353 | return false; | |
354 | ||
355 | extOct.release(); | |
356 | if (!X509_add_ext(cert.get(), extAuthKeyId.get(), -1)) | |
357 | return false; | |
358 | ||
359 | return true; | |
360 | } | |
361 | ||
5c80eab2 CT |
362 | /// Copy certificate extensions from cert to mimicCert. |
363 | /// Returns the number of extensions copied. | |
bee6354e CT |
364 | // Currently only extensions which are reported by the users that required are |
365 | // mimicked. More safe to mimic extensions would be added here if users request | |
366 | // them. | |
5c80eab2 | 367 | static int |
5f1318b1 | 368 | mimicExtensions(Security::CertPointer & cert, Security::CertPointer const &mimicCert, Security::CertPointer const &issuerCert) |
bee6354e CT |
369 | { |
370 | static int extensions[]= { | |
371 | NID_key_usage, | |
dcc9214e | 372 | NID_ext_key_usage, |
bee6354e CT |
373 | NID_basic_constraints, |
374 | 0 | |
375 | }; | |
376 | ||
789bf810 CT |
377 | // key usage bit names |
378 | enum { | |
379 | DigitalSignature, | |
380 | NonRepudiation, | |
381 | KeyEncipherment, // NSS requires for RSA but not EC | |
382 | DataEncipherment, | |
383 | KeyAgreement, | |
384 | KeyCertificateSign, | |
385 | CRLSign, | |
386 | EncipherOnly, | |
387 | DecipherOnly | |
388 | }; | |
389 | ||
2a268a06 CT |
390 | #if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
391 | const int mimicAlgo = OBJ_obj2nid(mimicCert.get()->cert_info->key->algor->algorithm); | |
392 | const bool rsaPkey = (mimicAlgo == NID_rsaEncryption); | |
393 | #else | |
394 | EVP_PKEY *certKey = X509_get_pubkey(mimicCert.get()); | |
395 | const bool rsaPkey = (EVP_PKEY_get0_RSA(certKey) != NULL); | |
396 | #endif | |
397 | ||
5c80eab2 | 398 | int added = 0; |
bee6354e CT |
399 | int nid; |
400 | for (int i = 0; (nid = extensions[i]) != 0; ++i) { | |
401 | const int pos = X509_get_ext_by_NID(mimicCert.get(), nid, -1); | |
789bf810 CT |
402 | if (X509_EXTENSION *ext = X509_get_ext(mimicCert.get(), pos)) { |
403 | // Mimic extension exactly. | |
5c80eab2 CT |
404 | if (X509_add_ext(cert.get(), ext, -1)) |
405 | ++added; | |
2a268a06 | 406 | if (nid == NID_key_usage && !rsaPkey) { |
789bf810 CT |
407 | // NSS does not requre the KeyEncipherment flag on EC keys |
408 | // but it does require it for RSA keys. Since ssl-bump | |
409 | // substitutes RSA keys for EC ones, we need to ensure that | |
410 | // that the more stringent requirements are met. | |
411 | ||
412 | const int p = X509_get_ext_by_NID(cert.get(), NID_key_usage, -1); | |
413 | if ((ext = X509_get_ext(cert.get(), p)) != NULL) { | |
414 | ASN1_BIT_STRING *keyusage = (ASN1_BIT_STRING *)X509V3_EXT_d2i(ext); | |
415 | ASN1_BIT_STRING_set_bit(keyusage, KeyEncipherment, 1); | |
e061c75e CT |
416 | |
417 | //Build the ASN1_OCTET_STRING | |
418 | const X509V3_EXT_METHOD *method = X509V3_EXT_get(ext); | |
419 | assert(method && method->it); | |
420 | unsigned char *ext_der = NULL; | |
421 | int ext_len = ASN1_item_i2d((ASN1_VALUE *)keyusage, | |
f53969cc | 422 | &ext_der, |
e061c75e CT |
423 | (const ASN1_ITEM *)ASN1_ITEM_ptr(method->it)); |
424 | ||
2a268a06 | 425 | ASN1_OCTET_STRING *ext_oct = ASN1_OCTET_STRING_new(); |
e061c75e CT |
426 | ext_oct->data = ext_der; |
427 | ext_oct->length = ext_len; | |
428 | X509_EXTENSION_set_data(ext, ext_oct); | |
429 | ||
2a268a06 | 430 | ASN1_OCTET_STRING_free(ext_oct); |
789bf810 CT |
431 | ASN1_BIT_STRING_free(keyusage); |
432 | } | |
433 | } | |
434 | } | |
bee6354e CT |
435 | } |
436 | ||
5f1318b1 CT |
437 | if (mimicAuthorityKeyId(cert, mimicCert, issuerCert)) |
438 | ++added; | |
439 | ||
bee6354e CT |
440 | // We could also restrict mimicking of the CA extension to CA:FALSE |
441 | // because Squid does not generate valid fake CA certificates. | |
5c80eab2 CT |
442 | |
443 | return added; | |
bee6354e CT |
444 | } |
445 | ||
f97700a0 | 446 | static bool buildCertificate(Security::CertPointer & cert, Ssl::CertificateProperties const &properties) |
87f237a9 | 447 | { |
9a90aace CT |
448 | // not an Ssl::X509_NAME_Pointer because X509_REQ_get_subject_name() |
449 | // returns a pointer to the existing subject name. Nothing to clean here. | |
aebe6888 | 450 | if (properties.mimicCert.get()) { |
0d57adf9 CT |
451 | // Leave subject empty if we cannot extract it from true cert. |
452 | if (X509_NAME *name = X509_get_subject_name(properties.mimicCert.get())) { | |
87f237a9 | 453 | // X509_set_subject_name will call X509_dup for name |
5367d845 CT |
454 | X509_set_subject_name(cert.get(), name); |
455 | } | |
aebe6888 CT |
456 | } |
457 | ||
458 | if (properties.setCommonName || !properties.mimicCert.get()) { | |
459 | // In this case the CN of the certificate given by the user | |
bf94620c | 460 | // Ignore errors: it is better to make a certificate with no CN |
051da40c | 461 | // than to quit ssl-crtd helper because we cannot make a certificate. |
bf94620c CT |
462 | // Most errors are caused by user input such as huge domain names. |
463 | (void)replaceCommonName(cert, properties.commonName); | |
fb2178bb | 464 | } |
9a90aace | 465 | |
87f237a9 | 466 | // We should get caCert notBefore and notAfter fields and do not allow |
9a90aace CT |
467 | // notBefore/notAfter values from certToMimic before/after notBefore/notAfter |
468 | // fields from caCert. | |
87f237a9 | 469 | // Currently there is not any way in openssl tollkit to compare two ASN1_TIME |
9a90aace | 470 | // objects. |
fb2178bb | 471 | ASN1_TIME *aTime = NULL; |
aebe6888 CT |
472 | if (!properties.setValidBefore && properties.mimicCert.get()) |
473 | aTime = X509_get_notBefore(properties.mimicCert.get()); | |
474 | if (!aTime && properties.signWithX509.get()) | |
475 | aTime = X509_get_notBefore(properties.signWithX509.get()); | |
fb2178bb CT |
476 | |
477 | if (aTime) { | |
9a90aace CT |
478 | if (!X509_set_notBefore(cert.get(), aTime)) |
479 | return false; | |
87f237a9 | 480 | } else if (!X509_gmtime_adj(X509_get_notBefore(cert.get()), (-2)*24*60*60)) |
9a90aace CT |
481 | return false; |
482 | ||
fb2178bb | 483 | aTime = NULL; |
aebe6888 CT |
484 | if (!properties.setValidAfter && properties.mimicCert.get()) |
485 | aTime = X509_get_notAfter(properties.mimicCert.get()); | |
486 | if (!aTime && properties.signWithX509.get()) | |
487 | aTime = X509_get_notAfter(properties.signWithX509.get()); | |
fb2178bb | 488 | if (aTime) { |
9a90aace | 489 | if (!X509_set_notAfter(cert.get(), aTime)) |
b0137cd1 | 490 | return false; |
9a90aace | 491 | } else if (!X509_gmtime_adj(X509_get_notAfter(cert.get()), 60*60*24*356*3)) |
b0137cd1 | 492 | return false; |
9a90aace | 493 | |
ad88633d | 494 | // mimic the alias and possibly subjectAltName |
aebe6888 CT |
495 | if (properties.mimicCert.get()) { |
496 | unsigned char *alStr; | |
497 | int alLen; | |
498 | alStr = X509_alias_get0(properties.mimicCert.get(), &alLen); | |
499 | if (alStr) { | |
500 | X509_alias_set1(cert.get(), alStr, alLen); | |
501 | } | |
502 | ||
5c80eab2 CT |
503 | int addedExtensions = 0; |
504 | ||
ad88633d AR |
505 | // Mimic subjectAltName unless we used a configured CN: browsers reject |
506 | // certificates with CN unrelated to subjectAltNames. | |
3b7ed55f | 507 | if (!properties.setCommonName) { |
3b7ed55f | 508 | int pos=X509_get_ext_by_NID (properties.mimicCert.get(), OBJ_sn2nid("subjectAltName"), -1); |
87f237a9 | 509 | X509_EXTENSION *ext=X509_get_ext(properties.mimicCert.get(), pos); |
4a874fbd | 510 | if (ext) { |
5c80eab2 CT |
511 | if (X509_add_ext(cert.get(), ext, -1)) |
512 | ++addedExtensions; | |
4a874fbd | 513 | } |
3b7ed55f | 514 | } |
bee6354e | 515 | |
5f1318b1 | 516 | addedExtensions += mimicExtensions(cert, properties.mimicCert, properties.signWithX509); |
5c80eab2 CT |
517 | |
518 | // According to RFC 5280, using extensions requires v3 certificate. | |
519 | if (addedExtensions) | |
520 | X509_set_version(cert.get(), 2); // value 2 means v3 | |
aebe6888 | 521 | } |
9a90aace CT |
522 | |
523 | return true; | |
524 | } | |
525 | ||
f97700a0 | 526 | static bool generateFakeSslCertificate(Security::CertPointer & certToStore, Ssl::EVP_PKEY_Pointer & pkeyToStore, Ssl::CertificateProperties const &properties, Ssl::BIGNUM_Pointer const &serial) |
9a90aace | 527 | { |
aebe6888 | 528 | Ssl::EVP_PKEY_Pointer pkey; |
95588170 CT |
529 | // Use signing certificates private key as generated certificate private key |
530 | if (properties.signWithPkey.get()) | |
531 | pkey.resetAndLock(properties.signWithPkey.get()); | |
532 | else // if not exist generate one | |
35b3559c | 533 | pkey.resetWithoutLocking(Ssl::createSslPrivateKey()); |
95588170 | 534 | |
9a90aace CT |
535 | if (!pkey) |
536 | return false; | |
537 | ||
f97700a0 | 538 | Security::CertPointer cert(X509_new()); |
9a90aace CT |
539 | if (!cert) |
540 | return false; | |
541 | ||
542 | // Set pub key and serial given by the caller | |
543 | if (!X509_set_pubkey(cert.get(), pkey.get())) | |
544 | return false; | |
a0b971d5 | 545 | if (!setSerialNumber(X509_get_serialNumber(cert.get()), serial.get())) |
9a90aace CT |
546 | return false; |
547 | ||
aebe6888 CT |
548 | // Fill the certificate with the required properties |
549 | if (!buildCertificate(cert, properties)) | |
9a90aace CT |
550 | return false; |
551 | ||
aebe6888 | 552 | int ret = 0; |
9a90aace | 553 | // Set issuer name, from CA or our subject name for self signed cert |
aebe6888 CT |
554 | if (properties.signAlgorithm != Ssl::algSignSelf && properties.signWithX509.get()) |
555 | ret = X509_set_issuer_name(cert.get(), X509_get_subject_name(properties.signWithX509.get())); | |
556 | else // Self signed certificate, set issuer to self | |
557 | ret = X509_set_issuer_name(cert.get(), X509_get_subject_name(cert.get())); | |
558 | if (!ret) | |
9a90aace CT |
559 | return false; |
560 | ||
3c26b00a CT |
561 | const EVP_MD *hash = properties.signHash ? properties.signHash : EVP_get_digestbyname(SQUID_SSL_SIGN_HASH_IF_NONE); |
562 | assert(hash); | |
9a90aace | 563 | /*Now sign the request */ |
aebe6888 | 564 | if (properties.signAlgorithm != Ssl::algSignSelf && properties.signWithPkey.get()) |
3c26b00a | 565 | ret = X509_sign(cert.get(), properties.signWithPkey.get(), hash); |
9a90aace | 566 | else //else sign with self key (self signed request) |
3c26b00a | 567 | ret = X509_sign(cert.get(), pkey.get(), hash); |
9a90aace CT |
568 | |
569 | if (!ret) | |
570 | return false; | |
571 | ||
35b3559c AJ |
572 | certToStore = std::move(cert); |
573 | pkeyToStore = std::move(pkey); | |
9a90aace CT |
574 | return true; |
575 | } | |
576 | ||
4ece76b2 CT |
577 | static BIGNUM *createCertSerial(unsigned char *md, unsigned int n) |
578 | { | |
87f237a9 | 579 | |
4ece76b2 CT |
580 | assert(n == 20); //for sha1 n is 20 (for md5 n is 16) |
581 | ||
582 | BIGNUM *serial = NULL; | |
583 | serial = BN_bin2bn(md, n, NULL); | |
584 | ||
585 | // if the serial is "0" set it to '1' | |
b9bb9562 | 586 | if (BN_is_zero(serial) == true) |
4ece76b2 CT |
587 | BN_one(serial); |
588 | ||
c5bd24d6 CT |
589 | // serial size does not exceed 20 bytes |
590 | assert(BN_num_bits(serial) <= 160); | |
591 | ||
4ece76b2 CT |
592 | // According the RFC 5280, serial is an 20 bytes ASN.1 INTEGER (a signed big integer) |
593 | // and the maximum value for X.509 certificate serial number is 2^159-1 and | |
594 | // the minimum 0. If the first bit of the serial is '1' ( eg 2^160-1), | |
595 | // will result to a negative integer. | |
596 | // To handle this, if the produced serial is greater than 2^159-1 | |
597 | // truncate the last bit | |
598 | if (BN_is_bit_set(serial, 159)) | |
599 | BN_clear_bit(serial, 159); | |
600 | ||
601 | return serial; | |
602 | } | |
603 | ||
a0b971d5 CT |
604 | /// Return the SHA1 digest of the DER encoded version of the certificate |
605 | /// stored in a BIGNUM | |
f97700a0 | 606 | static BIGNUM *x509Digest(Security::CertPointer const & cert) |
a0b971d5 CT |
607 | { |
608 | unsigned int n; | |
609 | unsigned char md[EVP_MAX_MD_SIZE]; | |
610 | ||
611 | if (!X509_digest(cert.get(),EVP_sha1(),md,&n)) | |
612 | return NULL; | |
613 | ||
4ece76b2 CT |
614 | return createCertSerial(md, n); |
615 | } | |
616 | ||
f97700a0 | 617 | static BIGNUM *x509Pubkeydigest(Security::CertPointer const & cert) |
4ece76b2 CT |
618 | { |
619 | unsigned int n; | |
620 | unsigned char md[EVP_MAX_MD_SIZE]; | |
621 | ||
622 | if (!X509_pubkey_digest(cert.get(),EVP_sha1(),md,&n)) | |
623 | return NULL; | |
a0b971d5 | 624 | |
4ece76b2 | 625 | return createCertSerial(md, n); |
a0b971d5 CT |
626 | } |
627 | ||
87f237a9 A |
628 | /// Generate a unique serial number based on a Ssl::CertificateProperties object |
629 | /// for a new generated certificate | |
a0b971d5 CT |
630 | static bool createSerial(Ssl::BIGNUM_Pointer &serial, Ssl::CertificateProperties const &properties) |
631 | { | |
632 | Ssl::EVP_PKEY_Pointer fakePkey; | |
f97700a0 | 633 | Security::CertPointer fakeCert; |
a0b971d5 | 634 | |
4ece76b2 | 635 | serial.reset(x509Pubkeydigest(properties.signWithX509)); |
5cc307f3 CT |
636 | if (!serial.get()) { |
637 | serial.reset(BN_new()); | |
0e62e0d6 | 638 | BN_zero(serial.get()); |
5cc307f3 | 639 | } |
4ece76b2 | 640 | |
a0b971d5 CT |
641 | if (!generateFakeSslCertificate(fakeCert, fakePkey, properties, serial)) |
642 | return false; | |
643 | ||
644 | // The x509Fingerprint return an SHA1 hash. | |
645 | // both SHA1 hash and maximum serial number size are 20 bytes. | |
4ece76b2 | 646 | BIGNUM *r = x509Digest(fakeCert); |
a0b971d5 CT |
647 | if (!r) |
648 | return false; | |
649 | ||
a0b971d5 CT |
650 | serial.reset(r); |
651 | return true; | |
652 | } | |
653 | ||
f97700a0 | 654 | bool Ssl::generateSslCertificate(Security::CertPointer & certToStore, Ssl::EVP_PKEY_Pointer & pkeyToStore, Ssl::CertificateProperties const &properties) |
a0b971d5 CT |
655 | { |
656 | Ssl::BIGNUM_Pointer serial; | |
657 | ||
658 | if (!createSerial(serial, properties)) | |
659 | return false; | |
660 | ||
661 | return generateFakeSslCertificate(certToStore, pkeyToStore, properties, serial); | |
662 | } | |
663 | ||
95d2589c CT |
664 | /** |
665 | \ingroup ServerProtocolSSLInternal | |
666 | * Read certificate from file. | |
667 | */ | |
668 | static X509 * readSslX509Certificate(char const * certFilename) | |
669 | { | |
670 | if (!certFilename) | |
671 | return NULL; | |
093deea9 | 672 | Ssl::BIO_Pointer bio(BIO_new(BIO_s_file())); |
95d2589c CT |
673 | if (!bio) |
674 | return NULL; | |
675 | if (!BIO_read_filename(bio.get(), certFilename)) | |
676 | return NULL; | |
677 | X509 *certificate = PEM_read_bio_X509(bio.get(), NULL, NULL, NULL); | |
678 | return certificate; | |
679 | } | |
680 | ||
780b55ee | 681 | EVP_PKEY * Ssl::readSslPrivateKey(char const * keyFilename, pem_password_cb *passwd_callback) |
95d2589c CT |
682 | { |
683 | if (!keyFilename) | |
684 | return NULL; | |
093deea9 | 685 | Ssl::BIO_Pointer bio(BIO_new(BIO_s_file())); |
95d2589c CT |
686 | if (!bio) |
687 | return NULL; | |
688 | if (!BIO_read_filename(bio.get(), keyFilename)) | |
689 | return NULL; | |
780b55ee | 690 | EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio.get(), NULL, passwd_callback, NULL); |
95d2589c CT |
691 | return pkey; |
692 | } | |
693 | ||
f97700a0 | 694 | void Ssl::readCertAndPrivateKeyFromFiles(Security::CertPointer & cert, Ssl::EVP_PKEY_Pointer & pkey, char const * certFilename, char const * keyFilename) |
95d2589c CT |
695 | { |
696 | if (keyFilename == NULL) | |
697 | keyFilename = certFilename; | |
35b3559c AJ |
698 | pkey.resetWithoutLocking(readSslPrivateKey(keyFilename)); |
699 | cert.resetWithoutLocking(readSslX509Certificate(certFilename)); | |
95d2589c | 700 | if (!pkey || !cert || !X509_check_private_key(cert.get(), pkey.get())) { |
58a5291c AJ |
701 | pkey.reset(); |
702 | cert.reset(); | |
95d2589c CT |
703 | } |
704 | } | |
705 | ||
706 | bool Ssl::sslDateIsInTheFuture(char const * date) | |
707 | { | |
708 | ASN1_UTCTIME tm; | |
709 | tm.flags = 0; | |
710 | tm.type = 23; | |
711 | tm.data = (unsigned char *)date; | |
712 | tm.length = strlen(date); | |
713 | ||
714 | return (X509_cmp_current_time(&tm) > 0); | |
715 | } | |
e7bcc25f CT |
716 | |
717 | /// Print the time represented by a ASN1_TIME struct to a string using GeneralizedTime format | |
718 | static bool asn1timeToGeneralizedTimeStr(ASN1_TIME *aTime, char *buf, int bufLen) | |
719 | { | |
87f237a9 | 720 | // ASN1_Time holds time to UTCTime or GeneralizedTime form. |
e7bcc25f CT |
721 | // UTCTime has the form YYMMDDHHMMSS[Z | [+|-]offset] |
722 | // GeneralizedTime has the form YYYYMMDDHHMMSS[Z | [+|-] offset] | |
723 | ||
724 | // length should have space for data plus 2 extra bytes for the two extra year fields | |
725 | // plus the '\0' char. | |
726 | if ((aTime->length + 3) > bufLen) | |
727 | return false; | |
728 | ||
729 | char *str; | |
730 | if (aTime->type == V_ASN1_UTCTIME) { | |
731 | if (aTime->data[0] > '5') { // RFC 2459, section 4.1.2.5.1 | |
732 | buf[0] = '1'; | |
733 | buf[1] = '9'; | |
734 | } else { | |
735 | buf[0] = '2'; | |
736 | buf[1] = '0'; | |
737 | } | |
738 | str = buf +2; | |
87f237a9 | 739 | } else // if (aTime->type == V_ASN1_GENERALIZEDTIME) |
e7bcc25f CT |
740 | str = buf; |
741 | ||
742 | memcpy(str, aTime->data, aTime->length); | |
743 | str[aTime->length] = '\0'; | |
744 | return true; | |
745 | } | |
746 | ||
747 | static int asn1time_cmp(ASN1_TIME *asnTime1, ASN1_TIME *asnTime2) | |
748 | { | |
749 | char strTime1[64], strTime2[64]; | |
750 | if (!asn1timeToGeneralizedTimeStr(asnTime1, strTime1, sizeof(strTime1))) | |
751 | return -1; | |
752 | if (!asn1timeToGeneralizedTimeStr(asnTime2, strTime2, sizeof(strTime2))) | |
753 | return -1; | |
87f237a9 | 754 | |
e7bcc25f CT |
755 | return strcmp(strTime1, strTime2); |
756 | } | |
757 | ||
4ece76b2 | 758 | bool Ssl::certificateMatchesProperties(X509 *cert, CertificateProperties const &properties) |
e7bcc25f | 759 | { |
4ece76b2 CT |
760 | assert(cert); |
761 | ||
762 | // For non self-signed certificates we have to check if the signing certificate changed | |
763 | if (properties.signAlgorithm != Ssl::algSignSelf) { | |
f4e4d4d6 | 764 | assert(properties.signWithX509.get()); |
4ece76b2 CT |
765 | if (X509_check_issued(properties.signWithX509.get(), cert) != X509_V_OK) |
766 | return false; | |
767 | } | |
87f237a9 | 768 | |
4ece76b2 CT |
769 | X509 *cert2 = properties.mimicCert.get(); |
770 | // If there is not certificate to mimic stop here | |
771 | if (!cert2) | |
772 | return true; | |
773 | ||
774 | if (!properties.setCommonName) { | |
775 | X509_NAME *cert1_name = X509_get_subject_name(cert); | |
776 | X509_NAME *cert2_name = X509_get_subject_name(cert2); | |
777 | if (X509_NAME_cmp(cert1_name, cert2_name) != 0) | |
778 | return false; | |
87f237a9 A |
779 | } else if (properties.commonName != CommonHostName(cert)) |
780 | return false; | |
781 | ||
4ece76b2 CT |
782 | if (!properties.setValidBefore) { |
783 | ASN1_TIME *aTime = X509_get_notBefore(cert); | |
784 | ASN1_TIME *bTime = X509_get_notBefore(cert2); | |
785 | if (asn1time_cmp(aTime, bTime) != 0) | |
786 | return false; | |
0efa4d01 CT |
787 | } else if (X509_cmp_current_time(X509_get_notBefore(cert)) >= 0) { |
788 | // notBefore does not exist (=0) or it is in the future (>0) | |
789 | return false; | |
4ece76b2 | 790 | } |
e7bcc25f | 791 | |
4ece76b2 CT |
792 | if (!properties.setValidAfter) { |
793 | ASN1_TIME *aTime = X509_get_notAfter(cert); | |
794 | ASN1_TIME *bTime = X509_get_notAfter(cert2); | |
795 | if (asn1time_cmp(aTime, bTime) != 0) | |
796 | return false; | |
0efa4d01 CT |
797 | } else if (X509_cmp_current_time(X509_get_notAfter(cert)) <= 0) { |
798 | // notAfter does not exist (0) or it is in the past (<0) | |
799 | return false; | |
4ece76b2 | 800 | } |
0efa4d01 | 801 | |
e7bcc25f CT |
802 | char *alStr1; |
803 | int alLen; | |
4ece76b2 | 804 | alStr1 = (char *)X509_alias_get0(cert, &alLen); |
e7bcc25f CT |
805 | char *alStr2 = (char *)X509_alias_get0(cert2, &alLen); |
806 | if ((!alStr1 && alStr2) || (alStr1 && !alStr2) || | |
87f237a9 | 807 | (alStr1 && alStr2 && strcmp(alStr1, alStr2)) != 0) |
e7bcc25f | 808 | return false; |
87f237a9 | 809 | |
e7bcc25f CT |
810 | // Compare subjectAltName extension |
811 | STACK_OF(GENERAL_NAME) * cert1_altnames; | |
4ece76b2 | 812 | cert1_altnames = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); |
e7bcc25f CT |
813 | STACK_OF(GENERAL_NAME) * cert2_altnames; |
814 | cert2_altnames = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(cert2, NID_subject_alt_name, NULL, NULL); | |
815 | bool match = true; | |
816 | if (cert1_altnames) { | |
817 | int numalts = sk_GENERAL_NAME_num(cert1_altnames); | |
a38ec4b1 | 818 | for (int i = 0; match && i < numalts; ++i) { |
2a268a06 | 819 | GENERAL_NAME *aName = sk_GENERAL_NAME_value(cert1_altnames, i); |
e7bcc25f CT |
820 | match = sk_GENERAL_NAME_find(cert2_altnames, aName); |
821 | } | |
87f237a9 | 822 | } else if (cert2_altnames) |
e7bcc25f | 823 | match = false; |
87f237a9 | 824 | |
e7bcc25f CT |
825 | sk_GENERAL_NAME_pop_free(cert1_altnames, GENERAL_NAME_free); |
826 | sk_GENERAL_NAME_pop_free(cert2_altnames, GENERAL_NAME_free); | |
827 | ||
828 | return match; | |
829 | } | |
0efa4d01 CT |
830 | |
831 | static const char *getSubjectEntry(X509 *x509, int nid) | |
832 | { | |
833 | static char name[1024] = ""; // stores common name (CN) | |
834 | ||
835 | if (!x509) | |
836 | return NULL; | |
837 | ||
838 | // TODO: What if the entry is a UTF8String? See X509_NAME_get_index_by_NID(3ssl). | |
839 | const int nameLen = X509_NAME_get_text_by_NID( | |
87f237a9 A |
840 | X509_get_subject_name(x509), |
841 | nid, name, sizeof(name)); | |
0efa4d01 CT |
842 | |
843 | if (nameLen > 0) | |
844 | return name; | |
845 | ||
846 | return NULL; | |
847 | } | |
848 | ||
849 | const char *Ssl::CommonHostName(X509 *x509) | |
850 | { | |
851 | return getSubjectEntry(x509, NID_commonName); | |
852 | } | |
853 | ||
854 | const char *Ssl::getOrganization(X509 *x509) | |
855 | { | |
856 | return getSubjectEntry(x509, NID_organizationName); | |
857 | } | |
858 |