int OPENSSL_atexit(void (*handler)(void)) { OPENSSL_INIT_STOP *newhand; #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE) { union { void *sym; void (*func)(void); } handlersym; handlersym.func = handler; # ifdef DSO_WIN32 { HMODULE handle = NULL; BOOL ret; /* * We don't use the DSO route for WIN32 because there is a better * way */ ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_PIN, handlersym.sym, &handle); if (!ret) return 0; } # else /* * Deliberately leak a reference to the handler. This will force the * library/code containing the handler to remain loaded until we run the * atexit handler. If -znodelete has been used then this is * unnecessary. */ { DSO *dso = NULL; ERR_set_mark(); dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); DSO_free(dso); ERR_pop_to_mark(); } # endif } #endif newhand = OPENSSL_malloc(sizeof(*newhand)); if (newhand == NULL) return 0; newhand->handler = handler; newhand->next = stop_handlers; stop_handlers = newhand; return 1; }
/* * syscall_random(): Try to get random data using a system call * returns the number of bytes returned in buf, or < 0 on error. */ static ssize_t syscall_random(void *buf, size_t buflen) { /* * Note: 'buflen' equals the size of the buffer which is used by the * get_entropy() callback of the RAND_DRBG. It is roughly bounded by * * 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14 * * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion * between size_t and ssize_t is safe even without a range check. */ /* * Do runtime detection to find getentropy(). * * Known OSs that should support this: * - Darwin since 16 (OSX 10.12, IOS 10.0). * - Solaris since 11.3 * - OpenBSD since 5.6 * - Linux since 3.17 with glibc 2.25 * - FreeBSD since 12.0 (1200061) */ # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) extern int getentropy(void *buffer, size_t length) __attribute__((weak)); if (getentropy != NULL) return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1; # else union { void *p; int (*f)(void *buffer, size_t length); } p_getentropy; /* * We could cache the result of the lookup, but we normally don't * call this function often. */ ERR_set_mark(); p_getentropy.p = DSO_global_lookup("getentropy"); ERR_pop_to_mark(); if (p_getentropy.p != NULL) return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; # endif /* Linux supports this since version 3.17 */ # if defined(__linux) && defined(SYS_getrandom) return syscall(SYS_getrandom, buf, buflen, 0); # elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) return sysctl_random(buf, buflen); # else errno = ENOSYS; return -1; # endif }
/* * syscall_random(): Try to get random data using a system call * returns the number of bytes returned in buf, or <= 0 on error. */ int syscall_random(void *buf, size_t buflen) { /* * Do runtime detection to find getentropy(). * * Known OSs that should support this: * - Darwin since 16 (OSX 10.12, IOS 10.0). * - Solaris since 11.3 * - OpenBSD since 5.6 * - Linux since 3.17 with glibc 2.25 * - FreeBSD since 12.0 (1200061) */ # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) extern int getentropy(void *bufer, size_t length) __attribute__((weak)); if (getentropy != NULL) return getentropy(buf, buflen) == 0 ? buflen : 0; # else union { void *p; int (*f)(void *buffer, size_t length); } p_getentropy; /* * We could cache the result of the lookup, but we normally don't * call this function often. */ ERR_set_mark(); p_getentropy.p = DSO_global_lookup("getentropy"); ERR_pop_to_mark(); if (p_getentropy.p != NULL) return p_getentropy.f(buf, buflen) == 0 ? buflen : 0; # endif /* Linux supports this since version 3.17 */ # if defined(__linux) && defined(SYS_getrandom) return (int)syscall(SYS_getrandom, buf, buflen, 0); # endif # if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) return (int)sysctl_random(buf, buflen); # endif return -1; }
/* Minor tweak to operation: free up EVP_PKEY */ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { if (operation == ASN1_OP_FREE_POST) { X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; EVP_PKEY_free(pubkey->pkey); } else if (operation == ASN1_OP_D2I_POST) { /* Attempt to decode public key and cache in pubkey structure. */ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; EVP_PKEY_free(pubkey->pkey); /* * Opportunistically decode the key but remove any non fatal errors * from the queue. Subsequent explicit attempts to decode/use the key * will return an appropriate error. */ ERR_set_mark(); if (x509_pubkey_decode(&pubkey->pkey, pubkey) == -1) return 0; ERR_pop_to_mark(); } return 1; }
static STACK_OF(X509) *load_certs_from_file(const char *filename) { STACK_OF(X509) *certs; BIO *bio; X509 *x; bio = BIO_new_file(filename, "r"); if (bio == NULL) { return NULL; } certs = sk_X509_new_null(); if (certs == NULL) { BIO_free(bio); return NULL; } ERR_set_mark(); do { x = PEM_read_bio_X509(bio, NULL, 0, NULL); if (x != NULL && !sk_X509_push(certs, x)) { sk_X509_pop_free(certs, X509_free); BIO_free(bio); return NULL; } else if (x == NULL) { /* * We probably just ran out of certs, so ignore any errors * generated */ ERR_pop_to_mark(); } } while (x != NULL); BIO_free(bio); return certs; }
int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) { long l; int ret = 0, i; char *m = NULL, mlch = ' '; int nmindent = 0; ASN1_INTEGER *bs; EVP_PKEY *pkey = NULL; const char *neg; if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mlch = '\n'; nmindent = 12; } if (nmflags == X509_FLAG_COMPAT) nmindent = 16; if (!(cflag & X509_FLAG_NO_HEADER)) { if (BIO_write(bp, "Certificate:\n", 13) <= 0) goto err; if (BIO_write(bp, " Data:\n", 10) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_VERSION)) { l = X509_get_version(x); if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_SERIAL)) { if (BIO_write(bp, " Serial Number:", 22) <= 0) goto err; bs = X509_get_serialNumber(x); if (bs->length <= (int)sizeof(long)) { ERR_set_mark(); l = ASN1_INTEGER_get(bs); ERR_pop_to_mark(); } else { l = -1; } if (l != -1) { if (bs->type == V_ASN1_NEG_INTEGER) { l = -l; neg = "-"; } else neg = ""; if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0) goto err; } else { neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : ""; if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) goto err; for (i = 0; i < bs->length; i++) { if (BIO_printf(bp, "%02x%c", bs->data[i], ((i + 1 == bs->length) ? '\n' : ':')) <= 0) goto err; } } } if (!(cflag & X509_FLAG_NO_SIGNAME)) { X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x); if (X509_signature_print(bp, tsig_alg, NULL) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_ISSUER)) { if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) goto err; if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) < 0) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_VALIDITY)) { if (BIO_write(bp, " Validity\n", 17) <= 0) goto err; if (BIO_write(bp, " Not Before: ", 24) <= 0) goto err; if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) goto err; if (BIO_write(bp, "\n Not After : ", 25) <= 0) goto err; if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_SUBJECT)) { if (BIO_printf(bp, " Subject:%c", mlch) <= 0) goto err; if (X509_NAME_print_ex (bp, X509_get_subject_name(x), nmindent, nmflags) < 0) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_PUBKEY)) { X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x); ASN1_OBJECT *xpoid; X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey); if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) goto err; if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) goto err; if (i2a_ASN1_OBJECT(bp, xpoid) <= 0) goto err; if (BIO_puts(bp, "\n") <= 0) goto err; pkey = X509_get_pubkey(x); if (pkey == NULL) { BIO_printf(bp, "%12sUnable to load Public Key\n", ""); ERR_print_errors(bp); } else { EVP_PKEY_print_public(bp, pkey, 16, NULL); EVP_PKEY_free(pkey); } } if (!(cflag & X509_FLAG_NO_IDS)) { ASN1_BIT_STRING *iuid, *suid; X509_get0_uids(&iuid, &suid, x); if (iuid != NULL) { if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) goto err; if (!X509_signature_dump(bp, iuid, 12)) goto err; } if (suid != NULL) { if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) goto err; if (!X509_signature_dump(bp, suid, 12)) goto err; } } if (!(cflag & X509_FLAG_NO_EXTENSIONS)) X509V3_extensions_print(bp, "X509v3 extensions", X509_get0_extensions(x), cflag, 8); if (!(cflag & X509_FLAG_NO_SIGDUMP)) { X509_ALGOR *sig_alg; ASN1_BIT_STRING *sig; X509_get0_signature(&sig, &sig_alg, x); if (X509_signature_print(bp, sig_alg, sig) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_AUX)) { if (!X509_aux_print(bp, x, 0)) goto err; } ret = 1; err: OPENSSL_free(m); return (ret); }
ENGINE * engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l) #endif { ENGINE *ret = NULL; ENGINE_PILE tmplate, *fnd = NULL; int initres, loop = 0; if (!(*table)) { #ifdef ENGINE_TABLE_DEBUG fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing " "registered!\n", f, l, nid); #endif return NULL; } ERR_set_mark(); CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); /* Check again inside the lock otherwise we could race against cleanup * operations. But don't worry about a fprintf(stderr). */ if (!int_table_check(table, 0)) goto end; tmplate.nid = nid; fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); if (!fnd) goto end; if (fnd->funct && engine_unlocked_init(fnd->funct)) { #ifdef ENGINE_TABLE_DEBUG fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id); #endif ret = fnd->funct; goto end; } if (fnd->uptodate) { ret = fnd->funct; goto end; } trynext: ret = sk_ENGINE_value(fnd->sk, loop++); if (!ret) { #ifdef ENGINE_TABLE_DEBUG fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " "registered implementations would initialise\n", f, l, nid); #endif goto end; } /* Try to initialise the ENGINE? */ if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) initres = engine_unlocked_init(ret); else initres = 0; if (initres) { /* Update 'funct' */ if ((fnd->funct != ret) && engine_unlocked_init(ret)) { /* If there was a previous default we release it. */ if (fnd->funct) engine_unlocked_finish(fnd->funct, 0); fnd->funct = ret; #ifdef ENGINE_TABLE_DEBUG fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, " "setting default to '%s'\n", f, l, nid, ret->id); #endif } #ifdef ENGINE_TABLE_DEBUG fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " "newly initialised '%s'\n", f, l, nid, ret->id); #endif goto end; } goto trynext; end: /* If it failed, it is unlikely to succeed again until some future * registrations have taken place. In all cases, we cache. */ if (fnd) fnd->uptodate = 1; #ifdef ENGINE_TABLE_DEBUG if (ret) fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " "ENGINE '%s'\n", f, l, nid, ret->id); else fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " "'no matching ENGINE'\n", f, l, nid); #endif CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Whatever happened, any failed init()s are not failures in this * context, so clear our error state. */ ERR_pop_to_mark(); return ret; }
int OPENSSL_atexit(void (*handler)(void)) { OPENSSL_INIT_STOP *newhand; #if !defined(OPENSSL_NO_DSO) \ && !defined(OPENSSL_USE_NODELETE)\ && !defined(OPENSSL_NO_PINSHARED) { union { void *sym; void (*func)(void); } handlersym; handlersym.func = handler; # ifdef DSO_WIN32 { HMODULE handle = NULL; BOOL ret; /* * We don't use the DSO route for WIN32 because there is a better * way */ ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_PIN, handlersym.sym, &handle); if (!ret) return 0; } # else /* * Deliberately leak a reference to the handler. This will force the * library/code containing the handler to remain loaded until we run the * atexit handler. If -znodelete has been used then this is * unnecessary. */ { DSO *dso = NULL; ERR_set_mark(); dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); /* See same code above in ossl_init_base() for an explanation. */ OSSL_TRACE1(INIT, "atexit: obtained DSO reference? %s\n", (dso == NULL ? "No!" : "Yes.")); DSO_free(dso); ERR_pop_to_mark(); } # endif } #endif if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) { CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE); return 0; } newhand->handler = handler; newhand->next = stop_handlers; stop_handlers = newhand; return 1; }
int CryptoManager::verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { int err = X509_STORE_CTX_get_error(ctx); SSL* ssl = (SSL*)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); SSLVerifyData* verifyData = (SSLVerifyData*)SSL_get_ex_data(ssl, CryptoManager::idxVerifyData); // TODO: we should make sure that the trusted certificate store never overules KeyPrint, if present, because certificate pinning on an individual certificate is a stronger method of verification. // verifyData is unset only when KeyPrint has been pinned and we are not skipping errors due to incomplete chains // we can fail here f.ex. if the certificate has expired but is still pinned with KeyPrint if (!verifyData) return preverify_ok; bool allowUntrusted = verifyData->first; string keyp = verifyData->second; if (!keyp.empty()) { X509* cert = X509_STORE_CTX_get_current_cert(ctx); if (!cert) return 0; string kp2(keyp); if (kp2.compare(0, 12, "trusted_keyp") == 0) { // Possible follow up errors, after verification of a partial chain if (err == X509_V_ERR_CERT_UNTRUSTED || err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE) { X509_STORE_CTX_set_error(ctx, X509_V_OK); return 1; } } else if (kp2.compare(0, 7, "SHA256/") != 0) return allowUntrusted ? 1 : 0; ByteVector kp = ssl::X509_digest(cert, EVP_sha256()); ByteVector kp2v(kp.size()); Encoder::fromBase32(&kp2[7], &kp2v[0], kp2v.size()); if (std::equal(kp.begin(), kp.end(), kp2v.begin())) { // KeyPrint validated, we can get rid of it (to avoid unnecessary passes) SSL_set_ex_data(ssl, CryptoManager::idxVerifyData, NULL); if (err != X509_V_OK) { // This is the right way to get the certificate store, although it is rather roundabout X509_STORE* store = SSL_CTX_get_cert_store(SSL_get_SSL_CTX(ssl)); dcassert(store == ctx->ctx); // Hide the potential library error about trying to add a dupe ERR_set_mark(); if (X509_STORE_add_cert(store, cert)) { X509_STORE_CTX_set_error(ctx, X509_V_OK); X509_verify_cert(ctx); err = X509_STORE_CTX_get_error(ctx); } else ERR_pop_to_mark(); // KeyPrint was not root certificate or we don't have the issuer certificate, the best we can do is trust the pinned KeyPrint if (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN || err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY || err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) { X509_STORE_CTX_set_error(ctx, X509_V_OK); // Set this to allow ignoring any follow up errors caused by the incomplete chain SSL_set_ex_data(ssl, CryptoManager::idxVerifyData, &CryptoManager::trustedKeyprint); return 1; } } return (err == X509_V_OK) ? 1 : 0; } else { if (X509_STORE_CTX_get_error_depth(ctx) > 0) return 1; } } if (allowUntrusted) { /* // We let untrusted certificates through unconditionally, when allowed, but we like to complain if (!preverify_ok && err != X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) { X509* cert = NULL; if ((cert = X509_STORE_CTX_get_current_cert(ctx)) != NULL) { X509_NAME* subject = X509_get_subject_name(cert); string tmp, line; tmp = getNameEntryByNID(subject, NID_commonName); if (!tmp.empty()) { CID certCID(tmp); if (certCID) tmp = Util::listToString(ClientManager::getInstance()->getNicks(certCID)); line += (!line.empty() ? ", " : "") + tmp; } tmp = getNameEntryByNID(subject, NID_organizationName); if (!tmp.empty()) line += (!line.empty() ? ", " : "") + tmp; ByteVector kp = ssl::X509_digest(cert, EVP_sha256()); string keyp = "SHA256/" + Encoder::toBase32(&kp[0], kp.size()); LogManager::getInstance()->message(STRING_F(VERIFY_CERT_FAILED, line % X509_verify_cert_error_string(err) % keyp), LogManager::LOG_INFO); } }*/ return 1; } return preverify_ok; }