diff --git a/crypto/conf/conf.c b/crypto/conf/conf.c index 64fb856a3b9..7e049bb303c 100644 --- a/crypto/conf/conf.c +++ b/crypto/conf/conf.c @@ -642,6 +642,10 @@ int CONF_modules_load_file(const char *filename, const char *appname, return 1; } +char *CONF_get1_default_config_file(void) { + return OPENSSL_strdup("No support for Config files in AWS-LC."); +} + void CONF_modules_free(void) {} void CONF_modules_unload(int all) {} diff --git a/crypto/conf/conf_test.cc b/crypto/conf/conf_test.cc index 9b3e00533bb..92e52db5f9b 100644 --- a/crypto/conf/conf_test.cc +++ b/crypto/conf/conf_test.cc @@ -401,3 +401,8 @@ TEST(ConfTest, ParseList) { EXPECT_EQ(result, t.expected); } } + +TEST(ConfTest, NoopString) { + bssl::UniquePtr string(CONF_get1_default_config_file()); + EXPECT_STREQ("No support for Config files in AWS-LC.", string.get()); +} diff --git a/crypto/pkcs8/pkcs12_test.cc b/crypto/pkcs8/pkcs12_test.cc index e23851ea9ff..bb15f87cf9d 100644 --- a/crypto/pkcs8/pkcs12_test.cc +++ b/crypto/pkcs8/pkcs12_test.cc @@ -674,3 +674,9 @@ TEST(PKCS12Test, CreateWithAlias) { ASSERT_EQ(alias, std::string(reinterpret_cast(parsed_alias), static_cast(alias_len))); } + +TEST(PKCS12Test, BasicAlloc) { + // Test direct allocation of |PKCS12_new| and |PKCS12_free|. + bssl::UniquePtr p12(PKCS12_new()); + ASSERT_TRUE(p12); +} diff --git a/crypto/pkcs8/pkcs8_x509.c b/crypto/pkcs8/pkcs8_x509.c index c613bf121e7..86148739c63 100644 --- a/crypto/pkcs8/pkcs8_x509.c +++ b/crypto/pkcs8/pkcs8_x509.c @@ -741,7 +741,7 @@ struct pkcs12_st { PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes, size_t ber_len) { - PKCS12 *p12 = OPENSSL_malloc(sizeof(PKCS12)); + PKCS12 *p12 = PKCS12_new(); if (!p12) { return NULL; } @@ -1328,7 +1328,7 @@ PKCS12 *PKCS12_create(const char *password, const char *name, goto err; } - ret = OPENSSL_malloc(sizeof(PKCS12)); + ret = PKCS12_new(); if (ret == NULL || !CBB_finish(&cbb, &ret->ber_bytes, &ret->ber_len)) { OPENSSL_free(ret); @@ -1342,6 +1342,10 @@ PKCS12 *PKCS12_create(const char *password, const char *name, return ret; } +PKCS12 *PKCS12_new(void) { + return OPENSSL_zalloc(sizeof(PKCS12)); +} + void PKCS12_free(PKCS12 *p12) { if (p12 == NULL) { return; diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index 0c6ed5b5418..a7a4e888e29 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -54,8 +54,8 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). */ -#include - +#include +#include #include #include @@ -171,8 +171,12 @@ int X509_PURPOSE_get_by_sname(const char *sname) { } int X509_PURPOSE_get_by_id(int purpose) { - if (purpose >= X509_PURPOSE_MIN && purpose <= X509_PURPOSE_MAX) { - return purpose - X509_PURPOSE_MIN; + for (size_t i = 0; i +#include + #include #include #include @@ -69,10 +72,6 @@ static int trust_compat(const X509_TRUST *trust, X509 *x, int flags); static int obj_trust(int id, X509 *x, int flags); -// WARNING: the following table should be kept in order of trust and without -// any gaps so we can just subtract the minimum trust value to get an index -// into the table - static const X509_TRUST trstandard[] = { {X509_TRUST_COMPAT, 0, trust_compat, (char *)"compatible", 0, NULL}, {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, (char *)"SSL Client", @@ -122,8 +121,12 @@ const X509_TRUST *X509_TRUST_get0(int idx) { } int X509_TRUST_get_by_id(int id) { - if (id >= X509_TRUST_MIN && id <= X509_TRUST_MAX) { - return id - X509_TRUST_MIN; + for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(trstandard); i++) { + if (trstandard[i].trust == id) { + OPENSSL_STATIC_ASSERT(OPENSSL_ARRAY_SIZE(trstandard) <= INT_MAX, + indices_must_fit_in_int); + return (int)i; + } } return -1; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index c3116f30e1b..298a14f0ab0 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -134,8 +134,18 @@ static int cert_self_signed(X509 *x, int *out_is_self_signed) { return 1; } -// Given a certificate try and find an exact match in the store +static int call_verify_cb(int ok, X509_STORE_CTX *ctx) { + ok = ctx->verify_cb(ok, ctx); + // Historically, callbacks returning values like -1 would be treated as a mix + // of success or failure. Insert that callers check correctly. + // + // TODO(davidben): Also use this wrapper to constrain which errors may be + // suppressed, and ensure all |verify_cb| calls remember to fill in an error. + BSSL_CHECK(ok == 0 || ok == 1); + return ok; +} +// Given a certificate try and find an exact match in the store static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) { STACK_OF(X509) *certs; X509 *xtmp = NULL; @@ -300,7 +310,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) { X509_free(xtmp); } bad_chain = 1; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); if (!ok) { goto end; } @@ -424,7 +434,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) { ctx->error_depth = num - 1; bad_chain = 1; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); if (!ok) { goto end; } @@ -520,7 +530,7 @@ int x509_check_issued_with_callback(X509_STORE_CTX *ctx, X509 *x, ctx->error = ret; ctx->current_cert = x; ctx->current_issuer = issuer; - return ctx->verify_cb(0, ctx); + return call_verify_cb(0, ctx); } static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { @@ -552,7 +562,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) { ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; ctx->error_depth = i; ctx->current_cert = x; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); if (!ok) { goto end; } @@ -563,7 +573,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) { ctx->error = X509_V_ERR_INVALID_CA; ctx->error_depth = i; ctx->current_cert = x; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); if (!ok) { goto end; } @@ -573,7 +583,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) { ctx->error = X509_V_ERR_INVALID_PURPOSE; ctx->error_depth = i; ctx->current_cert = x; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); if (!ok) { goto end; } @@ -584,7 +594,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) { ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ctx->error_depth = i; ctx->current_cert = x; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); if (!ok) { goto end; } @@ -654,7 +664,7 @@ static int check_name_constraints(X509_STORE_CTX *ctx) { ctx->error = rv; ctx->error_depth = i; ctx->current_cert = x; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } break; @@ -686,7 +696,7 @@ static int check_name_constraints(X509_STORE_CTX *ctx) { ctx->error = rv; ctx->error_depth = i; ctx->current_cert = leaf; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } break; @@ -700,7 +710,7 @@ static int check_id_error(X509_STORE_CTX *ctx, int errcode) { ctx->error = errcode; ctx->current_cert = ctx->cert; ctx->error_depth = 0; - return ctx->verify_cb(0, ctx); + return call_verify_cb(0, ctx); } static int check_hosts(X509 *x, X509_VERIFY_PARAM *param) { @@ -760,7 +770,7 @@ static int check_trust(X509_STORE_CTX *ctx) { ctx->error_depth = (int)i; ctx->current_cert = x; ctx->error = X509_V_ERR_CERT_REJECTED; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); if (!ok) { return X509_TRUST_REJECTED; } @@ -821,7 +831,7 @@ static int check_cert(X509_STORE_CTX *ctx) { // If error looking up CRL, nothing we can do except notify callback if (!ok) { ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); goto err; } ctx->current_crl = crl; @@ -863,7 +873,7 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) { return 0; } ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } @@ -873,7 +883,7 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) { return 0; } ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } @@ -886,7 +896,7 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) { return 0; } ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } @@ -895,7 +905,7 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) { return 0; } ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } @@ -1198,7 +1208,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) { // If not self signed, can't check signature if (!x509_check_issued_with_callback(ctx, issuer, issuer)) { ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } @@ -1209,21 +1219,21 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) { if ((issuer->ex_flags & EXFLAG_KUSAGE) && !(issuer->ex_kusage & X509v3_KU_CRL_SIGN)) { ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } if (crl->idp_flags & IDP_INVALID) { ctx->error = X509_V_ERR_INVALID_EXTENSION; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } @@ -1238,14 +1248,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) { EVP_PKEY *ikey = X509_get0_pubkey(issuer); if (!ikey) { ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } else { // Verify CRL signature if (X509_CRL_verify(crl, ikey) <= 0) { ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } @@ -1266,7 +1276,7 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) { if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && (crl->flags & EXFLAG_CRITICAL)) { ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); if (!ok) { return 0; } @@ -1274,7 +1284,7 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) { // Look for serial number of certificate in CRL. if (X509_CRL_get0_by_cert(crl, &rev, x)) { ctx->error = X509_V_ERR_CERT_REVOKED; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); if (!ok) { return 0; } @@ -1293,18 +1303,7 @@ static int check_policy(X509_STORE_CTX *ctx) { if (ret == X509_V_ERR_OUT_OF_MEM) { return 0; } - return ctx->verify_cb(0, ctx); - } - - if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { - ctx->current_cert = NULL; - // Verification errors need to be "sticky", a callback may have allowed - // an SSL handshake to continue despite an error, and we must then - // remain in an error state. Therefore, we MUST NOT clear earlier - // verification errors by setting the error to X509_V_OK. - if (!ctx->verify_cb(2, ctx)) { - return 0; - } + return call_verify_cb(0, ctx); } return 1; @@ -1329,7 +1328,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x509, int suppress_error) { } ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; ctx->current_cert = x509; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } @@ -1340,7 +1339,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x509, int suppress_error) { } ctx->error = X509_V_ERR_CERT_NOT_YET_VALID; ctx->current_cert = x509; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } @@ -1352,7 +1351,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x509, int suppress_error) { } ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; ctx->current_cert = x509; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } @@ -1363,7 +1362,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x509, int suppress_error) { } ctx->error = X509_V_ERR_CERT_HAS_EXPIRED; ctx->current_cert = x509; - if (!ctx->verify_cb(0, ctx)) { + if (!call_verify_cb(0, ctx)) { return 0; } } @@ -1390,7 +1389,7 @@ static int internal_verify(X509_STORE_CTX *ctx) { if (n <= 0) { ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; ctx->current_cert = xi; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); goto end; } else { n--; @@ -1411,14 +1410,14 @@ static int internal_verify(X509_STORE_CTX *ctx) { if (pkey == NULL) { ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; ctx->current_cert = xi; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); if (!ok) { goto end; } } else if (X509_verify(xs, pkey) <= 0) { ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert = xs; - ok = ctx->verify_cb(0, ctx); + ok = call_verify_cb(0, ctx); if (!ok) { goto end; } @@ -1434,7 +1433,7 @@ static int internal_verify(X509_STORE_CTX *ctx) { // The last error (if any) is still in the error value ctx->current_issuer = xi; ctx->current_cert = xs; - ok = ctx->verify_cb(1, ctx); + ok = call_verify_cb(1, ctx); if (!ok) { goto end; } diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index 2fe59d884e1..357313fc185 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -513,17 +513,17 @@ int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) { return ne->set; } -int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, - size_t *pderlen) { +int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **out_der, + size_t *out_der_len) { // Make sure encoding is valid if (i2d_X509_NAME(nm, NULL) <= 0) { return 0; } - if (pder != NULL) { - *pder = (unsigned char *)nm->bytes->data; + if (out_der != NULL) { + *out_der = (unsigned char *)nm->bytes->data; } - if (pderlen != NULL) { - *pderlen = nm->bytes->length; + if (out_der_len != NULL) { + *out_der_len = nm->bytes->length; } return 1; } diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c index da5da096d6e..d0fd3e3a8d2 100644 --- a/crypto/x509/x_x509a.c +++ b/crypto/x509/x_x509a.c @@ -90,7 +90,7 @@ static X509_CERT_AUX *aux_get(X509 *x) { return x->aux; } -int X509_alias_set1(X509 *x, const unsigned char *name, ossl_ssize_t len) { +int X509_alias_set1(X509 *x, const uint8_t *name, ossl_ssize_t len) { X509_CERT_AUX *aux; // TODO(davidben): Empty aliases are not meaningful in PKCS#12, and the // getters cannot quite represent them. Also erase the object if |len| is @@ -112,7 +112,7 @@ int X509_alias_set1(X509 *x, const unsigned char *name, ossl_ssize_t len) { return ASN1_STRING_set(aux->alias, name, len); } -int X509_keyid_set1(X509 *x, const unsigned char *id, ossl_ssize_t len) { +int X509_keyid_set1(X509 *x, const uint8_t *id, ossl_ssize_t len) { X509_CERT_AUX *aux; // TODO(davidben): Empty key IDs are not meaningful in PKCS#12, and the // getters cannot quite represent them. Also erase the object if |len| is @@ -134,7 +134,7 @@ int X509_keyid_set1(X509 *x, const unsigned char *id, ossl_ssize_t len) { return ASN1_STRING_set(aux->keyid, id, len); } -unsigned char *X509_alias_get0(X509 *x, int *out_len) { +const uint8_t *X509_alias_get0(const X509 *x, int *out_len) { const ASN1_UTF8STRING *alias = x->aux != NULL ? x->aux->alias : NULL; if (out_len != NULL) { *out_len = alias != NULL ? alias->length : 0; @@ -142,7 +142,7 @@ unsigned char *X509_alias_get0(X509 *x, int *out_len) { return alias != NULL ? alias->data : NULL; } -unsigned char *X509_keyid_get0(X509 *x, int *out_len) { +const uint8_t *X509_keyid_get0(const X509 *x, int *out_len) { const ASN1_OCTET_STRING *keyid = x->aux != NULL ? x->aux->keyid : NULL; if (out_len != NULL) { *out_len = keyid != NULL ? keyid->length : 0; diff --git a/docs/porting/configuration-differences.md b/docs/porting/configuration-differences.md index 618d3709420..c73f721e8ed 100644 --- a/docs/porting/configuration-differences.md +++ b/docs/porting/configuration-differences.md @@ -144,7 +144,7 @@ The following table contains the differences in libssl configuration options AWS - +

@@ -188,6 +188,21 @@ The following table contains the differences in libssl configuration options AWS

NO-OP

+ + +

+ + SSL_OP_CRYPTOPRO_TLSEXT_BUG + +

+ + +

OFF

+ + +

NO-OP

+ +

@@ -280,6 +295,36 @@ The following table contains the differences in libssl configuration options AWS

NO-OP

+ + + +

+ + SSL_OP_SAFARI_ECDHE_ECDSA_BUG + +

+ + +

ON

+ + +

NO-OP

+ + + + +

+ + SSL_OP_TLSEXT_PADDING + +

+ + +

ON

+ + +

NO-OP

+ diff --git a/docs/porting/functionality-differences.md b/docs/porting/functionality-differences.md index 6798e0b7093..01161d75238 100644 --- a/docs/porting/functionality-differences.md +++ b/docs/porting/functionality-differences.md @@ -480,10 +480,10 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signi - +

CONF modules

- +

@@ -498,6 +498,14 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signi

Returns one.

+ + + +

CONF_get1_default_config_file

+ + +

Returns a fixed dummy string("No support for Config files in AWS-LC.")

+ diff --git a/include/openssl/conf.h b/include/openssl/conf.h index 2a829ae9e26..cd6c6157036 100644 --- a/include/openssl/conf.h +++ b/include/openssl/conf.h @@ -142,6 +142,10 @@ OPENSSL_EXPORT const char *NCONF_get_string(const CONF *conf, OPENSSL_EXPORT OPENSSL_DEPRECATED int CONF_modules_load_file( const char *filename, const char *appname, unsigned long flags); +// CONF_get1_default_config_file returns a fixed dummy string. AWS-LC is defined +// to have no config file options. +OPENSSL_EXPORT OPENSSL_DEPRECATED char *CONF_get1_default_config_file(void); + // CONF_modules_free does nothing. OPENSSL_EXPORT OPENSSL_DEPRECATED void CONF_modules_free(void); diff --git a/include/openssl/pkcs8.h b/include/openssl/pkcs8.h index 8774681e8bb..e93724135ba 100644 --- a/include/openssl/pkcs8.h +++ b/include/openssl/pkcs8.h @@ -232,6 +232,9 @@ OPENSSL_EXPORT PKCS12 *PKCS12_create(const char *password, const char *name, int cert_nid, int iterations, int mac_iterations, int key_type); +// PKCS12_new returns a newly-allocated |PKCS12| object. +OPENSSL_EXPORT PKCS12 *PKCS12_new(void); + // PKCS12_free frees |p12| and its contents. OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 2a4b6587c2e..eccdf28a96d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -5618,6 +5618,14 @@ OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); // unpatched clients and servers and is intentionally not supported in AWS-LC. #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0 +// SSL_OP_CRYPTOPRO_TLSEXT_BUG is OFF by default in AWS-LC. Turning this ON in +// OpenSSL lets the server add a server-hello extension from early version of +// the cryptopro draft, when the GOST ciphersuite is negotiated. Required for +// interoperability with CryptoPro CSP 3.x. +// +// Note: AWS-LC does not support GOST ciphersuites. +#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0 + // SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is ON by default in AWS-LC. This // disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability // affecting CBC ciphers, which cannot be handled by some broken SSL @@ -5642,7 +5650,7 @@ OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); // This always starts a new session when performing renegotiation as a server // (i.e., session resumption requests are only accepted in the initial // handshake). -// There is no support for renegototiation for a server in AWS-LC +// There is no support for renegototiation for a server in AWS-LC. #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0 // SSL_OP_NO_SSLv2 is ON by default in AWS-LC. There is no support for SSLv2 in @@ -5653,6 +5661,18 @@ OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); // AWS-LC #define SSL_OP_NO_SSLv3 0 +// SSL_OP_SAFARI_ECDHE_ECDSA_BUG is OFF by default in AWS-LC. Turning this ON in +// OpenSSL lets the application not prefer ECDHE-ECDSA ciphers when the client +// appears to be Safari on OSX. +// +// Note: OS X 10.8..10.8.3 broke support for ECDHE-ECDSA ciphers. +#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0 + +// SSL_OP_TLSEXT_PADDING is OFF by default in AWS-LC. Turning this ON in OpenSSL +// adds a padding extension to ensure the ClientHello size is never between 256 +// and 511 bytes in length. This is needed as a workaround for F5 terminators. +#define SSL_OP_TLSEXT_PADDING 0 + // SSL_OP_TLS_ROLLBACK_BUG is OFF by default in AWS-LC. Turning this ON in // OpenSSL disables version rollback attack detection and is intentionally not // supported in AWS-LC. diff --git a/include/openssl/x509.h b/include/openssl/x509.h index a27c6bc39da..e157f15c351 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -277,7 +277,7 @@ OPENSSL_EXPORT uint32_t X509_get_extension_flags(X509 *x509); // // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for // invalid extensions. To detect the error case, call -// |X509_get_extensions_flags| and check the |EXFLAG_INVALID| bit. +// |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit. OPENSSL_EXPORT long X509_get_pathlen(X509 *x509); // X509v3_KU_* are key usage bits returned from |X509_get_key_usage|. @@ -336,7 +336,7 @@ OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x509); // // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for // invalid extensions. To detect the error case, call -// |X509_get_extensions_flags| and check the |EXFLAG_INVALID| bit. +// |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit. OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509); // X509_get0_authority_key_id returns keyIdentifier of |x509|'s authority key @@ -347,7 +347,7 @@ OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509); // // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for // invalid extensions. To detect the error case, call -// |X509_get_extensions_flags| and check the |EXFLAG_INVALID| bit. +// |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit. OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x509); DEFINE_STACK_OF(GENERAL_NAME) @@ -361,7 +361,7 @@ typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; // // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for // invalid extensions. To detect the error case, call -// |X509_get_extensions_flags| and check the |EXFLAG_INVALID| bit. +// |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit. OPENSSL_EXPORT const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509); // X509_get0_authority_serial returns the authorityCertSerialNumber of |x509|'s @@ -372,7 +372,7 @@ OPENSSL_EXPORT const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509); // // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for // invalid extensions. To detect the error case, call -// |X509_get_extensions_flags| and check the |EXFLAG_INVALID| bit. +// |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit. OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509); // X509_get0_extensions returns |x509|'s extension list, or NULL if |x509| omits @@ -619,7 +619,9 @@ OPENSSL_EXPORT int X509_set1_signature_value(X509 *x509, const uint8_t *sig, // Unlike similarly-named functions, this function does not output a single // ASN.1 element. Directly embedding the output in a larger ASN.1 structure will // not behave correctly. -OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, unsigned char **outp); +// +// TODO(crbug.com/boringssl/407): |x509| should be const. +OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, uint8_t **outp); // d2i_X509_AUX parses up to |length| bytes from |*inp| as a DER-encoded X.509 // Certificate (RFC 5280), followed optionally by a separate, OpenSSL-specific @@ -632,19 +634,19 @@ OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, unsigned char **outp); // Unlike similarly-named functions, this function does not parse a single // ASN.1 element. Trying to parse data directly embedded in a larger ASN.1 // structure will not behave correctly. -OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **x509, const unsigned char **inp, +OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **x509, const uint8_t **inp, long length); // X509_alias_set1 sets |x509|'s alias to |len| bytes from |name|. If |name| is // NULL, the alias is cleared instead. Aliases are not part of the certificate // itself and will not be serialized by |i2d_X509|. -OPENSSL_EXPORT int X509_alias_set1(X509 *x509, const unsigned char *name, +OPENSSL_EXPORT int X509_alias_set1(X509 *x509, const uint8_t *name, ossl_ssize_t len); // X509_keyid_set1 sets |x509|'s key ID to |len| bytes from |id|. If |id| is // NULL, the key ID is cleared instead. Key IDs are not part of the certificate // itself and will not be serialized by |i2d_X509|. -OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const unsigned char *id, +OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const uint8_t *id, ossl_ssize_t len); // X509_alias_get0 looks up |x509|'s alias. If found, it sets |*out_len| to the @@ -659,7 +661,7 @@ OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const unsigned char *id, // WARNING: In OpenSSL, this function did not set |*out_len| when the alias was // missing. Callers that target both OpenSSL and BoringSSL should set the value // to zero before calling this function. -OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len); +OPENSSL_EXPORT const uint8_t *X509_alias_get0(const X509 *x509, int *out_len); // X509_keyid_get0 looks up |x509|'s key ID. If found, it sets |*out_len| to the // key ID's length and returns a pointer to a buffer containing the contents. If @@ -669,7 +671,7 @@ OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len); // WARNING: In OpenSSL, this function did not set |*out_len| when the alias was // missing. Callers that target both OpenSSL and BoringSSL should set the value // to zero before calling this function. -OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x509, int *out_len); +OPENSSL_EXPORT const uint8_t *X509_keyid_get0(const X509 *x509, int *out_len); // X509_add1_trust_object configures |x509| as a valid trust anchor for |obj|. // It returns one on success and zero on error. |obj| should be a certificate @@ -1425,12 +1427,17 @@ OPENSSL_EXPORT X509_NAME *X509_NAME_dup(X509_NAME *name); // Although even the library itself passes this to a sorting function. OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); -// X509_NAME_get0_der sets |*out_der| and |*out_der_len| +// X509_NAME_get0_der marshals |name| as a DER-encoded X.509 Name (RFC 5280). On +// success, it returns one and sets |*out_der| and |*out_der_len| to a buffer +// containing the result. Otherwise, it returns zero. |*out_der| is owned by +// |name| and must not be freed by the caller. It is invalidated after |name| is +// mutated or freed. // // Avoid this function and prefer |i2d_X509_NAME|. It is one of the reasons -// these functions are not consistently thread-safe or const-correct. Depending -// on the resolution of https://crbug.com/boringssl/407, this function may be -// removed or cause poor performance. +// |X509_NAME| functions, including this one, are not consistently thread-safe +// or const-correct. Depending on the resolution of +// https://crbug.com/boringssl/407, this function may be removed or cause poor +// performance. OPENSSL_EXPORT int X509_NAME_get0_der(X509_NAME *name, const uint8_t **out_der, size_t *out_der_len); @@ -3523,6 +3530,88 @@ OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); #define X509_STORE_get1_certs X509_STORE_CTX_get1_certs #define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +// X509_STORE_CTX_get_chain is a legacy alias for |X509_STORE_CTX_get0_chain|. +OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); + +// X509_STORE_CTX_trusted_stack is a deprecated alias for +// |X509_STORE_CTX_set0_trusted_stack|. +OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, + STACK_OF(X509) *sk); + +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); + +// X509_STORE_CTX_set_verify_cb configures a callback function for |ctx| that is +// called multiple times during |X509_verify_cert|. The callback returns zero to +// fail verification and one to proceed. Typically, it will return |ok|, which +// preserves the default behavior. Returning one when |ok| is zero will proceed +// past some error. The callback may inspect |ctx| and the error queue to +// attempt to determine the current stage of certificate verification, but this +// is often unreliable. When synthesizing an error, callbacks should use +// |X509_STORE_CTX_set_error| to set a corresponding error. +// +// WARNING: Do not use this function. It is extremely fragile and unpredictable. +// This callback exposes implementation details of certificate verification, +// which change as the library evolves. Attempting to use it for security checks +// can introduce vulnerabilities if making incorrect assumptions about when the +// callback is called. Some errors, when suppressed, may implicitly suppress +// other errors due to internal implementation details. Additionally, overriding +// |ok| may leave |ctx| in an inconsistent state and break invariants. +// +// Instead, customize certificate verification by configuring options on the +// |X509_STORE_CTX| before verification, or applying additional checks after +// |X509_verify_cert| completes successfully. +OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb( + X509_STORE_CTX *ctx, int (*verify_cb)(int ok, X509_STORE_CTX *ctx)); + +// X509_STORE_set_verify_cb acts like |X509_STORE_CTX_set_verify_cb| but sets +// the verify callback for any |X509_STORE_CTX| created from this |X509_STORE| +// +// Do not use this function. See |X509_STORE_CTX_set_verify_cb| for details. +OPENSSL_EXPORT void X509_STORE_set_verify_cb( + X509_STORE *store, X509_STORE_CTX_verify_cb verify_cb); + +// X509_STORE_set_verify_cb_func is a deprecated alias for +// |X509_STORE_set_verify_cb|. +#define X509_STORE_set_verify_cb_func(store, func) \ + X509_STORE_set_verify_cb((store), (func)) + +typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, X509_CRL **crl, + X509 *x); +typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); + +// X509_STORE_set_get_crl override's |store|'s logic for looking up CRLs. +// +// Do not use this function. It is temporarily retained to support one caller +// and will be removed after that caller is fixed. It is not possible for +// external callers to correctly implement this callback. The real +// implementation sets some inaccessible internal state on |X509_STORE_CTX|. +OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *store, + X509_STORE_CTX_get_crl_fn get_crl); + +// X509_STORE_set_check_crl override's |store|'s logic for checking CRL +// validity. +// +// Do not use this function. It is temporarily retained to support one caller +// and will be removed after that caller is fixed. It is not possible for +// external callers to correctly implement this callback. The real +// implementation relies some inaccessible internal state on |X509_STORE_CTX|. +OPENSSL_EXPORT void X509_STORE_set_check_crl( + X509_STORE *store, X509_STORE_CTX_check_crl_fn check_crl); + +// X509_STORE_CTX_set_chain configures |ctx| to use |sk| for untrusted +// intermediate certificates to use in verification. This function is redundant +// with the |chain| parameter of |X509_STORE_CTX_init|. Use the parameter +// instead. +// +// WARNING: Despite the similar name, this function is unrelated to +// |X509_STORE_CTX_get0_chain|. +// +// WARNING: This function saves a pointer to |sk| without copying or +// incrementing reference counts. |sk| must outlive |ctx| and may not be mutated +// for the duration of the certificate verification. +OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, + STACK_OF(X509) *sk); + // Private structures. @@ -3567,11 +3656,6 @@ DEFINE_STACK_OF(X509_TRUST) #define X509_TRUST_OCSP_REQUEST 7 #define X509_TRUST_TSA 8 -// Keep these up to date! (hidden) - -#define X509_TRUST_MIN 1 -#define X509_TRUST_MAX 8 - // check_trust return codes #define X509_TRUST_TRUSTED 1 @@ -3672,10 +3756,6 @@ certificate chain. DEFINE_STACK_OF(X509_OBJECT) -typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); -typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, X509_CRL **crl, - X509 *x); -typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); // X509_STORE_set_depth configures |store| to, by default, limit certificate // chains to |depth| intermediate certificates. This count excludes both the @@ -3818,7 +3898,7 @@ OPENSSL_EXPORT int X509_LOOKUP_add_dir(X509_LOOKUP *lookup, const char *path, #define X509_V_FLAG_INHIBIT_ANY 0x200 // X509_V_FLAG_INHIBIT_MAP enables the policy variable: inhibit-policy-mapping #define X509_V_FLAG_INHIBIT_MAP 0x400 -// X509_V_FLAG_NOTIFY_POLICY notifies the callback that the policy is OK +// X509_V_FLAG_NOTIFY_POLICY does nothing #define X509_V_FLAG_NOTIFY_POLICY 0x800 // X509_V_FLAG_EXTENDED_CRL_SUPPORT causes all verifications to fail. Extended // CRL features have been removed. @@ -3942,19 +4022,6 @@ OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *store, // |X509_V_FLAG_TRUSTED_FIRST| is mostly a workaround for poor path-building. OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store); -// X509_STORE_set_verify_cb acts like |X509_STORE_CTX_set_verify_cb| but sets -// the verify callback for any |X509_STORE_CTX| created from this |X509_STORE| -// -// Do not use this funciton. see |X509_STORE_CTX_set_verify_cb|. -OPENSSL_EXPORT void X509_STORE_set_verify_cb( - X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); -#define X509_STORE_set_verify_cb_func(ctx, func) \ - X509_STORE_set_verify_cb((ctx), (func)) -OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *ctx, - X509_STORE_CTX_get_crl_fn get_crl); -OPENSSL_EXPORT void X509_STORE_set_check_crl( - X509_STORE *ctx, X509_STORE_CTX_check_crl_fn check_crl); - // X509_STORE_CTX_new returns a newly-allocated, empty |X509_STORE_CTX|, or NULL // on error. OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -3987,11 +4054,6 @@ OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, OPENSSL_EXPORT void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); -// X509_STORE_CTX_trusted_stack is a deprecated alias for -// |X509_STORE_CTX_set0_trusted_stack|. -OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, - STACK_OF(X509) *sk); - // X509_STORE_CTX_get0_store returns the |X509_STORE| that |ctx| uses. OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); @@ -4028,12 +4090,14 @@ OPENSSL_EXPORT X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); -// X509_STORE_CTX_get_chain returns the pointer to the verified chain if -// verification was successful. If unsuccessful it may return null or a partial -// chain. The reference count is not incremented and must not be freed. -OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); - -// X509_STORE_CTX_get0_chain behaves like |X509_STORE_CTX_get_chain|. +// X509_STORE_CTX_get0_chain, after a successful |X509_verify_cert| call, +// returns the verified certificate chain. The chain begins with the leaf and +// ends with trust anchor. +// +// At other points, such as after a failed verification or during the deprecated +// verification callback, it returns the partial chain built so far. Callers +// should avoid relying on this as this exposes unstable library implementation +// details. OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); // X509_STORE_CTX_get1_chain behaves like |X509_STORE_CTX_get0_chain| and also @@ -4041,8 +4105,6 @@ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); // |sk_X509_pop_free| OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); -OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, - STACK_OF(X509) *sk); OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_untrusted( X509_STORE_CTX *ctx); OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, @@ -4071,27 +4133,6 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_time_posix(X509_STORE_CTX *ctx, unsigned long flags, int64_t t); -// X509_STORE_CTX_set_verify_cb configures a callback function for |ctx| that is -// called multiple times during |X509_verify_cert|. The callback returns zero to -// fail verification and non-zero to proceed. Typically, it will return |ok|, -// which preserves the default behavior. Returning one when |ok| is zero will -// proceed past some error. The callback may inspect |ctx| and the error queue -// to attempt to determine the current stage of certificate verification, but -// this is often unreliable. -// -// WARNING: Do not use this function. It is extremely fragile and unpredictable. -// This callback exposes implementation details of certificate verification, -// which change as the library evolves. Attempting to use it for security checks -// can introduce vulnerabilities if making incorrect assumptions about when the -// callback is called. Additionally, overriding |ok| may leave |ctx| in an -// inconsistent state and break invariants. -// -// Instead, customize certificate verification by configuring options on the -// |X509_STORE_CTX| before verification, or applying additional checks after -// |X509_verify_cert| completes successfully. -OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb( - X509_STORE_CTX *ctx, int (*verify_cb)(int ok, X509_STORE_CTX *ctx)); - // X509_STORE_CTX_get0_param returns |ctx|'s verification parameters. This // object is mutable and may be modified by the caller. OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param( @@ -4497,9 +4538,6 @@ typedef struct x509_purpose_st { #define X509_PURPOSE_OCSP_HELPER 8 #define X509_PURPOSE_TIMESTAMP_SIGN 9 -#define X509_PURPOSE_MIN 1 -#define X509_PURPOSE_MAX 9 - DEFINE_STACK_OF(X509_PURPOSE) DECLARE_ASN1_FUNCTIONS_const(BASIC_CONSTRAINTS)