1 /*
2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 #include "internal/e_os.h"
12
13 #include <stdio.h>
14 #include <sys/types.h>
15
16 #include "internal/nelem.h"
17 #include "internal/o_dir.h"
18 #include <openssl/bio.h>
19 #include <openssl/pem.h>
20 #include <openssl/store.h>
21 #include <openssl/x509v3.h>
22 #include <openssl/dh.h>
23 #include <openssl/bn.h>
24 #include <openssl/crypto.h>
25 #include "internal/refcount.h"
26 #include "ssl_local.h"
27 #include "ssl_cert_table.h"
28 #include "internal/thread_once.h"
29 #include "internal/ssl_unwrap.h"
30 #ifndef OPENSSL_NO_POSIX_IO
31 #include <sys/stat.h>
32 #ifdef _WIN32
33 #define stat _stat
34 #endif
35 #ifndef S_ISDIR
36 #define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
37 #endif
38 #endif
39
40 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
41 int op, int bits, int nid, void *other,
42 void *ex);
43
44 static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
45 static volatile int ssl_x509_store_ctx_idx = -1;
46
DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)47 DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
48 {
49 ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
50 "SSL for verify callback",
51 NULL, NULL, NULL);
52 return ssl_x509_store_ctx_idx >= 0;
53 }
54
SSL_get_ex_data_X509_STORE_CTX_idx(void)55 int SSL_get_ex_data_X509_STORE_CTX_idx(void)
56 {
57
58 if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
59 return -1;
60 return ssl_x509_store_ctx_idx;
61 }
62
ssl_cert_new(size_t ssl_pkey_num)63 CERT *ssl_cert_new(size_t ssl_pkey_num)
64 {
65 CERT *ret = NULL;
66
67 /* Should never happen */
68 if (!ossl_assert(ssl_pkey_num >= SSL_PKEY_NUM))
69 return NULL;
70
71 ret = OPENSSL_zalloc(sizeof(*ret));
72 if (ret == NULL)
73 return NULL;
74
75 ret->ssl_pkey_num = ssl_pkey_num;
76 ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
77 if (ret->pkeys == NULL) {
78 OPENSSL_free(ret);
79 return NULL;
80 }
81
82 ret->key = &(ret->pkeys[SSL_PKEY_RSA]);
83 ret->sec_cb = ssl_security_default_callback;
84 ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
85 ret->sec_ex = NULL;
86 if (!CRYPTO_NEW_REF(&ret->references, 1)) {
87 OPENSSL_free(ret->pkeys);
88 OPENSSL_free(ret);
89 return NULL;
90 }
91
92 return ret;
93 }
94
ssl_cert_dup(CERT * cert)95 CERT *ssl_cert_dup(CERT *cert)
96 {
97 CERT *ret = OPENSSL_zalloc(sizeof(*ret));
98 size_t i;
99 #ifndef OPENSSL_NO_COMP_ALG
100 int j;
101 #endif
102
103 if (ret == NULL)
104 return NULL;
105
106 ret->ssl_pkey_num = cert->ssl_pkey_num;
107 ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
108 if (ret->pkeys == NULL) {
109 OPENSSL_free(ret);
110 return NULL;
111 }
112
113 ret->key = &ret->pkeys[cert->key - cert->pkeys];
114 if (!CRYPTO_NEW_REF(&ret->references, 1)) {
115 OPENSSL_free(ret->pkeys);
116 OPENSSL_free(ret);
117 return NULL;
118 }
119
120 if (cert->dh_tmp != NULL) {
121 if (!EVP_PKEY_up_ref(cert->dh_tmp))
122 goto err;
123 ret->dh_tmp = cert->dh_tmp;
124 }
125
126 ret->dh_tmp_cb = cert->dh_tmp_cb;
127 ret->dh_tmp_auto = cert->dh_tmp_auto;
128
129 for (i = 0; i < ret->ssl_pkey_num; i++) {
130 CERT_PKEY *cpk = cert->pkeys + i;
131 CERT_PKEY *rpk = ret->pkeys + i;
132
133 if (cpk->x509 != NULL) {
134 if (!X509_up_ref(cpk->x509))
135 goto err;
136 rpk->x509 = cpk->x509;
137 }
138
139 if (cpk->privatekey != NULL) {
140 if (!EVP_PKEY_up_ref(cpk->privatekey))
141 goto err;
142 rpk->privatekey = cpk->privatekey;
143 }
144
145 if (cpk->chain) {
146 rpk->chain = X509_chain_up_ref(cpk->chain);
147 if (!rpk->chain) {
148 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
149 goto err;
150 }
151 }
152 if (cpk->serverinfo != NULL) {
153 /* Just copy everything. */
154 rpk->serverinfo = OPENSSL_memdup(cpk->serverinfo, cpk->serverinfo_length);
155 if (rpk->serverinfo == NULL)
156 goto err;
157 rpk->serverinfo_length = cpk->serverinfo_length;
158 }
159 #ifndef OPENSSL_NO_COMP_ALG
160 for (j = TLSEXT_comp_cert_none; j < TLSEXT_comp_cert_limit; j++) {
161 if (cpk->comp_cert[j] != NULL) {
162 if (!OSSL_COMP_CERT_up_ref(cpk->comp_cert[j]))
163 goto err;
164 rpk->comp_cert[j] = cpk->comp_cert[j];
165 }
166 }
167 #endif
168 }
169
170 /* Configured sigalgs copied across */
171 if (cert->conf_sigalgs) {
172 ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
173 * sizeof(*cert->conf_sigalgs));
174 if (ret->conf_sigalgs == NULL)
175 goto err;
176 memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
177 cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs));
178 ret->conf_sigalgslen = cert->conf_sigalgslen;
179 } else
180 ret->conf_sigalgs = NULL;
181
182 if (cert->client_sigalgs) {
183 ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen
184 * sizeof(*cert->client_sigalgs));
185 if (ret->client_sigalgs == NULL)
186 goto err;
187 memcpy(ret->client_sigalgs, cert->client_sigalgs,
188 cert->client_sigalgslen * sizeof(*cert->client_sigalgs));
189 ret->client_sigalgslen = cert->client_sigalgslen;
190 } else
191 ret->client_sigalgs = NULL;
192 /* Copy any custom client certificate types */
193 if (cert->ctype) {
194 ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len);
195 if (ret->ctype == NULL)
196 goto err;
197 ret->ctype_len = cert->ctype_len;
198 }
199
200 ret->cert_flags = cert->cert_flags;
201
202 ret->cert_cb = cert->cert_cb;
203 ret->cert_cb_arg = cert->cert_cb_arg;
204
205 if (cert->verify_store) {
206 if (!X509_STORE_up_ref(cert->verify_store))
207 goto err;
208 ret->verify_store = cert->verify_store;
209 }
210
211 if (cert->chain_store) {
212 if (!X509_STORE_up_ref(cert->chain_store))
213 goto err;
214 ret->chain_store = cert->chain_store;
215 }
216
217 ret->sec_cb = cert->sec_cb;
218 ret->sec_level = cert->sec_level;
219 ret->sec_ex = cert->sec_ex;
220
221 if (!custom_exts_copy(&ret->custext, &cert->custext))
222 goto err;
223 #ifndef OPENSSL_NO_PSK
224 if (cert->psk_identity_hint) {
225 ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint);
226 if (ret->psk_identity_hint == NULL)
227 goto err;
228 }
229 #endif
230 return ret;
231
232 err:
233 ssl_cert_free(ret);
234
235 return NULL;
236 }
237
238 /* Free up and clear all certificates and chains */
239
ssl_cert_clear_certs(CERT * c)240 void ssl_cert_clear_certs(CERT *c)
241 {
242 size_t i;
243 #ifndef OPENSSL_NO_COMP_ALG
244 int j;
245 #endif
246
247 if (c == NULL)
248 return;
249 for (i = 0; i < c->ssl_pkey_num; i++) {
250 CERT_PKEY *cpk = c->pkeys + i;
251 X509_free(cpk->x509);
252 cpk->x509 = NULL;
253 EVP_PKEY_free(cpk->privatekey);
254 cpk->privatekey = NULL;
255 OSSL_STACK_OF_X509_free(cpk->chain);
256 cpk->chain = NULL;
257 OPENSSL_free(cpk->serverinfo);
258 cpk->serverinfo = NULL;
259 cpk->serverinfo_length = 0;
260 #ifndef OPENSSL_NO_COMP_ALG
261 for (j = 0; j < TLSEXT_comp_cert_limit; j++) {
262 OSSL_COMP_CERT_free(cpk->comp_cert[j]);
263 cpk->comp_cert[j] = NULL;
264 cpk->cert_comp_used = 0;
265 }
266 #endif
267 }
268 }
269
ssl_cert_free(CERT * c)270 void ssl_cert_free(CERT *c)
271 {
272 int i;
273
274 if (c == NULL)
275 return;
276 CRYPTO_DOWN_REF(&c->references, &i);
277 REF_PRINT_COUNT("CERT", i, c);
278 if (i > 0)
279 return;
280 REF_ASSERT_ISNT(i < 0);
281
282 EVP_PKEY_free(c->dh_tmp);
283
284 ssl_cert_clear_certs(c);
285 OPENSSL_free(c->conf_sigalgs);
286 OPENSSL_free(c->client_sigalgs);
287 OPENSSL_free(c->ctype);
288 X509_STORE_free(c->verify_store);
289 X509_STORE_free(c->chain_store);
290 custom_exts_free(&c->custext);
291 #ifndef OPENSSL_NO_PSK
292 OPENSSL_free(c->psk_identity_hint);
293 #endif
294 OPENSSL_free(c->pkeys);
295 CRYPTO_FREE_REF(&c->references);
296 OPENSSL_free(c);
297 }
298
ssl_cert_set0_chain(SSL_CONNECTION * s,SSL_CTX * ctx,STACK_OF (X509)* chain)299 int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
300 {
301 int i, r;
302 CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key;
303
304 if (!cpk)
305 return 0;
306 for (i = 0; i < sk_X509_num(chain); i++) {
307 X509 *x = sk_X509_value(chain, i);
308
309 r = ssl_security_cert(s, ctx, x, 0, 0);
310 if (r != 1) {
311 ERR_raise(ERR_LIB_SSL, r);
312 return 0;
313 }
314 }
315 OSSL_STACK_OF_X509_free(cpk->chain);
316 cpk->chain = chain;
317 return 1;
318 }
319
ssl_cert_set1_chain(SSL_CONNECTION * s,SSL_CTX * ctx,STACK_OF (X509)* chain)320 int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
321 {
322 STACK_OF(X509) *dchain;
323
324 if (!chain)
325 return ssl_cert_set0_chain(s, ctx, NULL);
326 dchain = X509_chain_up_ref(chain);
327 if (!dchain)
328 return 0;
329 if (!ssl_cert_set0_chain(s, ctx, dchain)) {
330 OSSL_STACK_OF_X509_free(dchain);
331 return 0;
332 }
333 return 1;
334 }
335
ssl_cert_add0_chain_cert(SSL_CONNECTION * s,SSL_CTX * ctx,X509 * x)336 int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
337 {
338 int r;
339 CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
340
341 if (!cpk)
342 return 0;
343 r = ssl_security_cert(s, ctx, x, 0, 0);
344 if (r != 1) {
345 ERR_raise(ERR_LIB_SSL, r);
346 return 0;
347 }
348 if (!cpk->chain)
349 cpk->chain = sk_X509_new_null();
350 if (!cpk->chain || !sk_X509_push(cpk->chain, x))
351 return 0;
352 return 1;
353 }
354
ssl_cert_add1_chain_cert(SSL_CONNECTION * s,SSL_CTX * ctx,X509 * x)355 int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
356 {
357 if (!X509_up_ref(x))
358 return 0;
359 if (!ssl_cert_add0_chain_cert(s, ctx, x)) {
360 X509_free(x);
361 return 0;
362 }
363 return 1;
364 }
365
ssl_cert_select_current(CERT * c,X509 * x)366 int ssl_cert_select_current(CERT *c, X509 *x)
367 {
368 size_t i;
369
370 if (x == NULL)
371 return 0;
372 for (i = 0; i < c->ssl_pkey_num; i++) {
373 CERT_PKEY *cpk = c->pkeys + i;
374 if (cpk->x509 == x && cpk->privatekey) {
375 c->key = cpk;
376 return 1;
377 }
378 }
379
380 for (i = 0; i < c->ssl_pkey_num; i++) {
381 CERT_PKEY *cpk = c->pkeys + i;
382 if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) {
383 c->key = cpk;
384 return 1;
385 }
386 }
387 return 0;
388 }
389
ssl_cert_set_current(CERT * c,long op)390 int ssl_cert_set_current(CERT *c, long op)
391 {
392 size_t i, idx;
393
394 if (!c)
395 return 0;
396 if (op == SSL_CERT_SET_FIRST)
397 idx = 0;
398 else if (op == SSL_CERT_SET_NEXT) {
399 idx = (size_t)(c->key - c->pkeys + 1);
400 if (idx >= c->ssl_pkey_num)
401 return 0;
402 } else
403 return 0;
404 for (i = idx; i < c->ssl_pkey_num; i++) {
405 CERT_PKEY *cpk = c->pkeys + i;
406 if (cpk->x509 && cpk->privatekey) {
407 c->key = cpk;
408 return 1;
409 }
410 }
411 return 0;
412 }
413
ssl_cert_set_cert_cb(CERT * c,int (* cb)(SSL * ssl,void * arg),void * arg)414 void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg)
415 {
416 c->cert_cb = cb;
417 c->cert_cb_arg = arg;
418 }
419
420 /*
421 * Verify a certificate chain/raw public key
422 * Return codes:
423 * 1: Verify success
424 * 0: Verify failure or error
425 * -1: Retry required
426 */
ssl_verify_internal(SSL_CONNECTION * s,STACK_OF (X509)* sk,EVP_PKEY * rpk)427 static int ssl_verify_internal(SSL_CONNECTION *s, STACK_OF(X509) *sk, EVP_PKEY *rpk)
428 {
429 X509 *x;
430 int i = 0;
431 X509_STORE *verify_store;
432 X509_STORE_CTX *ctx = NULL;
433 X509_VERIFY_PARAM *param;
434 SSL_CTX *sctx;
435
436 /* Something must be passed in */
437 if ((sk == NULL || sk_X509_num(sk) == 0) && rpk == NULL)
438 return 0;
439
440 /* Only one can be set */
441 if (sk != NULL && rpk != NULL)
442 return 0;
443
444 sctx = SSL_CONNECTION_GET_CTX(s);
445 if (s->cert->verify_store)
446 verify_store = s->cert->verify_store;
447 else
448 verify_store = sctx->cert_store;
449
450 ctx = X509_STORE_CTX_new_ex(sctx->libctx, sctx->propq);
451 if (ctx == NULL) {
452 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
453 return 0;
454 }
455
456 if (sk != NULL) {
457 x = sk_X509_value(sk, 0);
458 if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
459 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
460 goto end;
461 }
462 } else {
463 if (!X509_STORE_CTX_init_rpk(ctx, verify_store, rpk)) {
464 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
465 goto end;
466 }
467 }
468 param = X509_STORE_CTX_get0_param(ctx);
469 /*
470 * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
471 * point, for now a single @SECLEVEL sets the same policy for TLS crypto
472 * and PKI authentication.
473 */
474 X509_VERIFY_PARAM_set_auth_level(param,
475 SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)));
476
477 /* Set suite B flags if needed */
478 X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
479 if (!X509_STORE_CTX_set_ex_data(ctx,
480 SSL_get_ex_data_X509_STORE_CTX_idx(),
481 SSL_CONNECTION_GET_USER_SSL(s)))
482 goto end;
483
484 /* Verify via DANE if enabled */
485 if (DANETLS_ENABLED(&s->dane))
486 X509_STORE_CTX_set0_dane(ctx, &s->dane);
487
488 /*
489 * We need to inherit the verify parameters. These can be determined by
490 * the context: if its a server it will verify SSL client certificates or
491 * vice versa.
492 */
493
494 X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
495 /*
496 * Anything non-default in "s->param" should overwrite anything in the ctx.
497 */
498 X509_VERIFY_PARAM_set1(param, s->param);
499
500 if (s->verify_callback)
501 X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
502
503 if (sctx->app_verify_callback != NULL) {
504 i = sctx->app_verify_callback(ctx, sctx->app_verify_arg);
505 } else {
506 i = X509_verify_cert(ctx);
507 /* We treat an error in the same way as a failure to verify */
508 if (i < 0)
509 i = 0;
510 }
511
512 s->verify_result = X509_STORE_CTX_get_error(ctx);
513 OSSL_STACK_OF_X509_free(s->verified_chain);
514 s->verified_chain = NULL;
515
516 if (sk != NULL && X509_STORE_CTX_get0_chain(ctx) != NULL) {
517 s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
518 if (s->verified_chain == NULL) {
519 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
520 i = 0;
521 }
522 }
523
524 /* Move peername from the store context params to the SSL handle's */
525 X509_VERIFY_PARAM_move_peername(s->param, param);
526
527 end:
528 X509_STORE_CTX_free(ctx);
529 return i;
530 }
531
532 /*
533 * Verify a raw public key
534 * Return codes:
535 * 1: Verify success
536 * 0: Verify failure or error
537 * -1: Retry required
538 */
ssl_verify_rpk(SSL_CONNECTION * s,EVP_PKEY * rpk)539 int ssl_verify_rpk(SSL_CONNECTION *s, EVP_PKEY *rpk)
540 {
541 return ssl_verify_internal(s, NULL, rpk);
542 }
543
544 /*
545 * Verify a certificate chain
546 * Return codes:
547 * 1: Verify success
548 * 0: Verify failure or error
549 * -1: Retry required
550 */
ssl_verify_cert_chain(SSL_CONNECTION * s,STACK_OF (X509)* sk)551 int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk)
552 {
553 return ssl_verify_internal(s, sk, NULL);
554 }
555
set0_CA_list(STACK_OF (X509_NAME)** ca_list,STACK_OF (X509_NAME)* name_list)556 static void set0_CA_list(STACK_OF(X509_NAME) **ca_list,
557 STACK_OF(X509_NAME) *name_list)
558 {
559 sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
560 *ca_list = name_list;
561 }
562
STACK_OF(X509_NAME)563 STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
564 {
565 int i;
566 const int num = sk_X509_NAME_num(sk);
567 STACK_OF(X509_NAME) *ret;
568 X509_NAME *name;
569
570 ret = sk_X509_NAME_new_reserve(NULL, num);
571 if (ret == NULL) {
572 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
573 return NULL;
574 }
575 for (i = 0; i < num; i++) {
576 name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
577 if (name == NULL) {
578 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
579 sk_X509_NAME_pop_free(ret, X509_NAME_free);
580 return NULL;
581 }
582 sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */
583 }
584 return ret;
585 }
586
SSL_set0_CA_list(SSL * s,STACK_OF (X509_NAME)* name_list)587 void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
588 {
589 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
590
591 if (sc == NULL)
592 return;
593
594 set0_CA_list(&sc->ca_names, name_list);
595 }
596
SSL_CTX_set0_CA_list(SSL_CTX * ctx,STACK_OF (X509_NAME)* name_list)597 void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
598 {
599 set0_CA_list(&ctx->ca_names, name_list);
600 }
601
STACK_OF(X509_NAME)602 const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
603 {
604 return ctx->ca_names;
605 }
606
STACK_OF(X509_NAME)607 const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
608 {
609 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
610
611 if (sc == NULL)
612 return NULL;
613
614 return sc->ca_names != NULL ? sc->ca_names : s->ctx->ca_names;
615 }
616
SSL_CTX_set_client_CA_list(SSL_CTX * ctx,STACK_OF (X509_NAME)* name_list)617 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
618 {
619 set0_CA_list(&ctx->client_ca_names, name_list);
620 }
621
STACK_OF(X509_NAME)622 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
623 {
624 return ctx->client_ca_names;
625 }
626
SSL_set_client_CA_list(SSL * s,STACK_OF (X509_NAME)* name_list)627 void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
628 {
629 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
630
631 if (sc == NULL)
632 return;
633
634 set0_CA_list(&sc->client_ca_names, name_list);
635 }
636
STACK_OF(X509_NAME)637 const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
638 {
639 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
640
641 if (sc == NULL)
642 return NULL;
643
644 return sc->s3.tmp.peer_ca_names;
645 }
646
STACK_OF(X509_NAME)647 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
648 {
649 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
650
651 if (sc == NULL)
652 return NULL;
653
654 if (!sc->server)
655 return sc->s3.tmp.peer_ca_names;
656 return sc->client_ca_names != NULL ? sc->client_ca_names
657 : s->ctx->client_ca_names;
658 }
659
add_ca_name(STACK_OF (X509_NAME)** sk,const X509 * x)660 static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
661 {
662 X509_NAME *name;
663
664 if (x == NULL)
665 return 0;
666 if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL))
667 return 0;
668
669 if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
670 return 0;
671
672 if (!sk_X509_NAME_push(*sk, name)) {
673 X509_NAME_free(name);
674 return 0;
675 }
676 return 1;
677 }
678
SSL_add1_to_CA_list(SSL * ssl,const X509 * x)679 int SSL_add1_to_CA_list(SSL *ssl, const X509 *x)
680 {
681 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
682
683 if (sc == NULL)
684 return 0;
685
686 return add_ca_name(&sc->ca_names, x);
687 }
688
SSL_CTX_add1_to_CA_list(SSL_CTX * ctx,const X509 * x)689 int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
690 {
691 return add_ca_name(&ctx->ca_names, x);
692 }
693
694 /*
695 * The following two are older names are to be replaced with
696 * SSL(_CTX)_add1_to_CA_list
697 */
SSL_add_client_CA(SSL * ssl,X509 * x)698 int SSL_add_client_CA(SSL *ssl, X509 *x)
699 {
700 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
701
702 if (sc == NULL)
703 return 0;
704
705 return add_ca_name(&sc->client_ca_names, x);
706 }
707
SSL_CTX_add_client_CA(SSL_CTX * ctx,X509 * x)708 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
709 {
710 return add_ca_name(&ctx->client_ca_names, x);
711 }
712
xname_cmp(const X509_NAME * a,const X509_NAME * b)713 static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
714 {
715 unsigned char *abuf = NULL, *bbuf = NULL;
716 int alen, blen, ret;
717
718 /* X509_NAME_cmp() itself casts away constness in this way, so
719 * assume it's safe:
720 */
721 alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
722 blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
723
724 if (alen < 0 || blen < 0)
725 ret = -2;
726 else if (alen != blen)
727 ret = alen - blen;
728 else /* alen == blen */
729 ret = memcmp(abuf, bbuf, alen);
730
731 OPENSSL_free(abuf);
732 OPENSSL_free(bbuf);
733
734 return ret;
735 }
736
xname_sk_cmp(const X509_NAME * const * a,const X509_NAME * const * b)737 static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
738 {
739 return xname_cmp(*a, *b);
740 }
741
xname_hash(const X509_NAME * a)742 static unsigned long xname_hash(const X509_NAME *a)
743 {
744 /* This returns 0 also if SHA1 is not available */
745 return X509_NAME_hash_ex((X509_NAME *)a, NULL, NULL, NULL);
746 }
747
STACK_OF(X509_NAME)748 STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
749 OSSL_LIB_CTX *libctx,
750 const char *propq)
751 {
752 BIO *in = BIO_new(BIO_s_file());
753 X509 *x = NULL;
754 X509_NAME *xn = NULL;
755 STACK_OF(X509_NAME) *ret = NULL;
756 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
757 OSSL_LIB_CTX *prev_libctx = NULL;
758
759 if (file == NULL) {
760 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
761 goto err;
762 }
763 if (name_hash == NULL) {
764 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
765 goto err;
766 }
767 if (in == NULL) {
768 ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
769 goto err;
770 }
771
772 x = X509_new_ex(libctx, propq);
773 if (x == NULL) {
774 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
775 goto err;
776 }
777 if (BIO_read_filename(in, file) <= 0)
778 goto err;
779
780 /* Internally lh_X509_NAME_retrieve() needs the libctx to retrieve SHA1 */
781 prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
782 for (;;) {
783 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
784 break;
785 if (ret == NULL) {
786 ret = sk_X509_NAME_new_null();
787 if (ret == NULL) {
788 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
789 goto err;
790 }
791 }
792 if ((xn = X509_get_subject_name(x)) == NULL)
793 goto err;
794 /* check for duplicates */
795 xn = X509_NAME_dup(xn);
796 if (xn == NULL)
797 goto err;
798 if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
799 /* Duplicate. */
800 X509_NAME_free(xn);
801 xn = NULL;
802 } else {
803 lh_X509_NAME_insert(name_hash, xn);
804 if (!sk_X509_NAME_push(ret, xn))
805 goto err;
806 }
807 }
808 goto done;
809
810 err:
811 X509_NAME_free(xn);
812 sk_X509_NAME_pop_free(ret, X509_NAME_free);
813 ret = NULL;
814 done:
815 /* restore the old libctx */
816 OSSL_LIB_CTX_set0_default(prev_libctx);
817 BIO_free(in);
818 X509_free(x);
819 lh_X509_NAME_free(name_hash);
820 if (ret != NULL)
821 ERR_clear_error();
822 return ret;
823 }
824
STACK_OF(X509_NAME)825 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
826 {
827 return SSL_load_client_CA_file_ex(file, NULL, NULL);
828 }
829
add_file_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * file,LHASH_OF (X509_NAME)* name_hash)830 static int add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
831 const char *file,
832 LHASH_OF(X509_NAME) *name_hash)
833 {
834 BIO *in;
835 X509 *x = NULL;
836 X509_NAME *xn = NULL;
837 int ret = 1;
838
839 in = BIO_new(BIO_s_file());
840
841 if (in == NULL) {
842 ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
843 goto err;
844 }
845
846 if (BIO_read_filename(in, file) <= 0)
847 goto err;
848
849 for (;;) {
850 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
851 break;
852 if ((xn = X509_get_subject_name(x)) == NULL)
853 goto err;
854 xn = X509_NAME_dup(xn);
855 if (xn == NULL)
856 goto err;
857 if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
858 /* Duplicate. */
859 X509_NAME_free(xn);
860 } else if (!sk_X509_NAME_push(stack, xn)) {
861 X509_NAME_free(xn);
862 goto err;
863 } else {
864 /* Successful insert, add to hash table */
865 lh_X509_NAME_insert(name_hash, xn);
866 }
867 }
868
869 ERR_clear_error();
870 goto done;
871
872 err:
873 ret = 0;
874 done:
875 BIO_free(in);
876 X509_free(x);
877 return ret;
878 }
879
SSL_add_file_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * file)880 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
881 const char *file)
882 {
883 X509_NAME *xn = NULL;
884 int ret = 1;
885 int idx = 0;
886 int num = 0;
887 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
888
889 if (file == NULL) {
890 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
891 goto err;
892 }
893
894 if (name_hash == NULL) {
895 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
896 goto err;
897 }
898
899 /*
900 * Pre-populate the lhash with the existing entries of the stack, since
901 * using the LHASH_OF is much faster for duplicate checking. That's because
902 * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
903 * for every single invocation of the comparison function.
904 */
905 num = sk_X509_NAME_num(stack);
906 for (idx = 0; idx < num; idx++) {
907 xn = sk_X509_NAME_value(stack, idx);
908 lh_X509_NAME_insert(name_hash, xn);
909 }
910
911 ret = add_file_cert_subjects_to_stack(stack, file, name_hash);
912 goto done;
913
914 err:
915 ret = 0;
916 done:
917 lh_X509_NAME_free(name_hash);
918 return ret;
919 }
920
SSL_add_dir_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * dir)921 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
922 const char *dir)
923 {
924 OPENSSL_DIR_CTX *d = NULL;
925 const char *filename;
926 int ret = 0;
927 X509_NAME *xn = NULL;
928 int idx = 0;
929 int num = 0;
930 LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
931
932 if (name_hash == NULL) {
933 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
934 goto err;
935 }
936
937 /*
938 * Pre-populate the lhash with the existing entries of the stack, since
939 * using the LHASH_OF is much faster for duplicate checking. That's because
940 * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
941 * for every single invocation of the comparison function.
942 */
943 num = sk_X509_NAME_num(stack);
944 for (idx = 0; idx < num; idx++) {
945 xn = sk_X509_NAME_value(stack, idx);
946 lh_X509_NAME_insert(name_hash, xn);
947 }
948
949 while ((filename = OPENSSL_DIR_read(&d, dir))) {
950 char buf[1024];
951 int r;
952 #ifndef OPENSSL_NO_POSIX_IO
953 struct stat st;
954
955 #else
956 /* Cannot use stat so just skip current and parent directories */
957 if (strcmp(filename, ".") == 0 || strcmp(filename, "..") == 0)
958 continue;
959 #endif
960 if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
961 ERR_raise(ERR_LIB_SSL, SSL_R_PATH_TOO_LONG);
962 goto err;
963 }
964 #ifdef OPENSSL_SYS_VMS
965 r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
966 #else
967 r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
968 #endif
969 #ifndef OPENSSL_NO_POSIX_IO
970 /* Skip subdirectories */
971 if (!stat(buf, &st) && S_ISDIR(st.st_mode))
972 continue;
973 #endif
974 if (r <= 0 || r >= (int)sizeof(buf))
975 goto err;
976 if (!add_file_cert_subjects_to_stack(stack, buf, name_hash))
977 goto err;
978 }
979
980 if (errno) {
981 ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
982 "calling OPENSSL_dir_read(%s)", dir);
983 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
984 goto err;
985 }
986
987 ret = 1;
988
989 err:
990 if (d)
991 OPENSSL_DIR_end(&d);
992 lh_X509_NAME_free(name_hash);
993
994 return ret;
995 }
996
add_uris_recursive(STACK_OF (X509_NAME)* stack,const char * uri,int depth)997 static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
998 const char *uri, int depth)
999 {
1000 int ok = 1;
1001 OSSL_STORE_CTX *ctx = NULL;
1002 X509 *x = NULL;
1003 X509_NAME *xn = NULL;
1004 OSSL_STORE_INFO *info = NULL;
1005
1006 if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL)
1007 goto err;
1008
1009 while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) {
1010 int infotype;
1011
1012 if ((info = OSSL_STORE_load(ctx)) == NULL)
1013 continue;
1014 infotype = OSSL_STORE_INFO_get_type(info);
1015
1016 if (infotype == OSSL_STORE_INFO_NAME) {
1017 /*
1018 * This is an entry in the "directory" represented by the current
1019 * uri. if |depth| allows, dive into it.
1020 */
1021 if (depth > 0)
1022 ok = add_uris_recursive(stack, OSSL_STORE_INFO_get0_NAME(info),
1023 depth - 1);
1024 } else if (infotype == OSSL_STORE_INFO_CERT) {
1025 if ((x = OSSL_STORE_INFO_get0_CERT(info)) == NULL
1026 || (xn = X509_get_subject_name(x)) == NULL
1027 || (xn = X509_NAME_dup(xn)) == NULL)
1028 goto err;
1029 if (sk_X509_NAME_find(stack, xn) >= 0) {
1030 /* Duplicate. */
1031 X509_NAME_free(xn);
1032 } else if (!sk_X509_NAME_push(stack, xn)) {
1033 X509_NAME_free(xn);
1034 goto err;
1035 }
1036 }
1037
1038 OSSL_STORE_INFO_free(info);
1039 info = NULL;
1040 }
1041
1042 ERR_clear_error();
1043 goto done;
1044
1045 err:
1046 ok = 0;
1047 OSSL_STORE_INFO_free(info);
1048 done:
1049 OSSL_STORE_close(ctx);
1050
1051 return ok;
1052 }
1053
SSL_add_store_cert_subjects_to_stack(STACK_OF (X509_NAME)* stack,const char * store)1054 int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
1055 const char *store)
1056 {
1057 int (*oldcmp)(const X509_NAME *const *a, const X509_NAME *const *b)
1058 = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
1059 int ret = add_uris_recursive(stack, store, 1);
1060
1061 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
1062 return ret;
1063 }
1064
1065 /* Build a certificate chain for current certificate */
ssl_build_cert_chain(SSL_CONNECTION * s,SSL_CTX * ctx,int flags)1066 int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags)
1067 {
1068 CERT *c = s != NULL ? s->cert : ctx->cert;
1069 CERT_PKEY *cpk = c->key;
1070 X509_STORE *chain_store = NULL;
1071 X509_STORE_CTX *xs_ctx = NULL;
1072 STACK_OF(X509) *chain = NULL, *untrusted = NULL;
1073 X509 *x;
1074 SSL_CTX *real_ctx = (s == NULL) ? ctx : SSL_CONNECTION_GET_CTX(s);
1075 int i, rv = 0;
1076
1077 if (cpk->x509 == NULL) {
1078 ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET);
1079 goto err;
1080 }
1081 /* Rearranging and check the chain: add everything to a store */
1082 if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {
1083 chain_store = X509_STORE_new();
1084 if (chain_store == NULL)
1085 goto err;
1086 for (i = 0; i < sk_X509_num(cpk->chain); i++) {
1087 x = sk_X509_value(cpk->chain, i);
1088 if (!X509_STORE_add_cert(chain_store, x))
1089 goto err;
1090 }
1091 /* Add EE cert too: it might be self signed */
1092 if (!X509_STORE_add_cert(chain_store, cpk->x509))
1093 goto err;
1094 } else {
1095 if (c->chain_store != NULL)
1096 chain_store = c->chain_store;
1097 else
1098 chain_store = real_ctx->cert_store;
1099
1100 if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
1101 untrusted = cpk->chain;
1102 }
1103
1104 xs_ctx = X509_STORE_CTX_new_ex(real_ctx->libctx, real_ctx->propq);
1105 if (xs_ctx == NULL) {
1106 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1107 goto err;
1108 }
1109 if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
1110 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1111 goto err;
1112 }
1113 /* Set suite B flags if needed */
1114 X509_STORE_CTX_set_flags(xs_ctx,
1115 c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
1116
1117 i = X509_verify_cert(xs_ctx);
1118 if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {
1119 if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
1120 ERR_clear_error();
1121 i = 1;
1122 rv = 2;
1123 }
1124 if (i > 0)
1125 chain = X509_STORE_CTX_get1_chain(xs_ctx);
1126 if (i <= 0) {
1127 i = X509_STORE_CTX_get_error(xs_ctx);
1128 ERR_raise_data(ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED,
1129 "Verify error:%s", X509_verify_cert_error_string(i));
1130
1131 goto err;
1132 }
1133 /* Remove EE certificate from chain */
1134 x = sk_X509_shift(chain);
1135 X509_free(x);
1136 if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) {
1137 if (sk_X509_num(chain) > 0) {
1138 /* See if last cert is self signed */
1139 x = sk_X509_value(chain, sk_X509_num(chain) - 1);
1140 if (X509_get_extension_flags(x) & EXFLAG_SS) {
1141 x = sk_X509_pop(chain);
1142 X509_free(x);
1143 }
1144 }
1145 }
1146 /*
1147 * Check security level of all CA certificates: EE will have been checked
1148 * already.
1149 */
1150 for (i = 0; i < sk_X509_num(chain); i++) {
1151 x = sk_X509_value(chain, i);
1152 rv = ssl_security_cert(s, ctx, x, 0, 0);
1153 if (rv != 1) {
1154 ERR_raise(ERR_LIB_SSL, rv);
1155 OSSL_STACK_OF_X509_free(chain);
1156 rv = 0;
1157 goto err;
1158 }
1159 }
1160 OSSL_STACK_OF_X509_free(cpk->chain);
1161 cpk->chain = chain;
1162 if (rv == 0)
1163 rv = 1;
1164 err:
1165 if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
1166 X509_STORE_free(chain_store);
1167 X509_STORE_CTX_free(xs_ctx);
1168
1169 return rv;
1170 }
1171
ssl_cert_set_cert_store(CERT * c,X509_STORE * store,int chain,int ref)1172 int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
1173 {
1174 X509_STORE **pstore;
1175
1176 if (ref && store && !X509_STORE_up_ref(store))
1177 return 0;
1178
1179 if (chain)
1180 pstore = &c->chain_store;
1181 else
1182 pstore = &c->verify_store;
1183 X509_STORE_free(*pstore);
1184 *pstore = store;
1185
1186 return 1;
1187 }
1188
ssl_cert_get_cert_store(CERT * c,X509_STORE ** pstore,int chain)1189 int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain)
1190 {
1191 *pstore = (chain ? c->chain_store : c->verify_store);
1192 return 1;
1193 }
1194
ssl_get_security_level_bits(const SSL * s,const SSL_CTX * ctx,int * levelp)1195 int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
1196 {
1197 int level;
1198 /*
1199 * note that there's a corresponding minbits_table
1200 * in crypto/x509/x509_vfy.c that's used for checking the security level
1201 * of RSA and DSA keys
1202 */
1203 static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
1204
1205 if (ctx != NULL)
1206 level = SSL_CTX_get_security_level(ctx);
1207 else
1208 level = SSL_get_security_level(s);
1209
1210 if (level > 5)
1211 level = 5;
1212 else if (level < 0)
1213 level = 0;
1214
1215 if (levelp != NULL)
1216 *levelp = level;
1217
1218 return minbits_table[level];
1219 }
1220
ssl_security_default_callback(const SSL * s,const SSL_CTX * ctx,int op,int bits,int nid,void * other,void * ex)1221 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
1222 int op, int bits, int nid, void *other,
1223 void *ex)
1224 {
1225 int level, minbits, pfs_mask;
1226 const SSL_CONNECTION *sc;
1227
1228 minbits = ssl_get_security_level_bits(s, ctx, &level);
1229
1230 if (level == 0) {
1231 /*
1232 * No EDH keys weaker than 1024-bits even at level 0, otherwise,
1233 * anything goes.
1234 */
1235 if (op == SSL_SECOP_TMP_DH && bits < 80)
1236 return 0;
1237 return 1;
1238 }
1239 switch (op) {
1240 case SSL_SECOP_CIPHER_SUPPORTED:
1241 case SSL_SECOP_CIPHER_SHARED:
1242 case SSL_SECOP_CIPHER_CHECK: {
1243 const SSL_CIPHER *c = other;
1244 /* No ciphers below security level */
1245 if (bits < minbits)
1246 return 0;
1247 /* No unauthenticated ciphersuites */
1248 if (c->algorithm_auth & SSL_aNULL)
1249 return 0;
1250 /* No MD5 mac ciphersuites */
1251 if (c->algorithm_mac & SSL_MD5)
1252 return 0;
1253 /* SHA1 HMAC is 160 bits of security */
1254 if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
1255 return 0;
1256 /* Level 3: forward secure ciphersuites only */
1257 pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK;
1258 if (level >= 3 && c->min_tls != TLS1_3_VERSION && !(c->algorithm_mkey & pfs_mask))
1259 return 0;
1260 break;
1261 }
1262 case SSL_SECOP_VERSION:
1263 if ((sc = SSL_CONNECTION_FROM_CONST_SSL(s)) == NULL)
1264 return 0;
1265 if (!SSL_CONNECTION_IS_DTLS(sc)) {
1266 /* SSLv3, TLS v1.0 and TLS v1.1 only allowed at level 0 */
1267 if (nid <= TLS1_1_VERSION && level > 0)
1268 return 0;
1269 } else {
1270 /* DTLS v1.0 only allowed at level 0 */
1271 if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level > 0)
1272 return 0;
1273 }
1274 break;
1275
1276 case SSL_SECOP_COMPRESSION:
1277 if (level >= 2)
1278 return 0;
1279 break;
1280 case SSL_SECOP_TICKET:
1281 if (level >= 3)
1282 return 0;
1283 break;
1284 default:
1285 if (bits < minbits)
1286 return 0;
1287 }
1288 return 1;
1289 }
1290
ssl_security(const SSL_CONNECTION * s,int op,int bits,int nid,void * other)1291 int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other)
1292 {
1293 return s->cert->sec_cb(SSL_CONNECTION_GET_USER_SSL(s), NULL, op, bits, nid,
1294 other, s->cert->sec_ex);
1295 }
1296
ssl_ctx_security(const SSL_CTX * ctx,int op,int bits,int nid,void * other)1297 int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
1298 {
1299 return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
1300 ctx->cert->sec_ex);
1301 }
1302
ssl_cert_lookup_by_nid(int nid,size_t * pidx,SSL_CTX * ctx)1303 int ssl_cert_lookup_by_nid(int nid, size_t *pidx, SSL_CTX *ctx)
1304 {
1305 size_t i;
1306
1307 for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
1308 if (ssl_cert_info[i].pkey_nid == nid) {
1309 *pidx = i;
1310 return 1;
1311 }
1312 }
1313 for (i = 0; i < ctx->sigalg_list_len; i++) {
1314 if (ctx->ssl_cert_info[i].pkey_nid == nid) {
1315 *pidx = SSL_PKEY_NUM + i;
1316 return 1;
1317 }
1318 }
1319 return 0;
1320 }
1321
ssl_cert_lookup_by_pkey(const EVP_PKEY * pk,size_t * pidx,SSL_CTX * ctx)1322 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx, SSL_CTX *ctx)
1323 {
1324 size_t i;
1325
1326 /* check classic pk types */
1327 for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
1328 const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i];
1329
1330 if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->pkey_nid))
1331 || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->pkey_nid))) {
1332 if (pidx != NULL)
1333 *pidx = i;
1334 return tmp_lu;
1335 }
1336 }
1337 /* check provider-loaded pk types */
1338 for (i = 0; i < ctx->sigalg_list_len; i++) {
1339 SSL_CERT_LOOKUP *tmp_lu = &(ctx->ssl_cert_info[i]);
1340
1341 if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->pkey_nid))
1342 || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->pkey_nid))) {
1343 if (pidx != NULL)
1344 *pidx = SSL_PKEY_NUM + i;
1345 return &ctx->ssl_cert_info[i];
1346 }
1347 }
1348
1349 return NULL;
1350 }
1351
ssl_cert_lookup_by_idx(size_t idx,SSL_CTX * ctx)1352 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx, SSL_CTX *ctx)
1353 {
1354 if (idx >= (OSSL_NELEM(ssl_cert_info) + ctx->sigalg_list_len))
1355 return NULL;
1356 else if (idx >= (OSSL_NELEM(ssl_cert_info)))
1357 return &(ctx->ssl_cert_info[idx - SSL_PKEY_NUM]);
1358 return &ssl_cert_info[idx];
1359 }
1360