]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/ssl_cert.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update util/analyze-contention-log.sh
[thirdparty/openssl.git] / ssl / ssl_cert.c
CommitLineData
846e33c7 1/*
0c679f55 2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
aa8f3d76 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
675f605d 4 *
2c18d164 5 * Licensed under the Apache License 2.0 (the "License"). You may not use
846e33c7
RS		 6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
ca8e5b9b 9 */
846e33c7 10
2bb83824
F		 11#include "internal/e_os.h"
12
d02b48c6 13#include <stdio.h>
b379fe6c 14#include <sys/types.h>
17f389bb 15
677963e5 16#include "internal/nelem.h"
68570797 17#include "internal/o_dir.h"
ec577822
BM		 18#include <openssl/bio.h>
19#include <openssl/pem.h>
6dcb100f 20#include <openssl/store.h>
bb7cd4e3 21#include <openssl/x509v3.h>
3c27208f 22#include <openssl/dh.h>
d095b68d 23#include <openssl/bn.h>
5c4328f0 24#include <openssl/crypto.h>
cd420b0b 25#include "internal/refcount.h"
706457b7 26#include "ssl_local.h"
cd933ebd 27#include "ssl_cert_table.h"
c2e4e5d2 28#include "internal/thread_once.h"
bf553267 29#include "internal/ssl_unwrap.h"
1dc35d44 30#ifndef OPENSSL_NO_POSIX_IO
31# include <sys/stat.h>
32# ifdef _WIN32
33# define stat _stat
34# endif
3155b5a9
TM		 35# ifndef S_ISDIR
36# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
37# endif
1dc35d44 38#endif
39
d02b48c6 40
a230b26e
EK		 41static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
42 int op, int bits, int nid, void *other,
0f113f3e 43 void *ex);
b362ccab 44
16203f7b
AG		 45static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
46static volatile int ssl_x509_store_ctx_idx = -1;
0f113f3e 47
c2e4e5d2 48DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
16203f7b
AG		 49{
50 ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
a230b26e
EK		 51 "SSL for verify callback",
52 NULL, NULL, NULL);
c2e4e5d2 53 return ssl_x509_store_ctx_idx >= 0;
16203f7b 54}
0f113f3e 55
16203f7b
AG		 56int SSL_get_ex_data_X509_STORE_CTX_idx(void)
57{
0f113f3e 58
c2e4e5d2
RL		 59 if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
60 return -1;
0f113f3e
MC		 61 return ssl_x509_store_ctx_idx;
62}
dfeab068 63
ee58915c 64CERT *ssl_cert_new(size_t ssl_pkey_num)
0f113f3e 65{
ee58915c
MB		 66 CERT *ret = NULL;
67
68 /* Should never happen */
69 if (!ossl_assert(ssl_pkey_num >= SSL_PKEY_NUM))
70 return NULL;
0f113f3e 71
ee58915c 72 ret = OPENSSL_zalloc(sizeof(*ret));
e077455e 73 if (ret == NULL)
16203f7b 74 return NULL;
0f113f3e 75
ee58915c
MB		 76 ret->ssl_pkey_num = ssl_pkey_num;
77 ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
78 if (ret->pkeys == NULL) {
79 OPENSSL_free(ret);
80 return NULL;
81 }
82
d0ff28f8 83 ret->key = &(ret->pkeys[SSL_PKEY_RSA]);
0f113f3e
MC		 84 ret->sec_cb = ssl_security_default_callback;
85 ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
86 ret->sec_ex = NULL;
43a07d6d 87 if (!CRYPTO_NEW_REF(&ret->references, 1)) {
ee58915c 88 OPENSSL_free(ret->pkeys);
16203f7b
AG		 89 OPENSSL_free(ret);
90 return NULL;
91 }
92
93 return ret;
0f113f3e 94}
d02b48c6 95
ca8e5b9b 96CERT *ssl_cert_dup(CERT *cert)
0f113f3e 97{
b51bce94 98 CERT *ret = OPENSSL_zalloc(sizeof(*ret));
ee58915c 99 size_t i;
b67cb09f
TS		 100#ifndef OPENSSL_NO_COMP_ALG
101 int j;
102#endif
0f113f3e 103
e077455e 104 if (ret == NULL)
16203f7b 105 return NULL;
0f113f3e 106
ee58915c
MB		 107 ret->ssl_pkey_num = cert->ssl_pkey_num;
108 ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
b36e677f
P		 109 if (ret->pkeys == NULL) {
110 OPENSSL_free(ret);
ee58915c 111 return NULL;
b36e677f 112 }
ee58915c 113
16f8d4eb 114 ret->key = &ret->pkeys[cert->key - cert->pkeys];
43a07d6d 115 if (!CRYPTO_NEW_REF(&ret->references, 1)) {
b36e677f 116 OPENSSL_free(ret->pkeys);
16203f7b
AG		 117 OPENSSL_free(ret);
118 return NULL;
119 }
13c45372 120
0f113f3e 121 if (cert->dh_tmp != NULL) {
00fbc969
FWH		 122 if (!EVP_PKEY_up_ref(cert->dh_tmp))
123 goto err;
e2b420fd 124 ret->dh_tmp = cert->dh_tmp;
0f113f3e 125 }
5b64ce89 126
0f113f3e 127 ret->dh_tmp_cb = cert->dh_tmp_cb;
13c45372 128 ret->dh_tmp_auto = cert->dh_tmp_auto;
ca8e5b9b 129
ee58915c 130 for (i = 0; i < ret->ssl_pkey_num; i++) {
0f113f3e
MC		 131 CERT_PKEY *cpk = cert->pkeys + i;
132 CERT_PKEY *rpk = ret->pkeys + i;
b67cb09f 133
0f113f3e 134 if (cpk->x509 != NULL) {
00fbc969
FWH		 135 if (!X509_up_ref(cpk->x509))
136 goto err;
0f113f3e 137 rpk->x509 = cpk->x509;
0f113f3e
MC		 138 }
139
140 if (cpk->privatekey != NULL) {
00fbc969
FWH		 141 if (!EVP_PKEY_up_ref(cpk->privatekey))
142 goto err;
0f113f3e 143 rpk->privatekey = cpk->privatekey;
0f113f3e
MC		 144 }
145
146 if (cpk->chain) {
147 rpk->chain = X509_chain_up_ref(cpk->chain);
148 if (!rpk->chain) {
e077455e 149 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
0f113f3e
MC		 150 goto err;
151 }
152 }
b67cb09f 153 if (cpk->serverinfo != NULL) {
0f113f3e 154 /* Just copy everything. */
b67cb09f
TS		 155 rpk->serverinfo = OPENSSL_memdup(cpk->serverinfo, cpk->serverinfo_length);
156 if (rpk->serverinfo == NULL)
0f113f3e 157 goto err;
b67cb09f
TS		 158 rpk->serverinfo_length = cpk->serverinfo_length;
159 }
160#ifndef OPENSSL_NO_COMP_ALG
161 for (j = TLSEXT_comp_cert_none; j < TLSEXT_comp_cert_limit; j++) {
162 if (cpk->comp_cert[j] != NULL) {
163 if (!OSSL_COMP_CERT_up_ref(cpk->comp_cert[j]))
164 goto err;
165 rpk->comp_cert[j] = cpk->comp_cert[j];
166 }
0f113f3e 167 }
b67cb09f 168#endif
0f113f3e
MC		 169 }
170
76106e60 171 /* Configured sigalgs copied across */
0f113f3e 172 if (cert->conf_sigalgs) {
703bcee0
MC		 173 ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
174 * sizeof(*cert->conf_sigalgs));
a71edf3b 175 if (ret->conf_sigalgs == NULL)
0f113f3e 176 goto err;
703bcee0
MC		 177 memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
178 cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs));
0f113f3e
MC		 179 ret->conf_sigalgslen = cert->conf_sigalgslen;
180 } else
181 ret->conf_sigalgs = NULL;
182
183 if (cert->client_sigalgs) {
703bcee0
MC		 184 ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen
185 * sizeof(*cert->client_sigalgs));
a71edf3b 186 if (ret->client_sigalgs == NULL)
0f113f3e
MC		 187 goto err;
188 memcpy(ret->client_sigalgs, cert->client_sigalgs,
703bcee0 189 cert->client_sigalgslen * sizeof(*cert->client_sigalgs));
0f113f3e
MC		 190 ret->client_sigalgslen = cert->client_sigalgslen;
191 } else
192 ret->client_sigalgs = NULL;
0f113f3e 193 /* Copy any custom client certificate types */
75c13e78
DSH		 194 if (cert->ctype) {
195 ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len);
196 if (ret->ctype == NULL)
0f113f3e 197 goto err;
75c13e78 198 ret->ctype_len = cert->ctype_len;
0f113f3e
MC		 199 }
200
201 ret->cert_flags = cert->cert_flags;
202
203 ret->cert_cb = cert->cert_cb;
204 ret->cert_cb_arg = cert->cert_cb_arg;
205
206 if (cert->verify_store) {
00fbc969
FWH		 207 if (!X509_STORE_up_ref(cert->verify_store))
208 goto err;
0f113f3e
MC		 209 ret->verify_store = cert->verify_store;
210 }
211
212 if (cert->chain_store) {
00fbc969
FWH		 213 if (!X509_STORE_up_ref(cert->chain_store))
214 goto err;
0f113f3e
MC		 215 ret->chain_store = cert->chain_store;
216 }
217
0f113f3e
MC		 218 ret->sec_cb = cert->sec_cb;
219 ret->sec_level = cert->sec_level;
220 ret->sec_ex = cert->sec_ex;
b362ccab 221
43ae5eed 222 if (!custom_exts_copy(&ret->custext, &cert->custext))
0f113f3e 223 goto err;
9076bd25 224#ifndef OPENSSL_NO_PSK
df6da24b 225 if (cert->psk_identity_hint) {
7644a9ae 226 ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint);
df6da24b
DSH		 227 if (ret->psk_identity_hint == NULL)
228 goto err;
229 }
9076bd25 230#endif
16203f7b 231 return ret;
0f113f3e
MC		 232
233 err:
234 ssl_cert_free(ret);
9ade64de 235
0f113f3e
MC		 236 return NULL;
237}
ca8e5b9b 238
a5ee80b9
DSH		 239/* Free up and clear all certificates and chains */
240
241void ssl_cert_clear_certs(CERT *c)
0f113f3e 242{
ee58915c 243 size_t i;
b67cb09f
TS		 244#ifndef OPENSSL_NO_COMP_ALG
245 int j;
246#endif
1cf2f823 247
0f113f3e
MC		 248 if (c == NULL)
249 return;
ee58915c 250 for (i = 0; i < c->ssl_pkey_num; i++) {
0f113f3e 251 CERT_PKEY *cpk = c->pkeys + i;
222561fe
RS		 252 X509_free(cpk->x509);
253 cpk->x509 = NULL;
c5ba2d99
RS		 254 EVP_PKEY_free(cpk->privatekey);
255 cpk->privatekey = NULL;
79b2a2f2 256 OSSL_STACK_OF_X509_free(cpk->chain);
222561fe 257 cpk->chain = NULL;
25aaa98a
RS		 258 OPENSSL_free(cpk->serverinfo);
259 cpk->serverinfo = NULL;
260 cpk->serverinfo_length = 0;
b67cb09f
TS		 261#ifndef OPENSSL_NO_COMP_ALG
262 for (j = 0; j < TLSEXT_comp_cert_limit; j++) {
263 OSSL_COMP_CERT_free(cpk->comp_cert[j]);
264 cpk->comp_cert[j] = NULL;
265 cpk->cert_comp_used = 0;
266 }
267#endif
0f113f3e
MC		 268 }
269}
ca8e5b9b 270
eb90a483 271void ssl_cert_free(CERT *c)
0f113f3e
MC		 272{
273 int i;
d02b48c6 274
e6e9170d
RS		 275 if (c == NULL)
276 return;
43a07d6d 277 CRYPTO_DOWN_REF(&c->references, &i);
dc10ffc2 278 REF_PRINT_COUNT("CERT", i, c);
0f113f3e
MC		 279 if (i > 0)
280 return;
f3f1cf84 281 REF_ASSERT_ISNT(i < 0);
d02b48c6 282
e2b420fd 283 EVP_PKEY_free(c->dh_tmp);
d02b48c6 284
0f113f3e 285 ssl_cert_clear_certs(c);
25aaa98a
RS		 286 OPENSSL_free(c->conf_sigalgs);
287 OPENSSL_free(c->client_sigalgs);
75c13e78 288 OPENSSL_free(c->ctype);
222561fe
RS		 289 X509_STORE_free(c->verify_store);
290 X509_STORE_free(c->chain_store);
43ae5eed 291 custom_exts_free(&c->custext);
df6da24b
DSH		 292#ifndef OPENSSL_NO_PSK
293 OPENSSL_free(c->psk_identity_hint);
294#endif
ee58915c 295 OPENSSL_free(c->pkeys);
43a07d6d 296 CRYPTO_FREE_REF(&c->references);
0f113f3e
MC		 297 OPENSSL_free(c);
298}
d02b48c6 299
38b051a1 300int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
0f113f3e
MC		 301{
302 int i, r;
9f0f53b7 303 CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key;
9f0f53b7 304
0f113f3e
MC		 305 if (!cpk)
306 return 0;
0f113f3e 307 for (i = 0; i < sk_X509_num(chain); i++) {
9f0f53b7
MC		 308 X509 *x = sk_X509_value(chain, i);
309
9f0f53b7 310 r = ssl_security_cert(s, ctx, x, 0, 0);
0f113f3e 311 if (r != 1) {
6849b73c 312 ERR_raise(ERR_LIB_SSL, r);
0f113f3e
MC		 313 return 0;
314 }
315 }
79b2a2f2 316 OSSL_STACK_OF_X509_free(cpk->chain);
0f113f3e
MC		 317 cpk->chain = chain;
318 return 1;
319}
f71c6e52 320
38b051a1 321int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
0f113f3e
MC		 322{
323 STACK_OF(X509) *dchain;
ee58915c 324
0f113f3e
MC		 325 if (!chain)
326 return ssl_cert_set0_chain(s, ctx, NULL);
327 dchain = X509_chain_up_ref(chain);
328 if (!dchain)
329 return 0;
330 if (!ssl_cert_set0_chain(s, ctx, dchain)) {
79b2a2f2 331 OSSL_STACK_OF_X509_free(dchain);
0f113f3e
MC		 332 return 0;
333 }
334 return 1;
335}
f71c6e52 336
38b051a1 337int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
0f113f3e
MC		 338{
339 int r;
340 CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
ee58915c 341
0f113f3e
MC		 342 if (!cpk)
343 return 0;
344 r = ssl_security_cert(s, ctx, x, 0, 0);
345 if (r != 1) {
6849b73c 346 ERR_raise(ERR_LIB_SSL, r);
0f113f3e
MC		 347 return 0;
348 }
349 if (!cpk->chain)
350 cpk->chain = sk_X509_new_null();
351 if (!cpk->chain || !sk_X509_push(cpk->chain, x))
352 return 0;
353 return 1;
354}
f71c6e52 355
38b051a1 356int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
0f113f3e 357{
00fbc969
FWH		 358 if (!X509_up_ref(x))
359 return 0;
360 if (!ssl_cert_add0_chain_cert(s, ctx, x)) {
361 X509_free(x);
0f113f3e 362 return 0;
00fbc969 363 }
0f113f3e
MC		 364 return 1;
365}
7b6b246f
RS		 366
367int ssl_cert_select_current(CERT *c, X509 *x)
0f113f3e 368{
ee58915c
MB		 369 size_t i;
370
0f113f3e
MC		 371 if (x == NULL)
372 return 0;
ee58915c 373 for (i = 0; i < c->ssl_pkey_num; i++) {
0f113f3e
MC		 374 CERT_PKEY *cpk = c->pkeys + i;
375 if (cpk->x509 == x && cpk->privatekey) {
376 c->key = cpk;
377 return 1;
378 }
379 }
380
ee58915c 381 for (i = 0; i < c->ssl_pkey_num; i++) {
0f113f3e
MC		 382 CERT_PKEY *cpk = c->pkeys + i;
383 if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) {
384 c->key = cpk;
385 return 1;
386 }
387 }
388 return 0;
389}
0f78819c
DSH		 390
391int ssl_cert_set_current(CERT *c, long op)
0f113f3e 392{
ee58915c
MB		 393 size_t i, idx;
394
0f113f3e
MC		 395 if (!c)
396 return 0;
397 if (op == SSL_CERT_SET_FIRST)
398 idx = 0;
399 else if (op == SSL_CERT_SET_NEXT) {
ee58915c
MB		 400 idx = (size_t)(c->key - c->pkeys + 1);
401 if (idx >= c->ssl_pkey_num)
0f113f3e
MC		 402 return 0;
403 } else
404 return 0;
ee58915c 405 for (i = idx; i < c->ssl_pkey_num; i++) {
0f113f3e
MC		 406 CERT_PKEY *cpk = c->pkeys + i;
407 if (cpk->x509 && cpk->privatekey) {
408 c->key = cpk;
409 return 1;
410 }
411 }
412 return 0;
413}
414
415void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
416{
417 c->cert_cb = cb;
418 c->cert_cb_arg = arg;
419}
18d71588 420
c1c1bb7c 421/*
3c95ef22 422 * Verify a certificate chain/raw public key
c1c1bb7c
MC		 423 * Return codes:
424 * 1: Verify success
425 * 0: Verify failure or error
426 * -1: Retry required
427 */
3c95ef22 428static int ssl_verify_internal(SSL_CONNECTION *s, STACK_OF(X509) *sk, EVP_PKEY *rpk)
0f113f3e
MC		 429{
430 X509 *x;
f0e0fd51 431 int i = 0;
0f113f3e 432 X509_STORE *verify_store;
f0e0fd51 433 X509_STORE_CTX *ctx = NULL;
919ba009 434 X509_VERIFY_PARAM *param;
38b051a1 435 SSL_CTX *sctx;
0f113f3e 436
3c95ef22
TS		 437 /* Something must be passed in */
438 if ((sk == NULL || sk_X509_num(sk) == 0) && rpk == NULL)
439 return 0;
440
441 /* Only one can be set */
442 if (sk != NULL && rpk != NULL)
f0e0fd51
RS		 443 return 0;
444
38b051a1 445 sctx = SSL_CONNECTION_GET_CTX(s);
0f113f3e
MC		 446 if (s->cert->verify_store)
447 verify_store = s->cert->verify_store;
448 else
38b051a1 449 verify_store = sctx->cert_store;
0f113f3e 450
38b051a1 451 ctx = X509_STORE_CTX_new_ex(sctx->libctx, sctx->propq);
f0e0fd51 452 if (ctx == NULL) {
e077455e 453 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
f0e0fd51
RS		 454 return 0;
455 }
0f113f3e 456
3c95ef22
TS		 457 if (sk != NULL) {
458 x = sk_X509_value(sk, 0);
459 if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
460 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
461 goto end;
462 }
463 } else {
464 if (!X509_STORE_CTX_init_rpk(ctx, verify_store, rpk)) {
465 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
466 goto end;
467 }
0f113f3e 468 }
f0e0fd51 469 param = X509_STORE_CTX_get0_param(ctx);
fbb82a60
VD		 470 /*
471 * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
472 * point, for now a single @SECLEVEL sets the same policy for TLS crypto
473 * and PKI authentication.
474 */
38b051a1
TM		 475 X509_VERIFY_PARAM_set_auth_level(param,
476 SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)));
919ba009 477
0f113f3e 478 /* Set suite B flags if needed */
f0e0fd51 479 X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
38b051a1 480 if (!X509_STORE_CTX_set_ex_data(ctx,
4b148ebb
MC		 481 SSL_get_ex_data_X509_STORE_CTX_idx(),
482 SSL_CONNECTION_GET_USER_SSL(s)))
a98810bf 483 goto end;
0f113f3e 484
919ba009
VD		 485 /* Verify via DANE if enabled */
486 if (DANETLS_ENABLED(&s->dane))
f0e0fd51 487 X509_STORE_CTX_set0_dane(ctx, &s->dane);
919ba009 488
0f113f3e
MC		 489 /*
490 * We need to inherit the verify parameters. These can be determined by
491 * the context: if its a server it will verify SSL client certificates or
492 * vice versa.
493 */
494
f0e0fd51 495 X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
0f113f3e 496 /*
919ba009 497 * Anything non-default in "s->param" should overwrite anything in the ctx.
0f113f3e 498 */
919ba009 499 X509_VERIFY_PARAM_set1(param, s->param);
0f113f3e
MC		 500
501 if (s->verify_callback)
f0e0fd51 502 X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
0f113f3e 503
38b051a1
TM		 504 if (sctx->app_verify_callback != NULL) {
505 i = sctx->app_verify_callback(ctx, sctx->app_verify_arg);
c1c1bb7c 506 } else {
f0e0fd51 507 i = X509_verify_cert(ctx);
c1c1bb7c
MC		 508 /* We treat an error in the same way as a failure to verify */
509 if (i < 0)
510 i = 0;
511 }
d02b48c6 512
f0e0fd51 513 s->verify_result = X509_STORE_CTX_get_error(ctx);
79b2a2f2 514 OSSL_STACK_OF_X509_free(s->verified_chain);
696178ed 515 s->verified_chain = NULL;
3c95ef22
TS		 516
517 if (sk != NULL && X509_STORE_CTX_get0_chain(ctx) != NULL) {
f0e0fd51 518 s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
696178ed 519 if (s->verified_chain == NULL) {
e077455e 520 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
696178ed
DSH		 521 i = 0;
522 }
523 }
919ba009
VD		 524
525 /* Move peername from the store context params to the SSL handle's */
526 X509_VERIFY_PARAM_move_peername(s->param, param);
527
a230b26e 528 end:
f0e0fd51
RS		 529 X509_STORE_CTX_free(ctx);
530 return i;
0f113f3e 531}
d02b48c6 532
3c95ef22
TS		 533/*
534 * Verify a raw public key
535 * Return codes:
536 * 1: Verify success
537 * 0: Verify failure or error
538 * -1: Retry required
539 */
540int ssl_verify_rpk(SSL_CONNECTION *s, EVP_PKEY *rpk)
541{
542 return ssl_verify_internal(s, NULL, rpk);
543}
544
545/*
546 * Verify a certificate chain
547 * Return codes:
548 * 1: Verify success
549 * 0: Verify failure or error
550 * -1: Retry required
551 */
552int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk)
553{
554 return ssl_verify_internal(s, sk, NULL);
555}
556
fa7c2637
DSH		 557static void set0_CA_list(STACK_OF(X509_NAME) **ca_list,
558 STACK_OF(X509_NAME) *name_list)
0f113f3e 559{
222561fe 560 sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
0f113f3e
MC		 561 *ca_list = name_list;
562}
d02b48c6 563
86135bed 564STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
0f113f3e
MC		 565{
566 int i;
e431363f 567 const int num = sk_X509_NAME_num(sk);
0f113f3e
MC		 568 STACK_OF(X509_NAME) *ret;
569 X509_NAME *name;
570
7a908204 571 ret = sk_X509_NAME_new_reserve(NULL, num);
3c82e437 572 if (ret == NULL) {
e077455e 573 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
3c82e437
F		 574 return NULL;
575 }
e431363f 576 for (i = 0; i < num; i++) {
0f113f3e 577 name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
e431363f 578 if (name == NULL) {
e077455e 579 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
0f113f3e 580 sk_X509_NAME_pop_free(ret, X509_NAME_free);
3c82e437 581 return NULL;
0f113f3e 582 }
e431363f 583 sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */
0f113f3e 584 }
32f3b98d 585 return ret;
0f113f3e
MC		 586}
587
fa7c2637
DSH		 588void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
589{
38b051a1
TM		 590 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
591
592 if (sc == NULL)
593 return;
594
595 set0_CA_list(&sc->ca_names, name_list);
fa7c2637
DSH		 596}
597
598void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
0f113f3e 599{
fa7c2637
DSH		 600 set0_CA_list(&ctx->ca_names, name_list);
601}
602
603const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
604{
605 return ctx->ca_names;
606}
607
608const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
609{
38b051a1
TM		 610 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
611
612 if (sc == NULL)
613 return NULL;
614
615 return sc->ca_names != NULL ? sc->ca_names : s->ctx->ca_names;
0f113f3e
MC		 616}
617
618void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
619{
98732979 620 set0_CA_list(&ctx->client_ca_names, name_list);
0f113f3e 621}
d02b48c6 622
0821bcd4 623STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
0f113f3e 624{
98732979 625 return ctx->client_ca_names;
fa7c2637
DSH		 626}
627
628void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
629{
38b051a1
TM		 630 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
631
632 if (sc == NULL)
633 return;
634
635 set0_CA_list(&sc->client_ca_names, name_list);
fa7c2637
DSH		 636}
637
638const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
639{
38b051a1
TM		 640 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
641
642 if (sc == NULL)
643 return NULL;
644
645 return sc->s3.tmp.peer_ca_names;
0f113f3e 646}
d02b48c6 647
0821bcd4 648STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
0f113f3e 649{
38b051a1
TM		 650 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
651
652 if (sc == NULL)
653 return NULL;
654
655 if (!sc->server)
656 return sc->s3.tmp.peer_ca_names;
657 return sc->client_ca_names != NULL ? sc->client_ca_names
658 : s->ctx->client_ca_names;
0f113f3e
MC		 659}
660
fa7c2637 661static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
0f113f3e
MC		 662{
663 X509_NAME *name;
664
665 if (x == NULL)
fa7c2637
DSH		 666 return 0;
667 if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL))
668 return 0;
0f113f3e
MC		 669
670 if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
fa7c2637 671 return 0;
0f113f3e
MC		 672
673 if (!sk_X509_NAME_push(*sk, name)) {
674 X509_NAME_free(name);
fa7c2637 675 return 0;
0f113f3e 676 }
fa7c2637
DSH		 677 return 1;
678}
679
64a48fc7 680int SSL_add1_to_CA_list(SSL *ssl, const X509 *x)
fa7c2637 681{
38b051a1
TM		 682 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
683
684 if (sc == NULL)
685 return 0;
686
687 return add_ca_name(&sc->ca_names, x);
fa7c2637
DSH		 688}
689
64a48fc7 690int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
fa7c2637
DSH		 691{
692 return add_ca_name(&ctx->ca_names, x);
0f113f3e
MC		 693}
694
64a48fc7
RL		 695/*
696 * The following two are older names are to be replaced with
697 * SSL(_CTX)_add1_to_CA_list
698 */
0f113f3e
MC		 699int SSL_add_client_CA(SSL *ssl, X509 *x)
700{
38b051a1
TM		 701 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
702
703 if (sc == NULL)
704 return 0;
705
706 return add_ca_name(&sc->client_ca_names, x);
0f113f3e
MC		 707}
708
709int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
710{
98732979 711 return add_ca_name(&ctx->client_ca_names, x);
0f113f3e
MC		 712}
713
3e41defe 714static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
0f113f3e 715{
3e41defe
TM		 716 unsigned char *abuf = NULL, *bbuf = NULL;
717 int alen, blen, ret;
718
719 /* X509_NAME_cmp() itself casts away constness in this way, so
720 * assume it's safe:
721 */
722 alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
723 blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
724
725 if (alen < 0 || blen < 0)
726 ret = -2;
727 else if (alen != blen)
728 ret = alen - blen;
729 else /* alen == blen */
730 ret = memcmp(abuf, bbuf, alen);
731
732 OPENSSL_free(abuf);
733 OPENSSL_free(bbuf);
734
735 return ret;
0f113f3e 736}
d02b48c6 737
3e41defe 738static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
7823d792 739{
3e41defe 740 return xname_cmp(*a, *b);
7823d792
TF		 741}
742
743static unsigned long xname_hash(const X509_NAME *a)
744{
bf973d06
DDO		 745 /* This returns 0 also if SHA1 is not available */
746 return X509_NAME_hash_ex((X509_NAME *)a, NULL, NULL, NULL);
7823d792
TF		 747}
748
d8652be0 749STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
b4250010 750 OSSL_LIB_CTX *libctx,
d8652be0 751 const char *propq)
0f113f3e 752{
7823d792 753 BIO *in = BIO_new(BIO_s_file());
0f113f3e
MC		 754 X509 *x = NULL;
755 X509_NAME *xn = NULL;
7823d792 756 STACK_OF(X509_NAME) *ret = NULL;
a230b26e 757 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
b4250010 758 OSSL_LIB_CTX *prev_libctx = NULL;
0f113f3e 759
3ef1b742
ЗМ		 760 if (file == NULL) {
761 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
762 goto err;
763 }
e077455e
RL		 764 if (name_hash == NULL) {
765 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
766 goto err;
767 }
768 if (in == NULL) {
769 ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
0f113f3e
MC		 770 goto err;
771 }
772
d8652be0 773 x = X509_new_ex(libctx, propq);
6725682d 774 if (x == NULL) {
e077455e 775 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
6725682d
SL		 776 goto err;
777 }
e3f03624 778 if (BIO_read_filename(in, file) <= 0)
0f113f3e
MC		 779 goto err;
780
6725682d 781 /* Internally lh_X509_NAME_retrieve() needs the libctx to retrieve SHA1 */
b4250010 782 prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
0f113f3e
MC		 783 for (;;) {
784 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
785 break;
786 if (ret == NULL) {
787 ret = sk_X509_NAME_new_null();
788 if (ret == NULL) {
e077455e 789 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
0f113f3e
MC		 790 goto err;
791 }
792 }
793 if ((xn = X509_get_subject_name(x)) == NULL)
794 goto err;
795 /* check for duplicates */
796 xn = X509_NAME_dup(xn);
797 if (xn == NULL)
798 goto err;
7823d792
TF		 799 if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
800 /* Duplicate. */
0f113f3e 801 X509_NAME_free(xn);
3c82e437 802 xn = NULL;
7823d792 803 } else {
9d6daf99 804 lh_X509_NAME_insert(name_hash, xn);
3c82e437
F		 805 if (!sk_X509_NAME_push(ret, xn))
806 goto err;
0f113f3e
MC		 807 }
808 }
66696478 809 goto done;
0f113f3e 810
0f113f3e 811 err:
3c82e437 812 X509_NAME_free(xn);
66696478
RS		 813 sk_X509_NAME_pop_free(ret, X509_NAME_free);
814 ret = NULL;
815 done:
6725682d 816 /* restore the old libctx */
b4250010 817 OSSL_LIB_CTX_set0_default(prev_libctx);
ca3a82c3 818 BIO_free(in);
222561fe 819 X509_free(x);
7823d792 820 lh_X509_NAME_free(name_hash);
0f113f3e
MC		 821 if (ret != NULL)
822 ERR_clear_error();
26a7d938 823 return ret;
0f113f3e 824}
d02b48c6 825
6725682d
SL		 826STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
827{
d8652be0 828 return SSL_load_client_CA_file_ex(file, NULL, NULL);
6725682d
SL		 829}
830
5cec58bd
CL		 831static int add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
832 const char *file,
833 LHASH_OF(X509_NAME) *name_hash)
0f113f3e
MC		 834{
835 BIO *in;
836 X509 *x = NULL;
837 X509_NAME *xn = NULL;
838 int ret = 1;
0f113f3e 839
9982cbbb 840 in = BIO_new(BIO_s_file());
0f113f3e
MC		 841
842 if (in == NULL) {
e077455e 843 ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
0f113f3e
MC		 844 goto err;
845 }
846
e3f03624 847 if (BIO_read_filename(in, file) <= 0)
0f113f3e
MC		 848 goto err;
849
850 for (;;) {
851 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
852 break;
853 if ((xn = X509_get_subject_name(x)) == NULL)
854 goto err;
855 xn = X509_NAME_dup(xn);
856 if (xn == NULL)
857 goto err;
5cec58bd 858 if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
3c82e437 859 /* Duplicate. */
0f113f3e 860 X509_NAME_free(xn);
3c82e437
F		 861 } else if (!sk_X509_NAME_push(stack, xn)) {
862 X509_NAME_free(xn);
863 goto err;
5cec58bd
CL		 864 } else {
865 /* Successful insert, add to hash table */
866 lh_X509_NAME_insert(name_hash, xn);
3c82e437 867 }
0f113f3e
MC		 868 }
869
870 ERR_clear_error();
66696478 871 goto done;
0f113f3e 872
0f113f3e 873 err:
3c82e437 874 ret = 0;
66696478 875 done:
ca3a82c3 876 BIO_free(in);
25aaa98a 877 X509_free(x);
5cec58bd
CL		 878 return ret;
879}
880
881int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
882 const char *file)
883{
884 X509_NAME *xn = NULL;
885 int ret = 1;
886 int idx = 0;
887 int num = 0;
888 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
889
3ef1b742
ЗМ		 890 if (file == NULL) {
891 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
892 goto err;
893 }
894
5cec58bd
CL		 895 if (name_hash == NULL) {
896 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
897 goto err;
898 }
899
900 /*
901 * Pre-populate the lhash with the existing entries of the stack, since
902 * using the LHASH_OF is much faster for duplicate checking. That's because
903 * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
904 * for every single invocation of the comparison function.
905 */
906 num = sk_X509_NAME_num(stack);
907 for (idx = 0; idx < num; idx++) {
908 xn = sk_X509_NAME_value(stack, idx);
909 lh_X509_NAME_insert(name_hash, xn);
910 }
911
912 ret = add_file_cert_subjects_to_stack(stack, file, name_hash);
913 goto done;
914
915 err:
916 ret = 0;
917 done:
918 lh_X509_NAME_free(name_hash);
0f113f3e
MC		 919 return ret;
920}
921
661b361b 922int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
0f113f3e
MC		 923 const char *dir)
924{
925 OPENSSL_DIR_CTX *d = NULL;
926 const char *filename;
927 int ret = 0;
5cec58bd
CL		 928 X509_NAME *xn = NULL;
929 int idx = 0;
930 int num = 0;
931 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
932
933 if (name_hash == NULL) {
934 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
935 goto err;
936 }
eb90a483 937
5cec58bd
CL		 938 /*
939 * Pre-populate the lhash with the existing entries of the stack, since
940 * using the LHASH_OF is much faster for duplicate checking. That's because
941 * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
942 * for every single invocation of the comparison function.
943 */
944 num = sk_X509_NAME_num(stack);
945 for (idx = 0; idx < num; idx++) {
946 xn = sk_X509_NAME_value(stack, idx);
947 lh_X509_NAME_insert(name_hash, xn);
948 }
4083a229 949
0f113f3e
MC		 950 while ((filename = OPENSSL_DIR_read(&d, dir))) {
951 char buf[1024];
952 int r;
3155b5a9 953#ifndef OPENSSL_NO_POSIX_IO
1dc35d44 954 struct stat st;
4083a229 955
3155b5a9
TM		 956#else
957 /* Cannot use stat so just skip current and parent directories */
958 if (strcmp(filename, ".") == 0 || strcmp(filename, "..") == 0)
959 continue;
960#endif
cbe29648 961 if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
6849b73c 962 ERR_raise(ERR_LIB_SSL, SSL_R_PATH_TOO_LONG);
0f113f3e
MC		 963 goto err;
964 }
4083a229 965#ifdef OPENSSL_SYS_VMS
cbe29648 966 r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
4083a229 967#else
cbe29648 968 r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
4083a229 969#endif
3155b5a9 970#ifndef OPENSSL_NO_POSIX_IO
1dc35d44 971 /* Skip subdirectories */
972 if (!stat(buf, &st) && S_ISDIR(st.st_mode))
973 continue;
3155b5a9 974#endif
0f113f3e
MC		 975 if (r <= 0 || r >= (int)sizeof(buf))
976 goto err;
5cec58bd 977 if (!add_file_cert_subjects_to_stack(stack, buf, name_hash))
0f113f3e
MC		 978 goto err;
979 }
980
981 if (errno) {
ff988500 982 ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
6849b73c
RL		 983 "calling OPENSSL_dir_read(%s)", dir);
984 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
0f113f3e
MC		 985 goto err;
986 }
987
988 ret = 1;
989
990 err:
991 if (d)
992 OPENSSL_DIR_end(&d);
5cec58bd 993 lh_X509_NAME_free(name_hash);
16203f7b 994
0f113f3e
MC		 995 return ret;
996}
285046ec 997
6dcb100f
RL		 998static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
999 const char *uri, int depth)
1000{
1001 int ok = 1;
1002 OSSL_STORE_CTX *ctx = NULL;
1003 X509 *x = NULL;
1004 X509_NAME *xn = NULL;
be5965ac 1005 OSSL_STORE_INFO *info = NULL;
6dcb100f
RL		 1006
1007 if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL)
1008 goto err;
1009
1010 while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) {
be5965ac 1011 int infotype;
6dcb100f 1012
be5965ac 1013 if ((info = OSSL_STORE_load(ctx)) == NULL)
6dcb100f 1014 continue;
be5965ac 1015 infotype = OSSL_STORE_INFO_get_type(info);
6dcb100f
RL		 1016
1017 if (infotype == OSSL_STORE_INFO_NAME) {
1018 /*
1019 * This is an entry in the "directory" represented by the current
1020 * uri. if |depth| allows, dive into it.
1021 */
ee669781
RL		 1022 if (depth > 0)
1023 ok = add_uris_recursive(stack, OSSL_STORE_INFO_get0_NAME(info),
1024 depth - 1);
6dcb100f
RL		 1025 } else if (infotype == OSSL_STORE_INFO_CERT) {
1026 if ((x = OSSL_STORE_INFO_get0_CERT(info)) == NULL
1027 || (xn = X509_get_subject_name(x)) == NULL
1028 || (xn = X509_NAME_dup(xn)) == NULL)
1029 goto err;
1030 if (sk_X509_NAME_find(stack, xn) >= 0) {
1031 /* Duplicate. */
1032 X509_NAME_free(xn);
1033 } else if (!sk_X509_NAME_push(stack, xn)) {
1034 X509_NAME_free(xn);
1035 goto err;
1036 }
1037 }
1038
1039 OSSL_STORE_INFO_free(info);
be5965ac 1040 info = NULL;
6dcb100f
RL		 1041 }
1042
1043 ERR_clear_error();
1044 goto done;
1045
1046 err:
1047 ok = 0;
be5965ac 1048 OSSL_STORE_INFO_free(info);
6dcb100f
RL		 1049 done:
1050 OSSL_STORE_close(ctx);
1051
1052 return ok;
1053}
1054
1055int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
1056 const char *store)
1057{
1058 int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b)
1059 = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
1060 int ret = add_uris_recursive(stack, store, 1);
1061
1062 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
1063 return ret;
1064}
1065
74ecfab4 1066/* Build a certificate chain for current certificate */
38b051a1 1067int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags)
0f113f3e 1068{
38b051a1 1069 CERT *c = s != NULL ? s->cert : ctx->cert;
0f113f3e
MC		 1070 CERT_PKEY *cpk = c->key;
1071 X509_STORE *chain_store = NULL;
f0e0fd51 1072 X509_STORE_CTX *xs_ctx = NULL;
0f113f3e
MC		 1073 STACK_OF(X509) *chain = NULL, *untrusted = NULL;
1074 X509 *x;
38b051a1 1075 SSL_CTX *real_ctx = (s == NULL) ? ctx : SSL_CONNECTION_GET_CTX(s);
0f113f3e 1076 int i, rv = 0;
0f113f3e 1077
38b051a1 1078 if (cpk->x509 == NULL) {
6849b73c 1079 ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET);
0f113f3e
MC		 1080 goto err;
1081 }
1082 /* Rearranging and check the chain: add everything to a store */
1083 if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {
1084 chain_store = X509_STORE_new();
a71edf3b 1085 if (chain_store == NULL)
0f113f3e
MC		 1086 goto err;
1087 for (i = 0; i < sk_X509_num(cpk->chain); i++) {
1088 x = sk_X509_value(cpk->chain, i);
c0452248 1089 if (!X509_STORE_add_cert(chain_store, x))
0f113f3e 1090 goto err;
0f113f3e 1091 }
c0452248
RS		 1092 /* Add EE cert too: it might be self signed */
1093 if (!X509_STORE_add_cert(chain_store, cpk->x509))
1094 goto err;
0f113f3e 1095 } else {
38b051a1 1096 if (c->chain_store != NULL)
0f113f3e 1097 chain_store = c->chain_store;
0f113f3e 1098 else
38b051a1 1099 chain_store = real_ctx->cert_store;
0f113f3e
MC		 1100
1101 if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
1102 untrusted = cpk->chain;
1103 }
1104
4e4ae840 1105 xs_ctx = X509_STORE_CTX_new_ex(real_ctx->libctx, real_ctx->propq);
f0e0fd51 1106 if (xs_ctx == NULL) {
e077455e 1107 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
f0e0fd51
RS		 1108 goto err;
1109 }
1110 if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
6849b73c 1111 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
0f113f3e
MC		 1112 goto err;
1113 }
1114 /* Set suite B flags if needed */
f0e0fd51 1115 X509_STORE_CTX_set_flags(xs_ctx,
0f113f3e
MC		 1116 c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
1117
f0e0fd51 1118 i = X509_verify_cert(xs_ctx);
0f113f3e
MC		 1119 if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {
1120 if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
1121 ERR_clear_error();
1122 i = 1;
1123 rv = 2;
1124 }
1125 if (i > 0)
f0e0fd51 1126 chain = X509_STORE_CTX_get1_chain(xs_ctx);
0f113f3e 1127 if (i <= 0) {
f0e0fd51 1128 i = X509_STORE_CTX_get_error(xs_ctx);
c48ffbcc
RL		 1129 ERR_raise_data(ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED,
1130 "Verify error:%s", X509_verify_cert_error_string(i));
0f113f3e 1131
0f113f3e
MC		 1132 goto err;
1133 }
0f113f3e
MC		 1134 /* Remove EE certificate from chain */
1135 x = sk_X509_shift(chain);
1136 X509_free(x);
1137 if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) {
1138 if (sk_X509_num(chain) > 0) {
1139 /* See if last cert is self signed */
1140 x = sk_X509_value(chain, sk_X509_num(chain) - 1);
a8d8e06b 1141 if (X509_get_extension_flags(x) & EXFLAG_SS) {
0f113f3e
MC		 1142 x = sk_X509_pop(chain);
1143 X509_free(x);
1144 }
1145 }
1146 }
1147 /*
1148 * Check security level of all CA certificates: EE will have been checked
1149 * already.
1150 */
1151 for (i = 0; i < sk_X509_num(chain); i++) {
1152 x = sk_X509_value(chain, i);
1153 rv = ssl_security_cert(s, ctx, x, 0, 0);
1154 if (rv != 1) {
6849b73c 1155 ERR_raise(ERR_LIB_SSL, rv);
79b2a2f2 1156 OSSL_STACK_OF_X509_free(chain);
0f113f3e
MC		 1157 rv = 0;
1158 goto err;
1159 }
1160 }
79b2a2f2 1161 OSSL_STACK_OF_X509_free(cpk->chain);
0f113f3e
MC		 1162 cpk->chain = chain;
1163 if (rv == 0)
1164 rv = 1;
1165 err:
1166 if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
1167 X509_STORE_free(chain_store);
f0e0fd51 1168 X509_STORE_CTX_free(xs_ctx);
0f113f3e
MC		 1169
1170 return rv;
1171}
74ecfab4
DSH		 1172
1173int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
0f113f3e
MC		 1174{
1175 X509_STORE **pstore;
00fbc969
FWH		 1176
1177 if (ref && store && !X509_STORE_up_ref(store))
1178 return 0;
1179
0f113f3e
MC		 1180 if (chain)
1181 pstore = &c->chain_store;
1182 else
1183 pstore = &c->verify_store;
222561fe 1184 X509_STORE_free(*pstore);
0f113f3e 1185 *pstore = store;
00fbc969 1186
0f113f3e
MC		 1187 return 1;
1188}
1189
948cf521
HL		 1190int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain)
1191{
1192 *pstore = (chain ? c->chain_store : c->verify_store);
1193 return 1;
1194}
1195
d7b5c648
P		 1196int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
1197{
1198 int level;
657489e8
HK		 1199 /*
1200 * note that there's a corresponding minbits_table
1201 * in crypto/x509/x509_vfy.c that's used for checking the security level
1202 * of RSA and DSA keys
1203 */
d7b5c648
P		 1204 static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
1205
1206 if (ctx != NULL)
1207 level = SSL_CTX_get_security_level(ctx);
1208 else
1209 level = SSL_get_security_level(s);
1210
1211 if (level > 5)
1212 level = 5;
1213 else if (level < 0)
1214 level = 0;
1215
1216 if (levelp != NULL)
1217 *levelp = level;
1218
1219 return minbits_table[level];
1220}
1221
a230b26e
EK		 1222static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
1223 int op, int bits, int nid, void *other,
0f113f3e
MC		 1224 void *ex)
1225{
b139a956 1226 int level, minbits, pfs_mask;
38b051a1 1227 const SSL_CONNECTION *sc;
a7cf07b4 1228
d7b5c648
P		 1229 minbits = ssl_get_security_level_bits(s, ctx, &level);
1230
1231 if (level == 0) {
a7cf07b4
VD		 1232 /*
1233 * No EDH keys weaker than 1024-bits even at level 0, otherwise,
1234 * anything goes.
1235 */
1236 if (op == SSL_SECOP_TMP_DH && bits < 80)
1237 return 0;
0f113f3e 1238 return 1;
a7cf07b4 1239 }
0f113f3e
MC		 1240 switch (op) {
1241 case SSL_SECOP_CIPHER_SUPPORTED:
1242 case SSL_SECOP_CIPHER_SHARED:
1243 case SSL_SECOP_CIPHER_CHECK:
1244 {
1245 const SSL_CIPHER *c = other;
1246 /* No ciphers below security level */
1247 if (bits < minbits)
1248 return 0;
1249 /* No unauthenticated ciphersuites */
1250 if (c->algorithm_auth & SSL_aNULL)
1251 return 0;
1252 /* No MD5 mac ciphersuites */
1253 if (c->algorithm_mac & SSL_MD5)
1254 return 0;
1255 /* SHA1 HMAC is 160 bits of security */
1256 if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
1257 return 0;
0f113f3e 1258 /* Level 3: forward secure ciphersuites only */
b139a956 1259 pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK;
75b68c9e 1260 if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
b139a956 1261 !(c->algorithm_mkey & pfs_mask))
0f113f3e
MC		 1262 return 0;
1263 break;
1264 }
1265 case SSL_SECOP_VERSION:
38b051a1
TM		 1266 if ((sc = SSL_CONNECTION_FROM_CONST_SSL(s)) == NULL)
1267 return 0;
1268 if (!SSL_CONNECTION_IS_DTLS(sc)) {
7bf2e4d7
P		 1269 /* SSLv3, TLS v1.0 and TLS v1.1 only allowed at level 0 */
1270 if (nid <= TLS1_1_VERSION && level > 0)
4fa52141
VD		 1271 return 0;
1272 } else {
7bf2e4d7
P		 1273 /* DTLS v1.0 only allowed at level 0 */
1274 if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level > 0)
4fa52141
VD		 1275 return 0;
1276 }
0f113f3e
MC		 1277 break;
1278
1279 case SSL_SECOP_COMPRESSION:
1280 if (level >= 2)
1281 return 0;
1282 break;
1283 case SSL_SECOP_TICKET:
1284 if (level >= 3)
1285 return 0;
1286 break;
1287 default:
1288 if (bits < minbits)
1289 return 0;
1290 }
1291 return 1;
1292}
b362ccab 1293
38b051a1 1294int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other)
0f113f3e 1295{
dc84829c 1296 return s->cert->sec_cb(SSL_CONNECTION_GET_USER_SSL(s), NULL, op, bits, nid,
38b051a1 1297 other, s->cert->sec_ex);
0f113f3e 1298}
b362ccab 1299
e4646a89 1300int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
0f113f3e
MC		 1301{
1302 return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
1303 ctx->cert->sec_ex);
1304}
c04cd728 1305
ee58915c 1306int ssl_cert_lookup_by_nid(int nid, size_t *pidx, SSL_CTX *ctx)
c04cd728 1307{
c04cd728
DSH		 1308 size_t i;
1309
c04cd728
DSH		 1310 for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
1311 if (ssl_cert_info[i].nid == nid) {
11d2641f
MC		 1312 *pidx = i;
1313 return 1;
c04cd728
DSH		 1314 }
1315 }
ee58915c
MB		 1316 for (i = 0; i < ctx->sigalg_list_len; i++) {
1317 if (ctx->ssl_cert_info[i].nid == nid) {
1318 *pidx = SSL_PKEY_NUM + i;
1319 return 1;
1320 }
1321 }
11d2641f
MC		 1322 return 0;
1323}
1324
5fb44336 1325const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx, SSL_CTX *ctx)
11d2641f 1326{
92dc275f 1327 size_t i;
11d2641f 1328
ee58915c 1329 /* check classic pk types */
92dc275f 1330 for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
5fb44336 1331 const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i];
11d2641f 1332
92dc275f
RL		 1333 if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid))
1334 || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) {
1335 if (pidx != NULL)
1336 *pidx = i;
1337 return tmp_lu;
1338 }
1339 }
ee58915c 1340 /* check provider-loaded pk types */
3252fe64 1341 for (i = 0; i < ctx->sigalg_list_len; i++) {
ee58915c
MB		 1342 SSL_CERT_LOOKUP *tmp_lu = &(ctx->ssl_cert_info[i]);
1343
1344 if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid))
1345 || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) {
1346 if (pidx != NULL)
1347 *pidx = SSL_PKEY_NUM + i;
1348 return &ctx->ssl_cert_info[i];
1349 }
1350 }
11d2641f 1351
92dc275f 1352 return NULL;
c04cd728
DSH		 1353}
1354
5fb44336 1355const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx, SSL_CTX *ctx)
c04cd728 1356{
ee58915c 1357 if (idx >= (OSSL_NELEM(ssl_cert_info) + ctx->sigalg_list_len))
b2555168 1358 return NULL;
ee58915c
MB		 1359 else if (idx >= (OSSL_NELEM(ssl_cert_info)))
1360 return &(ctx->ssl_cert_info[idx - SSL_PKEY_NUM]);
c04cd728
DSH		 1361 return &ssl_cert_info[idx];
1362}
Mirror of https://github.com/openssl/openssl.git