tor  0.4.2.0-alpha-dev
x509_openssl.c
Go to the documentation of this file.
1 /* Copyright (c) 2003, Roger Dingledine.
2  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3  * Copyright (c) 2007-2019, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5 
12 #define TOR_X509_PRIVATE
13 #include "lib/tls/x509.h"
14 #include "lib/tls/x509_internal.h"
15 #include "lib/tls/tortls.h"
18 #include "lib/crypt_ops/compat_openssl.h"
19 
20 /* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
21  * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
22 DISABLE_GCC_WARNING(redundant-decls)
23 
24 #include <openssl/opensslv.h>
25 
26 #ifdef OPENSSL_NO_EC
27 #error "We require OpenSSL with ECC support"
28 #endif
29 
30 #include <openssl/err.h>
31 #include <openssl/asn1.h>
32 #include <openssl/bio.h>
33 #include <openssl/bn.h>
34 #include <openssl/evp.h>
35 #include <openssl/objects.h>
36 #include <openssl/rsa.h>
37 #include <openssl/x509.h>
38 
39 ENABLE_GCC_WARNING(redundant-decls)
40 
41 #include "lib/log/log.h"
42 #include "lib/log/util_bug.h"
43 #include "lib/ctime/di_ops.h"
44 #include "lib/encoding/time_fmt.h"
45 
46 #include <stdlib.h>
47 #include <string.h>
48 
49 #ifdef OPENSSL_1_1_API
50 #define X509_get_notBefore_const(cert) \
51  X509_get0_notBefore(cert)
52 #define X509_get_notAfter_const(cert) \
53  X509_get0_notAfter(cert)
54 #ifndef X509_get_notBefore
55 #define X509_get_notBefore(cert) \
56  X509_getm_notBefore(cert)
57 #endif
58 #ifndef X509_get_notAfter
59 #define X509_get_notAfter(cert) \
60  X509_getm_notAfter(cert)
61 #endif
62 #else /* !(defined(OPENSSL_1_1_API)) */
63 #define X509_get_notBefore_const(cert) \
64  ((const ASN1_TIME*) X509_get_notBefore((X509 *)cert))
65 #define X509_get_notAfter_const(cert) \
66  ((const ASN1_TIME*) X509_get_notAfter((X509 *)cert))
67 #endif /* defined(OPENSSL_1_1_API) */
68 
70 static X509_NAME *
71 tor_x509_name_new(const char *cname)
72 {
73  int nid;
74  X509_NAME *name;
75  /* LCOV_EXCL_BR_START : these branches will only fail on OOM errors */
76  if (!(name = X509_NAME_new()))
77  return NULL;
78  if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
79  if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
80  (unsigned char*)cname, -1, -1, 0)))
81  goto error;
82  /* LCOV_EXCL_BR_STOP */
83  return name;
84 
85  /* LCOV_EXCL_START : these lines will only execute on out of memory errors*/
86  error:
87  X509_NAME_free(name);
88  return NULL;
89  /* LCOV_EXCL_STOP */
90 }
91 
100 MOCK_IMPL(X509 *,
101 tor_tls_create_certificate,(crypto_pk_t *rsa,
102  crypto_pk_t *rsa_sign,
103  const char *cname,
104  const char *cname_sign,
105  unsigned int cert_lifetime))
106 {
107  /* OpenSSL generates self-signed certificates with random 64-bit serial
108  * numbers, so let's do that too. */
109 #define SERIAL_NUMBER_SIZE 8
110 
111  time_t start_time, end_time;
112  BIGNUM *serial_number = NULL;
113  unsigned char serial_tmp[SERIAL_NUMBER_SIZE];
114  EVP_PKEY *sign_pkey = NULL, *pkey=NULL;
115  X509 *x509 = NULL;
116  X509_NAME *name = NULL, *name_issuer=NULL;
117 
118  tor_tls_init();
119 
120  time_t now = time(NULL);
121 
122  tor_tls_pick_certificate_lifetime(now, cert_lifetime,
123  &start_time, &end_time);
124 
125  tor_assert(rsa);
126  tor_assert(cname);
127  tor_assert(rsa_sign);
128  tor_assert(cname_sign);
129  if (!(sign_pkey = crypto_pk_get_openssl_evp_pkey_(rsa_sign,1)))
130  goto error;
131  if (!(pkey = crypto_pk_get_openssl_evp_pkey_(rsa,0)))
132  goto error;
133  if (!(x509 = X509_new()))
134  goto error;
135  if (!(X509_set_version(x509, 2)))
136  goto error;
137 
138  { /* our serial number is 8 random bytes. */
139  crypto_rand((char *)serial_tmp, sizeof(serial_tmp));
140  if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL)))
141  goto error;
142  if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509))))
143  goto error;
144  }
145 
146  if (!(name = tor_x509_name_new(cname)))
147  goto error;
148  if (!(X509_set_subject_name(x509, name)))
149  goto error;
150  if (!(name_issuer = tor_x509_name_new(cname_sign)))
151  goto error;
152  if (!(X509_set_issuer_name(x509, name_issuer)))
153  goto error;
154 
155  if (!X509_time_adj(X509_get_notBefore(x509),0,&start_time))
156  goto error;
157  if (!X509_time_adj(X509_get_notAfter(x509),0,&end_time))
158  goto error;
159  if (!X509_set_pubkey(x509, pkey))
160  goto error;
161 
162  if (!X509_sign(x509, sign_pkey, EVP_sha256()))
163  goto error;
164 
165  goto done;
166  error:
167  if (x509) {
168  X509_free(x509);
169  x509 = NULL;
170  }
171  done:
172  tls_log_errors(NULL, LOG_WARN, LD_NET, "generating certificate");
173  if (sign_pkey)
174  EVP_PKEY_free(sign_pkey);
175  if (pkey)
176  EVP_PKEY_free(pkey);
177  if (serial_number)
178  BN_clear_free(serial_number);
179  if (name)
180  X509_NAME_free(name);
181  if (name_issuer)
182  X509_NAME_free(name_issuer);
183  return x509;
184 
185 #undef SERIAL_NUMBER_SIZE
186 }
187 
189 int
191 {
192  unsigned char *buf = NULL;
193  int length = i2d_X509(cert->cert, &buf);
194 
195  if (length <= 0 || buf == NULL) {
196  return -1;
197  }
198  cert->encoded_len = (size_t) length;
199  cert->encoded = tor_malloc(length);
200  memcpy(cert->encoded, buf, length);
201  OPENSSL_free(buf);
202  return 0;
203 }
204 
205 void
206 tor_x509_cert_impl_free_(tor_x509_cert_impl_t *cert)
207 {
208  if (cert)
209  X509_free(cert);
210 }
211 
212 tor_x509_cert_impl_t *
213 tor_x509_cert_impl_dup_(tor_x509_cert_impl_t *cert)
214 {
215  if (cert)
216  return X509_dup(cert);
217  else
218  return NULL;
219 }
220 
223 void
224 tor_x509_cert_get_der(const tor_x509_cert_t *cert,
225  const uint8_t **encoded_out, size_t *size_out)
226 {
227  tor_assert(cert);
228  tor_assert(encoded_out);
229  tor_assert(size_out);
230  *encoded_out = cert->encoded;
231  *size_out = cert->encoded_len;
232 }
233 
237 tor_x509_cert_t *
238 tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
239 {
240  X509 *x509;
241  const unsigned char *cp = (const unsigned char *)certificate;
242  tor_x509_cert_t *newcert;
243  tor_assert(certificate);
244  check_no_tls_errors();
245 
246  if (certificate_len > INT_MAX)
247  goto err;
248 
249  x509 = d2i_X509(NULL, &cp, (int)certificate_len);
250 
251  if (!x509)
252  goto err; /* Couldn't decode */
253  if (cp - certificate != (int)certificate_len) {
254  X509_free(x509);
255  goto err; /* Didn't use all the bytes */
256  }
257  newcert = tor_x509_cert_new(x509);
258  if (!newcert) {
259  goto err;
260  }
261  if (newcert->encoded_len != certificate_len ||
262  fast_memneq(newcert->encoded, certificate, certificate_len)) {
263  /* Cert wasn't in DER */
264  tor_x509_cert_free(newcert);
265  goto err;
266  }
267  return newcert;
268  err:
269  tls_log_errors(NULL, LOG_INFO, LD_CRYPTO, "decoding a certificate");
270  return NULL;
271 }
272 
277 crypto_pk_t *
278 tor_tls_cert_get_key(tor_x509_cert_t *cert)
279 {
280  crypto_pk_t *result = NULL;
281  EVP_PKEY *pkey = X509_get_pubkey(cert->cert);
282  RSA *rsa;
283  if (!pkey)
284  return NULL;
285  rsa = EVP_PKEY_get1_RSA(pkey);
286  if (!rsa) {
287  EVP_PKEY_free(pkey);
288  return NULL;
289  }
290  result = crypto_new_pk_from_openssl_rsa_(rsa);
291  EVP_PKEY_free(pkey);
292  return result;
293 }
294 
300 int
302  const tor_x509_cert_t *cert,
303  const tor_x509_cert_t *signing_cert,
304  time_t now,
305  int check_rsa_1024)
306 {
307  check_no_tls_errors();
308  EVP_PKEY *cert_key;
309  int r, key_ok = 0;
310 
311  if (!signing_cert || !cert)
312  goto bad;
313 
314  EVP_PKEY *signing_key = X509_get_pubkey(signing_cert->cert);
315  if (!signing_key)
316  goto bad;
317  r = X509_verify(cert->cert, signing_key);
318  EVP_PKEY_free(signing_key);
319  if (r <= 0)
320  goto bad;
321 
322  /* okay, the signature checked out right. Now let's check the check the
323  * lifetime. */
324  if (tor_x509_check_cert_lifetime_internal(severity, cert->cert, now,
325  TOR_X509_PAST_SLOP,
326  TOR_X509_FUTURE_SLOP) < 0)
327  goto bad;
328 
329  cert_key = X509_get_pubkey(cert->cert);
330  if (check_rsa_1024 && cert_key) {
331  RSA *rsa = EVP_PKEY_get1_RSA(cert_key);
332 #ifdef OPENSSL_1_1_API
333  if (rsa && RSA_bits(rsa) == 1024) {
334 #else
335  if (rsa && BN_num_bits(rsa->n) == 1024) {
336 #endif
337  key_ok = 1;
338  } else {
339  log_fn(severity, LD_CRYPTO, "Invalid certificate: Key is not RSA1024.");
340  }
341 
342  if (rsa)
343  RSA_free(rsa);
344  } else if (cert_key) {
345  int min_bits = 1024;
346 #ifdef EVP_PKEY_EC
347  if (EVP_PKEY_base_id(cert_key) == EVP_PKEY_EC)
348  min_bits = 128;
349 #endif
350  if (EVP_PKEY_bits(cert_key) >= min_bits)
351  key_ok = 1;
352  }
353  EVP_PKEY_free(cert_key);
354  if (!key_ok)
355  goto bad;
356 
357  /* XXXX compare DNs or anything? */
358 
359  return 1;
360  bad:
361  tls_log_errors(NULL, LOG_INFO, LD_CRYPTO, "checking a certificate");
362  return 0;
363 }
364 
366 static void
367 log_cert_lifetime(int severity, const X509 *cert, const char *problem,
368  time_t now)
369 {
370  BIO *bio = NULL;
371  BUF_MEM *buf;
372  char *s1=NULL, *s2=NULL;
373  char mytime[33];
374  struct tm tm;
375  size_t n;
376 
377  if (problem)
378  tor_log(severity, LD_GENERAL,
379  "Certificate %s. Either their clock is set wrong, or your clock "
380  "is wrong.",
381  problem);
382 
383  if (!(bio = BIO_new(BIO_s_mem()))) {
384  log_warn(LD_GENERAL, "Couldn't allocate BIO!"); goto end;
385  }
386  if (!(ASN1_TIME_print(bio, X509_get_notBefore_const(cert)))) {
387  tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime");
388  goto end;
389  }
390  BIO_get_mem_ptr(bio, &buf);
391  s1 = tor_strndup(buf->data, buf->length);
392 
393  (void)BIO_reset(bio);
394  if (!(ASN1_TIME_print(bio, X509_get_notAfter_const(cert)))) {
395  tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime");
396  goto end;
397  }
398  BIO_get_mem_ptr(bio, &buf);
399  s2 = tor_strndup(buf->data, buf->length);
400 
401  n = strftime(mytime, 32, "%b %d %H:%M:%S %Y UTC", tor_gmtime_r(&now, &tm));
402  if (n > 0) {
403  tor_log(severity, LD_GENERAL,
404  "(certificate lifetime runs from %s through %s. Your time is %s.)",
405  s1,s2,mytime);
406  } else {
407  tor_log(severity, LD_GENERAL,
408  "(certificate lifetime runs from %s through %s. "
409  "Couldn't get your time.)",
410  s1, s2);
411  }
412 
413  end:
414  /* Not expected to get invoked */
415  tls_log_errors(NULL, LOG_WARN, LD_NET, "getting certificate lifetime");
416  if (bio)
417  BIO_free(bio);
418  tor_free(s1);
419  tor_free(s2);
420 }
421 
427 int
428 tor_x509_check_cert_lifetime_internal(int severity, const X509 *cert,
429  time_t now,
430  int past_tolerance, int future_tolerance)
431 {
432  time_t t;
433 
434  t = now + future_tolerance;
435  if (X509_cmp_time(X509_get_notBefore_const(cert), &t) > 0) {
436  log_cert_lifetime(severity, cert, "not yet valid", now);
437  return -1;
438  }
439  t = now - past_tolerance;
440  if (X509_cmp_time(X509_get_notAfter_const(cert), &t) < 0) {
441  log_cert_lifetime(severity, cert, "already expired", now);
442  return -1;
443  }
444 
445  return 0;
446 }
447 
448 #ifdef TOR_UNIT_TESTS
449 /* Testing only: return a new x509 cert with the same contents as <b>inp</b>,
450  but with the expiration time <b>new_expiration_time</b>, signed with
451  <b>signing_key</b>. */
452 STATIC tor_x509_cert_t *
453 tor_x509_cert_replace_expiration(const tor_x509_cert_t *inp,
454  time_t new_expiration_time,
455  crypto_pk_t *signing_key)
456 {
457  X509 *newc = X509_dup(inp->cert);
458  X509_time_adj(X509_get_notAfter(newc), 0, &new_expiration_time);
459  EVP_PKEY *pk = crypto_pk_get_openssl_evp_pkey_(signing_key, 1);
460  tor_assert(X509_sign(newc, pk, EVP_sha256()));
461  EVP_PKEY_free(pk);
462  return tor_x509_cert_new(newc);
463 }
464 #endif /* defined(TOR_UNIT_TESTS) */
MOCK_IMPL(X509 *, tor_tls_create_certificate,(crypto_pk_t *rsa, crypto_pk_t *rsa_sign, const char *cname, const char *cname_sign, unsigned int cert_lifetime))
Definition: x509_openssl.c:100
int tor_x509_check_cert_lifetime_internal(int severity, const X509 *cert, time_t now, int past_tolerance, int future_tolerance)
Definition: x509_openssl.c:428
Common functions for using (pseudo-)random number generators.
tor_x509_cert_t * tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
Definition: x509_openssl.c:238
void tor_x509_cert_get_der(const tor_x509_cert_t *cert, const uint8_t **encoded_out, size_t *size_out)
Definition: x509_openssl.c:224
Headers for di_ops.c.
#define LD_GENERAL
Definition: log.h:60
crypto_pk_t * tor_tls_cert_get_key(tor_x509_cert_t *cert)
Definition: x509_openssl.c:278
#define LOG_INFO
Definition: log.h:43
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:633
void tor_tls_init(void)
Definition: tortls_nss.c:356
static void log_cert_lifetime(int severity, const X509 *cert, const char *problem, time_t now)
Definition: x509_openssl.c:367
Header for time_fmt.c.
#define tor_free(p)
Definition: malloc.h:52
Common functions for cryptographic routines.
tor_assert(buffer)
void tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing)
Definition: tortls_nss.c:362
int tor_tls_cert_is_valid(int severity, const tor_x509_cert_t *cert, const tor_x509_cert_t *signing_cert, time_t now, int check_rsa_1024)
Definition: x509_openssl.c:301
#define LOG_WARN
Definition: log.h:51
Headers for tortls.c.
static X509_NAME * tor_x509_name_new(const char *cname)
Definition: x509_openssl.c:71
struct tm * tor_gmtime_r(const time_t *timep, struct tm *result)
Definition: time_fmt.c:65
#define log_fn(severity, domain, args,...)
Definition: log.h:274
Headers for tortls.c.
int tor_x509_cert_set_cached_der_encoding(tor_x509_cert_t *cert)
Definition: x509_openssl.c:190
#define LD_NET
Definition: log.h:64
#define LD_CRYPTO
Definition: log.h:62
Macros to manage assertions, fatal and non-fatal.