kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5405 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: 6855e0a470
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6855e0a470'
${ noResults }
boringssl/ssl/ssl_x509.cc

1360 lines
40 KiB
Raw Blame History 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.]

  56.  */

  57. /* ====================================================================

  58.  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

  59.  *

  60.  * Redistribution and use in source and binary forms, with or without

  61.  * modification, are permitted provided that the following conditions

  62.  * are met:

  63.  *

  64.  * 1. Redistributions of source code must retain the above copyright

  65.  *    notice, this list of conditions and the following disclaimer.

  66.  *

  67.  * 2. Redistributions in binary form must reproduce the above copyright

  68.  *    notice, this list of conditions and the following disclaimer in

  69.  *    the documentation and/or other materials provided with the

  70.  *    distribution.

  71.  *

  72.  * 3. All advertising materials mentioning features or use of this

  73.  *    software must display the following acknowledgment:

  74.  *    "This product includes software developed by the OpenSSL Project

  75.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  76.  *

  77.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  78.  *    endorse or promote products derived from this software without

  79.  *    prior written permission. For written permission, please contact

  80.  *    openssl-core@openssl.org.

  81.  *

  82.  * 5. Products derived from this software may not be called "OpenSSL"

  83.  *    nor may "OpenSSL" appear in their names without prior written

  84.  *    permission of the OpenSSL Project.

  85.  *

  86.  * 6. Redistributions of any form whatsoever must retain the following

  87.  *    acknowledgment:

  88.  *    "This product includes software developed by the OpenSSL Project

  89.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  90.  *

  91.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  92.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  93.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  94.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  95.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  96.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  97.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  98.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  99.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  100.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  101.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  102.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  103.  * ====================================================================

  104.  *

  105.  * This product includes cryptographic software written by Eric Young

  106.  * (eay@cryptsoft.com).  This product includes software written by Tim

  107.  * Hudson (tjh@cryptsoft.com).

  108.  *

  109.  */

  110. /* ====================================================================

  111.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  112.  * ECC cipher suite support in OpenSSL originally developed by

  113.  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

  114.  */

  115. /* ====================================================================

  116.  * Copyright 2005 Nokia. All rights reserved.

  117.  *

  118.  * The portions of the attached software ("Contribution") is developed by

  119.  * Nokia Corporation and is licensed pursuant to the OpenSSL open source

  120.  * license.

  121.  *

  122.  * The Contribution, originally written by Mika Kousa and Pasi Eronen of

  123.  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites

  124.  * support (see RFC 4279) to OpenSSL.

  125.  *

  126.  * No patent licenses or other rights except those expressly stated in

  127.  * the OpenSSL open source license shall be deemed granted or received

  128.  * expressly, by implication, estoppel, or otherwise.

  129.  *

  130.  * No assurances are provided by Nokia that the Contribution does not

  131.  * infringe the patent or other intellectual property rights of any third

  132.  * party or that the license provides you with all the necessary rights

  133.  * to make use of the Contribution.

  134.  *

  135.  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN

  136.  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA

  137.  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY

  138.  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR

  139.  * OTHERWISE. */

  140. 

  141. #include <openssl/ssl.h>

  142. 

  143. #include <assert.h>

  144. 

  145. #include <openssl/asn1.h>

  146. #include <openssl/bytestring.h>

  147. #include <openssl/err.h>

  148. #include <openssl/pem.h>

  149. #include <openssl/stack.h>

  150. #include <openssl/x509.h>

  151. #include <openssl/x509v3.h>

  152. #include <openssl/x509_vfy.h>

  153. 

  154. #include "internal.h"

  155. #include "../crypto/internal.h"

  156. 

  157. 

  158. namespace bssl {

  159. 

  160. // check_ssl_x509_method asserts that |ssl| has the X509-based method

  161. // installed. Calling an X509-based method on an |ssl| with a different method

  162. // will likely misbehave and possibly crash or leak memory.

  163. static void check_ssl_x509_method(const SSL *ssl) {

  164.   assert(ssl == NULL || ssl->ctx->x509_method == &ssl_crypto_x509_method);

  165. }

  166. 

  167. // check_ssl_ctx_x509_method acts like |check_ssl_x509_method|, but for an

  168. // |SSL_CTX|.

  169. static void check_ssl_ctx_x509_method(const SSL_CTX *ctx) {

  170.   assert(ctx == NULL || ctx->x509_method == &ssl_crypto_x509_method);

  171. }

  172. 

  173. // x509_to_buffer returns a |CRYPTO_BUFFER| that contains the serialised

  174. // contents of |x509|.

  175. static UniquePtr<CRYPTO_BUFFER> x509_to_buffer(X509 *x509) {

  176.   uint8_t *buf = NULL;

  177.   int cert_len = i2d_X509(x509, &buf);

  178.   if (cert_len <= 0) {

  179.     return 0;

  180.   }

  181. 

  182.   UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(buf, cert_len, NULL));

  183.   OPENSSL_free(buf);

  184. 

  185.   return buffer;

  186. }

  187. 

  188. // new_leafless_chain returns a fresh stack of buffers set to {NULL}.

  189. static UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_leafless_chain(void) {

  190.   UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain(sk_CRYPTO_BUFFER_new_null());

  191.   if (!chain ||

  192.       !sk_CRYPTO_BUFFER_push(chain.get(), nullptr)) {

  193.     return nullptr;

  194.   }

  195. 

  196.   return chain;

  197. }

  198. 

  199. // ssl_cert_set_chain sets elements 1.. of |cert->chain| to the serialised

  200. // forms of elements of |chain|. It returns one on success or zero on error, in

  201. // which case no change to |cert->chain| is made. It preverses the existing

  202. // leaf from |cert->chain|, if any.

  203. static int ssl_cert_set_chain(CERT *cert, STACK_OF(X509) *chain) {

  204.   UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_chain;

  205. 

  206.   if (cert->chain != nullptr) {

  207.     new_chain.reset(sk_CRYPTO_BUFFER_new_null());

  208.     if (!new_chain) {

  209.       return 0;

  210.     }

  211. 

  212.     // |leaf| might be NULL if it's a “leafless” chain.

  213.     CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);

  214.     if (!PushToStack(new_chain.get(), UpRef(leaf))) {

  215.       return 0;

  216.     }

  217.   }

  218. 

  219.   for (X509 *x509 : chain) {

  220.     if (!new_chain) {

  221.       new_chain = new_leafless_chain();

  222.       if (!new_chain) {

  223.         return 0;

  224.       }

  225.     }

  226. 

  227.     UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509);

  228.     if (!buffer ||

  229.         !PushToStack(new_chain.get(), std::move(buffer))) {

  230.       return 0;

  231.     }

  232.   }

  233. 

  234.   cert->chain = std::move(new_chain);

  235.   return 1;

  236. }

  237. 

  238. static void ssl_crypto_x509_cert_flush_cached_leaf(CERT *cert) {

  239.   X509_free(cert->x509_leaf);

  240.   cert->x509_leaf = NULL;

  241. }

  242. 

  243. static void ssl_crypto_x509_cert_flush_cached_chain(CERT *cert) {

  244.   sk_X509_pop_free(cert->x509_chain, X509_free);

  245.   cert->x509_chain = NULL;

  246. }

  247. 

  248. static int ssl_crypto_x509_check_client_CA_list(

  249.     STACK_OF(CRYPTO_BUFFER) *names) {

  250.   for (const CRYPTO_BUFFER *buffer : names) {

  251.     const uint8_t *inp = CRYPTO_BUFFER_data(buffer);

  252.     UniquePtr<X509_NAME> name(

  253.         d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));

  254.     if (name == nullptr ||

  255.         inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer)) {

  256.       return 0;

  257.     }

  258.   }

  259. 

  260.   return 1;

  261. }

  262. 

  263. static void ssl_crypto_x509_cert_clear(CERT *cert) {

  264.   ssl_crypto_x509_cert_flush_cached_leaf(cert);

  265.   ssl_crypto_x509_cert_flush_cached_chain(cert);

  266. 

  267.   X509_free(cert->x509_stash);

  268.   cert->x509_stash = NULL;

  269. }

  270. 

  271. static void ssl_crypto_x509_cert_free(CERT *cert) {

  272.   ssl_crypto_x509_cert_clear(cert);

  273.   X509_STORE_free(cert->verify_store);

  274. }

  275. 

  276. static void ssl_crypto_x509_cert_dup(CERT *new_cert, const CERT *cert) {

  277.   if (cert->verify_store != NULL) {

  278.     X509_STORE_up_ref(cert->verify_store);

  279.     new_cert->verify_store = cert->verify_store;

  280.   }

  281. }

  282. 

  283. static int ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) {

  284.   bssl::UniquePtr<STACK_OF(X509)> chain;

  285.   if (sk_CRYPTO_BUFFER_num(sess->certs.get()) > 0) {

  286.     chain.reset(sk_X509_new_null());

  287.     if (!chain) {

  288.       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  289.       return 0;

  290.     }

  291.   }

  292. 

  293.   X509 *leaf = nullptr;

  294.   for (CRYPTO_BUFFER *cert : sess->certs.get()) {

  295.     UniquePtr<X509> x509(X509_parse_from_buffer(cert));

  296.     if (!x509) {

  297.       OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);

  298.       return 0;

  299.     }

  300.     if (leaf == nullptr) {

  301.       leaf = x509.get();

  302.     }

  303.     if (!PushToStack(chain.get(), std::move(x509))) {

  304.       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  305.       return 0;

  306.     }

  307.   }

  308. 

  309.   sk_X509_pop_free(sess->x509_chain, X509_free);

  310.   sess->x509_chain = chain.release();

  311.   sk_X509_pop_free(sess->x509_chain_without_leaf, X509_free);

  312.   sess->x509_chain_without_leaf = NULL;

  313. 

  314.   X509_free(sess->x509_peer);

  315.   if (leaf != NULL) {

  316.     X509_up_ref(leaf);

  317.   }

  318.   sess->x509_peer = leaf;

  319.   return 1;

  320. }

  321. 

  322. static int ssl_crypto_x509_session_dup(SSL_SESSION *new_session,

  323.                                        const SSL_SESSION *session) {

  324.   if (session->x509_peer != NULL) {

  325.     X509_up_ref(session->x509_peer);

  326.     new_session->x509_peer = session->x509_peer;

  327.   }

  328.   if (session->x509_chain != NULL) {

  329.     new_session->x509_chain = X509_chain_up_ref(session->x509_chain);

  330.     if (new_session->x509_chain == NULL) {

  331.       return 0;

  332.     }

  333.   }

  334. 

  335.   return 1;

  336. }

  337. 

  338. static void ssl_crypto_x509_session_clear(SSL_SESSION *session) {

  339.   X509_free(session->x509_peer);

  340.   session->x509_peer = NULL;

  341.   sk_X509_pop_free(session->x509_chain, X509_free);

  342.   session->x509_chain = NULL;

  343.   sk_X509_pop_free(session->x509_chain_without_leaf, X509_free);

  344.   session->x509_chain_without_leaf = NULL;

  345. }

  346. 

  347. static int ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION *session,

  348.                                                      SSL_HANDSHAKE *hs,

  349.                                                      uint8_t *out_alert) {

  350.   *out_alert = SSL_AD_INTERNAL_ERROR;

  351.   STACK_OF(X509) *const cert_chain = session->x509_chain;

  352.   if (cert_chain == NULL || sk_X509_num(cert_chain) == 0) {

  353.     return 0;

  354.   }

  355. 

  356.   SSL_CTX *ssl_ctx = hs->ssl->ctx.get();

  357.   X509_STORE *verify_store = ssl_ctx->cert_store;

  358.   if (hs->config->cert->verify_store != NULL) {

  359.     verify_store = hs->config->cert->verify_store;

  360.   }

  361. 

  362.   X509 *leaf = sk_X509_value(cert_chain, 0);

  363.   ScopedX509_STORE_CTX ctx;

  364.   if (!X509_STORE_CTX_init(ctx.get(), verify_store, leaf, cert_chain)) {

  365.     OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);

  366.     return 0;

  367.   }

  368.   if (!X509_STORE_CTX_set_ex_data(

  369.           ctx.get(), SSL_get_ex_data_X509_STORE_CTX_idx(), hs->ssl)) {

  370.     return 0;

  371.   }

  372. 

  373.   // We need to inherit the verify parameters. These can be determined by the

  374.   // context: if its a server it will verify SSL client certificates or vice

  375.   // versa.

  376.   X509_STORE_CTX_set_default(ctx.get(),

  377.                              hs->ssl->server ? "ssl_client" : "ssl_server");

  378. 

  379.   // Anything non-default in "param" should overwrite anything in the ctx.

  380.   X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(ctx.get()),

  381.                          hs->config->param);

  382. 

  383.   if (hs->config->verify_callback) {

  384.     X509_STORE_CTX_set_verify_cb(ctx.get(), hs->config->verify_callback);

  385.   }

  386. 

  387.   int verify_ret;

  388.   if (ssl_ctx->app_verify_callback != NULL) {

  389.     verify_ret =

  390.         ssl_ctx->app_verify_callback(ctx.get(), ssl_ctx->app_verify_arg);

  391.   } else {

  392.     verify_ret = X509_verify_cert(ctx.get());

  393.   }

  394. 

  395.   session->verify_result = ctx->error;

  396. 

  397.   // If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result.

  398.   if (verify_ret <= 0 && hs->config->verify_mode != SSL_VERIFY_NONE) {

  399.     *out_alert = SSL_alert_from_verify_result(ctx->error);

  400.     return 0;

  401.   }

  402. 

  403.   ERR_clear_error();

  404.   return 1;

  405. }

  406. 

  407. static void ssl_crypto_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE *hs) {

  408.   sk_X509_NAME_pop_free(hs->cached_x509_ca_names, X509_NAME_free);

  409.   hs->cached_x509_ca_names = NULL;

  410. }

  411. 

  412. static int ssl_crypto_x509_ssl_new(SSL_HANDSHAKE *hs) {

  413.   hs->config->param = X509_VERIFY_PARAM_new();

  414.   if (hs->config->param == NULL) {

  415.     return 0;

  416.   }

  417.   X509_VERIFY_PARAM_inherit(hs->config->param, hs->ssl->ctx->param);

  418.   return 1;

  419. }

  420. 

  421. static void ssl_crypto_x509_ssl_flush_cached_client_CA(SSL_CONFIG *cfg) {

  422.   sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);

  423.   cfg->cached_x509_client_CA = NULL;

  424. }

  425. 

  426. static void ssl_crypto_x509_ssl_config_free(SSL_CONFIG *cfg) {

  427.   sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);

  428.   cfg->cached_x509_client_CA = NULL;

  429.   X509_VERIFY_PARAM_free(cfg->param);

  430. }

  431. 

  432. static int ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) {

  433.   // Only build a chain if there are no intermediates configured and the feature

  434.   // isn't disabled.

  435.   if ((hs->ssl->mode & SSL_MODE_NO_AUTO_CHAIN) ||

  436.       !ssl_has_certificate(hs->config) || hs->config->cert->chain == NULL ||

  437.       sk_CRYPTO_BUFFER_num(hs->config->cert->chain.get()) > 1) {

  438.     return 1;

  439.   }

  440. 

  441.   UniquePtr<X509> leaf(X509_parse_from_buffer(

  442.       sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0)));

  443.   if (!leaf) {

  444.     OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);

  445.     return 0;

  446.   }

  447. 

  448.   ScopedX509_STORE_CTX ctx;

  449.   if (!X509_STORE_CTX_init(ctx.get(), hs->ssl->ctx->cert_store, leaf.get(),

  450.                            NULL)) {

  451.     OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);

  452.     return 0;

  453.   }

  454. 

  455.   // Attempt to build a chain, ignoring the result.

  456.   X509_verify_cert(ctx.get());

  457.   ERR_clear_error();

  458. 

  459.   // Remove the leaf from the generated chain.

  460.   X509_free(sk_X509_shift(ctx->chain));

  461. 

  462.   if (!ssl_cert_set_chain(hs->config->cert.get(), ctx->chain)) {

  463.     return 0;

  464.   }

  465. 

  466.   ssl_crypto_x509_cert_flush_cached_chain(hs->config->cert.get());

  467. 

  468.   return 1;

  469. }

  470. 

  471. static void ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {

  472.   sk_X509_NAME_pop_free(ctx->cached_x509_client_CA, X509_NAME_free);

  473.   ctx->cached_x509_client_CA = NULL;

  474. }

  475. 

  476. static int ssl_crypto_x509_ssl_ctx_new(SSL_CTX *ctx) {

  477.   ctx->cert_store = X509_STORE_new();

  478.   ctx->param = X509_VERIFY_PARAM_new();

  479.   return (ctx->cert_store != NULL && ctx->param != NULL);

  480. }

  481. 

  482. static void ssl_crypto_x509_ssl_ctx_free(SSL_CTX *ctx) {

  483.   ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(ctx);

  484.   X509_VERIFY_PARAM_free(ctx->param);

  485.   X509_STORE_free(ctx->cert_store);

  486. }

  487. 

  488. const SSL_X509_METHOD ssl_crypto_x509_method = {

  489.   ssl_crypto_x509_check_client_CA_list,

  490.   ssl_crypto_x509_cert_clear,

  491.   ssl_crypto_x509_cert_free,

  492.   ssl_crypto_x509_cert_dup,

  493.   ssl_crypto_x509_cert_flush_cached_chain,

  494.   ssl_crypto_x509_cert_flush_cached_leaf,

  495.   ssl_crypto_x509_session_cache_objects,

  496.   ssl_crypto_x509_session_dup,

  497.   ssl_crypto_x509_session_clear,

  498.   ssl_crypto_x509_session_verify_cert_chain,

  499.   ssl_crypto_x509_hs_flush_cached_ca_names,

  500.   ssl_crypto_x509_ssl_new,

  501.   ssl_crypto_x509_ssl_config_free,

  502.   ssl_crypto_x509_ssl_flush_cached_client_CA,

  503.   ssl_crypto_x509_ssl_auto_chain_if_needed,

  504.   ssl_crypto_x509_ssl_ctx_new,

  505.   ssl_crypto_x509_ssl_ctx_free,

  506.   ssl_crypto_x509_ssl_ctx_flush_cached_client_CA,

  507. };

  508. 

  509. }  // namespace bssl

  510. 

  511. using namespace bssl;

  512. 

  513. X509 *SSL_get_peer_certificate(const SSL *ssl) {

  514.   check_ssl_x509_method(ssl);

  515.   if (ssl == NULL) {

  516.     return NULL;

  517.   }

  518.   SSL_SESSION *session = SSL_get_session(ssl);

  519.   if (session == NULL || session->x509_peer == NULL) {

  520.     return NULL;

  521.   }

  522.   X509_up_ref(session->x509_peer);

  523.   return session->x509_peer;

  524. }

  525. 

  526. STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl) {

  527.   check_ssl_x509_method(ssl);

  528.   if (ssl == NULL) {

  529.     return NULL;

  530.   }

  531.   SSL_SESSION *session = SSL_get_session(ssl);

  532.   if (session == NULL ||

  533.       session->x509_chain == NULL) {

  534.     return NULL;

  535.   }

  536. 

  537.   if (!ssl->server) {

  538.     return session->x509_chain;

  539.   }

  540. 

  541.   // OpenSSL historically didn't include the leaf certificate in the returned

  542.   // certificate chain, but only for servers.

  543.   if (session->x509_chain_without_leaf == NULL) {

  544.     session->x509_chain_without_leaf = sk_X509_new_null();

  545.     if (session->x509_chain_without_leaf == NULL) {

  546.       return NULL;

  547.     }

  548. 

  549.     for (size_t i = 1; i < sk_X509_num(session->x509_chain); i++) {

  550.       X509 *cert = sk_X509_value(session->x509_chain, i);

  551.       if (!PushToStack(session->x509_chain_without_leaf, UpRef(cert))) {

  552.         sk_X509_pop_free(session->x509_chain_without_leaf, X509_free);

  553.         session->x509_chain_without_leaf = NULL;

  554.         return NULL;

  555.       }

  556.     }

  557.   }

  558. 

  559.   return session->x509_chain_without_leaf;

  560. }

  561. 

  562. STACK_OF(X509) *SSL_get_peer_full_cert_chain(const SSL *ssl) {

  563.   check_ssl_x509_method(ssl);

  564.   SSL_SESSION *session = SSL_get_session(ssl);

  565.   if (session == NULL) {

  566.     return NULL;

  567.   }

  568. 

  569.   return session->x509_chain;

  570. }

  571. 

  572. int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose) {

  573.   check_ssl_ctx_x509_method(ctx);

  574.   return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);

  575. }

  576. 

  577. int SSL_set_purpose(SSL *ssl, int purpose) {

  578.   check_ssl_x509_method(ssl);

  579.   if (!ssl->config) {

  580.     return 0;

  581.   }

  582.   return X509_VERIFY_PARAM_set_purpose(ssl->config->param, purpose);

  583. }

  584. 

  585. int SSL_CTX_set_trust(SSL_CTX *ctx, int trust) {

  586.   check_ssl_ctx_x509_method(ctx);

  587.   return X509_VERIFY_PARAM_set_trust(ctx->param, trust);

  588. }

  589. 

  590. int SSL_set_trust(SSL *ssl, int trust) {

  591.   check_ssl_x509_method(ssl);

  592.   if (!ssl->config) {

  593.     return 0;

  594.   }

  595.   return X509_VERIFY_PARAM_set_trust(ssl->config->param, trust);

  596. }

  597. 

  598. int SSL_CTX_set1_param(SSL_CTX *ctx, const X509_VERIFY_PARAM *param) {

  599.   check_ssl_ctx_x509_method(ctx);

  600.   return X509_VERIFY_PARAM_set1(ctx->param, param);

  601. }

  602. 

  603. int SSL_set1_param(SSL *ssl, const X509_VERIFY_PARAM *param) {

  604.   check_ssl_x509_method(ssl);

  605.   if (!ssl->config) {

  606.     return 0;

  607.   }

  608.   return X509_VERIFY_PARAM_set1(ssl->config->param, param);

  609. }

  610. 

  611. X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) {

  612.   check_ssl_ctx_x509_method(ctx);

  613.   return ctx->param;

  614. }

  615. 

  616. X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) {

  617.   check_ssl_x509_method(ssl);

  618.   if (!ssl->config) {

  619.     assert(ssl->config);

  620.     return 0;

  621.   }

  622.   return ssl->config->param;

  623. }

  624. 

  625. int SSL_get_verify_depth(const SSL *ssl) {

  626.   check_ssl_x509_method(ssl);

  627.   if (!ssl->config) {

  628.     assert(ssl->config);

  629.     return 0;

  630.   }

  631.   return X509_VERIFY_PARAM_get_depth(ssl->config->param);

  632. }

  633. 

  634. int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *) {

  635.   check_ssl_x509_method(ssl);

  636.   if (!ssl->config) {

  637.     assert(ssl->config);

  638.     return 0;

  639.   }

  640.   return ssl->config->verify_callback;

  641. }

  642. 

  643. int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) {

  644.   check_ssl_ctx_x509_method(ctx);

  645.   return ctx->verify_mode;

  646. }

  647. 

  648. int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) {

  649.   check_ssl_ctx_x509_method(ctx);

  650.   return X509_VERIFY_PARAM_get_depth(ctx->param);

  651. }

  652. 

  653. int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(

  654.     int ok, X509_STORE_CTX *store_ctx) {

  655.   check_ssl_ctx_x509_method(ctx);

  656.   return ctx->default_verify_callback;

  657. }

  658. 

  659. void SSL_set_verify(SSL *ssl, int mode,

  660.                     int (*callback)(int ok, X509_STORE_CTX *store_ctx)) {

  661.   check_ssl_x509_method(ssl);

  662.   if (!ssl->config) {

  663.     return;

  664.   }

  665.   ssl->config->verify_mode = mode;

  666.   if (callback != NULL) {

  667.     ssl->config->verify_callback = callback;

  668.   }

  669. }

  670. 

  671. void SSL_set_verify_depth(SSL *ssl, int depth) {

  672.   check_ssl_x509_method(ssl);

  673.   if (!ssl->config) {

  674.     return;

  675.   }

  676.   X509_VERIFY_PARAM_set_depth(ssl->config->param, depth);

  677. }

  678. 

  679. void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,

  680.                                       int (*cb)(X509_STORE_CTX *store_ctx,

  681.                                                 void *arg),

  682.                                       void *arg) {

  683.   check_ssl_ctx_x509_method(ctx);

  684.   ctx->app_verify_callback = cb;

  685.   ctx->app_verify_arg = arg;

  686. }

  687. 

  688. void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,

  689.                         int (*cb)(int, X509_STORE_CTX *)) {

  690.   check_ssl_ctx_x509_method(ctx);

  691.   ctx->verify_mode = mode;

  692.   ctx->default_verify_callback = cb;

  693. }

  694. 

  695. void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) {

  696.   check_ssl_ctx_x509_method(ctx);

  697.   X509_VERIFY_PARAM_set_depth(ctx->param, depth);

  698. }

  699. 

  700. int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) {

  701.   check_ssl_ctx_x509_method(ctx);

  702.   return X509_STORE_set_default_paths(ctx->cert_store);

  703. }

  704. 

  705. int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *ca_file,

  706.                                   const char *ca_dir) {

  707.   check_ssl_ctx_x509_method(ctx);

  708.   return X509_STORE_load_locations(ctx->cert_store, ca_file, ca_dir);

  709. }

  710. 

  711. void SSL_set_verify_result(SSL *ssl, long result) {

  712.   check_ssl_x509_method(ssl);

  713.   if (result != X509_V_OK) {

  714.     abort();

  715.   }

  716. }

  717. 

  718. long SSL_get_verify_result(const SSL *ssl) {

  719.   check_ssl_x509_method(ssl);

  720.   SSL_SESSION *session = SSL_get_session(ssl);

  721.   if (session == NULL) {

  722.     return X509_V_ERR_INVALID_CALL;

  723.   }

  724.   return session->verify_result;

  725. }

  726. 

  727. X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {

  728.   check_ssl_ctx_x509_method(ctx);

  729.   return ctx->cert_store;

  730. }

  731. 

  732. void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) {

  733.   check_ssl_ctx_x509_method(ctx);

  734.   X509_STORE_free(ctx->cert_store);

  735.   ctx->cert_store = store;

  736. }

  737. 

  738. static int ssl_use_certificate(CERT *cert, X509 *x) {

  739.   if (x == NULL) {

  740.     OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);

  741.     return 0;

  742.   }

  743. 

  744.   UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x);

  745.   if (!buffer) {

  746.     return 0;

  747.   }

  748. 

  749.   return ssl_set_cert(cert, std::move(buffer));

  750. }

  751. 

  752. int SSL_use_certificate(SSL *ssl, X509 *x) {

  753.   check_ssl_x509_method(ssl);

  754.   if (!ssl->config) {

  755.     return 0;

  756.   }

  757.   return ssl_use_certificate(ssl->config->cert.get(), x);

  758. }

  759. 

  760. int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) {

  761.   check_ssl_ctx_x509_method(ctx);

  762.   return ssl_use_certificate(ctx->cert.get(), x);

  763. }

  764. 

  765. // ssl_cert_cache_leaf_cert sets |cert->x509_leaf|, if currently NULL, from the

  766. // first element of |cert->chain|.

  767. static int ssl_cert_cache_leaf_cert(CERT *cert) {

  768.   assert(cert->x509_method);

  769. 

  770.   if (cert->x509_leaf != NULL ||

  771.       cert->chain == NULL) {

  772.     return 1;

  773.   }

  774. 

  775.   CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);

  776.   if (!leaf) {

  777.     return 1;

  778.   }

  779. 

  780.   cert->x509_leaf = X509_parse_from_buffer(leaf);

  781.   return cert->x509_leaf != NULL;

  782. }

  783. 

  784. static X509 *ssl_cert_get0_leaf(CERT *cert) {

  785.   if (cert->x509_leaf == NULL &&

  786.       !ssl_cert_cache_leaf_cert(cert)) {

  787.     return NULL;

  788.   }

  789. 

  790.   return cert->x509_leaf;

  791. }

  792. 

  793. X509 *SSL_get_certificate(const SSL *ssl) {

  794.   check_ssl_x509_method(ssl);

  795.   if (!ssl->config) {

  796.     assert(ssl->config);

  797.     return 0;

  798.   }

  799.   return ssl_cert_get0_leaf(ssl->config->cert.get());

  800. }

  801. 

  802. X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) {

  803.   check_ssl_ctx_x509_method(ctx);

  804.   MutexWriteLock lock(const_cast<CRYPTO_MUTEX*>(&ctx->lock));

  805.   return ssl_cert_get0_leaf(ctx->cert.get());

  806. }

  807. 

  808. static int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain) {

  809.   if (!ssl_cert_set_chain(cert, chain)) {

  810.     return 0;

  811.   }

  812. 

  813.   sk_X509_pop_free(chain, X509_free);

  814.   ssl_crypto_x509_cert_flush_cached_chain(cert);

  815.   return 1;

  816. }

  817. 

  818. static int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain) {

  819.   if (!ssl_cert_set_chain(cert, chain)) {

  820.     return 0;

  821.   }

  822. 

  823.   ssl_crypto_x509_cert_flush_cached_chain(cert);

  824.   return 1;

  825. }

  826. 

  827. static int ssl_cert_append_cert(CERT *cert, X509 *x509) {

  828.   assert(cert->x509_method);

  829. 

  830.   UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509);

  831.   if (!buffer) {

  832.     return 0;

  833.   }

  834. 

  835.   if (cert->chain != NULL) {

  836.     return PushToStack(cert->chain.get(), std::move(buffer));

  837.   }

  838. 

  839.   cert->chain = new_leafless_chain();

  840.   if (!cert->chain ||

  841.       !PushToStack(cert->chain.get(), std::move(buffer))) {

  842.     cert->chain.reset();

  843.     return 0;

  844.   }

  845. 

  846.   return 1;

  847. }

  848. 

  849. static int ssl_cert_add0_chain_cert(CERT *cert, X509 *x509) {

  850.   if (!ssl_cert_append_cert(cert, x509)) {

  851.     return 0;

  852.   }

  853. 

  854.   X509_free(cert->x509_stash);

  855.   cert->x509_stash = x509;

  856.   ssl_crypto_x509_cert_flush_cached_chain(cert);

  857.   return 1;

  858. }

  859. 

  860. static int ssl_cert_add1_chain_cert(CERT *cert, X509 *x509) {

  861.   if (!ssl_cert_append_cert(cert, x509)) {

  862.     return 0;

  863.   }

  864. 

  865.   ssl_crypto_x509_cert_flush_cached_chain(cert);

  866.   return 1;

  867. }

  868. 

  869. int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {

  870.   check_ssl_ctx_x509_method(ctx);

  871.   return ssl_cert_set0_chain(ctx->cert.get(), chain);

  872. }

  873. 

  874. int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {

  875.   check_ssl_ctx_x509_method(ctx);

  876.   return ssl_cert_set1_chain(ctx->cert.get(), chain);

  877. }

  878. 

  879. int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain) {

  880.   check_ssl_x509_method(ssl);

  881.   if (!ssl->config) {

  882.     return 0;

  883.   }

  884.   return ssl_cert_set0_chain(ssl->config->cert.get(), chain);

  885. }

  886. 

  887. int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain) {

  888.   check_ssl_x509_method(ssl);

  889.   if (!ssl->config) {

  890.     return 0;

  891.   }

  892.   return ssl_cert_set1_chain(ssl->config->cert.get(), chain);

  893. }

  894. 

  895. int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509) {

  896.   check_ssl_ctx_x509_method(ctx);

  897.   return ssl_cert_add0_chain_cert(ctx->cert.get(), x509);

  898. }

  899. 

  900. int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509) {

  901.   check_ssl_ctx_x509_method(ctx);

  902.   return ssl_cert_add1_chain_cert(ctx->cert.get(), x509);

  903. }

  904. 

  905. int SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509) {

  906.   check_ssl_ctx_x509_method(ctx);

  907.   return SSL_CTX_add0_chain_cert(ctx, x509);

  908. }

  909. 

  910. int SSL_add0_chain_cert(SSL *ssl, X509 *x509) {

  911.   check_ssl_x509_method(ssl);

  912.   if (!ssl->config) {

  913.     return 0;

  914.   }

  915.   return ssl_cert_add0_chain_cert(ssl->config->cert.get(), x509);

  916. }

  917. 

  918. int SSL_add1_chain_cert(SSL *ssl, X509 *x509) {

  919.   check_ssl_x509_method(ssl);

  920.   if (!ssl->config) {

  921.     return 0;

  922.   }

  923.   return ssl_cert_add1_chain_cert(ssl->config->cert.get(), x509);

  924. }

  925. 

  926. int SSL_CTX_clear_chain_certs(SSL_CTX *ctx) {

  927.   check_ssl_ctx_x509_method(ctx);

  928.   return SSL_CTX_set0_chain(ctx, NULL);

  929. }

  930. 

  931. int SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx) {

  932.   check_ssl_ctx_x509_method(ctx);

  933.   return SSL_CTX_clear_chain_certs(ctx);

  934. }

  935. 

  936. int SSL_clear_chain_certs(SSL *ssl) {

  937.   check_ssl_x509_method(ssl);

  938.   return SSL_set0_chain(ssl, NULL);

  939. }

  940. 

  941. // ssl_cert_cache_chain_certs fills in |cert->x509_chain| from elements 1.. of

  942. // |cert->chain|.

  943. static int ssl_cert_cache_chain_certs(CERT *cert) {

  944.   assert(cert->x509_method);

  945. 

  946.   if (cert->x509_chain != nullptr ||

  947.       cert->chain == nullptr ||

  948.       sk_CRYPTO_BUFFER_num(cert->chain.get()) < 2) {

  949.     return 1;

  950.   }

  951. 

  952.   UniquePtr<STACK_OF(X509)> chain(sk_X509_new_null());

  953.   if (!chain) {

  954.     return 0;

  955.   }

  956. 

  957.   for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(cert->chain.get()); i++) {

  958.     CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(cert->chain.get(), i);

  959.     UniquePtr<X509> x509(X509_parse_from_buffer(buffer));

  960.     if (!x509 ||

  961.         !PushToStack(chain.get(), std::move(x509))) {

  962.       return 0;

  963.     }

  964.   }

  965. 

  966.   cert->x509_chain = chain.release();

  967.   return 1;

  968. }

  969. 

  970. int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain) {

  971.   check_ssl_ctx_x509_method(ctx);

  972.   MutexWriteLock lock(const_cast<CRYPTO_MUTEX*>(&ctx->lock));

  973.   if (!ssl_cert_cache_chain_certs(ctx->cert.get())) {

  974.     *out_chain = NULL;

  975.     return 0;

  976.   }

  977. 

  978.   *out_chain = ctx->cert->x509_chain;

  979.   return 1;

  980. }

  981. 

  982. int SSL_CTX_get_extra_chain_certs(const SSL_CTX *ctx,

  983.                                   STACK_OF(X509) **out_chain) {

  984.   return SSL_CTX_get0_chain_certs(ctx, out_chain);

  985. }

  986. 

  987. int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) {

  988.   check_ssl_x509_method(ssl);

  989.   if (!ssl->config) {

  990.     assert(ssl->config);

  991.     return 0;

  992.   }

  993.   if (!ssl_cert_cache_chain_certs(ssl->config->cert.get())) {

  994.     *out_chain = NULL;

  995.     return 0;

  996.   }

  997. 

  998.   *out_chain = ssl->config->cert->x509_chain;

  999.   return 1;

  1000. }

  1001. 

  1002. static SSL_SESSION *ssl_session_new_with_crypto_x509(void) {

  1003.   return ssl_session_new(&ssl_crypto_x509_method).release();

  1004. }

  1005. 

  1006. SSL_SESSION *d2i_SSL_SESSION_bio(BIO *bio, SSL_SESSION **out) {

  1007.   return ASN1_d2i_bio_of(SSL_SESSION, ssl_session_new_with_crypto_x509,

  1008.                          d2i_SSL_SESSION, bio, out);

  1009. }

  1010. 

  1011. int i2d_SSL_SESSION_bio(BIO *bio, const SSL_SESSION *session) {

  1012.   return ASN1_i2d_bio_of(SSL_SESSION, i2d_SSL_SESSION, bio, session);

  1013. }

  1014. 

  1015. IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)

  1016. 

  1017. SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {

  1018.   if (length < 0) {

  1019.     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);

  1020.     return NULL;

  1021.   }

  1022. 

  1023.   CBS cbs;

  1024.   CBS_init(&cbs, *pp, length);

  1025. 

  1026.   UniquePtr<SSL_SESSION> ret = SSL_SESSION_parse(&cbs, &ssl_crypto_x509_method,

  1027.                                                  NULL /* no buffer pool */);

  1028.   if (!ret) {

  1029.     return NULL;

  1030.   }

  1031. 

  1032.   if (a) {

  1033.     SSL_SESSION_free(*a);

  1034.     *a = ret.get();

  1035.   }

  1036.   *pp = CBS_data(&cbs);

  1037.   return ret.release();

  1038. }

  1039. 

  1040. STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *list) {

  1041.   return sk_X509_NAME_deep_copy(list, X509_NAME_dup, X509_NAME_free);

  1042. }

  1043. 

  1044. static void set_client_CA_list(UniquePtr<STACK_OF(CRYPTO_BUFFER)> *ca_list,

  1045.                                const STACK_OF(X509_NAME) *name_list,

  1046.                                CRYPTO_BUFFER_POOL *pool) {

  1047.   UniquePtr<STACK_OF(CRYPTO_BUFFER)> buffers(sk_CRYPTO_BUFFER_new_null());

  1048.   if (!buffers) {

  1049.     return;

  1050.   }

  1051. 

  1052.   for (X509_NAME *name : name_list) {

  1053.     uint8_t *outp = NULL;

  1054.     int len = i2d_X509_NAME(name, &outp);

  1055.     if (len < 0) {

  1056.       return;

  1057.     }

  1058. 

  1059.     UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(outp, len, pool));

  1060.     OPENSSL_free(outp);

  1061.     if (!buffer ||

  1062.         !PushToStack(buffers.get(), std::move(buffer))) {

  1063.       return;

  1064.     }

  1065.   }

  1066. 

  1067.   *ca_list = std::move(buffers);

  1068. }

  1069. 

  1070. void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list) {

  1071.   check_ssl_x509_method(ssl);

  1072.   if (!ssl->config) {

  1073.     return;

  1074.   }

  1075.   ssl->ctx->x509_method->ssl_flush_cached_client_CA(ssl->config.get());

  1076.   set_client_CA_list(&ssl->config->client_CA, name_list, ssl->ctx->pool);

  1077.   sk_X509_NAME_pop_free(name_list, X509_NAME_free);

  1078. }

  1079. 

  1080. void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) {

  1081.   check_ssl_ctx_x509_method(ctx);

  1082.   ctx->x509_method->ssl_ctx_flush_cached_client_CA(ctx);

  1083.   set_client_CA_list(&ctx->client_CA, name_list, ctx->pool);

  1084.   sk_X509_NAME_pop_free(name_list, X509_NAME_free);

  1085. }

  1086. 

  1087. static STACK_OF(X509_NAME) *

  1088.     buffer_names_to_x509(const STACK_OF(CRYPTO_BUFFER) *names,

  1089.                          STACK_OF(X509_NAME) **cached) {

  1090.   if (names == NULL) {

  1091.     return NULL;

  1092.   }

  1093. 

  1094.   if (*cached != NULL) {

  1095.     return *cached;

  1096.   }

  1097. 

  1098.   UniquePtr<STACK_OF(X509_NAME)> new_cache(sk_X509_NAME_new_null());

  1099.   if (!new_cache) {

  1100.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  1101.     return NULL;

  1102.   }

  1103. 

  1104.   for (const CRYPTO_BUFFER *buffer : names) {

  1105.     const uint8_t *inp = CRYPTO_BUFFER_data(buffer);

  1106.     UniquePtr<X509_NAME> name(

  1107.         d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));

  1108.     if (!name ||

  1109.         inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer) ||

  1110.         !PushToStack(new_cache.get(), std::move(name))) {

  1111.       return NULL;

  1112.     }

  1113.   }

  1114. 

  1115.   *cached = new_cache.release();

  1116.   return *cached;

  1117. }

  1118. 

  1119. STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl) {

  1120.   check_ssl_x509_method(ssl);

  1121.   if (!ssl->config) {

  1122.     assert(ssl->config);

  1123.     return NULL;

  1124.   }

  1125.   // For historical reasons, this function is used both to query configuration

  1126.   // state on a server as well as handshake state on a client. However, whether

  1127.   // |ssl| is a client or server is not known until explicitly configured with

  1128.   // |SSL_set_connect_state|. If |do_handshake| is NULL, |ssl| is in an

  1129.   // indeterminate mode and |ssl->server| is unset.

  1130.   if (ssl->do_handshake != NULL && !ssl->server) {

  1131.     if (ssl->s3->hs != NULL) {

  1132.       return buffer_names_to_x509(ssl->s3->hs->ca_names.get(),

  1133.                                   &ssl->s3->hs->cached_x509_ca_names);

  1134.     }

  1135. 

  1136.     return NULL;

  1137.   }

  1138. 

  1139.   if (ssl->config->client_CA != NULL) {

  1140.     return buffer_names_to_x509(

  1141.         ssl->config->client_CA.get(),

  1142.         (STACK_OF(X509_NAME) **)&ssl->config->cached_x509_client_CA);

  1143.   }

  1144.   return SSL_CTX_get_client_CA_list(ssl->ctx.get());

  1145. }

  1146. 

  1147. STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) {

  1148.   check_ssl_ctx_x509_method(ctx);

  1149.   // This is a logically const operation that may be called on multiple threads,

  1150.   // so it needs to lock around updating |cached_x509_client_CA|.

  1151.   MutexWriteLock lock(const_cast<CRYPTO_MUTEX *>(&ctx->lock));

  1152.   return buffer_names_to_x509(

  1153.       ctx->client_CA.get(),

  1154.       const_cast<STACK_OF(X509_NAME) **>(&ctx->cached_x509_client_CA));

  1155. }

  1156. 

  1157. static int add_client_CA(UniquePtr<STACK_OF(CRYPTO_BUFFER)> *names, X509 *x509,

  1158.                          CRYPTO_BUFFER_POOL *pool) {

  1159.   if (x509 == NULL) {

  1160.     return 0;

  1161.   }

  1162. 

  1163.   uint8_t *outp = NULL;

  1164.   int len = i2d_X509_NAME(X509_get_subject_name(x509), &outp);

  1165.   if (len < 0) {

  1166.     return 0;

  1167.   }

  1168. 

  1169.   UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(outp, len, pool));

  1170.   OPENSSL_free(outp);

  1171.   if (!buffer) {

  1172.     return 0;

  1173.   }

  1174. 

  1175.   int alloced = 0;

  1176.   if (*names == nullptr) {

  1177.     names->reset(sk_CRYPTO_BUFFER_new_null());

  1178.     alloced = 1;

  1179. 

  1180.     if (*names == NULL) {

  1181.       return 0;

  1182.     }

  1183.   }

  1184. 

  1185.   if (!PushToStack(names->get(), std::move(buffer))) {

  1186.     if (alloced) {

  1187.       names->reset();

  1188.     }

  1189.     return 0;

  1190.   }

  1191. 

  1192.   return 1;

  1193. }

  1194. 

  1195. int SSL_add_client_CA(SSL *ssl, X509 *x509) {

  1196.   check_ssl_x509_method(ssl);

  1197.   if (!ssl->config) {

  1198.     return 0;

  1199.   }

  1200.   if (!add_client_CA(&ssl->config->client_CA, x509, ssl->ctx->pool)) {

  1201.     return 0;

  1202.   }

  1203. 

  1204.   ssl_crypto_x509_ssl_flush_cached_client_CA(ssl->config.get());

  1205.   return 1;

  1206. }

  1207. 

  1208. int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x509) {

  1209.   check_ssl_ctx_x509_method(ctx);

  1210.   if (!add_client_CA(&ctx->client_CA, x509, ctx->pool)) {

  1211.     return 0;

  1212.   }

  1213. 

  1214.   ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(ctx);

  1215.   return 1;

  1216. }

  1217. 

  1218. static int do_client_cert_cb(SSL *ssl, void *arg) {

  1219.   // Should only be called during handshake, but check to be sure.

  1220.   if (!ssl->config) {

  1221.     assert(ssl->config);

  1222.     return -1;

  1223.   }

  1224.   if (ssl_has_certificate(ssl->config.get()) ||

  1225.       ssl->ctx->client_cert_cb == NULL) {

  1226.     return 1;

  1227.   }

  1228. 

  1229.   X509 *x509 = NULL;

  1230.   EVP_PKEY *pkey = NULL;

  1231.   int ret = ssl->ctx->client_cert_cb(ssl, &x509, &pkey);

  1232.   if (ret < 0) {

  1233.     return -1;

  1234.   }

  1235.   UniquePtr<X509> free_x509(x509);

  1236.   UniquePtr<EVP_PKEY> free_pkey(pkey);

  1237. 

  1238.   if (ret != 0) {

  1239.     if (!SSL_use_certificate(ssl, x509) ||

  1240.         !SSL_use_PrivateKey(ssl, pkey)) {

  1241.       return 0;

  1242.     }

  1243.   }

  1244. 

  1245.   return 1;

  1246. }

  1247. 

  1248. void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl,

  1249.                                                         X509 **out_x509,

  1250.                                                         EVP_PKEY **out_pkey)) {

  1251.   check_ssl_ctx_x509_method(ctx);

  1252.   // Emulate the old client certificate callback with the new one.

  1253.   SSL_CTX_set_cert_cb(ctx, do_client_cert_cb, NULL);

  1254.   ctx->client_cert_cb = cb;

  1255. }

  1256. 

  1257. static int set_cert_store(X509_STORE **store_ptr, X509_STORE *new_store,

  1258.                           int take_ref) {

  1259.   X509_STORE_free(*store_ptr);

  1260.   *store_ptr = new_store;

  1261. 

  1262.   if (new_store != NULL && take_ref) {

  1263.     X509_STORE_up_ref(new_store);

  1264.   }

  1265. 

  1266.   return 1;

  1267. }

  1268. 

  1269. int SSL_get_ex_data_X509_STORE_CTX_idx(void) {

  1270.   // The ex_data index to go from |X509_STORE_CTX| to |SSL| always uses the

  1271.   // reserved app_data slot. Before ex_data was introduced, app_data was used.

  1272.   // Avoid breaking any software which assumes |X509_STORE_CTX_get_app_data|

  1273.   // works.

  1274.   return 0;

  1275. }

  1276. 

  1277. int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {

  1278.   check_ssl_ctx_x509_method(ctx);

  1279.   return set_cert_store(&ctx->cert->verify_store, store, 0);

  1280. }

  1281. 

  1282. int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {

  1283.   check_ssl_ctx_x509_method(ctx);

  1284.   return set_cert_store(&ctx->cert->verify_store, store, 1);

  1285. }

  1286. 

  1287. int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store) {

  1288.   check_ssl_x509_method(ssl);

  1289.   if (!ssl->config) {

  1290.     return 0;

  1291.   }

  1292.   return set_cert_store(&ssl->config->cert->verify_store, store, 0);

  1293. }

  1294. 

  1295. int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store) {

  1296.   check_ssl_x509_method(ssl);

  1297.   if (!ssl->config) {

  1298.     return 0;

  1299.   }

  1300.   return set_cert_store(&ssl->config->cert->verify_store, store, 1);

  1301. }

  1302. 

  1303. int SSL_alert_from_verify_result(long result) {

  1304.   switch (result) {

  1305.     case X509_V_ERR_CERT_CHAIN_TOO_LONG:

  1306.     case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:

  1307.     case X509_V_ERR_INVALID_CA:

  1308.     case X509_V_ERR_PATH_LENGTH_EXCEEDED:

  1309.     case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:

  1310.     case X509_V_ERR_UNABLE_TO_GET_CRL:

  1311.     case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:

  1312.     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:

  1313.     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:

  1314.     case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:

  1315.       return SSL_AD_UNKNOWN_CA;

  1316. 

  1317.     case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:

  1318.     case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:

  1319.     case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:

  1320.     case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:

  1321.     case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:

  1322.     case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:

  1323.     case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:

  1324.     case X509_V_ERR_CERT_UNTRUSTED:

  1325.     case X509_V_ERR_CERT_REJECTED:

  1326.     case X509_V_ERR_HOSTNAME_MISMATCH:

  1327.     case X509_V_ERR_EMAIL_MISMATCH:

  1328.     case X509_V_ERR_IP_ADDRESS_MISMATCH:

  1329.       return SSL_AD_BAD_CERTIFICATE;

  1330. 

  1331.     case X509_V_ERR_CERT_SIGNATURE_FAILURE:

  1332.     case X509_V_ERR_CRL_SIGNATURE_FAILURE:

  1333.       return SSL_AD_DECRYPT_ERROR;

  1334. 

  1335.     case X509_V_ERR_CERT_HAS_EXPIRED:

  1336.     case X509_V_ERR_CERT_NOT_YET_VALID:

  1337.     case X509_V_ERR_CRL_HAS_EXPIRED:

  1338.     case X509_V_ERR_CRL_NOT_YET_VALID:

  1339.       return SSL_AD_CERTIFICATE_EXPIRED;

  1340. 

  1341.     case X509_V_ERR_CERT_REVOKED:

  1342.       return SSL_AD_CERTIFICATE_REVOKED;

  1343. 

  1344.     case X509_V_ERR_UNSPECIFIED:

  1345.     case X509_V_ERR_OUT_OF_MEM:

  1346.     case X509_V_ERR_INVALID_CALL:

  1347.     case X509_V_ERR_STORE_LOOKUP:

  1348.       return SSL_AD_INTERNAL_ERROR;

  1349. 

  1350.     case X509_V_ERR_APPLICATION_VERIFICATION:

  1351.       return SSL_AD_HANDSHAKE_FAILURE;

  1352. 

  1353.     case X509_V_ERR_INVALID_PURPOSE:

  1354.       return SSL_AD_UNSUPPORTED_CERTIFICATE;

  1355. 

  1356.     default:

  1357.       return SSL_AD_CERTIFICATE_UNKNOWN;

  1358.   }

  1359. }