kris
/
boringssl
1
0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
3061 Commits
12 Ramas
38 MiB
 
 
 
 
 
 
Árbol: 2b314fa3a9
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '2b314fa3a9'
${ noResults }
boringssl/ssl/ssl_cert.c

798 líneas
23 KiB
Original Blame Histórico 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.]

  56.  */

  57. /* ====================================================================

  58.  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

  59.  *

  60.  * Redistribution and use in source and binary forms, with or without

  61.  * modification, are permitted provided that the following conditions

  62.  * are met:

  63.  *

  64.  * 1. Redistributions of source code must retain the above copyright

  65.  *    notice, this list of conditions and the following disclaimer.

  66.  *

  67.  * 2. Redistributions in binary form must reproduce the above copyright

  68.  *    notice, this list of conditions and the following disclaimer in

  69.  *    the documentation and/or other materials provided with the

  70.  *    distribution.

  71.  *

  72.  * 3. All advertising materials mentioning features or use of this

  73.  *    software must display the following acknowledgment:

  74.  *    "This product includes software developed by the OpenSSL Project

  75.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  76.  *

  77.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  78.  *    endorse or promote products derived from this software without

  79.  *    prior written permission. For written permission, please contact

  80.  *    openssl-core@openssl.org.

  81.  *

  82.  * 5. Products derived from this software may not be called "OpenSSL"

  83.  *    nor may "OpenSSL" appear in their names without prior written

  84.  *    permission of the OpenSSL Project.

  85.  *

  86.  * 6. Redistributions of any form whatsoever must retain the following

  87.  *    acknowledgment:

  88.  *    "This product includes software developed by the OpenSSL Project

  89.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  90.  *

  91.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  92.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  93.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  94.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  95.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  96.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  97.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  98.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  99.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  100.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  101.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  102.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  103.  * ====================================================================

  104.  *

  105.  * This product includes cryptographic software written by Eric Young

  106.  * (eay@cryptsoft.com).  This product includes software written by Tim

  107.  * Hudson (tjh@cryptsoft.com).

  108.  *

  109.  */

  110. /* ====================================================================

  111.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  112.  * ECC cipher suite support in OpenSSL originally developed by

  113.  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */

  114. 

  115. #include <openssl/ssl.h>

  116. 

  117. #include <assert.h>

  118. #include <string.h>

  119. 

  120. #include <openssl/bn.h>

  121. #include <openssl/buf.h>

  122. #include <openssl/ec_key.h>

  123. #include <openssl/dh.h>

  124. #include <openssl/err.h>

  125. #include <openssl/mem.h>

  126. #include <openssl/sha.h>

  127. #include <openssl/x509.h>

  128. #include <openssl/x509v3.h>

  129. 

  130. #include "../crypto/dh/internal.h"

  131. #include "../crypto/internal.h"

  132. #include "internal.h"

  133. 

  134. 

  135. int SSL_get_ex_data_X509_STORE_CTX_idx(void) {

  136.   /* The ex_data index to go from |X509_STORE_CTX| to |SSL| always uses the

  137.    * reserved app_data slot. Before ex_data was introduced, app_data was used.

  138.    * Avoid breaking any software which assumes |X509_STORE_CTX_get_app_data|

  139.    * works. */

  140.   return 0;

  141. }

  142. 

  143. CERT *ssl_cert_new(void) {

  144.   CERT *ret = OPENSSL_malloc(sizeof(CERT));

  145.   if (ret == NULL) {

  146.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  147.     return NULL;

  148.   }

  149.   memset(ret, 0, sizeof(CERT));

  150. 

  151.   return ret;

  152. }

  153. 

  154. CERT *ssl_cert_dup(CERT *cert) {

  155.   CERT *ret = OPENSSL_malloc(sizeof(CERT));

  156.   if (ret == NULL) {

  157.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  158.     return NULL;

  159.   }

  160.   memset(ret, 0, sizeof(CERT));

  161. 

  162.   ret->mask_k = cert->mask_k;

  163.   ret->mask_a = cert->mask_a;

  164. 

  165.   if (cert->dh_tmp != NULL) {

  166.     ret->dh_tmp = DHparams_dup(cert->dh_tmp);

  167.     if (ret->dh_tmp == NULL) {

  168.       OPENSSL_PUT_ERROR(SSL, ERR_R_DH_LIB);

  169.       goto err;

  170.     }

  171.   }

  172.   ret->dh_tmp_cb = cert->dh_tmp_cb;

  173. 

  174.   if (cert->x509 != NULL) {

  175.     ret->x509 = X509_up_ref(cert->x509);

  176.   }

  177. 

  178.   if (cert->privatekey != NULL) {

  179.     EVP_PKEY_up_ref(cert->privatekey);

  180.     ret->privatekey = cert->privatekey;

  181.   }

  182. 

  183.   if (cert->chain) {

  184.     ret->chain = X509_chain_up_ref(cert->chain);

  185.     if (!ret->chain) {

  186.       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  187.       goto err;

  188.     }

  189.   }

  190. 

  191.   ret->key_method = cert->key_method;

  192. 

  193.   ret->cert_cb = cert->cert_cb;

  194.   ret->cert_cb_arg = cert->cert_cb_arg;

  195. 

  196.   if (cert->verify_store != NULL) {

  197.     X509_STORE_up_ref(cert->verify_store);

  198.     ret->verify_store = cert->verify_store;

  199.   }

  200. 

  201.   return ret;

  202. 

  203. err:

  204.   ssl_cert_free(ret);

  205.   return NULL;

  206. }

  207. 

  208. /* Free up and clear all certificates and chains */

  209. void ssl_cert_clear_certs(CERT *cert) {

  210.   if (cert == NULL) {

  211.     return;

  212.   }

  213. 

  214.   X509_free(cert->x509);

  215.   cert->x509 = NULL;

  216.   EVP_PKEY_free(cert->privatekey);

  217.   cert->privatekey = NULL;

  218.   sk_X509_pop_free(cert->chain, X509_free);

  219.   cert->chain = NULL;

  220.   cert->key_method = NULL;

  221. }

  222. 

  223. void ssl_cert_free(CERT *c) {

  224.   if (c == NULL) {

  225.     return;

  226.   }

  227. 

  228.   DH_free(c->dh_tmp);

  229. 

  230.   ssl_cert_clear_certs(c);

  231.   OPENSSL_free(c->peer_sigalgs);

  232.   OPENSSL_free(c->sigalgs);

  233.   X509_STORE_free(c->verify_store);

  234. 

  235.   OPENSSL_free(c);

  236. }

  237. 

  238. int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain) {

  239.   sk_X509_pop_free(cert->chain, X509_free);

  240.   cert->chain = chain;

  241.   return 1;

  242. }

  243. 

  244. int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain) {

  245.   STACK_OF(X509) *dchain;

  246.   if (chain == NULL) {

  247.     return ssl_cert_set0_chain(cert, NULL);

  248.   }

  249. 

  250.   dchain = X509_chain_up_ref(chain);

  251.   if (dchain == NULL) {

  252.     return 0;

  253.   }

  254. 

  255.   if (!ssl_cert_set0_chain(cert, dchain)) {

  256.     sk_X509_pop_free(dchain, X509_free);

  257.     return 0;

  258.   }

  259. 

  260.   return 1;

  261. }

  262. 

  263. int ssl_cert_add0_chain_cert(CERT *cert, X509 *x509) {

  264.   if (cert->chain == NULL) {

  265.     cert->chain = sk_X509_new_null();

  266.   }

  267.   if (cert->chain == NULL || !sk_X509_push(cert->chain, x509)) {

  268.     return 0;

  269.   }

  270. 

  271.   return 1;

  272. }

  273. 

  274. int ssl_cert_add1_chain_cert(CERT *cert, X509 *x509) {

  275.   if (!ssl_cert_add0_chain_cert(cert, x509)) {

  276.     return 0;

  277.   }

  278. 

  279.   X509_up_ref(x509);

  280.   return 1;

  281. }

  282. 

  283. void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg) {

  284.   c->cert_cb = cb;

  285.   c->cert_cb_arg = arg;

  286. }

  287. 

  288. int ssl_verify_cert_chain(SSL *ssl, STACK_OF(X509) *cert_chain) {

  289.   if (cert_chain == NULL || sk_X509_num(cert_chain) == 0) {

  290.     return 0;

  291.   }

  292. 

  293.   X509_STORE *verify_store = ssl->ctx->cert_store;

  294.   if (ssl->cert->verify_store != NULL) {

  295.     verify_store = ssl->cert->verify_store;

  296.   }

  297. 

  298.   X509 *leaf = sk_X509_value(cert_chain, 0);

  299.   int ret = 0;

  300.   X509_STORE_CTX ctx;

  301.   if (!X509_STORE_CTX_init(&ctx, verify_store, leaf, cert_chain)) {

  302.     OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);

  303.     return 0;

  304.   }

  305.   if (!X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(),

  306.                                   ssl)) {

  307.     goto err;

  308.   }

  309. 

  310.   /* We need to inherit the verify parameters. These can be determined by the

  311.    * context: if its a server it will verify SSL client certificates or vice

  312.    * versa. */

  313.   X509_STORE_CTX_set_default(&ctx, ssl->server ? "ssl_client" : "ssl_server");

  314. 

  315.   /* Anything non-default in "param" should overwrite anything in the ctx. */

  316.   X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), ssl->param);

  317. 

  318.   if (ssl->verify_callback) {

  319.     X509_STORE_CTX_set_verify_cb(&ctx, ssl->verify_callback);

  320.   }

  321. 

  322.   if (ssl->ctx->app_verify_callback != NULL) {

  323.     ret = ssl->ctx->app_verify_callback(&ctx, ssl->ctx->app_verify_arg);

  324.   } else {

  325.     ret = X509_verify_cert(&ctx);

  326.   }

  327. 

  328.   ssl->verify_result = ctx.error;

  329. 

  330. err:

  331.   X509_STORE_CTX_cleanup(&ctx);

  332.   return ret;

  333. }

  334. 

  335. static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,

  336.                                STACK_OF(X509_NAME) *name_list) {

  337.   sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);

  338.   *ca_list = name_list;

  339. }

  340. 

  341. STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *list) {

  342.   STACK_OF(X509_NAME) *ret = sk_X509_NAME_new_null();

  343.   if (ret == NULL) {

  344.     return NULL;

  345.   }

  346. 

  347.   size_t i;

  348.   for (i = 0; i < sk_X509_NAME_num(list); i++) {

  349.       X509_NAME *name = X509_NAME_dup(sk_X509_NAME_value(list, i));

  350.     if (name == NULL || !sk_X509_NAME_push(ret, name)) {

  351.       X509_NAME_free(name);

  352.       sk_X509_NAME_pop_free(ret, X509_NAME_free);

  353.       return NULL;

  354.     }

  355.   }

  356. 

  357.   return ret;

  358. }

  359. 

  360. void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list) {

  361.   set_client_CA_list(&ssl->client_CA, name_list);

  362. }

  363. 

  364. void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) {

  365.   set_client_CA_list(&ctx->client_CA, name_list);

  366. }

  367. 

  368. STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) {

  369.   return ctx->client_CA;

  370. }

  371. 

  372. STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl) {

  373.   /* For historical reasons, this function is used both to query configuration

  374.    * state on a server as well as handshake state on a client. However, whether

  375.    * |ssl| is a client or server is not known until explicitly configured with

  376.    * |SSL_set_connect_state|. If |handshake_func| is NULL, |ssl| is in an

  377.    * indeterminate mode and |ssl->server| is unset. */

  378.   if (ssl->handshake_func != NULL && !ssl->server) {

  379.     return ssl->s3->tmp.ca_names;

  380.   }

  381. 

  382.   if (ssl->client_CA != NULL) {

  383.     return ssl->client_CA;

  384.   }

  385.   return ssl->ctx->client_CA;

  386. }

  387. 

  388. static int add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x509) {

  389.   X509_NAME *name;

  390. 

  391.   if (x509 == NULL) {

  392.     return 0;

  393.   }

  394.   if (*sk == NULL) {

  395.     *sk = sk_X509_NAME_new_null();

  396.     if (*sk == NULL) {

  397.       return 0;

  398.     }

  399.   }

  400. 

  401.   name = X509_NAME_dup(X509_get_subject_name(x509));

  402.   if (name == NULL) {

  403.     return 0;

  404.   }

  405. 

  406.   if (!sk_X509_NAME_push(*sk, name)) {

  407.     X509_NAME_free(name);

  408.     return 0;

  409.   }

  410. 

  411.   return 1;

  412. }

  413. 

  414. int SSL_add_client_CA(SSL *ssl, X509 *x509) {

  415.   return add_client_CA(&ssl->client_CA, x509);

  416. }

  417. 

  418. int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x509) {

  419.   return add_client_CA(&ctx->client_CA, x509);

  420. }

  421. 

  422. int ssl_has_certificate(const SSL *ssl) {

  423.   return ssl->cert->x509 != NULL && ssl_has_private_key(ssl);

  424. }

  425. 

  426. STACK_OF(X509) *ssl_parse_cert_chain(SSL *ssl, uint8_t *out_alert,

  427.                                      uint8_t *out_leaf_sha256, CBS *cbs) {

  428.   STACK_OF(X509) *ret = sk_X509_new_null();

  429.   if (ret == NULL) {

  430.     *out_alert = SSL_AD_INTERNAL_ERROR;

  431.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  432.     return NULL;

  433.   }

  434. 

  435.   X509 *x = NULL;

  436.   CBS certificate_list;

  437.   if (!CBS_get_u24_length_prefixed(cbs, &certificate_list)) {

  438.     *out_alert = SSL_AD_DECODE_ERROR;

  439.     OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);

  440.     goto err;

  441.   }

  442. 

  443.   while (CBS_len(&certificate_list) > 0) {

  444.     CBS certificate;

  445.     if (!CBS_get_u24_length_prefixed(&certificate_list, &certificate)) {

  446.       *out_alert = SSL_AD_DECODE_ERROR;

  447.       OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);

  448.       goto err;

  449.     }

  450. 

  451.     /* Retain the hash of the leaf certificate if requested. */

  452.     if (sk_X509_num(ret) == 0 && out_leaf_sha256 != NULL) {

  453.       SHA256(CBS_data(&certificate), CBS_len(&certificate), out_leaf_sha256);

  454.     }

  455. 

  456.     /* A u24 length cannot overflow a long. */

  457.     const uint8_t *data = CBS_data(&certificate);

  458.     x = d2i_X509(NULL, &data, (long)CBS_len(&certificate));

  459.     if (x == NULL || data != CBS_data(&certificate) + CBS_len(&certificate)) {

  460.       *out_alert = SSL_AD_DECODE_ERROR;

  461.       goto err;

  462.     }

  463.     if (!sk_X509_push(ret, x)) {

  464.       *out_alert = SSL_AD_INTERNAL_ERROR;

  465.       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  466.       goto err;

  467.     }

  468.     x = NULL;

  469.   }

  470. 

  471.   return ret;

  472. 

  473. err:

  474.   X509_free(x);

  475.   sk_X509_pop_free(ret, X509_free);

  476.   return NULL;

  477. }

  478. 

  479. int ssl_add_cert_to_cbb(CBB *cbb, X509 *x509) {

  480.   int len = i2d_X509(x509, NULL);

  481.   if (len < 0) {

  482.     return 0;

  483.   }

  484.   uint8_t *buf;

  485.   if (!CBB_add_space(cbb, &buf, len)) {

  486.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  487.     return 0;

  488.   }

  489.   if (buf != NULL && i2d_X509(x509, &buf) < 0) {

  490.     return 0;

  491.   }

  492.   return 1;

  493. }

  494. 

  495. static int ssl_add_cert_with_length(CBB *cbb, X509 *x509) {

  496.   CBB child;

  497.   return CBB_add_u24_length_prefixed(cbb, &child) &&

  498.          ssl_add_cert_to_cbb(&child, x509) &&

  499.          CBB_flush(cbb);

  500. }

  501. 

  502. int ssl_add_cert_chain(SSL *ssl, CBB *cbb) {

  503.   if (!ssl_has_certificate(ssl)) {

  504.     return CBB_add_u24(cbb, 0);

  505.   }

  506. 

  507.   CERT *cert = ssl->cert;

  508.   X509 *x = cert->x509;

  509. 

  510.   CBB child;

  511.   if (!CBB_add_u24_length_prefixed(cbb, &child)) {

  512.     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);

  513.     return 0;

  514.   }

  515. 

  516.   int no_chain = 0;

  517.   STACK_OF(X509) *chain = cert->chain;

  518.   if ((ssl->mode & SSL_MODE_NO_AUTO_CHAIN) || chain != NULL) {

  519.     no_chain = 1;

  520.   }

  521. 

  522.   if (no_chain) {

  523.     if (!ssl_add_cert_with_length(&child, x)) {

  524.       return 0;

  525.     }

  526. 

  527.     size_t i;

  528.     for (i = 0; i < sk_X509_num(chain); i++) {

  529.       x = sk_X509_value(chain, i);

  530.       if (!ssl_add_cert_with_length(&child, x)) {

  531.         return 0;

  532.       }

  533.     }

  534.   } else {

  535.     X509_STORE_CTX xs_ctx;

  536. 

  537.     if (!X509_STORE_CTX_init(&xs_ctx, ssl->ctx->cert_store, x, NULL)) {

  538.       OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);

  539.       return 0;

  540.     }

  541.     X509_verify_cert(&xs_ctx);

  542.     /* Don't leave errors in the queue */

  543.     ERR_clear_error();

  544. 

  545.     size_t i;

  546.     for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {

  547.       x = sk_X509_value(xs_ctx.chain, i);

  548.       if (!ssl_add_cert_with_length(&child, x)) {

  549.         X509_STORE_CTX_cleanup(&xs_ctx);

  550.         return 0;

  551.       }

  552.     }

  553.     X509_STORE_CTX_cleanup(&xs_ctx);

  554.   }

  555. 

  556.   return CBB_flush(cbb);

  557. }

  558. 

  559. static int ca_dn_cmp(const X509_NAME **a, const X509_NAME **b) {

  560.   return X509_NAME_cmp(*a, *b);

  561. }

  562. 

  563. STACK_OF(X509_NAME) *

  564.     ssl_parse_client_CA_list(SSL *ssl, uint8_t *out_alert, CBS *cbs) {

  565.   STACK_OF(X509_NAME) *ret = sk_X509_NAME_new(ca_dn_cmp);

  566.   X509_NAME *name = NULL;

  567.   if (ret == NULL) {

  568.     *out_alert = SSL_AD_INTERNAL_ERROR;

  569.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  570.     return NULL;

  571.   }

  572. 

  573.   CBS child;

  574.   if (!CBS_get_u16_length_prefixed(cbs, &child)) {

  575.     *out_alert = SSL_AD_DECODE_ERROR;

  576.     OPENSSL_PUT_ERROR(SSL, SSL_R_LENGTH_MISMATCH);

  577.     goto err;

  578.   }

  579. 

  580.   while (CBS_len(&child) > 0) {

  581.     CBS distinguished_name;

  582.     if (!CBS_get_u16_length_prefixed(&child, &distinguished_name)) {

  583.       *out_alert = SSL_AD_DECODE_ERROR;

  584.       OPENSSL_PUT_ERROR(SSL, SSL_R_CA_DN_TOO_LONG);

  585.       goto err;

  586.     }

  587. 

  588.     const uint8_t *ptr = CBS_data(&distinguished_name);

  589.     /* A u16 length cannot overflow a long. */

  590.     name = d2i_X509_NAME(NULL, &ptr, (long)CBS_len(&distinguished_name));

  591.     if (name == NULL ||

  592.         ptr != CBS_data(&distinguished_name) + CBS_len(&distinguished_name)) {

  593.       *out_alert = SSL_AD_DECODE_ERROR;

  594.       OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);

  595.       goto err;

  596.     }

  597. 

  598.     if (!sk_X509_NAME_push(ret, name)) {

  599.       *out_alert = SSL_AD_INTERNAL_ERROR;

  600.       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  601.       goto err;

  602.     }

  603.     name = NULL;

  604.   }

  605. 

  606.   return ret;

  607. 

  608. err:

  609.   X509_NAME_free(name);

  610.   sk_X509_NAME_pop_free(ret, X509_NAME_free);

  611.   return NULL;

  612. }

  613. 

  614. int ssl_add_client_CA_list(SSL *ssl, CBB *cbb) {

  615.   CBB child, name_cbb;

  616.   if (!CBB_add_u16_length_prefixed(cbb, &child)) {

  617.     return 0;

  618.   }

  619. 

  620.   STACK_OF(X509_NAME) *sk = SSL_get_client_CA_list(ssl);

  621.   if (sk == NULL) {

  622.     return CBB_flush(cbb);

  623.   }

  624. 

  625.   for (size_t i = 0; i < sk_X509_NAME_num(sk); i++) {

  626.     X509_NAME *name = sk_X509_NAME_value(sk, i);

  627.     int len = i2d_X509_NAME(name, NULL);

  628.     if (len < 0) {

  629.       return 0;

  630.     }

  631.     uint8_t *ptr;

  632.     if (!CBB_add_u16_length_prefixed(&child, &name_cbb) ||

  633.         !CBB_add_space(&name_cbb, &ptr, (size_t)len) ||

  634.         (len > 0 && i2d_X509_NAME(name, &ptr) < 0)) {

  635.       return 0;

  636.     }

  637.   }

  638. 

  639.   return CBB_flush(cbb);

  640. }

  641. 

  642. int ssl_do_client_cert_cb(SSL *ssl, int *out_should_retry) {

  643.   if (ssl_has_certificate(ssl) || ssl->ctx->client_cert_cb == NULL) {

  644.     return 1;

  645.   }

  646. 

  647.   X509 *x509 = NULL;

  648.   EVP_PKEY *pkey = NULL;

  649.   int ret = ssl->ctx->client_cert_cb(ssl, &x509, &pkey);

  650.   if (ret < 0) {

  651.     *out_should_retry = 1;

  652.     return 0;

  653.   }

  654. 

  655.   if (ret != 0) {

  656.     if (!SSL_use_certificate(ssl, x509) ||

  657.         !SSL_use_PrivateKey(ssl, pkey)) {

  658.       ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);

  659.       *out_should_retry = 0;

  660.       return 0;

  661.     }

  662.   }

  663. 

  664.   X509_free(x509);

  665.   EVP_PKEY_free(pkey);

  666.   return 1;

  667. }

  668. 

  669. static int set_cert_store(X509_STORE **store_ptr, X509_STORE *new_store, int take_ref) {

  670.   X509_STORE_free(*store_ptr);

  671.   *store_ptr = new_store;

  672. 

  673.   if (new_store != NULL && take_ref) {

  674.     X509_STORE_up_ref(new_store);

  675.   }

  676. 

  677.   return 1;

  678. }

  679. 

  680. int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {

  681.   return set_cert_store(&ctx->cert->verify_store, store, 0);

  682. }

  683. 

  684. int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {

  685.   return set_cert_store(&ctx->cert->verify_store, store, 1);

  686. }

  687. 

  688. int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store) {

  689.   return set_cert_store(&ssl->cert->verify_store, store, 0);

  690. }

  691. 

  692. int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store) {

  693.   return set_cert_store(&ssl->cert->verify_store, store, 1);

  694. }

  695. 

  696. int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {

  697.   return ssl_cert_set0_chain(ctx->cert, chain);

  698. }

  699. 

  700. int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {

  701.   return ssl_cert_set1_chain(ctx->cert, chain);

  702. }

  703. 

  704. int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain) {

  705.   return ssl_cert_set0_chain(ssl->cert, chain);

  706. }

  707. 

  708. int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain) {

  709.   return ssl_cert_set1_chain(ssl->cert, chain);

  710. }

  711. 

  712. int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509) {

  713.   return ssl_cert_add0_chain_cert(ctx->cert, x509);

  714. }

  715. 

  716. int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509) {

  717.   return ssl_cert_add1_chain_cert(ctx->cert, x509);

  718. }

  719. 

  720. int SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509) {

  721.   return SSL_CTX_add0_chain_cert(ctx, x509);

  722. }

  723. 

  724. int SSL_add0_chain_cert(SSL *ssl, X509 *x509) {

  725.   return ssl_cert_add0_chain_cert(ssl->cert, x509);

  726. }

  727. 

  728. int SSL_add1_chain_cert(SSL *ssl, X509 *x509) {

  729.   return ssl_cert_add1_chain_cert(ssl->cert, x509);

  730. }

  731. 

  732. int SSL_CTX_clear_chain_certs(SSL_CTX *ctx) {

  733.   return SSL_CTX_set0_chain(ctx, NULL);

  734. }

  735. 

  736. int SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx) {

  737.   return SSL_CTX_clear_chain_certs(ctx);

  738. }

  739. 

  740. int SSL_clear_chain_certs(SSL *ssl) {

  741.   return SSL_set0_chain(ssl, NULL);

  742. }

  743. 

  744. int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain) {

  745.   *out_chain = ctx->cert->chain;

  746.   return 1;

  747. }

  748. 

  749. int SSL_CTX_get_extra_chain_certs(const SSL_CTX *ctx,

  750.                                   STACK_OF(X509) **out_chain) {

  751.   return SSL_CTX_get0_chain_certs(ctx, out_chain);

  752. }

  753. 

  754. int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) {

  755.   *out_chain = ssl->cert->chain;

  756.   return 1;

  757. }

  758. 

  759. int ssl_check_leaf_certificate(SSL *ssl, X509 *leaf) {

  760.   int ret = 0;

  761.   EVP_PKEY *pkey = X509_get_pubkey(leaf);

  762.   if (pkey == NULL) {

  763.     goto err;

  764.   }

  765. 

  766.   /* Check the certificate's type matches the cipher. */

  767.   const SSL_CIPHER *cipher = ssl->s3->tmp.new_cipher;

  768.   int expected_type = ssl_cipher_get_key_type(cipher);

  769.   assert(expected_type != EVP_PKEY_NONE);

  770.   if (pkey->type != expected_type) {

  771.     OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CERTIFICATE_TYPE);

  772.     goto err;

  773.   }

  774. 

  775.   if (cipher->algorithm_auth & SSL_aECDSA) {

  776.     /* TODO(davidben): This behavior is preserved from upstream. Should key

  777.      * usages be checked in other cases as well? */

  778.     /* This call populates the ex_flags field correctly */

  779.     X509_check_purpose(leaf, -1, 0);

  780.     if ((leaf->ex_flags & EXFLAG_KUSAGE) &&

  781.         !(leaf->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)) {

  782.       OPENSSL_PUT_ERROR(SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);

  783.       goto err;

  784.     }

  785. 

  786.     if (!tls1_check_ec_cert(ssl, leaf)) {

  787.       OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT);

  788.       goto err;

  789.     }

  790.   }

  791. 

  792.   ret = 1;

  793. 

  794. err:

  795.   EVP_PKEY_free(pkey);

  796.   return ret;

  797. }