2
0

ssl_cert_comp.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465
  1. /*
  2. * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "ssl_local.h"
  11. #include "internal/e_os.h"
  12. #include "internal/refcount.h"
  13. size_t ossl_calculate_comp_expansion(int alg, size_t length)
  14. {
  15. size_t ret;
  16. /*
  17. * Uncompressibility expansion:
  18. * ZLIB: N + 11 + 5 * (N >> 14)
  19. * Brotli: per RFC7932: N + 5 + 3 * (N >> 16)
  20. * ZSTD: N + 4 + 14 + 3 * (N >> 17) + 4
  21. */
  22. switch (alg) {
  23. case TLSEXT_comp_cert_zlib:
  24. ret = length + 11 + 5 * (length >> 14);
  25. break;
  26. case TLSEXT_comp_cert_brotli:
  27. ret = length + 5 + 3 * (length >> 16);
  28. break;
  29. case TLSEXT_comp_cert_zstd:
  30. ret = length + 22 + 3 * (length >> 17);
  31. break;
  32. default:
  33. return 0;
  34. }
  35. /* Check for overflow */
  36. if (ret < length)
  37. return 0;
  38. return ret;
  39. }
  40. int ossl_comp_has_alg(int a)
  41. {
  42. #ifndef OPENSSL_NO_COMP_ALG
  43. /* 0 means "any" algorithm */
  44. if ((a == 0 || a == TLSEXT_comp_cert_brotli) && BIO_f_brotli() != NULL)
  45. return 1;
  46. if ((a == 0 || a == TLSEXT_comp_cert_zstd) && BIO_f_zstd() != NULL)
  47. return 1;
  48. if ((a == 0 || a == TLSEXT_comp_cert_zlib) && BIO_f_zlib() != NULL)
  49. return 1;
  50. #endif
  51. return 0;
  52. }
  53. /* New operation Helper routine */
  54. #ifndef OPENSSL_NO_COMP_ALG
  55. static OSSL_COMP_CERT *OSSL_COMP_CERT_new(unsigned char *data, size_t len, size_t orig_len, int alg)
  56. {
  57. OSSL_COMP_CERT *ret = NULL;
  58. if (!ossl_comp_has_alg(alg)
  59. || data == NULL
  60. || (ret = OPENSSL_zalloc(sizeof(*ret))) == NULL
  61. || !CRYPTO_NEW_REF(&ret->references, 1))
  62. goto err;
  63. ret->data = data;
  64. ret->len = len;
  65. ret->orig_len = orig_len;
  66. ret->alg = alg;
  67. return ret;
  68. err:
  69. ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
  70. OPENSSL_free(data);
  71. OPENSSL_free(ret);
  72. return NULL;
  73. }
  74. __owur static OSSL_COMP_CERT *OSSL_COMP_CERT_from_compressed_data(unsigned char *data, size_t len,
  75. size_t orig_len, int alg)
  76. {
  77. return OSSL_COMP_CERT_new(OPENSSL_memdup(data, len), len, orig_len, alg);
  78. }
  79. __owur static OSSL_COMP_CERT *OSSL_COMP_CERT_from_uncompressed_data(unsigned char *data, size_t len,
  80. int alg)
  81. {
  82. OSSL_COMP_CERT *ret = NULL;
  83. size_t max_length;
  84. int comp_length;
  85. COMP_METHOD *method;
  86. unsigned char *comp_data = NULL;
  87. COMP_CTX *comp_ctx = NULL;
  88. switch (alg) {
  89. case TLSEXT_comp_cert_brotli:
  90. method = COMP_brotli_oneshot();
  91. break;
  92. case TLSEXT_comp_cert_zlib:
  93. method = COMP_zlib_oneshot();
  94. break;
  95. case TLSEXT_comp_cert_zstd:
  96. method = COMP_zstd_oneshot();
  97. break;
  98. default:
  99. goto err;
  100. }
  101. if ((max_length = ossl_calculate_comp_expansion(alg, len)) == 0
  102. || method == NULL
  103. || (comp_ctx = COMP_CTX_new(method)) == NULL
  104. || (comp_data = OPENSSL_zalloc(max_length)) == NULL)
  105. goto err;
  106. comp_length = COMP_compress_block(comp_ctx, comp_data, max_length, data, len);
  107. if (comp_length <= 0)
  108. goto err;
  109. ret = OSSL_COMP_CERT_new(comp_data, comp_length, len, alg);
  110. comp_data = NULL;
  111. err:
  112. OPENSSL_free(comp_data);
  113. COMP_CTX_free(comp_ctx);
  114. return ret;
  115. }
  116. void OSSL_COMP_CERT_free(OSSL_COMP_CERT *cc)
  117. {
  118. int i;
  119. if (cc == NULL)
  120. return;
  121. CRYPTO_DOWN_REF(&cc->references, &i);
  122. REF_PRINT_COUNT("OSSL_COMP_CERT", cc);
  123. if (i > 0)
  124. return;
  125. REF_ASSERT_ISNT(i < 0);
  126. OPENSSL_free(cc->data);
  127. CRYPTO_FREE_REF(&cc->references);
  128. OPENSSL_free(cc);
  129. }
  130. int OSSL_COMP_CERT_up_ref(OSSL_COMP_CERT *cc)
  131. {
  132. int i;
  133. if (CRYPTO_UP_REF(&cc->references, &i) <= 0)
  134. return 0;
  135. REF_PRINT_COUNT("OSSL_COMP_CERT", cc);
  136. REF_ASSERT_ISNT(i < 2);
  137. return ((i > 1) ? 1 : 0);
  138. }
  139. static int ssl_set_cert_comp_pref(int *prefs, int *algs, size_t len)
  140. {
  141. size_t j = 0;
  142. size_t i;
  143. int found = 0;
  144. int already_set[TLSEXT_comp_cert_limit];
  145. int tmp_prefs[TLSEXT_comp_cert_limit];
  146. /* Note that |len| is the number of |algs| elements */
  147. /* clear all algorithms */
  148. if (len == 0 || algs == NULL) {
  149. memset(prefs, 0, sizeof(tmp_prefs));
  150. return 1;
  151. }
  152. /* This will 0-terminate the array */
  153. memset(tmp_prefs, 0, sizeof(tmp_prefs));
  154. memset(already_set, 0, sizeof(already_set));
  155. /* Include only those algorithms we support, ignoring duplicates and unknowns */
  156. for (i = 0; i < len; i++) {
  157. if (algs[i] != 0 && ossl_comp_has_alg(algs[i])) {
  158. /* Check for duplicate */
  159. if (already_set[algs[i]])
  160. return 0;
  161. tmp_prefs[j++] = algs[i];
  162. already_set[algs[i]] = 1;
  163. found = 1;
  164. }
  165. }
  166. if (found)
  167. memcpy(prefs, tmp_prefs, sizeof(tmp_prefs));
  168. return found;
  169. }
  170. static size_t ssl_get_cert_to_compress(SSL *ssl, CERT_PKEY *cpk, unsigned char **data)
  171. {
  172. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  173. WPACKET tmppkt;
  174. BUF_MEM buf = { 0 };
  175. size_t ret = 0;
  176. if (sc == NULL
  177. || cpk == NULL
  178. || !sc->server
  179. || !SSL_in_before(ssl))
  180. return 0;
  181. /* Use the |tmppkt| for the to-be-compressed data */
  182. if (!WPACKET_init(&tmppkt, &buf))
  183. goto out;
  184. /* no context present, add 0-length context */
  185. if (!WPACKET_put_bytes_u8(&tmppkt, 0))
  186. goto out;
  187. /*
  188. * ssl3_output_cert_chain() may generate an SSLfatal() error,
  189. * for this case, we want to ignore it, argument for_comp = 1
  190. */
  191. if (!ssl3_output_cert_chain(sc, &tmppkt, cpk, 1))
  192. goto out;
  193. WPACKET_get_total_written(&tmppkt, &ret);
  194. out:
  195. WPACKET_cleanup(&tmppkt);
  196. if (ret != 0 && data != NULL)
  197. *data = (unsigned char *)buf.data;
  198. else
  199. OPENSSL_free(buf.data);
  200. return ret;
  201. }
  202. static int ssl_compress_one_cert(SSL *ssl, CERT_PKEY *cpk, int alg)
  203. {
  204. unsigned char *cert_data = NULL;
  205. OSSL_COMP_CERT *comp_cert = NULL;
  206. size_t length;
  207. if (cpk == NULL
  208. || alg == TLSEXT_comp_cert_none
  209. || !ossl_comp_has_alg(alg))
  210. return 0;
  211. if ((length = ssl_get_cert_to_compress(ssl, cpk, &cert_data)) == 0)
  212. return 0;
  213. comp_cert = OSSL_COMP_CERT_from_uncompressed_data(cert_data, length, alg);
  214. OPENSSL_free(cert_data);
  215. if (comp_cert == NULL)
  216. return 0;
  217. OSSL_COMP_CERT_free(cpk->comp_cert[alg]);
  218. cpk->comp_cert[alg] = comp_cert;
  219. return 1;
  220. }
  221. /* alg_in can be 0, meaning any/all algorithms */
  222. static int ssl_compress_certs(SSL *ssl, CERT_PKEY *cpks, int alg_in)
  223. {
  224. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  225. int i;
  226. int j;
  227. int alg;
  228. int count = 0;
  229. if (sc == NULL
  230. || cpks == NULL
  231. || !ossl_comp_has_alg(alg_in))
  232. return 0;
  233. /* Look through the preferences to see what we have */
  234. for (i = 0; i < TLSEXT_comp_cert_limit; i++) {
  235. /*
  236. * alg = 0 means compress for everything, but only for algorithms enabled
  237. * alg != 0 means compress for that algorithm if enabled
  238. */
  239. alg = sc->cert_comp_prefs[i];
  240. if ((alg_in == 0 && alg != TLSEXT_comp_cert_none)
  241. || (alg_in != 0 && alg == alg_in)) {
  242. for (j = 0; j < SSL_PKEY_NUM; j++) {
  243. /* No cert, move on */
  244. if (cpks[j].x509 == NULL)
  245. continue;
  246. if (!ssl_compress_one_cert(ssl, &cpks[j], alg))
  247. return 0;
  248. /* if the cert expanded, set the value in the CERT_PKEY to NULL */
  249. if (cpks[j].comp_cert[alg]->len >= cpks[j].comp_cert[alg]->orig_len) {
  250. OSSL_COMP_CERT_free(cpks[j].comp_cert[alg]);
  251. cpks[j].comp_cert[alg] = NULL;
  252. } else {
  253. count++;
  254. }
  255. }
  256. }
  257. }
  258. return (count > 0);
  259. }
  260. static size_t ssl_get_compressed_cert(SSL *ssl, CERT_PKEY *cpk, int alg, unsigned char **data,
  261. size_t *orig_len)
  262. {
  263. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  264. size_t cert_len = 0;
  265. size_t comp_len = 0;
  266. unsigned char *cert_data = NULL;
  267. OSSL_COMP_CERT *comp_cert = NULL;
  268. if (sc == NULL
  269. || cpk == NULL
  270. || data == NULL
  271. || orig_len == NULL
  272. || !sc->server
  273. || !SSL_in_before(ssl)
  274. || !ossl_comp_has_alg(alg))
  275. return 0;
  276. if ((cert_len = ssl_get_cert_to_compress(ssl, cpk, &cert_data)) == 0)
  277. goto err;
  278. comp_cert = OSSL_COMP_CERT_from_uncompressed_data(cert_data, cert_len, alg);
  279. OPENSSL_free(cert_data);
  280. if (comp_cert == NULL)
  281. goto err;
  282. comp_len = comp_cert->len;
  283. *orig_len = comp_cert->orig_len;
  284. *data = comp_cert->data;
  285. comp_cert->data = NULL;
  286. err:
  287. OSSL_COMP_CERT_free(comp_cert);
  288. return comp_len;
  289. }
  290. static int ossl_set1_compressed_cert(CERT *cert, int algorithm,
  291. unsigned char *comp_data, size_t comp_length,
  292. size_t orig_length)
  293. {
  294. OSSL_COMP_CERT *comp_cert;
  295. /* No explicit cert set */
  296. if (cert == NULL || cert->key == NULL)
  297. return 0;
  298. comp_cert = OSSL_COMP_CERT_from_compressed_data(comp_data, comp_length,
  299. orig_length, algorithm);
  300. if (comp_cert == NULL)
  301. return 0;
  302. OSSL_COMP_CERT_free(cert->key->comp_cert[algorithm]);
  303. cert->key->comp_cert[algorithm] = comp_cert;
  304. return 1;
  305. }
  306. #endif
  307. /*-
  308. * Public API
  309. */
  310. int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len)
  311. {
  312. #ifndef OPENSSL_NO_COMP_ALG
  313. return ssl_set_cert_comp_pref(ctx->cert_comp_prefs, algs, len);
  314. #else
  315. return 0;
  316. #endif
  317. }
  318. int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len)
  319. {
  320. #ifndef OPENSSL_NO_COMP_ALG
  321. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  322. if (sc == NULL)
  323. return 0;
  324. return ssl_set_cert_comp_pref(sc->cert_comp_prefs, algs, len);
  325. #else
  326. return 0;
  327. #endif
  328. }
  329. int SSL_compress_certs(SSL *ssl, int alg)
  330. {
  331. #ifndef OPENSSL_NO_COMP_ALG
  332. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  333. if (sc == NULL || sc->cert == NULL)
  334. return 0;
  335. return ssl_compress_certs(ssl, sc->cert->pkeys, alg);
  336. #endif
  337. return 0;
  338. }
  339. int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg)
  340. {
  341. int ret = 0;
  342. #ifndef OPENSSL_NO_COMP_ALG
  343. SSL *new = SSL_new(ctx);
  344. if (new == NULL)
  345. return 0;
  346. ret = ssl_compress_certs(new, ctx->cert->pkeys, alg);
  347. SSL_free(new);
  348. #endif
  349. return ret;
  350. }
  351. size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len)
  352. {
  353. #ifndef OPENSSL_NO_COMP_ALG
  354. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  355. CERT_PKEY *cpk = NULL;
  356. if (sc->cert != NULL)
  357. cpk = sc->cert->key;
  358. else
  359. cpk = ssl->ctx->cert->key;
  360. return ssl_get_compressed_cert(ssl, cpk, alg, data, orig_len);
  361. #else
  362. return 0;
  363. #endif
  364. }
  365. size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len)
  366. {
  367. #ifndef OPENSSL_NO_COMP_ALG
  368. size_t ret;
  369. SSL *new = SSL_new(ctx);
  370. ret = ssl_get_compressed_cert(new, ctx->cert->key, alg, data, orig_len);
  371. SSL_free(new);
  372. return ret;
  373. #else
  374. return 0;
  375. #endif
  376. }
  377. int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data,
  378. size_t comp_length, size_t orig_length)
  379. {
  380. #ifndef OPENSSL_NO_COMP_ALG
  381. return ossl_set1_compressed_cert(ctx->cert, algorithm, comp_data, comp_length, orig_length);
  382. #else
  383. return 0;
  384. #endif
  385. }
  386. int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data,
  387. size_t comp_length, size_t orig_length)
  388. {
  389. #ifndef OPENSSL_NO_COMP_ALG
  390. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  391. /* Cannot set a pre-compressed certificate on a client */
  392. if (sc == NULL || !sc->server)
  393. return 0;
  394. return ossl_set1_compressed_cert(sc->cert, algorithm, comp_data, comp_length, orig_length);
  395. #else
  396. return 0;
  397. #endif
  398. }