1 /* $OpenBSD: x509_vpm.c,v 1.23 2020/12/16 13:44:17 tb Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2004. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 #include <string.h> 61 62 #include <openssl/buffer.h> 63 #include <openssl/crypto.h> 64 #include <openssl/lhash.h> 65 #include <openssl/stack.h> 66 #include <openssl/x509.h> 67 #include <openssl/x509v3.h> 68 69 #include "vpm_int.h" 70 71 /* X509_VERIFY_PARAM functions */ 72 73 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, 74 size_t emaillen); 75 int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, 76 size_t iplen); 77 78 #define SET_HOST 0 79 #define ADD_HOST 1 80 81 static void 82 str_free(char *s) 83 { 84 free(s); 85 } 86 87 #define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free) 88 89 90 /* 91 * Post 1.0.1 sk function "deep_copy". For the moment we simply make 92 * these take void * and use them directly without a glorious blob of 93 * obfuscating macros of dubious value in front of them. All this in 94 * preparation for a rototilling of safestack.h (likely inspired by 95 * this). 96 */ 97 static void * 98 sk_deep_copy(void *sk_void, void *copy_func_void, void *free_func_void) 99 { 100 _STACK *sk = sk_void; 101 void *(*copy_func)(void *) = copy_func_void; 102 void (*free_func)(void *) = free_func_void; 103 _STACK *ret = sk_dup(sk); 104 size_t i; 105 106 if (ret == NULL) 107 return NULL; 108 109 for (i = 0; i < ret->num; i++) { 110 if (ret->data[i] == NULL) 111 continue; 112 ret->data[i] = copy_func(ret->data[i]); 113 if (ret->data[i] == NULL) { 114 size_t j; 115 for (j = 0; j < i; j++) { 116 if (ret->data[j] != NULL) 117 free_func(ret->data[j]); 118 } 119 sk_free(ret); 120 return NULL; 121 } 122 } 123 124 return ret; 125 } 126 127 static int 128 x509_param_set_hosts_internal(X509_VERIFY_PARAM_ID *id, int mode, 129 const char *name, size_t namelen) 130 { 131 char *copy; 132 133 if (name != NULL && namelen == 0) 134 namelen = strlen(name); 135 /* 136 * Refuse names with embedded NUL bytes. 137 */ 138 if (name && memchr(name, '\0', namelen)) 139 return 0; 140 141 if (mode == SET_HOST && id->hosts) { 142 string_stack_free(id->hosts); 143 id->hosts = NULL; 144 } 145 if (name == NULL || namelen == 0) 146 return 1; 147 copy = strndup(name, namelen); 148 if (copy == NULL) 149 return 0; 150 151 if (id->hosts == NULL && 152 (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { 153 free(copy); 154 return 0; 155 } 156 157 if (!sk_OPENSSL_STRING_push(id->hosts, copy)) { 158 free(copy); 159 if (sk_OPENSSL_STRING_num(id->hosts) == 0) { 160 sk_OPENSSL_STRING_free(id->hosts); 161 id->hosts = NULL; 162 } 163 return 0; 164 } 165 166 return 1; 167 } 168 169 static void 170 x509_verify_param_zero(X509_VERIFY_PARAM *param) 171 { 172 X509_VERIFY_PARAM_ID *paramid; 173 if (!param) 174 return; 175 param->name = NULL; 176 param->purpose = 0; 177 param->trust = 0; 178 /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/ 179 param->inh_flags = 0; 180 param->flags = 0; 181 param->depth = -1; 182 if (param->policies) { 183 sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); 184 param->policies = NULL; 185 } 186 paramid = param->id; 187 if (paramid->hosts) { 188 string_stack_free(paramid->hosts); 189 paramid->hosts = NULL; 190 } 191 free(paramid->peername); 192 paramid->peername = NULL; 193 free(paramid->email); 194 paramid->email = NULL; 195 paramid->emaillen = 0; 196 free(paramid->ip); 197 paramid->ip = NULL; 198 paramid->iplen = 0; 199 paramid->poisoned = 0; 200 } 201 202 X509_VERIFY_PARAM * 203 X509_VERIFY_PARAM_new(void) 204 { 205 X509_VERIFY_PARAM *param; 206 X509_VERIFY_PARAM_ID *paramid; 207 param = calloc(1, sizeof(X509_VERIFY_PARAM)); 208 if (param == NULL) 209 return NULL; 210 paramid = calloc(1, sizeof(X509_VERIFY_PARAM_ID)); 211 if (paramid == NULL) { 212 free(param); 213 return NULL; 214 } 215 param->id = paramid; 216 x509_verify_param_zero(param); 217 return param; 218 } 219 220 void 221 X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) 222 { 223 if (param == NULL) 224 return; 225 x509_verify_param_zero(param); 226 free(param->id); 227 free(param); 228 } 229 230 /* 231 * This function determines how parameters are "inherited" from one structure 232 * to another. There are several different ways this can happen. 233 * 234 * 1. If a child structure needs to have its values initialized from a parent 235 * they are simply copied across. For example SSL_CTX copied to SSL. 236 * 2. If the structure should take on values only if they are currently unset. 237 * For example the values in an SSL structure will take appropriate value 238 * for SSL servers or clients but only if the application has not set new 239 * ones. 240 * 241 * The "inh_flags" field determines how this function behaves. 242 * 243 * Normally any values which are set in the default are not copied from the 244 * destination and verify flags are ORed together. 245 * 246 * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied 247 * to the destination. Effectively the values in "to" become default values 248 * which will be used only if nothing new is set in "from". 249 * 250 * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether 251 * they are set or not. Flags is still Ored though. 252 * 253 * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead 254 * of ORed. 255 * 256 * If X509_VP_FLAG_LOCKED is set then no values are copied. 257 * 258 * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed 259 * after the next call. 260 */ 261 262 /* Macro to test if a field should be copied from src to dest */ 263 264 #define test_x509_verify_param_copy(field, def) \ 265 (to_overwrite || \ 266 ((src->field != def) && (to_default || (dest->field == def)))) 267 268 /* As above but for ID fields */ 269 270 #define test_x509_verify_param_copy_id(idf, def) \ 271 test_x509_verify_param_copy(id->idf, def) 272 273 /* Macro to test and copy a field if necessary */ 274 275 #define x509_verify_param_copy(field, def) \ 276 if (test_x509_verify_param_copy(field, def)) \ 277 dest->field = src->field 278 279 int 280 X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, const X509_VERIFY_PARAM *src) 281 { 282 unsigned long inh_flags; 283 int to_default, to_overwrite; 284 X509_VERIFY_PARAM_ID *id; 285 286 if (!src) 287 return 1; 288 id = src->id; 289 inh_flags = dest->inh_flags | src->inh_flags; 290 291 if (inh_flags & X509_VP_FLAG_ONCE) 292 dest->inh_flags = 0; 293 294 if (inh_flags & X509_VP_FLAG_LOCKED) 295 return 1; 296 297 if (inh_flags & X509_VP_FLAG_DEFAULT) 298 to_default = 1; 299 else 300 to_default = 0; 301 302 if (inh_flags & X509_VP_FLAG_OVERWRITE) 303 to_overwrite = 1; 304 else 305 to_overwrite = 0; 306 307 x509_verify_param_copy(purpose, 0); 308 x509_verify_param_copy(trust, 0); 309 x509_verify_param_copy(depth, -1); 310 311 /* If overwrite or check time not set, copy across */ 312 313 if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) { 314 dest->check_time = src->check_time; 315 dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; 316 /* Don't need to copy flag: that is done below */ 317 } 318 319 if (inh_flags & X509_VP_FLAG_RESET_FLAGS) 320 dest->flags = 0; 321 322 dest->flags |= src->flags; 323 324 if (test_x509_verify_param_copy(policies, NULL)) { 325 if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) 326 return 0; 327 } 328 329 /* Copy the host flags if and only if we're copying the host list */ 330 if (test_x509_verify_param_copy_id(hosts, NULL)) { 331 if (dest->id->hosts) { 332 string_stack_free(dest->id->hosts); 333 dest->id->hosts = NULL; 334 } 335 if (id->hosts) { 336 dest->id->hosts = 337 sk_deep_copy(id->hosts, strdup, str_free); 338 if (dest->id->hosts == NULL) 339 return 0; 340 dest->id->hostflags = id->hostflags; 341 } 342 } 343 344 if (test_x509_verify_param_copy_id(email, NULL)) { 345 if (!X509_VERIFY_PARAM_set1_email(dest, id->email, 346 id->emaillen)) 347 return 0; 348 } 349 350 if (test_x509_verify_param_copy_id(ip, NULL)) { 351 if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen)) 352 return 0; 353 } 354 355 return 1; 356 } 357 358 int 359 X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from) 360 { 361 unsigned long save_flags = to->inh_flags; 362 int ret; 363 364 to->inh_flags |= X509_VP_FLAG_DEFAULT; 365 ret = X509_VERIFY_PARAM_inherit(to, from); 366 to->inh_flags = save_flags; 367 return ret; 368 } 369 370 static int 371 x509_param_set1_internal(char **pdest, size_t *pdestlen, const char *src, 372 size_t srclen, int nonul) 373 { 374 char *tmp; 375 376 if (src == NULL) 377 return 0; 378 379 if (srclen == 0) { 380 srclen = strlen(src); 381 if (srclen == 0) 382 return 0; 383 if ((tmp = strdup(src)) == NULL) 384 return 0; 385 } else { 386 if (nonul && memchr(src, '\0', srclen)) 387 return 0; 388 if ((tmp = malloc(srclen)) == NULL) 389 return 0; 390 memcpy(tmp, src, srclen); 391 } 392 393 if (*pdest) 394 free(*pdest); 395 *pdest = tmp; 396 if (pdestlen) 397 *pdestlen = srclen; 398 return 1; 399 } 400 401 int 402 X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) 403 { 404 free(param->name); 405 param->name = NULL; 406 if (name == NULL) 407 return 1; 408 param->name = strdup(name); 409 if (param->name) 410 return 1; 411 return 0; 412 } 413 414 int 415 X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) 416 { 417 param->flags |= flags; 418 if (flags & X509_V_FLAG_POLICY_MASK) 419 param->flags |= X509_V_FLAG_POLICY_CHECK; 420 return 1; 421 } 422 423 int 424 X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags) 425 { 426 param->flags &= ~flags; 427 return 1; 428 } 429 430 unsigned long 431 X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) 432 { 433 return param->flags; 434 } 435 436 int 437 X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) 438 { 439 return X509_PURPOSE_set(¶m->purpose, purpose); 440 } 441 442 int 443 X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) 444 { 445 return X509_TRUST_set(¶m->trust, trust); 446 } 447 448 void 449 X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) 450 { 451 param->depth = depth; 452 } 453 454 void 455 X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) 456 { 457 param->check_time = t; 458 param->flags |= X509_V_FLAG_USE_CHECK_TIME; 459 } 460 461 int 462 X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy) 463 { 464 if (!param->policies) { 465 param->policies = sk_ASN1_OBJECT_new_null(); 466 if (!param->policies) 467 return 0; 468 } 469 if (!sk_ASN1_OBJECT_push(param->policies, policy)) 470 return 0; 471 return 1; 472 } 473 474 int 475 X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 476 STACK_OF(ASN1_OBJECT) *policies) 477 { 478 int i; 479 ASN1_OBJECT *oid, *doid; 480 481 if (!param) 482 return 0; 483 if (param->policies) 484 sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); 485 486 if (!policies) { 487 param->policies = NULL; 488 return 1; 489 } 490 491 param->policies = sk_ASN1_OBJECT_new_null(); 492 if (!param->policies) 493 return 0; 494 495 for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) { 496 oid = sk_ASN1_OBJECT_value(policies, i); 497 doid = OBJ_dup(oid); 498 if (!doid) 499 return 0; 500 if (!sk_ASN1_OBJECT_push(param->policies, doid)) { 501 ASN1_OBJECT_free(doid); 502 return 0; 503 } 504 } 505 param->flags |= X509_V_FLAG_POLICY_CHECK; 506 return 1; 507 } 508 509 int 510 X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, 511 const char *name, size_t namelen) 512 { 513 if (x509_param_set_hosts_internal(param->id, SET_HOST, name, namelen)) 514 return 1; 515 param->id->poisoned = 1; 516 return 0; 517 } 518 519 int 520 X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, 521 const char *name, size_t namelen) 522 { 523 if (x509_param_set_hosts_internal(param->id, ADD_HOST, name, namelen)) 524 return 1; 525 param->id->poisoned = 1; 526 return 0; 527 } 528 529 void 530 X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags) 531 { 532 param->id->hostflags = flags; 533 } 534 535 char * 536 X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) 537 { 538 return param->id->peername; 539 } 540 541 int 542 X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, 543 size_t emaillen) 544 { 545 if (x509_param_set1_internal(¶m->id->email, ¶m->id->emaillen, 546 email, emaillen, 1)) 547 return 1; 548 param->id->poisoned = 1; 549 return 0; 550 } 551 552 int 553 X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, 554 size_t iplen) 555 { 556 if (iplen != 4 && iplen != 16) 557 goto err; 558 if (x509_param_set1_internal((char **)¶m->id->ip, ¶m->id->iplen, 559 (char *)ip, iplen, 0)) 560 return 1; 561 err: 562 param->id->poisoned = 1; 563 return 0; 564 } 565 566 int 567 X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) 568 { 569 unsigned char ipout[16]; 570 size_t iplen; 571 572 iplen = (size_t)a2i_ipadd(ipout, ipasc); 573 return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen); 574 } 575 576 int 577 X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) 578 { 579 return param->depth; 580 } 581 582 const char * 583 X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) 584 { 585 return param->name; 586 } 587 588 static const X509_VERIFY_PARAM_ID _empty_id = { NULL }; 589 590 #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id 591 592 /* 593 * Default verify parameters: these are used for various applications and can 594 * be overridden by the user specified table. 595 */ 596 597 static const X509_VERIFY_PARAM default_table[] = { 598 { 599 .name = "default", 600 .depth = 100, 601 .trust = 0, /* XXX This is not the default trust value */ 602 .id = vpm_empty_id 603 }, 604 { 605 .name = "pkcs7", 606 .purpose = X509_PURPOSE_SMIME_SIGN, 607 .trust = X509_TRUST_EMAIL, 608 .depth = -1, 609 .id = vpm_empty_id 610 }, 611 { 612 .name = "smime_sign", 613 .purpose = X509_PURPOSE_SMIME_SIGN, 614 .trust = X509_TRUST_EMAIL, 615 .depth = -1, 616 .id = vpm_empty_id 617 }, 618 { 619 .name = "ssl_client", 620 .purpose = X509_PURPOSE_SSL_CLIENT, 621 .trust = X509_TRUST_SSL_CLIENT, 622 .depth = -1, 623 .id = vpm_empty_id 624 }, 625 { 626 .name = "ssl_server", 627 .purpose = X509_PURPOSE_SSL_SERVER, 628 .trust = X509_TRUST_SSL_SERVER, 629 .depth = -1, 630 .id = vpm_empty_id 631 } 632 }; 633 634 static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; 635 636 static int 637 param_cmp(const X509_VERIFY_PARAM * const *a, 638 const X509_VERIFY_PARAM * const *b) 639 { 640 return strcmp((*a)->name, (*b)->name); 641 } 642 643 int 644 X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) 645 { 646 X509_VERIFY_PARAM *ptmp; 647 if (!param_table) { 648 param_table = sk_X509_VERIFY_PARAM_new(param_cmp); 649 if (!param_table) 650 return 0; 651 } else { 652 size_t idx; 653 654 if ((idx = sk_X509_VERIFY_PARAM_find(param_table, param)) 655 != -1) { 656 ptmp = sk_X509_VERIFY_PARAM_value(param_table, 657 idx); 658 X509_VERIFY_PARAM_free(ptmp); 659 (void)sk_X509_VERIFY_PARAM_delete(param_table, 660 idx); 661 } 662 } 663 if (!sk_X509_VERIFY_PARAM_push(param_table, param)) 664 return 0; 665 return 1; 666 } 667 668 int 669 X509_VERIFY_PARAM_get_count(void) 670 { 671 int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); 672 if (param_table) 673 num += sk_X509_VERIFY_PARAM_num(param_table); 674 return num; 675 } 676 677 const X509_VERIFY_PARAM * 678 X509_VERIFY_PARAM_get0(int id) 679 { 680 int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); 681 if (id < num) 682 return default_table + id; 683 return sk_X509_VERIFY_PARAM_value(param_table, id - num); 684 } 685 686 const X509_VERIFY_PARAM * 687 X509_VERIFY_PARAM_lookup(const char *name) 688 { 689 X509_VERIFY_PARAM pm; 690 unsigned int i, limit; 691 692 pm.name = (char *)name; 693 if (param_table) { 694 size_t idx; 695 if ((idx = sk_X509_VERIFY_PARAM_find(param_table, &pm)) != -1) 696 return sk_X509_VERIFY_PARAM_value(param_table, idx); 697 } 698 699 limit = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); 700 for (i = 0; i < limit; i++) { 701 if (strcmp(default_table[i].name, name) == 0) { 702 return &default_table[i]; 703 } 704 } 705 return NULL; 706 } 707 708 void 709 X509_VERIFY_PARAM_table_cleanup(void) 710 { 711 if (param_table) 712 sk_X509_VERIFY_PARAM_pop_free(param_table, 713 X509_VERIFY_PARAM_free); 714 param_table = NULL; 715 } 716