X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=e7f90ec7f0a9dfd78a445ee50d1266d516f0a86f;hp=40c4171dec95fcb5317aa4371af069d4acdb0492;hb=463a7b8cb0a449512448155a477f1460d8c951d9;hpb=ed29e82adeea9d2ee89aeadf5646d4d1350a6855 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 40c4171dec..e7f90ec7f0 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -142,9 +142,7 @@ * OTHERWISE. */ -#ifdef REF_DEBUG -# include -#endif +#include #include #include "ssl_locl.h" #include @@ -152,16 +150,10 @@ #include #include #include -#ifndef OPENSSL_NO_DH -# include -#endif -#ifndef OPENSSL_NO_ENGINE -# include -#endif +#include +#include #include -#ifndef OPENSSL_NO_CT -# include -#endif +#include const char SSL_version_str[] = OPENSSL_VERSION_TEXT; @@ -170,8 +162,8 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { * evil casts, but these functions are only called if there's a library * bug */ - (int (*)(SSL *, int))ssl_undefined_function, - (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, + (int (*)(SSL *, SSL3_RECORD *, unsigned int, int))ssl_undefined_function, + (int (*)(SSL *, SSL3_RECORD *, unsigned char *, int))ssl_undefined_function, ssl_undefined_function, (int (*)(SSL *, unsigned char *, unsigned char *, int)) ssl_undefined_function, @@ -631,6 +623,13 @@ SSL *SSL_new(SSL_CTX *ctx) if (s == NULL) goto err; + s->lock = CRYPTO_THREAD_lock_new(); + if (s->lock == NULL) { + SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(s); + return NULL; + } + RECORD_LAYER_init(&s->rlayer, s); s->options = ctx->options; @@ -670,8 +669,14 @@ SSL *SSL_new(SSL_CTX *ctx) X509_VERIFY_PARAM_inherit(s->param, ctx->param); s->quiet_shutdown = ctx->quiet_shutdown; s->max_send_fragment = ctx->max_send_fragment; - - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + s->split_send_fragment = ctx->split_send_fragment; + s->max_pipelines = ctx->max_pipelines; + if (s->max_pipelines > 1) + RECORD_LAYER_set_read_ahead(&s->rlayer, 1); + if (ctx->default_read_buf_len > 0) + SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len); + + SSL_CTX_up_ref(ctx); s->ctx = ctx; s->tlsext_debug_cb = 0; s->tlsext_debug_arg = NULL; @@ -682,7 +687,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->tlsext_ocsp_exts = NULL; s->tlsext_ocsp_resp = NULL; s->tlsext_ocsp_resplen = -1; - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + SSL_CTX_up_ref(ctx); s->initial_ctx = ctx; # ifndef OPENSSL_NO_EC if (ctx->tlsext_ecpointformatlist) { @@ -749,16 +754,17 @@ SSL *SSL_new(SSL_CTX *ctx) goto err; #endif - return (s); + return s; err: SSL_free(s); SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } void SSL_up_ref(SSL *s) { - CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); + int i; + CRYPTO_atomic_add(&s->references, 1, &i, s->lock); } int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, @@ -791,17 +797,17 @@ int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_THREAD_write_lock(ctx->lock); ctx->generate_session_id = cb; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_THREAD_unlock(ctx->lock); return 1; } int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) { - CRYPTO_w_lock(CRYPTO_LOCK_SSL); + CRYPTO_THREAD_write_lock(ssl->lock); ssl->generate_session_id = cb; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); + CRYPTO_THREAD_unlock(ssl->lock); return 1; } @@ -824,9 +830,9 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, r.session_id_length = id_len; memcpy(r.session_id, id, id_len); - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_THREAD_read_lock(ssl->ctx->lock); p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_THREAD_unlock(ssl->ctx->lock); return (p != NULL); } @@ -1003,7 +1009,7 @@ void SSL_free(SSL *s) if (s == NULL) return; - i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); + CRYPTO_atomic_add(&s->references, -1, &i, s->lock); REF_PRINT_COUNT("SSL", s); if (i > 0) return; @@ -1049,7 +1055,9 @@ void SSL_free(SSL *s) OPENSSL_free(s->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); +#ifndef OPENSSL_NO_OCSP sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); +#endif #ifndef OPENSSL_NO_CT SCT_LIST_free(s->scts); OPENSSL_free(s->tlsext_scts); @@ -1078,6 +1086,8 @@ void SSL_free(SSL *s) sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); #endif + CRYPTO_THREAD_lock_free(s->lock); + OPENSSL_free(s); } @@ -1095,8 +1105,8 @@ void SSL_set_wbio(SSL *s, BIO *wbio) */ if (s->bbio != NULL) { if (s->wbio == s->bbio) { - s->wbio = s->wbio->next_bio; - s->bbio->next_bio = NULL; + s->wbio = BIO_next(s->wbio); + BIO_set_next(s->bbio, NULL); } } if (s->wbio != wbio && s->rbio != s->wbio) @@ -1304,6 +1314,22 @@ int SSL_pending(const SSL *s) return (s->method->ssl_pending(s)); } +int SSL_has_pending(const SSL *s) +{ + /* + * Similar to SSL_pending() but returns a 1 to indicate that we have + * unprocessed data available or 0 otherwise (as opposed to the number of + * bytes available). Unlike SSL_pending() this will take into account + * read_ahead data. A 1 return simply indicates that we have unprocessed + * data. That data may not result in any application data, or we may fail + * to parse the records for some reason. + */ + if (SSL_pending(s)) + return 1; + + return RECORD_LAYER_read_pending(&s->rlayer); +} + X509 *SSL_get_peer_certificate(const SSL *s) { X509 *r; @@ -1344,6 +1370,7 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) */ int SSL_copy_session_id(SSL *t, const SSL *f) { + int i; /* Do we need to to SSL locking? */ if (!SSL_set_session(t, SSL_get_session(f))) { return 0; @@ -1359,7 +1386,7 @@ int SSL_copy_session_id(SSL *t, const SSL *f) return 0; } - CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); + CRYPTO_atomic_add(&f->cert->references, 1, &i, f->cert->lock); ssl_cert_free(t->cert); t->cert = f->cert; if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) { @@ -1680,6 +1707,20 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) return 0; s->max_send_fragment = larg; + if (s->max_send_fragment < s->split_send_fragment) + s->split_send_fragment = s->max_send_fragment; + return 1; + case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: + if ((unsigned int)larg > s->max_send_fragment || larg == 0) + return 0; + s->split_send_fragment = larg; + return 1; + case SSL_CTRL_SET_MAX_PIPELINES: + if (larg < 1 || larg > SSL_MAX_PIPELINES) + return 0; + s->max_pipelines = larg; + if (larg > 1) + RECORD_LAYER_set_read_ahead(&s->rlayer, 1); return 1; case SSL_CTRL_GET_RI_SUPPORT: if (s->s3) @@ -1820,6 +1861,18 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) return 0; ctx->max_send_fragment = larg; + if (ctx->max_send_fragment < ctx->split_send_fragment) + ctx->split_send_fragment = ctx->split_send_fragment; + return 1; + case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: + if ((unsigned int)larg > ctx->max_send_fragment || larg == 0) + return 0; + ctx->split_send_fragment = larg; + return 1; + case SSL_CTRL_SET_MAX_PIPELINES: + if (larg < 1 || larg > SSL_MAX_PIPELINES) + return 0; + ctx->max_pipelines = larg; return 1; case SSL_CTRL_CERT_FLAGS: return (ctx->cert->cert_flags |= larg); @@ -2172,15 +2225,14 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, * length-prefixed strings). Returns 0 on success. */ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, - unsigned protos_len) + unsigned int protos_len) { OPENSSL_free(ctx->alpn_client_proto_list); - ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len); + ctx->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len); if (ctx->alpn_client_proto_list == NULL) { SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); return 1; } - memcpy(ctx->alpn_client_proto_list, protos, protos_len); ctx->alpn_client_proto_list_len = protos_len; return 0; @@ -2192,15 +2244,14 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, * length-prefixed strings). Returns 0 on success. */ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, - unsigned protos_len) + unsigned int protos_len) { OPENSSL_free(ssl->alpn_client_proto_list); - ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len); + ssl->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len); if (ssl->alpn_client_proto_list == NULL) { SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); return 1; } - memcpy(ssl->alpn_client_proto_list, protos, protos_len); ssl->alpn_client_proto_list_len = protos_len; return 0; @@ -2230,7 +2281,7 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, * respond with a negotiated protocol then |*len| will be zero. */ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned *len) + unsigned int *len) { *data = NULL; if (ssl->s3) @@ -2323,6 +2374,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) /* We take the system default. */ ret->session_timeout = meth->get_timeout(); ret->references = 1; + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ret); + return NULL; + } ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; ret->verify_mode = SSL_VERIFY_NONE; if ((ret->cert = ssl_cert_new()) == NULL) @@ -2370,6 +2427,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->comp_methods = SSL_COMP_get_compression_methods(); ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; + ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; /* Setup RFC4507 ticket keys */ if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0) @@ -2412,17 +2470,18 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->options |= SSL_OP_NO_COMPRESSION; - return (ret); + return ret; err: SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); err2: SSL_CTX_free(ret); - return (NULL); + return NULL; } void SSL_CTX_up_ref(SSL_CTX *ctx) { - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + int i; + CRYPTO_atomic_add(&ctx->references, 1, &i, ctx->lock); } void SSL_CTX_free(SSL_CTX *a) @@ -2432,7 +2491,7 @@ void SSL_CTX_free(SSL_CTX *a) if (a == NULL) return; - i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); + CRYPTO_atomic_add(&a->references, -1, &i, a->lock); REF_PRINT_COUNT("SSL_CTX", a); if (i > 0) return; @@ -2481,6 +2540,8 @@ void SSL_CTX_free(SSL_CTX *a) #endif OPENSSL_free(a->alpn_client_proto_list); + CRYPTO_THREAD_lock_free(a->lock); + OPENSSL_free(a); } @@ -2786,7 +2847,7 @@ void ssl_update_cache(SSL *s, int mode) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) || SSL_CTX_add_session(s->session_ctx, s->session)) && (s->session_ctx->new_session_cb != NULL)) { - CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_up_ref(s->session); if (!s->session_ctx->new_session_cb(s, s->session)) SSL_SESSION_free(s->session); } @@ -2987,32 +3048,37 @@ int ssl_undefined_const_function(const SSL *s) return (0); } -SSL_METHOD *ssl_bad_method(int ver) +const SSL_METHOD *ssl_bad_method(int ver) { SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (NULL); } -const char *SSL_get_version(const SSL *s) -{ - if (s->version == TLS1_2_VERSION) - return ("TLSv1.2"); - else if (s->version == TLS1_1_VERSION) - return ("TLSv1.1"); - else if (s->version == TLS1_VERSION) - return ("TLSv1"); - else if (s->version == SSL3_VERSION) - return ("SSLv3"); - else if (s->version == DTLS1_BAD_VER) - return ("DTLSv0.9"); - else if (s->version == DTLS1_VERSION) - return ("DTLSv1"); - else if (s->version == DTLS1_2_VERSION) - return ("DTLSv1.2"); +const char *ssl_protocol_to_string(int version) +{ + if (version == TLS1_2_VERSION) + return "TLSv1.2"; + else if (version == TLS1_1_VERSION) + return "TLSv1.1"; + else if (version == TLS1_VERSION) + return "TLSv1"; + else if (version == SSL3_VERSION) + return "SSLv3"; + else if (version == DTLS1_BAD_VER) + return "DTLSv0.9"; + else if (version == DTLS1_VERSION) + return "DTLSv1"; + else if (version == DTLS1_2_VERSION) + return "DTLSv1.2"; else return ("unknown"); } +const char *SSL_get_version(const SSL *s) +{ + return ssl_protocol_to_string(s->version); +} + SSL *SSL_dup(SSL *s) { STACK_OF(X509_NAME) *sk; @@ -3022,7 +3088,7 @@ SSL *SSL_dup(SSL *s) /* If we're not quiescent, just up_ref! */ if (!SSL_in_init(s) || !SSL_in_before(s)) { - CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); + CRYPTO_atomic_add(&s->references, 1, &i, s->lock); return s; } @@ -3250,13 +3316,7 @@ void ssl_free_wbio_buffer(SSL *s) if (s->bbio == s->wbio) { /* remove buffering */ s->wbio = BIO_pop(s->wbio); -#ifdef REF_DEBUG - /* - * not the usual REF_DEBUG, but this avoids - * adding one more preprocessor symbol - */ assert(s->wbio != NULL); -#endif } BIO_free(s->bbio); s->bbio = NULL; @@ -3335,11 +3395,11 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); } - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + SSL_CTX_up_ref(ctx); SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; - return (ssl->ctx); + return ssl->ctx; } int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) @@ -3719,14 +3779,14 @@ int SSL_get_security_level(const SSL *s) } void SSL_set_security_callback(SSL *s, - int (*cb) (SSL *s, SSL_CTX *ctx, int op, + int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)) { s->cert->sec_cb = cb; } -int (*SSL_get_security_callback(const SSL *s)) (SSL *s, SSL_CTX *ctx, int op, +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex) { return s->cert->sec_cb; @@ -3753,15 +3813,15 @@ int SSL_CTX_get_security_level(const SSL_CTX *ctx) } void SSL_CTX_set_security_callback(SSL_CTX *ctx, - int (*cb) (SSL *s, SSL_CTX *ctx, int op, + int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)) { ctx->cert->sec_cb = cb; } -int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (SSL *s, - SSL_CTX *ctx, +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, + const SSL_CTX *ctx, int op, int bits, int nid, void *other, @@ -3885,6 +3945,7 @@ static int ct_extract_tls_extension_scts(SSL *s) */ static int ct_extract_ocsp_response_scts(SSL *s) { +#ifndef OPENSSL_NO_OCSP int scts_extracted = 0; const unsigned char *p; OCSP_BASICRESP *br = NULL; @@ -3921,6 +3982,10 @@ err: OCSP_BASICRESP_free(br); OCSP_RESPONSE_free(rsp); return scts_extracted; +#else + /* Behave as if no OCSP response exists */ + return 0; +#endif } /* @@ -3931,7 +3996,7 @@ err: static int ct_extract_x509v3_extension_scts(SSL *s) { int scts_extracted = 0; - X509 *cert = SSL_get_peer_certificate(s); + X509 *cert = s->session != NULL ? s->session->peer : NULL; if (cert != NULL) { STACK_OF(SCT) *scts = @@ -3966,10 +4031,32 @@ err: return NULL; } -int SSL_set_ct_validation_callback(SSL *s, ct_validation_cb callback, void *arg) +static int ct_permissive(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *unused_arg) { - int ret = 0; + return 1; +} + +static int ct_strict(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *unused_arg) +{ + int count = scts != NULL ? sk_SCT_num(scts) : 0; + int i; + + for (i = 0; i < count; ++i) { + SCT *sct = sk_SCT_value(scts, i); + int status = SCT_get_validation_status(sct); + + if (status == SCT_VALIDATION_STATUS_VALID) + return 1; + } + SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS); + return 0; +} +int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, + void *arg) +{ /* * Since code exists that uses the custom extension handler for CT, look * for this and throw an error if they have already registered to use CT. @@ -3978,28 +4065,25 @@ int SSL_set_ct_validation_callback(SSL *s, ct_validation_cb callback, void *arg) TLSEXT_TYPE_signed_certificate_timestamp)) { SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); - goto err; + return 0; } - s->ct_validation_callback = callback; - s->ct_validation_callback_arg = arg; - if (callback != NULL) { /* If we are validating CT, then we MUST accept SCTs served via OCSP */ if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp)) - goto err; + return 0; } - ret = 1; -err: - return ret; + s->ct_validation_callback = callback; + s->ct_validation_callback_arg = arg; + + return 1; } -int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ct_validation_cb callback, +int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, + ssl_ct_validation_cb callback, void *arg) { - int ret = 0; - /* * Since code exists that uses the custom extension handler for CT, look for * this and throw an error if they have already registered to use CT. @@ -4008,59 +4092,90 @@ int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ct_validation_cb callback, TLSEXT_TYPE_signed_certificate_timestamp)) { SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); - goto err; + return 0; } ctx->ct_validation_callback = callback; ctx->ct_validation_callback_arg = arg; - ret = 1; -err: - return ret; + return 1; } -ct_validation_cb SSL_get_ct_validation_callback(const SSL *s) +int SSL_ct_is_enabled(const SSL *s) { - return s->ct_validation_callback; + return s->ct_validation_callback != NULL; } -ct_validation_cb SSL_CTX_get_ct_validation_callback(const SSL_CTX *ctx) +int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx) { - return ctx->ct_validation_callback; + return ctx->ct_validation_callback != NULL; } -int SSL_validate_ct(SSL *s) +int ssl_validate_ct(SSL *s) { int ret = 0; - X509 *cert = SSL_get_peer_certificate(s); - X509 *issuer = NULL; + X509 *cert = s->session != NULL ? s->session->peer : NULL; + X509 *issuer; + struct dane_st *dane = &s->dane; CT_POLICY_EVAL_CTX *ctx = NULL; const STACK_OF(SCT) *scts; - /* If no callback is set, attempt no validation - just return success */ - if (s->ct_validation_callback == NULL) + /* + * If no callback is set, the peer is anonymous, or its chain is invalid, + * skip SCT validation - just return success. Applications that continue + * handshakes without certificates, with unverified chains, or pinned leaf + * certificates are outside the scope of the WebPKI and CT. + * + * The above exclusions notwithstanding the vast majority of peers will + * have rather ordinary certificate chains validated by typical + * applications that perform certificate verification and therefore will + * process SCTs when enabled. + */ + if (s->ct_validation_callback == NULL || cert == NULL || + s->verify_result != X509_V_OK || + s->verified_chain == NULL || + sk_X509_num(s->verified_chain) <= 1) return 1; - if (cert == NULL) { - SSLerr(SSL_F_SSL_VALIDATE_CT, SSL_R_NO_CERTIFICATE_ASSIGNED); - goto end; + /* + * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3) + * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2 + */ + if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) { + switch (dane->mtlsa->usage) { + case DANETLS_USAGE_DANE_TA: + case DANETLS_USAGE_DANE_EE: + return 1; + } } - if (s->verified_chain != NULL && sk_X509_num(s->verified_chain) > 1) - issuer = sk_X509_value(s->verified_chain, 1); - ctx = CT_POLICY_EVAL_CTX_new(); if (ctx == NULL) { SSLerr(SSL_F_SSL_VALIDATE_CT, ERR_R_MALLOC_FAILURE); goto end; } + issuer = sk_X509_value(s->verified_chain, 1); CT_POLICY_EVAL_CTX_set0_cert(ctx, cert); CT_POLICY_EVAL_CTX_set0_issuer(ctx, issuer); CT_POLICY_EVAL_CTX_set0_log_store(ctx, s->ctx->ctlog_store); scts = SSL_get0_peer_scts(s); - if (SCT_LIST_validate(scts, ctx) != 1) { + /* + * This function returns success (> 0) only when all the SCTs are valid, 0 + * when some are invalid, and < 0 on various internal errors (out of + * memory, etc.). Having some, or even all, invalid SCTs is not sufficient + * reason to abort the handshake, that decision is up to the callback. + * Therefore, we error out only in the unexpected case that the return + * value is negative. + * + * XXX: One might well argue that the return value of this function is an + * unforunate design choice. Its job is only to determine the validation + * status of each of the provided SCTs. So long as it correctly separates + * the wheat from the chaff it should return success. Failure in this case + * ought to correspond to an inability to carry out its duties. + */ + if (SCT_LIST_validate(scts, ctx) < 0) { SSLerr(SSL_F_SSL_VALIDATE_CT, SSL_R_SCT_VERIFICATION_FAILED); goto end; } @@ -4074,13 +4189,35 @@ end: return ret; } -int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx) +int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode) { - int ret = CTLOG_STORE_load_default_file(ctx->ctlog_store); + switch (validation_mode) { + default: + SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE); + return 0; + case SSL_CT_VALIDATION_PERMISSIVE: + return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL); + case SSL_CT_VALIDATION_STRICT: + return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL); + } +} - /* Clear any errors if the default file does not exist */ - ERR_clear_error(); - return ret; +int SSL_enable_ct(SSL *s, int validation_mode) +{ + switch (validation_mode) { + default: + SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE); + return 0; + case SSL_CT_VALIDATION_PERMISSIVE: + return SSL_set_ct_validation_callback(s, ct_permissive, NULL); + case SSL_CT_VALIDATION_STRICT: + return SSL_set_ct_validation_callback(s, ct_strict, NULL); + } +} + +int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx) +{ + return CTLOG_STORE_load_default_file(ctx->ctlog_store); } int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path) @@ -4088,4 +4225,15 @@ int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path) return CTLOG_STORE_load_file(ctx->ctlog_store, path); } +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs) +{ + CTLOG_STORE_free(ctx->ctlog_store); + ctx->ctlog_store = logs; +} + +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx) +{ + return ctx->ctlog_store; +} + #endif