From 6383d31645c6381817f26e2997b8bf58ec903edb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 12 May 2015 22:17:34 +0100 Subject: [PATCH] Move certificate validity flags out of CERT. Reviewed-by: Rich Salz --- ssl/s3_clnt.c | 2 +- ssl/s3_lib.c | 2 +- ssl/ssl_cert.c | 3 --- ssl/ssl_lib.c | 23 ++++++++++++----------- ssl/ssl_locl.h | 16 ++++++++-------- ssl/t1_lib.c | 25 ++++++++++++++----------- 6 files changed, 36 insertions(+), 35 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 9b83a0541e..3b49fa4a33 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2164,7 +2164,7 @@ int ssl3_get_certificate_request(SSL *s) /* Clear certificate digests and validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) { s->s3->tmp.md[i] = NULL; - s->cert->pkeys[i].valid_flags = 0; + s->s3->tmp.valid_flags[i] = 0; } if ((llen & 1) || !tls1_save_sigalgs(s, p, llen)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c38d3e1efc..c28c447618 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3892,7 +3892,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) continue; - ssl_set_cert_masks(cert, c); + ssl_set_masks(s, c); mask_k = cert->mask_k; mask_a = cert->mask_a; emask_k = cert->export_mask_k; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 45e2c021f8..14c0c16142 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -270,7 +270,6 @@ CERT *ssl_cert_dup(CERT *cert) goto err; } } - rpk->valid_flags = 0; #ifndef OPENSSL_NO_TLSEXT if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ @@ -375,8 +374,6 @@ void ssl_cert_clear_certs(CERT *c) cpk->serverinfo = NULL; cpk->serverinfo_length = 0; #endif - /* Clear all flags apart from explicit sign */ - cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN; } } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 8929ea0b9c..b44cb1956f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1933,9 +1933,11 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) ssl_cert_set_cert_cb(s->cert, cb, arg); } -void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) +void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) { CERT_PKEY *cpk; + CERT *c = s->cert; + int *pvalid = s->s3->tmp.valid_flags; int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; int rsa_enc_export, dh_rsa_export, dh_dsa_export; int rsa_tmp_export, dh_tmp_export, kl; @@ -1972,22 +1974,21 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto); #endif cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); - rsa_enc = cpk->valid_flags & CERT_PKEY_VALID; + rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID; rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); - rsa_sign = cpk->valid_flags & CERT_PKEY_SIGN; + rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN; cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); - dsa_sign = cpk->valid_flags & CERT_PKEY_SIGN; + dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN; cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); - dh_rsa = cpk->valid_flags & CERT_PKEY_VALID; + dh_rsa = pvalid[SSL_PKEY_DH_RSA] & CERT_PKEY_VALID; dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); -/* FIX THIS EAY EAY EAY */ - dh_dsa = cpk->valid_flags & CERT_PKEY_VALID; + dh_dsa = pvalid[SSL_PKEY_DH_DSA] & CERT_PKEY_VALID; dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); cpk = &(c->pkeys[SSL_PKEY_ECC]); #ifndef OPENSSL_NO_EC - have_ecc_cert = cpk->valid_flags & CERT_PKEY_VALID; + have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; #endif mask_k = 0; mask_a = 0; @@ -2063,7 +2064,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; - if (!(cpk->valid_flags & CERT_PKEY_SIGN)) + if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN)) ecdsa_ok = 0; ecc_pkey = X509_get_pubkey(x); ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0; @@ -2204,7 +2205,7 @@ static int ssl_get_server_cert_index(const SSL *s) return idx; } -CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) +CERT_PKEY *ssl_get_server_send_pkey(SSL *s) { CERT *c; int i; @@ -2212,7 +2213,7 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) c = s->cert; if (!s->s3 || !s->s3->tmp.new_cipher) return NULL; - ssl_set_cert_masks(c, s->s3->tmp.new_cipher); + ssl_set_masks(s, s->s3->tmp.new_cipher); #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL /* diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 72971c48b1..d2ee6344ae 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1295,6 +1295,12 @@ typedef struct ssl3_state_st { const EVP_MD *peer_md; /* Array of digests used for signing */ const EVP_MD *md[SSL_PKEY_NUM]; + /* + * Set if corresponding CERT_PKEY can be used with current + * SSL session: e.g. appropriate curve, signature algorithms etc. + * If zero it can't be used at all. + */ + int valid_flags[SSL_PKEY_NUM]; } tmp; /* Connection binding to prevent renegotiation attacks */ @@ -1456,12 +1462,6 @@ typedef struct cert_pkey_st { unsigned char *serverinfo; size_t serverinfo_length; # endif - /* - * Set if CERT_PKEY can be used with current SSL session: e.g. - * appropriate curve, signature algorithms etc. If zero it can't be used - * at all. - */ - int valid_flags; } CERT_PKEY; /* Retrieve Suite B flags */ # define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS) @@ -1916,14 +1916,14 @@ __owur int ssl_ctx_security(SSL_CTX *ctx, int op, int bits, int nid, void *other int ssl_undefined_function(SSL *s); __owur int ssl_undefined_void_function(void); __owur int ssl_undefined_const_function(const SSL *s); -__owur CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); +__owur CERT_PKEY *ssl_get_server_send_pkey(SSL *s); # ifndef OPENSSL_NO_TLSEXT __owur int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, size_t *serverinfo_length); # endif __owur EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd); __owur int ssl_cert_type(X509 *x, EVP_PKEY *pkey); -void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); +void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 1ee7afb64a..529157425a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2694,7 +2694,7 @@ int tls1_set_server_sigalgs(SSL *s) /* Clear certificate digests and validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) { s->s3->tmp.md[i] = NULL; - s->cert->pkeys[i].valid_flags = 0; + s->s3->tmp.valid_flags[i] = 0; } /* If sigalgs received process it. */ @@ -3450,6 +3450,7 @@ int tls1_process_sigalgs(SSL *s) size_t i; const EVP_MD *md; const EVP_MD **pmd = s->s3->tmp.md; + int *pvalid = s->s3->tmp.valid_flags; CERT *c = s->cert; TLS_SIGALGS *sigptr; if (!tls1_set_shared_sigalgs(s)) @@ -3470,10 +3471,9 @@ int tls1_process_sigalgs(SSL *s) idx = tls12_get_pkey_idx(sigs[1]); md = tls12_get_hash(sigs[0]); pmd[idx] = md; - c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN; + pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN; if (idx == SSL_PKEY_RSA_SIGN) { - c->pkeys[SSL_PKEY_RSA_ENC].valid_flags = - CERT_PKEY_EXPLICIT_SIGN; + pvalid[SSL_PKEY_RSA_ENC] = CERT_PKEY_EXPLICIT_SIGN; pmd[SSL_PKEY_RSA_ENC] = md; } } @@ -3486,10 +3486,9 @@ int tls1_process_sigalgs(SSL *s) if (idx > 0 && pmd[idx] == NULL) { md = tls12_get_hash(sigptr->rhash); pmd[idx] = md; - c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN; + pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN; if (idx == SSL_PKEY_RSA_SIGN) { - c->pkeys[SSL_PKEY_RSA_ENC].valid_flags = - CERT_PKEY_EXPLICIT_SIGN; + pvalid[SSL_PKEY_RSA_ENC] = CERT_PKEY_EXPLICIT_SIGN; pmd[SSL_PKEY_RSA_ENC] = md; } } @@ -3882,6 +3881,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, int check_flags = 0, strict_mode; CERT_PKEY *cpk = NULL; CERT *c = s->cert; + int *pvalid; unsigned int suiteb_flags = tls1_suiteb(s); /* idx == -1 means checking server chains */ if (idx != -1) { @@ -3891,6 +3891,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, idx = cpk - c->pkeys; } else cpk = c->pkeys + idx; + pvalid = s->s3->tmp.valid_flags + idx; x = cpk->x509; pk = cpk->privatekey; chain = cpk->chain; @@ -3903,7 +3904,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) { rv = CERT_PKEY_STRICT_FLAGS | CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_VALID | CERT_PKEY_SIGN; - cpk->valid_flags = rv; + *pvalid = rv; return rv; } # endif @@ -3914,6 +3915,8 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, if (idx == -1) return 0; cpk = c->pkeys + idx; + pvalid = s->s3->tmp.valid_flags + idx; + if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) check_flags = CERT_PKEY_STRICT_FLAGS; else @@ -4100,7 +4103,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, end: if (TLS1_get_version(s) >= TLS1_2_VERSION) { - if (cpk->valid_flags & CERT_PKEY_EXPLICIT_SIGN) + if (*pvalid & CERT_PKEY_EXPLICIT_SIGN) rv |= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN; else if (s->s3->tmp.md[idx] != NULL) rv |= CERT_PKEY_SIGN; @@ -4113,10 +4116,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, */ if (!check_flags) { if (rv & CERT_PKEY_VALID) - cpk->valid_flags = rv; + *pvalid = rv; else { /* Preserve explicit sign flag, clear rest */ - cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN; + *pvalid &= CERT_PKEY_EXPLICIT_SIGN; return 0; } } -- 2.40.0