/src/boringssl/ssl/ssl_cert.cc
Line | Count | Source (jump to first uncovered line) |
1 | | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
2 | | * All rights reserved. |
3 | | * |
4 | | * This package is an SSL implementation written |
5 | | * by Eric Young (eay@cryptsoft.com). |
6 | | * The implementation was written so as to conform with Netscapes SSL. |
7 | | * |
8 | | * This library is free for commercial and non-commercial use as long as |
9 | | * the following conditions are aheared to. The following conditions |
10 | | * apply to all code found in this distribution, be it the RC4, RSA, |
11 | | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
12 | | * included with this distribution is covered by the same copyright terms |
13 | | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
14 | | * |
15 | | * Copyright remains Eric Young's, and as such any Copyright notices in |
16 | | * the code are not to be removed. |
17 | | * If this package is used in a product, Eric Young should be given attribution |
18 | | * as the author of the parts of the library used. |
19 | | * This can be in the form of a textual message at program startup or |
20 | | * in documentation (online or textual) provided with the package. |
21 | | * |
22 | | * Redistribution and use in source and binary forms, with or without |
23 | | * modification, are permitted provided that the following conditions |
24 | | * are met: |
25 | | * 1. Redistributions of source code must retain the copyright |
26 | | * notice, this list of conditions and the following disclaimer. |
27 | | * 2. Redistributions in binary form must reproduce the above copyright |
28 | | * notice, this list of conditions and the following disclaimer in the |
29 | | * documentation and/or other materials provided with the distribution. |
30 | | * 3. All advertising materials mentioning features or use of this software |
31 | | * must display the following acknowledgement: |
32 | | * "This product includes cryptographic software written by |
33 | | * Eric Young (eay@cryptsoft.com)" |
34 | | * The word 'cryptographic' can be left out if the rouines from the library |
35 | | * being used are not cryptographic related :-). |
36 | | * 4. If you include any Windows specific code (or a derivative thereof) from |
37 | | * the apps directory (application code) you must include an acknowledgement: |
38 | | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
39 | | * |
40 | | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
41 | | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
42 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
43 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
44 | | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
45 | | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
46 | | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
47 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
48 | | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
49 | | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
50 | | * SUCH DAMAGE. |
51 | | * |
52 | | * The licence and distribution terms for any publically available version or |
53 | | * derivative of this code cannot be changed. i.e. this code cannot simply be |
54 | | * copied and put under another distribution licence |
55 | | * [including the GNU Public Licence.] |
56 | | */ |
57 | | /* ==================================================================== |
58 | | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
59 | | * |
60 | | * Redistribution and use in source and binary forms, with or without |
61 | | * modification, are permitted provided that the following conditions |
62 | | * are met: |
63 | | * |
64 | | * 1. Redistributions of source code must retain the above copyright |
65 | | * notice, this list of conditions and the following disclaimer. |
66 | | * |
67 | | * 2. Redistributions in binary form must reproduce the above copyright |
68 | | * notice, this list of conditions and the following disclaimer in |
69 | | * the documentation and/or other materials provided with the |
70 | | * distribution. |
71 | | * |
72 | | * 3. All advertising materials mentioning features or use of this |
73 | | * software must display the following acknowledgment: |
74 | | * "This product includes software developed by the OpenSSL Project |
75 | | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
76 | | * |
77 | | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
78 | | * endorse or promote products derived from this software without |
79 | | * prior written permission. For written permission, please contact |
80 | | * openssl-core@openssl.org. |
81 | | * |
82 | | * 5. Products derived from this software may not be called "OpenSSL" |
83 | | * nor may "OpenSSL" appear in their names without prior written |
84 | | * permission of the OpenSSL Project. |
85 | | * |
86 | | * 6. Redistributions of any form whatsoever must retain the following |
87 | | * acknowledgment: |
88 | | * "This product includes software developed by the OpenSSL Project |
89 | | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
90 | | * |
91 | | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
92 | | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
93 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
94 | | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
95 | | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
96 | | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
97 | | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
98 | | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
99 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
100 | | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
101 | | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
102 | | * OF THE POSSIBILITY OF SUCH DAMAGE. |
103 | | * ==================================================================== |
104 | | * |
105 | | * This product includes cryptographic software written by Eric Young |
106 | | * (eay@cryptsoft.com). This product includes software written by Tim |
107 | | * Hudson (tjh@cryptsoft.com). |
108 | | * |
109 | | */ |
110 | | /* ==================================================================== |
111 | | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
112 | | * ECC cipher suite support in OpenSSL originally developed by |
113 | | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ |
114 | | |
115 | | #include <openssl/ssl.h> |
116 | | |
117 | | #include <assert.h> |
118 | | #include <limits.h> |
119 | | #include <string.h> |
120 | | |
121 | | #include <utility> |
122 | | |
123 | | #include <openssl/bn.h> |
124 | | #include <openssl/bytestring.h> |
125 | | #include <openssl/ec_key.h> |
126 | | #include <openssl/err.h> |
127 | | #include <openssl/mem.h> |
128 | | #include <openssl/sha.h> |
129 | | #include <openssl/x509.h> |
130 | | |
131 | | #include "../crypto/internal.h" |
132 | | #include "internal.h" |
133 | | |
134 | | |
135 | | BSSL_NAMESPACE_BEGIN |
136 | | |
137 | | CERT::CERT(const SSL_X509_METHOD *x509_method_arg) |
138 | 20.1k | : x509_method(x509_method_arg) {} |
139 | | |
140 | 20.0k | CERT::~CERT() { |
141 | 20.0k | ssl_cert_clear_certs(this); |
142 | 20.0k | x509_method->cert_free(this); |
143 | 20.0k | } |
144 | | |
145 | 20.0k | static CRYPTO_BUFFER *buffer_up_ref(const CRYPTO_BUFFER *buffer) { |
146 | 20.0k | CRYPTO_BUFFER_up_ref(const_cast<CRYPTO_BUFFER *>(buffer)); |
147 | 20.0k | return const_cast<CRYPTO_BUFFER *>(buffer); |
148 | 20.0k | } |
149 | | |
150 | 20.0k | UniquePtr<CERT> ssl_cert_dup(CERT *cert) { |
151 | 20.0k | UniquePtr<CERT> ret = MakeUnique<CERT>(cert->x509_method); |
152 | 20.0k | if (!ret) { |
153 | 0 | return nullptr; |
154 | 0 | } |
155 | | |
156 | 20.0k | if (cert->chain) { |
157 | 20.0k | ret->chain.reset(sk_CRYPTO_BUFFER_deep_copy( |
158 | 20.0k | cert->chain.get(), buffer_up_ref, CRYPTO_BUFFER_free)); |
159 | 20.0k | if (!ret->chain) { |
160 | 0 | return nullptr; |
161 | 0 | } |
162 | 20.0k | } |
163 | | |
164 | 20.0k | ret->privatekey = UpRef(cert->privatekey); |
165 | 20.0k | ret->key_method = cert->key_method; |
166 | | |
167 | 20.0k | if (!ret->sigalgs.CopyFrom(cert->sigalgs)) { |
168 | 0 | return nullptr; |
169 | 0 | } |
170 | | |
171 | 20.0k | ret->cert_cb = cert->cert_cb; |
172 | 20.0k | ret->cert_cb_arg = cert->cert_cb_arg; |
173 | | |
174 | 20.0k | ret->x509_method->cert_dup(ret.get(), cert); |
175 | | |
176 | 20.0k | ret->signed_cert_timestamp_list = UpRef(cert->signed_cert_timestamp_list); |
177 | 20.0k | ret->ocsp_response = UpRef(cert->ocsp_response); |
178 | | |
179 | 20.0k | ret->sid_ctx_length = cert->sid_ctx_length; |
180 | 20.0k | OPENSSL_memcpy(ret->sid_ctx, cert->sid_ctx, sizeof(ret->sid_ctx)); |
181 | | |
182 | 20.0k | if (cert->dc) { |
183 | 0 | ret->dc = cert->dc->Dup(); |
184 | 0 | if (!ret->dc) { |
185 | 0 | return nullptr; |
186 | 0 | } |
187 | 0 | } |
188 | | |
189 | 20.0k | ret->dc_privatekey = UpRef(cert->dc_privatekey); |
190 | 20.0k | ret->dc_key_method = cert->dc_key_method; |
191 | | |
192 | 20.0k | return ret; |
193 | 20.0k | } |
194 | | |
195 | | // Free up and clear all certificates and chains |
196 | 20.0k | void ssl_cert_clear_certs(CERT *cert) { |
197 | 20.0k | if (cert == NULL) { |
198 | 0 | return; |
199 | 0 | } |
200 | | |
201 | 20.0k | cert->x509_method->cert_clear(cert); |
202 | | |
203 | 20.0k | cert->chain.reset(); |
204 | 20.0k | cert->privatekey.reset(); |
205 | 20.0k | cert->key_method = nullptr; |
206 | | |
207 | 20.0k | cert->dc.reset(); |
208 | 20.0k | cert->dc_privatekey.reset(); |
209 | 20.0k | cert->dc_key_method = nullptr; |
210 | 20.0k | } |
211 | | |
212 | | static void ssl_cert_set_cert_cb(CERT *cert, int (*cb)(SSL *ssl, void *arg), |
213 | 0 | void *arg) { |
214 | 0 | cert->cert_cb = cb; |
215 | 0 | cert->cert_cb_arg = arg; |
216 | 0 | } |
217 | | |
218 | | enum leaf_cert_and_privkey_result_t { |
219 | | leaf_cert_and_privkey_error, |
220 | | leaf_cert_and_privkey_ok, |
221 | | leaf_cert_and_privkey_mismatch, |
222 | | }; |
223 | | |
224 | | // check_leaf_cert_and_privkey checks whether the certificate in |leaf_buffer| |
225 | | // and the private key in |privkey| are suitable and coherent. It returns |
226 | | // |leaf_cert_and_privkey_error| and pushes to the error queue if a problem is |
227 | | // found. If the certificate and private key are valid, but incoherent, it |
228 | | // returns |leaf_cert_and_privkey_mismatch|. Otherwise it returns |
229 | | // |leaf_cert_and_privkey_ok|. |
230 | | static enum leaf_cert_and_privkey_result_t check_leaf_cert_and_privkey( |
231 | 2 | CRYPTO_BUFFER *leaf_buffer, EVP_PKEY *privkey) { |
232 | 2 | CBS cert_cbs; |
233 | 2 | CRYPTO_BUFFER_init_CBS(leaf_buffer, &cert_cbs); |
234 | 2 | UniquePtr<EVP_PKEY> pubkey = ssl_cert_parse_pubkey(&cert_cbs); |
235 | 2 | if (!pubkey) { |
236 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); |
237 | 0 | return leaf_cert_and_privkey_error; |
238 | 0 | } |
239 | | |
240 | 2 | if (!ssl_is_key_type_supported(EVP_PKEY_id(pubkey.get()))) { |
241 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
242 | 0 | return leaf_cert_and_privkey_error; |
243 | 0 | } |
244 | | |
245 | | // An ECC certificate may be usable for ECDH or ECDSA. We only support ECDSA |
246 | | // certificates, so sanity-check the key usage extension. |
247 | 2 | if (EVP_PKEY_id(pubkey.get()) == EVP_PKEY_EC && |
248 | 2 | !ssl_cert_check_key_usage(&cert_cbs, key_usage_digital_signature)) { |
249 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
250 | 0 | return leaf_cert_and_privkey_error; |
251 | 0 | } |
252 | | |
253 | 2 | if (privkey != NULL && |
254 | | // Sanity-check that the private key and the certificate match. |
255 | 2 | !ssl_compare_public_and_private_key(pubkey.get(), privkey)) { |
256 | 0 | ERR_clear_error(); |
257 | 0 | return leaf_cert_and_privkey_mismatch; |
258 | 0 | } |
259 | | |
260 | 2 | return leaf_cert_and_privkey_ok; |
261 | 2 | } |
262 | | |
263 | | static int cert_set_chain_and_key( |
264 | | CERT *cert, CRYPTO_BUFFER *const *certs, size_t num_certs, |
265 | 0 | EVP_PKEY *privkey, const SSL_PRIVATE_KEY_METHOD *privkey_method) { |
266 | 0 | if (num_certs == 0 || |
267 | 0 | (privkey == NULL && privkey_method == NULL)) { |
268 | 0 | OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER); |
269 | 0 | return 0; |
270 | 0 | } |
271 | | |
272 | 0 | if (privkey != NULL && privkey_method != NULL) { |
273 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD); |
274 | 0 | return 0; |
275 | 0 | } |
276 | | |
277 | 0 | switch (check_leaf_cert_and_privkey(certs[0], privkey)) { |
278 | 0 | case leaf_cert_and_privkey_error: |
279 | 0 | return 0; |
280 | 0 | case leaf_cert_and_privkey_mismatch: |
281 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_AND_PRIVATE_KEY_MISMATCH); |
282 | 0 | return 0; |
283 | 0 | case leaf_cert_and_privkey_ok: |
284 | 0 | break; |
285 | 0 | } |
286 | | |
287 | 0 | UniquePtr<STACK_OF(CRYPTO_BUFFER)> certs_sk(sk_CRYPTO_BUFFER_new_null()); |
288 | 0 | if (!certs_sk) { |
289 | 0 | return 0; |
290 | 0 | } |
291 | | |
292 | 0 | for (size_t i = 0; i < num_certs; i++) { |
293 | 0 | if (!PushToStack(certs_sk.get(), UpRef(certs[i]))) { |
294 | 0 | return 0; |
295 | 0 | } |
296 | 0 | } |
297 | | |
298 | 0 | cert->privatekey = UpRef(privkey); |
299 | 0 | cert->key_method = privkey_method; |
300 | |
|
301 | 0 | cert->chain = std::move(certs_sk); |
302 | 0 | return 1; |
303 | 0 | } |
304 | | |
305 | 2 | bool ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer) { |
306 | 2 | switch (check_leaf_cert_and_privkey(buffer.get(), cert->privatekey.get())) { |
307 | 0 | case leaf_cert_and_privkey_error: |
308 | 0 | return false; |
309 | 0 | case leaf_cert_and_privkey_mismatch: |
310 | | // don't fail for a cert/key mismatch, just free current private key |
311 | | // (when switching to a different cert & key, first this function should |
312 | | // be used, then |ssl_set_pkey|. |
313 | 0 | cert->privatekey.reset(); |
314 | 0 | break; |
315 | 2 | case leaf_cert_and_privkey_ok: |
316 | 2 | break; |
317 | 2 | } |
318 | | |
319 | 2 | cert->x509_method->cert_flush_cached_leaf(cert); |
320 | | |
321 | 2 | if (cert->chain != nullptr) { |
322 | 0 | CRYPTO_BUFFER_free(sk_CRYPTO_BUFFER_value(cert->chain.get(), 0)); |
323 | 0 | sk_CRYPTO_BUFFER_set(cert->chain.get(), 0, buffer.release()); |
324 | 0 | return true; |
325 | 0 | } |
326 | | |
327 | 2 | cert->chain.reset(sk_CRYPTO_BUFFER_new_null()); |
328 | 2 | if (cert->chain == nullptr) { |
329 | 0 | return false; |
330 | 0 | } |
331 | | |
332 | 2 | if (!PushToStack(cert->chain.get(), std::move(buffer))) { |
333 | 0 | cert->chain.reset(); |
334 | 0 | return false; |
335 | 0 | } |
336 | | |
337 | 2 | return true; |
338 | 2 | } |
339 | | |
340 | 14.4k | bool ssl_has_certificate(const SSL_HANDSHAKE *hs) { |
341 | 14.4k | return hs->config->cert->chain != nullptr && |
342 | 14.4k | sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0) != nullptr && |
343 | 14.4k | ssl_has_private_key(hs); |
344 | 14.4k | } |
345 | | |
346 | | bool ssl_parse_cert_chain(uint8_t *out_alert, |
347 | | UniquePtr<STACK_OF(CRYPTO_BUFFER)> *out_chain, |
348 | | UniquePtr<EVP_PKEY> *out_pubkey, |
349 | | uint8_t *out_leaf_sha256, CBS *cbs, |
350 | 1.51k | CRYPTO_BUFFER_POOL *pool) { |
351 | 1.51k | out_chain->reset(); |
352 | 1.51k | out_pubkey->reset(); |
353 | | |
354 | 1.51k | CBS certificate_list; |
355 | 1.51k | if (!CBS_get_u24_length_prefixed(cbs, &certificate_list)) { |
356 | 19 | *out_alert = SSL_AD_DECODE_ERROR; |
357 | 19 | OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); |
358 | 19 | return false; |
359 | 19 | } |
360 | | |
361 | 1.50k | if (CBS_len(&certificate_list) == 0) { |
362 | 14 | return true; |
363 | 14 | } |
364 | | |
365 | 1.48k | UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain(sk_CRYPTO_BUFFER_new_null()); |
366 | 1.48k | if (!chain) { |
367 | 0 | *out_alert = SSL_AD_INTERNAL_ERROR; |
368 | 0 | return false; |
369 | 0 | } |
370 | | |
371 | 1.48k | UniquePtr<EVP_PKEY> pubkey; |
372 | 2.80k | while (CBS_len(&certificate_list) > 0) { |
373 | 1.58k | CBS certificate; |
374 | 1.58k | if (!CBS_get_u24_length_prefixed(&certificate_list, &certificate) || |
375 | 1.58k | CBS_len(&certificate) == 0) { |
376 | 16 | *out_alert = SSL_AD_DECODE_ERROR; |
377 | 16 | OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH); |
378 | 16 | return false; |
379 | 16 | } |
380 | | |
381 | 1.56k | if (sk_CRYPTO_BUFFER_num(chain.get()) == 0) { |
382 | 1.47k | pubkey = ssl_cert_parse_pubkey(&certificate); |
383 | 1.47k | if (!pubkey) { |
384 | 243 | *out_alert = SSL_AD_DECODE_ERROR; |
385 | 243 | return false; |
386 | 243 | } |
387 | | |
388 | | // Retain the hash of the leaf certificate if requested. |
389 | 1.23k | if (out_leaf_sha256 != NULL) { |
390 | 0 | SHA256(CBS_data(&certificate), CBS_len(&certificate), out_leaf_sha256); |
391 | 0 | } |
392 | 1.23k | } |
393 | | |
394 | 1.32k | UniquePtr<CRYPTO_BUFFER> buf( |
395 | 1.32k | CRYPTO_BUFFER_new_from_CBS(&certificate, pool)); |
396 | 1.32k | if (!buf || |
397 | 1.32k | !PushToStack(chain.get(), std::move(buf))) { |
398 | 0 | *out_alert = SSL_AD_INTERNAL_ERROR; |
399 | 0 | return false; |
400 | 0 | } |
401 | 1.32k | } |
402 | | |
403 | 1.22k | *out_chain = std::move(chain); |
404 | 1.22k | *out_pubkey = std::move(pubkey); |
405 | 1.22k | return true; |
406 | 1.48k | } |
407 | | |
408 | 3.07k | bool ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb) { |
409 | 3.07k | if (!ssl_has_certificate(hs)) { |
410 | 0 | return CBB_add_u24(cbb, 0); |
411 | 0 | } |
412 | | |
413 | 3.07k | CBB certs; |
414 | 3.07k | if (!CBB_add_u24_length_prefixed(cbb, &certs)) { |
415 | 0 | OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); |
416 | 0 | return false; |
417 | 0 | } |
418 | | |
419 | 3.07k | STACK_OF(CRYPTO_BUFFER) *chain = hs->config->cert->chain.get(); |
420 | 6.15k | for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(chain); i++) { |
421 | 3.07k | CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(chain, i); |
422 | 3.07k | CBB child; |
423 | 3.07k | if (!CBB_add_u24_length_prefixed(&certs, &child) || |
424 | 3.07k | !CBB_add_bytes(&child, CRYPTO_BUFFER_data(buffer), |
425 | 3.07k | CRYPTO_BUFFER_len(buffer)) || |
426 | 3.07k | !CBB_flush(&certs)) { |
427 | 0 | OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); |
428 | 0 | return false; |
429 | 0 | } |
430 | 3.07k | } |
431 | | |
432 | 3.07k | return CBB_flush(cbb); |
433 | 3.07k | } |
434 | | |
435 | | // ssl_cert_skip_to_spki parses a DER-encoded, X.509 certificate from |in| and |
436 | | // positions |*out_tbs_cert| to cover the TBSCertificate, starting at the |
437 | | // subjectPublicKeyInfo. |
438 | 6.62k | static bool ssl_cert_skip_to_spki(const CBS *in, CBS *out_tbs_cert) { |
439 | | /* From RFC 5280, section 4.1 |
440 | | * Certificate ::= SEQUENCE { |
441 | | * tbsCertificate TBSCertificate, |
442 | | * signatureAlgorithm AlgorithmIdentifier, |
443 | | * signatureValue BIT STRING } |
444 | | |
445 | | * TBSCertificate ::= SEQUENCE { |
446 | | * version [0] EXPLICIT Version DEFAULT v1, |
447 | | * serialNumber CertificateSerialNumber, |
448 | | * signature AlgorithmIdentifier, |
449 | | * issuer Name, |
450 | | * validity Validity, |
451 | | * subject Name, |
452 | | * subjectPublicKeyInfo SubjectPublicKeyInfo, |
453 | | * ... } */ |
454 | 6.62k | CBS buf = *in; |
455 | | |
456 | 6.62k | CBS toplevel; |
457 | 6.62k | if (!CBS_get_asn1(&buf, &toplevel, CBS_ASN1_SEQUENCE) || |
458 | 6.62k | CBS_len(&buf) != 0 || |
459 | 6.62k | !CBS_get_asn1(&toplevel, out_tbs_cert, CBS_ASN1_SEQUENCE) || |
460 | | // version |
461 | 6.62k | !CBS_get_optional_asn1( |
462 | 6.61k | out_tbs_cert, NULL, NULL, |
463 | 6.61k | CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0) || |
464 | | // serialNumber |
465 | 6.62k | !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_INTEGER) || |
466 | | // signature algorithm |
467 | 6.62k | !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) || |
468 | | // issuer |
469 | 6.62k | !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) || |
470 | | // validity |
471 | 6.62k | !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) || |
472 | | // subject |
473 | 6.62k | !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE)) { |
474 | 19 | return false; |
475 | 19 | } |
476 | | |
477 | 6.60k | return true; |
478 | 6.62k | } |
479 | | |
480 | 5.70k | UniquePtr<EVP_PKEY> ssl_cert_parse_pubkey(const CBS *in) { |
481 | 5.70k | CBS buf = *in, tbs_cert; |
482 | 5.70k | if (!ssl_cert_skip_to_spki(&buf, &tbs_cert)) { |
483 | 19 | OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT); |
484 | 19 | return nullptr; |
485 | 19 | } |
486 | | |
487 | 5.68k | return UniquePtr<EVP_PKEY>(EVP_parse_public_key(&tbs_cert)); |
488 | 5.70k | } |
489 | | |
490 | | bool ssl_compare_public_and_private_key(const EVP_PKEY *pubkey, |
491 | 2 | const EVP_PKEY *privkey) { |
492 | 2 | if (EVP_PKEY_is_opaque(privkey)) { |
493 | | // We cannot check an opaque private key and have to trust that it |
494 | | // matches. |
495 | 0 | return true; |
496 | 0 | } |
497 | | |
498 | 2 | switch (EVP_PKEY_cmp(pubkey, privkey)) { |
499 | 2 | case 1: |
500 | 2 | return true; |
501 | 0 | case 0: |
502 | 0 | OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH); |
503 | 0 | return false; |
504 | 0 | case -1: |
505 | 0 | OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH); |
506 | 0 | return false; |
507 | 0 | case -2: |
508 | 0 | OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE); |
509 | 0 | return false; |
510 | 2 | } |
511 | | |
512 | 0 | assert(0); |
513 | 0 | return false; |
514 | 2 | } |
515 | | |
516 | 0 | bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey) { |
517 | 0 | if (privkey == nullptr) { |
518 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); |
519 | 0 | return false; |
520 | 0 | } |
521 | | |
522 | 0 | if (cert->chain == nullptr || |
523 | 0 | sk_CRYPTO_BUFFER_value(cert->chain.get(), 0) == nullptr) { |
524 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED); |
525 | 0 | return false; |
526 | 0 | } |
527 | | |
528 | 0 | CBS cert_cbs; |
529 | 0 | CRYPTO_BUFFER_init_CBS(sk_CRYPTO_BUFFER_value(cert->chain.get(), 0), |
530 | 0 | &cert_cbs); |
531 | 0 | UniquePtr<EVP_PKEY> pubkey = ssl_cert_parse_pubkey(&cert_cbs); |
532 | 0 | if (!pubkey) { |
533 | 0 | OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE); |
534 | 0 | return false; |
535 | 0 | } |
536 | | |
537 | 0 | return ssl_compare_public_and_private_key(pubkey.get(), privkey); |
538 | 0 | } |
539 | | |
540 | 925 | bool ssl_cert_check_key_usage(const CBS *in, enum ssl_key_usage_t bit) { |
541 | 925 | CBS buf = *in; |
542 | | |
543 | 925 | CBS tbs_cert, outer_extensions; |
544 | 925 | int has_extensions; |
545 | 925 | if (!ssl_cert_skip_to_spki(&buf, &tbs_cert) || |
546 | | // subjectPublicKeyInfo |
547 | 925 | !CBS_get_asn1(&tbs_cert, NULL, CBS_ASN1_SEQUENCE) || |
548 | | // issuerUniqueID |
549 | 925 | !CBS_get_optional_asn1(&tbs_cert, NULL, NULL, |
550 | 925 | CBS_ASN1_CONTEXT_SPECIFIC | 1) || |
551 | | // subjectUniqueID |
552 | 925 | !CBS_get_optional_asn1(&tbs_cert, NULL, NULL, |
553 | 924 | CBS_ASN1_CONTEXT_SPECIFIC | 2) || |
554 | 925 | !CBS_get_optional_asn1( |
555 | 923 | &tbs_cert, &outer_extensions, &has_extensions, |
556 | 923 | CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3)) { |
557 | 3 | OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT); |
558 | 3 | return false; |
559 | 3 | } |
560 | | |
561 | 922 | if (!has_extensions) { |
562 | 18 | return true; |
563 | 18 | } |
564 | | |
565 | 904 | CBS extensions; |
566 | 904 | if (!CBS_get_asn1(&outer_extensions, &extensions, CBS_ASN1_SEQUENCE)) { |
567 | 1 | OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT); |
568 | 1 | return false; |
569 | 1 | } |
570 | | |
571 | 3.10k | while (CBS_len(&extensions) > 0) { |
572 | 2.26k | CBS extension, oid, contents; |
573 | 2.26k | if (!CBS_get_asn1(&extensions, &extension, CBS_ASN1_SEQUENCE) || |
574 | 2.26k | !CBS_get_asn1(&extension, &oid, CBS_ASN1_OBJECT) || |
575 | 2.26k | (CBS_peek_asn1_tag(&extension, CBS_ASN1_BOOLEAN) && |
576 | 2.25k | !CBS_get_asn1(&extension, NULL, CBS_ASN1_BOOLEAN)) || |
577 | 2.26k | !CBS_get_asn1(&extension, &contents, CBS_ASN1_OCTETSTRING) || |
578 | 2.26k | CBS_len(&extension) != 0) { |
579 | 10 | OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT); |
580 | 10 | return false; |
581 | 10 | } |
582 | | |
583 | 2.25k | static const uint8_t kKeyUsageOID[3] = {0x55, 0x1d, 0x0f}; |
584 | 2.25k | if (CBS_len(&oid) != sizeof(kKeyUsageOID) || |
585 | 2.25k | OPENSSL_memcmp(CBS_data(&oid), kKeyUsageOID, sizeof(kKeyUsageOID)) != |
586 | 2.20k | 0) { |
587 | 2.20k | continue; |
588 | 2.20k | } |
589 | | |
590 | 48 | CBS bit_string; |
591 | 48 | if (!CBS_get_asn1(&contents, &bit_string, CBS_ASN1_BITSTRING) || |
592 | 48 | CBS_len(&contents) != 0) { |
593 | 3 | OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT); |
594 | 3 | return false; |
595 | 3 | } |
596 | | |
597 | | // This is the KeyUsage extension. See |
598 | | // https://tools.ietf.org/html/rfc5280#section-4.2.1.3 |
599 | 45 | if (!CBS_is_valid_asn1_bitstring(&bit_string)) { |
600 | 4 | OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT); |
601 | 4 | return false; |
602 | 4 | } |
603 | | |
604 | 41 | if (!CBS_asn1_bitstring_has_bit(&bit_string, bit)) { |
605 | 1 | OPENSSL_PUT_ERROR(SSL, SSL_R_KEY_USAGE_BIT_INCORRECT); |
606 | 1 | return false; |
607 | 1 | } |
608 | | |
609 | 40 | return true; |
610 | 41 | } |
611 | | |
612 | | // No KeyUsage extension found. |
613 | 845 | return true; |
614 | 903 | } |
615 | | |
616 | | UniquePtr<STACK_OF(CRYPTO_BUFFER)> ssl_parse_client_CA_list(SSL *ssl, |
617 | | uint8_t *out_alert, |
618 | 0 | CBS *cbs) { |
619 | 0 | CRYPTO_BUFFER_POOL *const pool = ssl->ctx->pool; |
620 | |
|
621 | 0 | UniquePtr<STACK_OF(CRYPTO_BUFFER)> ret(sk_CRYPTO_BUFFER_new_null()); |
622 | 0 | if (!ret) { |
623 | 0 | *out_alert = SSL_AD_INTERNAL_ERROR; |
624 | 0 | return nullptr; |
625 | 0 | } |
626 | | |
627 | 0 | CBS child; |
628 | 0 | if (!CBS_get_u16_length_prefixed(cbs, &child)) { |
629 | 0 | *out_alert = SSL_AD_DECODE_ERROR; |
630 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_LENGTH_MISMATCH); |
631 | 0 | return nullptr; |
632 | 0 | } |
633 | | |
634 | 0 | while (CBS_len(&child) > 0) { |
635 | 0 | CBS distinguished_name; |
636 | 0 | if (!CBS_get_u16_length_prefixed(&child, &distinguished_name)) { |
637 | 0 | *out_alert = SSL_AD_DECODE_ERROR; |
638 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_CA_DN_TOO_LONG); |
639 | 0 | return nullptr; |
640 | 0 | } |
641 | | |
642 | 0 | UniquePtr<CRYPTO_BUFFER> buffer( |
643 | 0 | CRYPTO_BUFFER_new_from_CBS(&distinguished_name, pool)); |
644 | 0 | if (!buffer || |
645 | 0 | !PushToStack(ret.get(), std::move(buffer))) { |
646 | 0 | *out_alert = SSL_AD_INTERNAL_ERROR; |
647 | 0 | return nullptr; |
648 | 0 | } |
649 | 0 | } |
650 | | |
651 | 0 | if (!ssl->ctx->x509_method->check_client_CA_list(ret.get())) { |
652 | 0 | *out_alert = SSL_AD_DECODE_ERROR; |
653 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); |
654 | 0 | return nullptr; |
655 | 0 | } |
656 | | |
657 | 0 | return ret; |
658 | 0 | } |
659 | | |
660 | 107 | bool ssl_has_client_CAs(const SSL_CONFIG *cfg) { |
661 | 107 | const STACK_OF(CRYPTO_BUFFER) *names = cfg->client_CA.get(); |
662 | 107 | if (names == nullptr) { |
663 | 107 | names = cfg->ssl->ctx->client_CA.get(); |
664 | 107 | } |
665 | 107 | if (names == nullptr) { |
666 | 0 | return false; |
667 | 0 | } |
668 | 107 | return sk_CRYPTO_BUFFER_num(names) > 0; |
669 | 107 | } |
670 | | |
671 | 1.61k | bool ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb) { |
672 | 1.61k | CBB child, name_cbb; |
673 | 1.61k | if (!CBB_add_u16_length_prefixed(cbb, &child)) { |
674 | 0 | return false; |
675 | 0 | } |
676 | | |
677 | 1.61k | const STACK_OF(CRYPTO_BUFFER) *names = hs->config->client_CA.get(); |
678 | 1.61k | if (names == NULL) { |
679 | 1.61k | names = hs->ssl->ctx->client_CA.get(); |
680 | 1.61k | } |
681 | 1.61k | if (names == NULL) { |
682 | 0 | return CBB_flush(cbb); |
683 | 0 | } |
684 | | |
685 | 1.61k | for (const CRYPTO_BUFFER *name : names) { |
686 | 0 | if (!CBB_add_u16_length_prefixed(&child, &name_cbb) || |
687 | 0 | !CBB_add_bytes(&name_cbb, CRYPTO_BUFFER_data(name), |
688 | 0 | CRYPTO_BUFFER_len(name))) { |
689 | 0 | return false; |
690 | 0 | } |
691 | 0 | } |
692 | | |
693 | 1.61k | return CBB_flush(cbb); |
694 | 1.61k | } |
695 | | |
696 | | bool ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey, |
697 | 0 | const CRYPTO_BUFFER *leaf) { |
698 | 0 | assert(ssl_protocol_version(hs->ssl) < TLS1_3_VERSION); |
699 | | |
700 | | // Check the certificate's type matches the cipher. |
701 | 0 | if (!(hs->new_cipher->algorithm_auth & ssl_cipher_auth_mask_for_key(pkey))) { |
702 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CERTIFICATE_TYPE); |
703 | 0 | return false; |
704 | 0 | } |
705 | | |
706 | 0 | if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { |
707 | | // Check the key's group and point format are acceptable. |
708 | 0 | EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey); |
709 | 0 | uint16_t group_id; |
710 | 0 | if (!ssl_nid_to_group_id( |
711 | 0 | &group_id, EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key))) || |
712 | 0 | !tls1_check_group_id(hs, group_id) || |
713 | 0 | EC_KEY_get_conv_form(ec_key) != POINT_CONVERSION_UNCOMPRESSED) { |
714 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT); |
715 | 0 | return false; |
716 | 0 | } |
717 | 0 | } |
718 | | |
719 | 0 | return true; |
720 | 0 | } |
721 | | |
722 | 4.15k | bool ssl_on_certificate_selected(SSL_HANDSHAKE *hs) { |
723 | 4.15k | SSL *const ssl = hs->ssl; |
724 | 4.15k | if (!ssl_has_certificate(hs)) { |
725 | | // Nothing to do. |
726 | 0 | return true; |
727 | 0 | } |
728 | | |
729 | 4.15k | if (!ssl->ctx->x509_method->ssl_auto_chain_if_needed(hs)) { |
730 | 0 | return false; |
731 | 0 | } |
732 | | |
733 | 4.15k | CBS leaf; |
734 | 4.15k | CRYPTO_BUFFER_init_CBS( |
735 | 4.15k | sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0), &leaf); |
736 | | |
737 | 4.15k | if (ssl_signing_with_dc(hs)) { |
738 | 0 | hs->local_pubkey = UpRef(hs->config->cert->dc->pkey); |
739 | 4.15k | } else { |
740 | 4.15k | hs->local_pubkey = ssl_cert_parse_pubkey(&leaf); |
741 | 4.15k | } |
742 | 4.15k | return hs->local_pubkey != NULL; |
743 | 4.15k | } |
744 | | |
745 | | |
746 | | // Delegated credentials. |
747 | | |
748 | 0 | DC::DC() = default; |
749 | 0 | DC::~DC() = default; |
750 | | |
751 | 0 | UniquePtr<DC> DC::Dup() { |
752 | 0 | bssl::UniquePtr<DC> ret = MakeUnique<DC>(); |
753 | 0 | if (!ret) { |
754 | 0 | return nullptr; |
755 | 0 | } |
756 | | |
757 | 0 | ret->raw = UpRef(raw); |
758 | 0 | ret->expected_cert_verify_algorithm = expected_cert_verify_algorithm; |
759 | 0 | ret->pkey = UpRef(pkey); |
760 | 0 | return ret; |
761 | 0 | } |
762 | | |
763 | | // static |
764 | 0 | UniquePtr<DC> DC::Parse(CRYPTO_BUFFER *in, uint8_t *out_alert) { |
765 | 0 | UniquePtr<DC> dc = MakeUnique<DC>(); |
766 | 0 | if (!dc) { |
767 | 0 | *out_alert = SSL_AD_INTERNAL_ERROR; |
768 | 0 | return nullptr; |
769 | 0 | } |
770 | | |
771 | 0 | dc->raw = UpRef(in); |
772 | |
|
773 | 0 | CBS pubkey, deleg, sig; |
774 | 0 | uint32_t valid_time; |
775 | 0 | uint16_t algorithm; |
776 | 0 | CRYPTO_BUFFER_init_CBS(dc->raw.get(), &deleg); |
777 | 0 | if (!CBS_get_u32(&deleg, &valid_time) || |
778 | 0 | !CBS_get_u16(&deleg, &dc->expected_cert_verify_algorithm) || |
779 | 0 | !CBS_get_u24_length_prefixed(&deleg, &pubkey) || |
780 | 0 | !CBS_get_u16(&deleg, &algorithm) || |
781 | 0 | !CBS_get_u16_length_prefixed(&deleg, &sig) || |
782 | 0 | CBS_len(&deleg) != 0) { |
783 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); |
784 | 0 | *out_alert = SSL_AD_DECODE_ERROR; |
785 | 0 | return nullptr; |
786 | 0 | } |
787 | | |
788 | 0 | dc->pkey.reset(EVP_parse_public_key(&pubkey)); |
789 | 0 | if (dc->pkey == nullptr) { |
790 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); |
791 | 0 | *out_alert = SSL_AD_DECODE_ERROR; |
792 | 0 | return nullptr; |
793 | 0 | } |
794 | | |
795 | 0 | return dc; |
796 | 0 | } |
797 | | |
798 | | // ssl_can_serve_dc returns true if the host has configured a DC that it can |
799 | | // serve in the handshake. Specifically, it checks that a DC has been |
800 | | // configured and that the DC signature algorithm is supported by the peer. |
801 | 263 | static bool ssl_can_serve_dc(const SSL_HANDSHAKE *hs) { |
802 | | // Check that a DC has been configured. |
803 | 263 | const CERT *cert = hs->config->cert.get(); |
804 | 263 | if (cert->dc == nullptr || |
805 | 263 | cert->dc->raw == nullptr || |
806 | 263 | (cert->dc_privatekey == nullptr && cert->dc_key_method == nullptr)) { |
807 | 263 | return false; |
808 | 263 | } |
809 | | |
810 | | // Check that 1.3 or higher has been negotiated. |
811 | 0 | const DC *dc = cert->dc.get(); |
812 | 0 | assert(hs->ssl->s3->have_version); |
813 | 0 | if (ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) { |
814 | 0 | return false; |
815 | 0 | } |
816 | | |
817 | | // Check that the DC signature algorithm is supported by the peer. |
818 | 0 | Span<const uint16_t> peer_sigalgs = hs->peer_delegated_credential_sigalgs; |
819 | 0 | for (uint16_t peer_sigalg : peer_sigalgs) { |
820 | 0 | if (dc->expected_cert_verify_algorithm == peer_sigalg) { |
821 | 0 | return true; |
822 | 0 | } |
823 | 0 | } |
824 | 0 | return false; |
825 | 0 | } |
826 | | |
827 | 9.49k | bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs) { |
828 | | // As of draft-ietf-tls-subcert-03, only the server may use delegated |
829 | | // credentials to authenticate itself. |
830 | 9.49k | return hs->ssl->server && |
831 | 9.49k | hs->delegated_credential_requested && |
832 | 9.49k | ssl_can_serve_dc(hs); |
833 | 9.49k | } |
834 | | |
835 | | static int cert_set_dc(CERT *cert, CRYPTO_BUFFER *const raw, EVP_PKEY *privkey, |
836 | 0 | const SSL_PRIVATE_KEY_METHOD *key_method) { |
837 | 0 | if (privkey == nullptr && key_method == nullptr) { |
838 | 0 | OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER); |
839 | 0 | return 0; |
840 | 0 | } |
841 | | |
842 | 0 | if (privkey != nullptr && key_method != nullptr) { |
843 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD); |
844 | 0 | return 0; |
845 | 0 | } |
846 | | |
847 | 0 | uint8_t alert; |
848 | 0 | UniquePtr<DC> dc = DC::Parse(raw, &alert); |
849 | 0 | if (dc == nullptr) { |
850 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_DELEGATED_CREDENTIAL); |
851 | 0 | return 0; |
852 | 0 | } |
853 | | |
854 | 0 | if (privkey) { |
855 | | // Check that the public and private keys match. |
856 | 0 | if (!ssl_compare_public_and_private_key(dc->pkey.get(), privkey)) { |
857 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_AND_PRIVATE_KEY_MISMATCH); |
858 | 0 | return 0; |
859 | 0 | } |
860 | 0 | } |
861 | | |
862 | 0 | cert->dc = std::move(dc); |
863 | 0 | cert->dc_privatekey = UpRef(privkey); |
864 | 0 | cert->dc_key_method = key_method; |
865 | |
|
866 | 0 | return 1; |
867 | 0 | } |
868 | | |
869 | | BSSL_NAMESPACE_END |
870 | | |
871 | | using namespace bssl; |
872 | | |
873 | | int SSL_set_chain_and_key(SSL *ssl, CRYPTO_BUFFER *const *certs, |
874 | | size_t num_certs, EVP_PKEY *privkey, |
875 | 0 | const SSL_PRIVATE_KEY_METHOD *privkey_method) { |
876 | 0 | if (!ssl->config) { |
877 | 0 | return 0; |
878 | 0 | } |
879 | 0 | return cert_set_chain_and_key(ssl->config->cert.get(), certs, num_certs, |
880 | 0 | privkey, privkey_method); |
881 | 0 | } |
882 | | |
883 | | int SSL_CTX_set_chain_and_key(SSL_CTX *ctx, CRYPTO_BUFFER *const *certs, |
884 | | size_t num_certs, EVP_PKEY *privkey, |
885 | 0 | const SSL_PRIVATE_KEY_METHOD *privkey_method) { |
886 | 0 | return cert_set_chain_and_key(ctx->cert.get(), certs, num_certs, privkey, |
887 | 0 | privkey_method); |
888 | 0 | } |
889 | | |
890 | 0 | const STACK_OF(CRYPTO_BUFFER)* SSL_CTX_get0_chain(const SSL_CTX *ctx) { |
891 | 0 | return ctx->cert->chain.get(); |
892 | 0 | } |
893 | | |
894 | | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, size_t der_len, |
895 | 0 | const uint8_t *der) { |
896 | 0 | UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(der, der_len, NULL)); |
897 | 0 | if (!buffer) { |
898 | 0 | return 0; |
899 | 0 | } |
900 | | |
901 | 0 | return ssl_set_cert(ctx->cert.get(), std::move(buffer)); |
902 | 0 | } |
903 | | |
904 | 0 | int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *der, size_t der_len) { |
905 | 0 | UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(der, der_len, NULL)); |
906 | 0 | if (!buffer || !ssl->config) { |
907 | 0 | return 0; |
908 | 0 | } |
909 | | |
910 | 0 | return ssl_set_cert(ssl->config->cert.get(), std::move(buffer)); |
911 | 0 | } |
912 | | |
913 | | void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, void *arg), |
914 | 0 | void *arg) { |
915 | 0 | ssl_cert_set_cert_cb(ctx->cert.get(), cb, arg); |
916 | 0 | } |
917 | | |
918 | 0 | void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), void *arg) { |
919 | 0 | if (!ssl->config) { |
920 | 0 | return; |
921 | 0 | } |
922 | 0 | ssl_cert_set_cert_cb(ssl->config->cert.get(), cb, arg); |
923 | 0 | } |
924 | | |
925 | 0 | const STACK_OF(CRYPTO_BUFFER) *SSL_get0_peer_certificates(const SSL *ssl) { |
926 | 0 | SSL_SESSION *session = SSL_get_session(ssl); |
927 | 0 | if (session == NULL) { |
928 | 0 | return NULL; |
929 | 0 | } |
930 | | |
931 | 0 | return session->certs.get(); |
932 | 0 | } |
933 | | |
934 | 0 | const STACK_OF(CRYPTO_BUFFER) *SSL_get0_server_requested_CAs(const SSL *ssl) { |
935 | 0 | if (ssl->s3->hs == NULL) { |
936 | 0 | return NULL; |
937 | 0 | } |
938 | 0 | return ssl->s3->hs->ca_names.get(); |
939 | 0 | } |
940 | | |
941 | | static int set_signed_cert_timestamp_list(CERT *cert, const uint8_t *list, |
942 | 2 | size_t list_len) { |
943 | 2 | CBS sct_list; |
944 | 2 | CBS_init(&sct_list, list, list_len); |
945 | 2 | if (!ssl_is_sct_list_valid(&sct_list)) { |
946 | 0 | OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SCT_LIST); |
947 | 0 | return 0; |
948 | 0 | } |
949 | | |
950 | 2 | cert->signed_cert_timestamp_list.reset( |
951 | 2 | CRYPTO_BUFFER_new(CBS_data(&sct_list), CBS_len(&sct_list), nullptr)); |
952 | 2 | return cert->signed_cert_timestamp_list != nullptr; |
953 | 2 | } |
954 | | |
955 | | int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx, const uint8_t *list, |
956 | 2 | size_t list_len) { |
957 | 2 | return set_signed_cert_timestamp_list(ctx->cert.get(), list, list_len); |
958 | 2 | } |
959 | | |
960 | | int SSL_set_signed_cert_timestamp_list(SSL *ssl, const uint8_t *list, |
961 | 0 | size_t list_len) { |
962 | 0 | if (!ssl->config) { |
963 | 0 | return 0; |
964 | 0 | } |
965 | 0 | return set_signed_cert_timestamp_list(ssl->config->cert.get(), list, |
966 | 0 | list_len); |
967 | 0 | } |
968 | | |
969 | | int SSL_CTX_set_ocsp_response(SSL_CTX *ctx, const uint8_t *response, |
970 | 2 | size_t response_len) { |
971 | 2 | ctx->cert->ocsp_response.reset( |
972 | 2 | CRYPTO_BUFFER_new(response, response_len, nullptr)); |
973 | 2 | return ctx->cert->ocsp_response != nullptr; |
974 | 2 | } |
975 | | |
976 | | int SSL_set_ocsp_response(SSL *ssl, const uint8_t *response, |
977 | 0 | size_t response_len) { |
978 | 0 | if (!ssl->config) { |
979 | 0 | return 0; |
980 | 0 | } |
981 | 0 | ssl->config->cert->ocsp_response.reset( |
982 | 0 | CRYPTO_BUFFER_new(response, response_len, nullptr)); |
983 | 0 | return ssl->config->cert->ocsp_response != nullptr; |
984 | 0 | } |
985 | | |
986 | 0 | void SSL_CTX_set0_client_CAs(SSL_CTX *ctx, STACK_OF(CRYPTO_BUFFER) *name_list) { |
987 | 0 | ctx->x509_method->ssl_ctx_flush_cached_client_CA(ctx); |
988 | 0 | ctx->client_CA.reset(name_list); |
989 | 0 | } |
990 | | |
991 | 0 | void SSL_set0_client_CAs(SSL *ssl, STACK_OF(CRYPTO_BUFFER) *name_list) { |
992 | 0 | if (!ssl->config) { |
993 | 0 | return; |
994 | 0 | } |
995 | 0 | ssl->ctx->x509_method->ssl_flush_cached_client_CA(ssl->config.get()); |
996 | 0 | ssl->config->client_CA.reset(name_list); |
997 | 0 | } |
998 | | |
999 | | int SSL_set1_delegated_credential(SSL *ssl, CRYPTO_BUFFER *dc, EVP_PKEY *pkey, |
1000 | 0 | const SSL_PRIVATE_KEY_METHOD *key_method) { |
1001 | 0 | if (!ssl->config) { |
1002 | 0 | return 0; |
1003 | 0 | } |
1004 | | |
1005 | 0 | return cert_set_dc(ssl->config->cert.get(), dc, pkey, key_method); |
1006 | 0 | } |
1007 | | |
1008 | 0 | int SSL_delegated_credential_used(const SSL *ssl) { |
1009 | 0 | return ssl->s3->delegated_credential_used; |
1010 | 0 | } |