1 /*
2 * Copyright 2016 The Netty Project
3 *
4 * The Netty Project licenses this file to you under the Apache License,
5 * version 2.0 (the "License"); you may not use this file except in compliance
6 * with the License. You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 * License for the specific language governing permissions and limitations
14 * under the License.
15 */
16 /* Licensed to the Apache Software Foundation (ASF) under one or more
17 * contributor license agreements. See the NOTICE file distributed with
18 * this work for additional information regarding copyright ownership.
19 * The ASF licenses this file to You under the Apache License, Version 2.0
20 * (the "License"); you may not use this file except in compliance with
21 * the License. You may obtain a copy of the License at
22 *
23 * http://www.apache.org/licenses/LICENSE-2.0
24 *
25 * Unless required by applicable law or agreed to in writing, software
26 * distributed under the License is distributed on an "AS IS" BASIS,
27 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
28 * See the License for the specific language governing permissions and
29 * limitations under the License.
30 */
31
32 #include "tcn.h"
33
34 #include "apr_thread_rwlock.h"
35 #include "apr_atomic.h"
36
37 #include "ssl_private.h"
38 #include <stdint.h>
39
40 extern apr_pool_t *tcn_global_pool;
41
ssl_context_cleanup(void * data)42 static apr_status_t ssl_context_cleanup(void *data)
43 {
44 tcn_ssl_ctxt_t *c = (tcn_ssl_ctxt_t *)data;
45 JNIEnv *e;
46
47 if (c) {
48 SSL_CTX_free(c->ctx); // this function is safe to call with NULL
49 c->ctx = NULL;
50
51 if (c->verifier != NULL) {
52 tcn_get_java_env(&e);
53 (*e)->DeleteGlobalRef(e, c->verifier);
54 c->verifier = NULL;
55 }
56 c->verifier_method = NULL;
57
58 if (c->cert_requested_callback != NULL) {
59 tcn_get_java_env(&e);
60 (*e)->DeleteGlobalRef(e, c->cert_requested_callback);
61 c->cert_requested_callback = NULL;
62 }
63 c->cert_requested_callback_method = NULL;
64
65 if (c->next_proto_data != NULL) {
66 free(c->next_proto_data);
67 c->next_proto_data = NULL;
68 }
69 c->next_proto_len = 0;
70
71 if (c->alpn_proto_data != NULL) {
72 free(c->alpn_proto_data);
73 c->alpn_proto_data = NULL;
74 }
75 c->alpn_proto_len = 0;
76
77 apr_thread_rwlock_destroy(c->mutex);
78
79 if (c->ticket_keys != NULL) {
80 free(c->ticket_keys);
81 c->ticket_keys = NULL;
82 }
83 c->ticket_keys_len = 0;
84
85 if (c->password != NULL) {
86 free(c->password);
87 c->password = NULL;
88 }
89 }
90 return APR_SUCCESS;
91 }
92
93 /* Initialize server context */
TCN_IMPLEMENT_CALL(jlong,SSLContext,make)94 TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jint protocol, jint mode)
95 {
96 apr_pool_t *p = NULL;
97 tcn_ssl_ctxt_t *c = NULL;
98 SSL_CTX *ctx = NULL;
99
100 UNREFERENCED(o);
101
102 switch (protocol) {
103 case SSL_PROTOCOL_TLS:
104 case SSL_PROTOCOL_ALL:
105 if (mode == SSL_MODE_CLIENT)
106 ctx = SSL_CTX_new(SSLv23_client_method());
107 else if (mode == SSL_MODE_SERVER)
108 ctx = SSL_CTX_new(SSLv23_server_method());
109 else
110 ctx = SSL_CTX_new(SSLv23_method());
111 break;
112 case SSL_PROTOCOL_TLSV1_2:
113 #ifndef OPENSSL_NO_TLS1
114 if (mode == SSL_MODE_CLIENT)
115 ctx = SSL_CTX_new(TLSv1_2_client_method());
116 else if (mode == SSL_MODE_SERVER)
117 ctx = SSL_CTX_new(TLSv1_2_server_method());
118 else
119 ctx = SSL_CTX_new(TLSv1_2_method());
120 #endif
121 break;
122 case SSL_PROTOCOL_TLSV1_1:
123 #ifndef OPENSSL_NO_TLS1
124 if (mode == SSL_MODE_CLIENT)
125 ctx = SSL_CTX_new(TLSv1_1_client_method());
126 else if (mode == SSL_MODE_SERVER)
127 ctx = SSL_CTX_new(TLSv1_1_server_method());
128 else
129 ctx = SSL_CTX_new(TLSv1_1_method());
130 #endif
131 break;
132 case SSL_PROTOCOL_TLSV1:
133 #ifndef OPENSSL_NO_TLS1
134 if (mode == SSL_MODE_CLIENT)
135 ctx = SSL_CTX_new(TLSv1_client_method());
136 else if (mode == SSL_MODE_SERVER)
137 ctx = SSL_CTX_new(TLSv1_server_method());
138 else
139 ctx = SSL_CTX_new(TLSv1_method());
140 #endif
141 break;
142 case SSL_PROTOCOL_SSLV3:
143 #ifndef OPENSSL_NO_SSL3
144 if (mode == SSL_MODE_CLIENT)
145 ctx = SSL_CTX_new(SSLv3_client_method());
146 else if (mode == SSL_MODE_SERVER)
147 ctx = SSL_CTX_new(SSLv3_server_method());
148 else
149 ctx = SSL_CTX_new(SSLv3_method());
150 #endif
151 break;
152 case SSL_PROTOCOL_SSLV2:
153 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_NO_SSL2)
154 if (mode == SSL_MODE_CLIENT)
155 ctx = SSL_CTX_new(SSLv2_client_method());
156 else if (mode == SSL_MODE_SERVER)
157 ctx = SSL_CTX_new(SSLv2_server_method());
158 else
159 ctx = SSL_CTX_new(SSLv2_method());
160 #endif
161 break;
162 default:
163 // Try to give the user the highest supported protocol.
164 #ifndef OPENSSL_NO_TLS1
165 if (protocol & SSL_PROTOCOL_TLSV1_2) {
166 if (mode == SSL_MODE_CLIENT)
167 ctx = SSL_CTX_new(TLSv1_2_client_method());
168 else if (mode == SSL_MODE_SERVER)
169 ctx = SSL_CTX_new(TLSv1_2_server_method());
170 else
171 ctx = SSL_CTX_new(TLSv1_2_method());
172 break;
173 } else if (protocol & SSL_PROTOCOL_TLSV1_1) {
174 if (mode == SSL_MODE_CLIENT)
175 ctx = SSL_CTX_new(TLSv1_1_client_method());
176 else if (mode == SSL_MODE_SERVER)
177 ctx = SSL_CTX_new(TLSv1_1_server_method());
178 else
179 ctx = SSL_CTX_new(TLSv1_1_method());
180 break;
181 } else if (protocol & SSL_PROTOCOL_TLSV1) {
182 if (mode == SSL_MODE_CLIENT)
183 ctx = SSL_CTX_new(TLSv1_client_method());
184 else if (mode == SSL_MODE_SERVER)
185 ctx = SSL_CTX_new(TLSv1_server_method());
186 else
187 ctx = SSL_CTX_new(TLSv1_method());
188 break;
189 }
190 #endif
191 #ifndef OPENSSL_NO_SSL3
192 if (protocol & SSL_PROTOCOL_SSLV3) {
193 if (mode == SSL_MODE_CLIENT)
194 ctx = SSL_CTX_new(SSLv3_client_method());
195 else if (mode == SSL_MODE_SERVER)
196 ctx = SSL_CTX_new(SSLv3_server_method());
197 else
198 ctx = SSL_CTX_new(SSLv3_method());
199 break;
200 }
201 #endif
202 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_NO_SSL2)
203 if (protocol & SSL_PROTOCOL_SSLV2) {
204 if (mode == SSL_MODE_CLIENT)
205 ctx = SSL_CTX_new(SSLv2_client_method());
206 else if (mode == SSL_MODE_SERVER)
207 ctx = SSL_CTX_new(SSLv2_server_method());
208 else
209 ctx = SSL_CTX_new(SSLv2_method());
210 break;
211 }
212 #endif
213 tcn_Throw(e, "Unsupported SSL protocol (%d)", protocol);
214 goto cleanup;
215 }
216
217 if (ctx == NULL) {
218 char err[256];
219 ERR_error_string(ERR_get_error(), err);
220 tcn_Throw(e, "Failed to initialize SSL_CTX (%s)", err);
221 goto cleanup;
222 }
223
224 TCN_THROW_IF_ERR(apr_pool_create(&p, tcn_global_pool), p);
225
226 if ((c = apr_pcalloc(p, sizeof(tcn_ssl_ctxt_t))) == NULL) {
227 tcn_ThrowAPRException(e, apr_get_os_error());
228 goto cleanup;
229 }
230
231 c->protocol = protocol;
232 c->mode = mode;
233 c->ctx = ctx;
234 c->pool = p;
235 if (!(protocol & SSL_PROTOCOL_SSLV2))
236 SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
237 if (!(protocol & SSL_PROTOCOL_SSLV3))
238 SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
239 if (!(protocol & SSL_PROTOCOL_TLSV1))
240 SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
241 #ifdef SSL_OP_NO_TLSv1_1
242 if (!(protocol & SSL_PROTOCOL_TLSV1_1))
243 SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1);
244 #endif
245 #ifdef SSL_OP_NO_TLSv1_2
246 if (!(protocol & SSL_PROTOCOL_TLSV1_2))
247 SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
248 #endif
249 /*
250 * Configure additional context ingredients
251 */
252 SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_DH_USE);
253 #ifdef HAVE_ECC
254 SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_ECDH_USE);
255 #endif
256
257 SSL_CTX_set_options(c->ctx, SSL_OP_NO_COMPRESSION);
258
259 /*
260 * Disallow a session from being resumed during a renegotiation,
261 * so that an acceptable cipher suite can be negotiated.
262 */
263 SSL_CTX_set_options(c->ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
264 /**
265 * These options may be set by default but can be dangerous in practice [1].
266 * [1] https://www.openssl.org/docs/man1.0.1/ssl/SSL_CTX_set_options.html
267 */
268 SSL_CTX_clear_options(c->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | SSL_OP_LEGACY_SERVER_CONNECT);
269
270 /* Release idle buffers to the SSL_CTX free list */
271 SSL_CTX_set_mode(c->ctx, SSL_MODE_RELEASE_BUFFERS);
272
273 /* Default session context id and cache size */
274 SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
275
276 /* Session cache is disabled by default */
277 SSL_CTX_set_session_cache_mode(c->ctx, SSL_SESS_CACHE_OFF);
278 /* Longer session timeout */
279 SSL_CTX_set_timeout(c->ctx, 14400);
280 EVP_Digest((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
281 (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
282 &(c->context_id[0]), NULL, EVP_sha1(), NULL);
283 if (mode) {
284 #ifdef HAVE_ECC
285 /* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
286 EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
287 SSL_CTX_set_tmp_ecdh(c->ctx, ecdh);
288 EC_KEY_free(ecdh);
289 #endif
290
291 SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH);
292 }
293
294 // Default depth is 100 and disabled according to https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_verify.html.
295 c->verify_config.verify_depth = 100;
296 c->verify_config.verify_mode = SSL_CVERIFY_NONE;
297
298 /* Set default password callback */
299 SSL_CTX_set_default_passwd_cb(c->ctx, (pem_password_cb *)SSL_password_callback);
300 SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void *) c->password);
301
302 apr_thread_rwlock_create(&c->mutex, p);
303 /*
304 * Let us cleanup the ssl context when the pool is destroyed
305 */
306 apr_pool_cleanup_register(p, (const void *)c,
307 ssl_context_cleanup,
308 apr_pool_cleanup_null);
309
310 return P2J(c);
311 cleanup:
312 if (p != NULL) {
313 apr_pool_destroy(p);
314 }
315 SSL_CTX_free(ctx); // this function is safe to call with NULL.
316 return 0;
317 }
318
TCN_IMPLEMENT_CALL(jint,SSLContext,free)319 TCN_IMPLEMENT_CALL(jint, SSLContext, free)(TCN_STDARGS, jlong ctx)
320 {
321 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
322 UNREFERENCED_STDARGS;
323 TCN_ASSERT(ctx != 0);
324 /* Run and destroy the cleanup callback */
325 int result = apr_pool_cleanup_run(c->pool, c, ssl_context_cleanup);
326 apr_pool_destroy(c->pool);
327 return result;
328 }
329
TCN_IMPLEMENT_CALL(void,SSLContext,setContextId)330 TCN_IMPLEMENT_CALL(void, SSLContext, setContextId)(TCN_STDARGS, jlong ctx,
331 jstring id)
332 {
333 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
334 TCN_ALLOC_CSTRING(id);
335
336 TCN_ASSERT(ctx != 0);
337 UNREFERENCED(o);
338 if (J2S(id)) {
339 EVP_Digest((const unsigned char *)J2S(id),
340 (unsigned long)strlen(J2S(id)),
341 &(c->context_id[0]), NULL, EVP_sha1(), NULL);
342 }
343 TCN_FREE_CSTRING(id);
344 }
345
TCN_IMPLEMENT_CALL(void,SSLContext,setOptions)346 TCN_IMPLEMENT_CALL(void, SSLContext, setOptions)(TCN_STDARGS, jlong ctx,
347 jint opt)
348 {
349 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
350
351 UNREFERENCED_STDARGS;
352 TCN_ASSERT(ctx != 0);
353
354 SSL_CTX_set_options(c->ctx, opt);
355 }
356
TCN_IMPLEMENT_CALL(jint,SSLContext,getOptions)357 TCN_IMPLEMENT_CALL(jint, SSLContext, getOptions)(TCN_STDARGS, jlong ctx)
358 {
359 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
360
361 UNREFERENCED_STDARGS;
362 TCN_ASSERT(ctx != 0);
363
364 return SSL_CTX_get_options(c->ctx);
365 }
366
TCN_IMPLEMENT_CALL(void,SSLContext,clearOptions)367 TCN_IMPLEMENT_CALL(void, SSLContext, clearOptions)(TCN_STDARGS, jlong ctx,
368 jint opt)
369 {
370 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
371
372 UNREFERENCED_STDARGS;
373 TCN_ASSERT(ctx != 0);
374 SSL_CTX_clear_options(c->ctx, opt);
375 }
376
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCipherSuite)377 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCipherSuite)(TCN_STDARGS, jlong ctx,
378 jstring ciphers)
379 {
380 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
381 TCN_ALLOC_CSTRING(ciphers);
382 jboolean rv = JNI_TRUE;
383
384 UNREFERENCED(o);
385 TCN_ASSERT(ctx != 0);
386 if (!J2S(ciphers))
387 return JNI_FALSE;
388
389 if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) {
390 char err[256];
391 ERR_error_string(ERR_get_error(), err);
392 tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
393 rv = JNI_FALSE;
394 }
395 TCN_FREE_CSTRING(ciphers);
396 return rv;
397 }
398
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCertificateChainFile)399 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateChainFile)(TCN_STDARGS, jlong ctx,
400 jstring file,
401 jboolean skipfirst)
402 {
403 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
404 jboolean rv = JNI_FALSE;
405 TCN_ALLOC_CSTRING(file);
406
407 UNREFERENCED(o);
408 TCN_ASSERT(ctx != 0);
409 if (!J2S(file))
410 return JNI_FALSE;
411 if (SSL_CTX_use_certificate_chain(c->ctx, J2S(file), skipfirst) > 0)
412 rv = JNI_TRUE;
413 TCN_FREE_CSTRING(file);
414 return rv;
415 }
416
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCertificateChainBio)417 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateChainBio)(TCN_STDARGS, jlong ctx,
418 jlong chain,
419 jboolean skipfirst)
420 {
421 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
422 BIO *b = J2P(chain, BIO *);
423
424 UNREFERENCED(o);
425 TCN_ASSERT(ctx != 0);
426 if (b == NULL)
427 return JNI_FALSE;
428 if (SSL_CTX_use_certificate_chain_bio(c->ctx, b, skipfirst) > 0) {
429 return JNI_TRUE;
430 }
431 return JNI_FALSE;
432 }
433
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCACertificateBio)434 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCACertificateBio)(TCN_STDARGS, jlong ctx, jlong certs)
435 {
436 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
437 BIO *b = J2P(certs, BIO *);
438
439 UNREFERENCED(o);
440 TCN_ASSERT(c != NULL);
441
442 return b != NULL && c->mode != SSL_MODE_CLIENT && SSL_CTX_use_client_CA_bio(c->ctx, b) > 0 ? JNI_TRUE : JNI_FALSE;
443 }
444
TCN_IMPLEMENT_CALL(void,SSLContext,setTmpDHLength)445 TCN_IMPLEMENT_CALL(void, SSLContext, setTmpDHLength)(TCN_STDARGS, jlong ctx, jint length)
446 {
447 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
448 UNREFERENCED(o);
449 TCN_ASSERT(ctx != 0);
450 switch (length) {
451 case 512:
452 SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH_512);
453 return;
454 case 1024:
455 SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH_1024);
456 return;
457 case 2048:
458 SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH_2048);
459 return;
460 case 4096:
461 SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH_4096);
462 return;
463 default:
464 tcn_Throw(e, "Unsupported length %s", length);
465 return;
466 }
467 }
468
TCN_IMPLEMENT_CALL(void,SSLContext,setVerify)469 TCN_IMPLEMENT_CALL(void, SSLContext, setVerify)(TCN_STDARGS, jlong ctx, jint level, jint depth)
470 {
471 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
472
473 UNREFERENCED(o);
474 TCN_ASSERT(c != NULL);
475
476 // No need to set the callback for SSL_CTX_set_verify because we override the default certificate verification via SSL_CTX_set_cert_verify_callback.
477 SSL_CTX_set_verify(c->ctx, tcn_set_verify_config(&c->verify_config, level, depth), NULL);
478 SSL_CTX_set_verify_depth(c->ctx, c->verify_config.verify_depth);
479 }
480
load_pem_key(tcn_ssl_ctxt_t * c,const char * file)481 static EVP_PKEY *load_pem_key(tcn_ssl_ctxt_t *c, const char *file)
482 {
483 BIO *bio = NULL;
484 EVP_PKEY *key = NULL;
485
486 if ((bio = BIO_new(BIO_s_file())) == NULL) {
487 return NULL;
488 }
489 if (BIO_read_filename(bio, file) <= 0) {
490 BIO_free(bio);
491 return NULL;
492 }
493
494 key = PEM_read_bio_PrivateKey(bio, NULL, (pem_password_cb *)SSL_password_callback, (void *)c->password);
495
496 BIO_free(bio);
497 return key;
498 }
499
load_pem_cert(tcn_ssl_ctxt_t * c,const char * file)500 static X509 *load_pem_cert(tcn_ssl_ctxt_t *c, const char *file)
501 {
502 BIO *bio = NULL;
503 X509 *cert = NULL;
504
505 if ((bio = BIO_new(BIO_s_file())) == NULL) {
506 return NULL;
507 }
508 if (BIO_read_filename(bio, file) <= 0) {
509 BIO_free(bio);
510 return NULL;
511 }
512 cert = PEM_read_bio_X509_AUX(bio, NULL,
513 (pem_password_cb *)SSL_password_callback,
514 (void *)c->password);
515 if (cert == NULL &&
516 (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) {
517 ERR_clear_error();
518 BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
519 cert = d2i_X509_bio(bio, NULL);
520 }
521 BIO_free(bio);
522 return cert;
523 }
524
ssl_load_pkcs12(tcn_ssl_ctxt_t * c,const char * file,EVP_PKEY ** pkey,X509 ** cert,STACK_OF (X509)** ca)525 static int ssl_load_pkcs12(tcn_ssl_ctxt_t *c, const char *file,
526 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
527 {
528 const char *pass;
529 char buff[PEM_BUFSIZE];
530 int len, rc = 0;
531 PKCS12 *p12;
532 BIO *in;
533
534 if ((in = BIO_new(BIO_s_file())) == 0)
535 return 0;
536 if (BIO_read_filename(in, file) <= 0) {
537 BIO_free(in);
538 return 0;
539 }
540 p12 = d2i_PKCS12_bio(in, 0);
541 if (p12 == 0) {
542 /* Error loading PKCS12 file */
543 goto cleanup;
544 }
545 /* See if an empty password will do */
546 if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, 0, 0)) {
547 pass = "";
548 }
549 else {
550 len = SSL_password_callback(buff, PEM_BUFSIZE, 0, (void *) c->password);
551 if (len < 0) {
552 /* Passpharse callback error */
553 goto cleanup;
554 }
555 if (!PKCS12_verify_mac(p12, buff, len)) {
556 /* Mac verify error (wrong password?) in PKCS12 file */
557 goto cleanup;
558 }
559 pass = buff;
560 }
561 rc = PKCS12_parse(p12, pass, pkey, cert, ca);
562 cleanup:
563 if (p12 != 0)
564 PKCS12_free(p12);
565 BIO_free(in);
566 return rc;
567 }
568
free_and_reset_pass(tcn_ssl_ctxt_t * c,char * old_password,const jboolean rv)569 static void free_and_reset_pass(tcn_ssl_ctxt_t *c, char* old_password, const jboolean rv) {
570 if (!rv) {
571 if (c->password != NULL) {
572 free(c->password);
573 c->password = NULL;
574 }
575 // Restore old password
576 c->password = old_password;
577 } else if (old_password != NULL) {
578 free(old_password);
579 }
580 }
581
582
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCertificate)583 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx,
584 jstring cert, jstring key,
585 jstring password)
586 {
587 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
588 jboolean rv = JNI_TRUE;
589 TCN_ALLOC_CSTRING(cert);
590 TCN_ALLOC_CSTRING(key);
591 TCN_ALLOC_CSTRING(password);
592 EVP_PKEY *pkey = NULL;
593 X509 *xcert = NULL;
594 const char *key_file, *cert_file;
595 const char *p;
596 char *old_password = NULL;
597 char err[256];
598
599 UNREFERENCED(o);
600 TCN_ASSERT(ctx != 0);
601
602 if (J2S(password)) {
603 old_password = c->password;
604
605 c->password = strdup(cpassword);
606 if (c->password == NULL) {
607 rv = JNI_FALSE;
608 goto cleanup;
609 }
610 }
611 key_file = J2S(key);
612 cert_file = J2S(cert);
613 if (!key_file)
614 key_file = cert_file;
615 if (!key_file || !cert_file) {
616 tcn_Throw(e, "No Certificate file specified or invalid file format");
617 rv = JNI_FALSE;
618 goto cleanup;
619 }
620 if ((p = strrchr(cert_file, '.')) != NULL && strcmp(p, ".pkcs12") == 0) {
621 if (!ssl_load_pkcs12(c, cert_file, &pkey, &xcert, 0)) {
622 ERR_error_string(ERR_get_error(), err);
623 tcn_Throw(e, "Unable to load certificate %s (%s)",
624 cert_file, err);
625 rv = JNI_FALSE;
626 goto cleanup;
627 }
628 }
629 else {
630 if ((pkey = load_pem_key(c, key_file)) == NULL) {
631 ERR_error_string(ERR_get_error(), err);
632 tcn_Throw(e, "Unable to load certificate key %s (%s)",
633 key_file, err);
634 rv = JNI_FALSE;
635 goto cleanup;
636 }
637 if ((xcert = load_pem_cert(c, cert_file)) == NULL) {
638 ERR_error_string(ERR_get_error(), err);
639 tcn_Throw(e, "Unable to load certificate %s (%s)",
640 cert_file, err);
641 rv = JNI_FALSE;
642 goto cleanup;
643 }
644 }
645 if (SSL_CTX_use_certificate(c->ctx, xcert) <= 0) {
646 ERR_error_string(ERR_get_error(), err);
647 tcn_Throw(e, "Error setting certificate (%s)", err);
648 rv = JNI_FALSE;
649 goto cleanup;
650 }
651 if (SSL_CTX_use_PrivateKey(c->ctx, pkey) <= 0) {
652 ERR_error_string(ERR_get_error(), err);
653 tcn_Throw(e, "Error setting private key (%s)", err);
654 rv = JNI_FALSE;
655 goto cleanup;
656 }
657 if (SSL_CTX_check_private_key(c->ctx) <= 0) {
658 ERR_error_string(ERR_get_error(), err);
659 tcn_Throw(e, "Private key does not match the certificate public key (%s)",
660 err);
661 rv = JNI_FALSE;
662 goto cleanup;
663 }
664 cleanup:
665 TCN_FREE_CSTRING(cert);
666 TCN_FREE_CSTRING(key);
667 TCN_FREE_CSTRING(password);
668 EVP_PKEY_free(pkey); // this function is safe to call with NULL
669 X509_free(xcert); // this function is safe to call with NULL
670 free_and_reset_pass(c, old_password, rv);
671 return rv;
672 }
673
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCertificateBio)674 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateBio)(TCN_STDARGS, jlong ctx,
675 jlong cert, jlong key,
676 jstring password)
677 {
678 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
679 BIO *cert_bio = J2P(cert, BIO *);
680 BIO *key_bio = J2P(key, BIO *);
681 EVP_PKEY *pkey = NULL;
682 X509 *xcert = NULL;
683
684 jboolean rv = JNI_TRUE;
685 TCN_ALLOC_CSTRING(password);
686 char *old_password = NULL;
687 char err[256];
688
689 UNREFERENCED(o);
690 TCN_ASSERT(ctx != 0);
691
692 if (J2S(password)) {
693 old_password = c->password;
694
695 c->password = strdup(cpassword);
696 if (c->password == NULL) {
697 rv = JNI_FALSE;
698 goto cleanup;
699 }
700 }
701
702 if (!key)
703 key = cert;
704 if (!cert || !key) {
705 tcn_Throw(e, "No Certificate file specified or invalid file format");
706 rv = JNI_FALSE;
707 goto cleanup;
708 }
709
710 if ((pkey = load_pem_key_bio(c->password, key_bio)) == NULL) {
711 ERR_error_string(ERR_get_error(), err);
712 ERR_clear_error();
713 tcn_Throw(e, "Unable to load certificate key (%s)",err);
714 rv = JNI_FALSE;
715 goto cleanup;
716 }
717 if ((xcert = load_pem_cert_bio(c->password, cert_bio)) == NULL) {
718 ERR_error_string(ERR_get_error(), err);
719 ERR_clear_error();
720 tcn_Throw(e, "Unable to load certificate (%s) ", err);
721 rv = JNI_FALSE;
722 goto cleanup;
723 }
724
725 if (SSL_CTX_use_certificate(c->ctx, xcert) <= 0) {
726 ERR_error_string(ERR_get_error(), err);
727 ERR_clear_error();
728 tcn_Throw(e, "Error setting certificate (%s)", err);
729 rv = JNI_FALSE;
730 goto cleanup;
731 }
732 if (SSL_CTX_use_PrivateKey(c->ctx, pkey) <= 0) {
733 ERR_error_string(ERR_get_error(), err);
734 ERR_clear_error();
735 tcn_Throw(e, "Error setting private key (%s)", err);
736 rv = JNI_FALSE;
737 goto cleanup;
738 }
739 if (SSL_CTX_check_private_key(c->ctx) <= 0) {
740 ERR_error_string(ERR_get_error(), err);
741 ERR_clear_error();
742
743 tcn_Throw(e, "Private key does not match the certificate public key (%s)",
744 err);
745 rv = JNI_FALSE;
746 goto cleanup;
747 }
748 cleanup:
749 TCN_FREE_CSTRING(password);
750 EVP_PKEY_free(pkey); // this function is safe to call with NULL
751 X509_free(xcert); // this function is safe to call with NULL
752 free_and_reset_pass(c, old_password, rv);
753 return rv;
754 }
755
756 // Convert protos to wire format
initProtocols(JNIEnv * e,unsigned char ** proto_data,unsigned int * proto_len,jobjectArray protos)757 static int initProtocols(JNIEnv *e, unsigned char **proto_data,
758 unsigned int *proto_len, jobjectArray protos) {
759 int i;
760 unsigned char *p_data;
761 // We start with allocate 128 bytes which should be good enough for most use-cases while still be pretty low.
762 // We will call realloc to increase this if needed.
763 size_t p_data_size = 128;
764 size_t p_data_len = 0;
765 jstring proto_string;
766 const char *proto_chars;
767 size_t proto_chars_len;
768 int cnt;
769
770 if (protos == NULL) {
771 // Guard against NULL protos.
772 return -1;
773 }
774
775 cnt = (*e)->GetArrayLength(e, protos);
776
777 if (cnt == 0) {
778 // if cnt is 0 we not need to continue and can just fail fast.
779 return -1;
780 }
781
782 p_data = (unsigned char *) malloc(p_data_size);
783 if (p_data == NULL) {
784 // Not enough memory?
785 return -1;
786 }
787
788 for (i = 0; i < cnt; ++i) {
789 proto_string = (jstring) (*e)->GetObjectArrayElement(e, protos, i);
790 proto_chars = (*e)->GetStringUTFChars(e, proto_string, 0);
791
792 proto_chars_len = strlen(proto_chars);
793 if (proto_chars_len > 0 && proto_chars_len <= MAX_ALPN_NPN_PROTO_SIZE) {
794 // We need to add +1 as each protocol is prefixed by it's length (unsigned char).
795 // For all except of the last one we already have the extra space as everything is
796 // delimited by ','.
797 p_data_len += 1 + proto_chars_len;
798 if (p_data_len > p_data_size) {
799 // double size
800 p_data_size <<= 1;
801 p_data = realloc(p_data, p_data_size);
802 if (p_data == NULL) {
803 // Not enough memory?
804 (*e)->ReleaseStringUTFChars(e, proto_string, proto_chars);
805 break;
806 }
807 }
808 // Write the length of the protocol and then increment before memcpy the protocol itself.
809 *p_data = proto_chars_len;
810 ++p_data;
811 memcpy(p_data, proto_chars, proto_chars_len);
812 p_data += proto_chars_len;
813 }
814
815 // Release the string to prevent memory leaks
816 (*e)->ReleaseStringUTFChars(e, proto_string, proto_chars);
817 }
818
819 if (p_data == NULL) {
820 // Something went wrong so update the proto_len and return -1
821 *proto_len = 0;
822 return -1;
823 } else {
824 if (*proto_data != NULL) {
825 // Free old data
826 free(*proto_data);
827 }
828 // Decrement pointer again as we incremented it while creating the protocols in wire format.
829 p_data -= p_data_len;
830 *proto_data = p_data;
831 *proto_len = p_data_len;
832 return 0;
833 }
834 }
835
TCN_IMPLEMENT_CALL(void,SSLContext,setNpnProtos)836 TCN_IMPLEMENT_CALL(void, SSLContext, setNpnProtos)(TCN_STDARGS, jlong ctx, jobjectArray next_protos,
837 jint selectorFailureBehavior)
838 {
839 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
840
841 TCN_ASSERT(ctx != 0);
842 UNREFERENCED(o);
843
844 if (initProtocols(e, &c->next_proto_data, &c->next_proto_len, next_protos) == 0) {
845 c->next_selector_failure_behavior = selectorFailureBehavior;
846
847 // depending on if it's client mode or not we need to call different functions.
848 if (c->mode == SSL_MODE_CLIENT) {
849 SSL_CTX_set_next_proto_select_cb(c->ctx, SSL_callback_select_next_proto, (void *)c);
850 } else {
851 SSL_CTX_set_next_protos_advertised_cb(c->ctx, SSL_callback_next_protos, (void *)c);
852 }
853 }
854 }
855
TCN_IMPLEMENT_CALL(void,SSLContext,setAlpnProtos)856 TCN_IMPLEMENT_CALL(void, SSLContext, setAlpnProtos)(TCN_STDARGS, jlong ctx, jobjectArray alpn_protos,
857 jint selectorFailureBehavior)
858 {
859 // Only supported with GCC
860 #if !defined(OPENSSL_IS_BORINGSSL) && (defined(__GNUC__) || defined(__GNUG__))
861 if (!SSL_CTX_set_alpn_protos || !SSL_CTX_set_alpn_select_cb) {
862 UNREFERENCED_STDARGS;
863 UNREFERENCED(ctx);
864 UNREFERENCED(alpn_protos);
865 return;
866 }
867 #endif
868
869 // We can only support it when either use openssl version >= 1.0.2 or GCC as this way we can use weak linking
870 #if OPENSSL_VERSION_NUMBER >= 0x10002000L || defined(__GNUC__) || defined(__GNUG__)
871 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
872
873 TCN_ASSERT(ctx != 0);
874 UNREFERENCED(o);
875
876 if (initProtocols(e, &c->alpn_proto_data, &c->alpn_proto_len, alpn_protos) == 0) {
877 c->alpn_selector_failure_behavior = selectorFailureBehavior;
878
879 // depending on if it's client mode or not we need to call different functions.
880 if (c->mode == SSL_MODE_CLIENT) {
881 SSL_CTX_set_alpn_protos(c->ctx, c->alpn_proto_data, c->alpn_proto_len);
882 } else {
883 SSL_CTX_set_alpn_select_cb(c->ctx, SSL_callback_alpn_select_proto, (void *) c);
884
885 }
886 }
887 #else
888 UNREFERENCED_STDARGS;
889 UNREFERENCED(ctx);
890 UNREFERENCED(alpn_protos);
891 #endif
892 }
893
TCN_IMPLEMENT_CALL(jlong,SSLContext,setSessionCacheMode)894 TCN_IMPLEMENT_CALL(jlong, SSLContext, setSessionCacheMode)(TCN_STDARGS, jlong ctx, jlong mode)
895 {
896 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
897 return SSL_CTX_set_session_cache_mode(c->ctx, mode);
898 }
899
TCN_IMPLEMENT_CALL(jlong,SSLContext,getSessionCacheMode)900 TCN_IMPLEMENT_CALL(jlong, SSLContext, getSessionCacheMode)(TCN_STDARGS, jlong ctx)
901 {
902 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
903 return SSL_CTX_get_session_cache_mode(c->ctx);
904 }
905
TCN_IMPLEMENT_CALL(jlong,SSLContext,setSessionCacheTimeout)906 TCN_IMPLEMENT_CALL(jlong, SSLContext, setSessionCacheTimeout)(TCN_STDARGS, jlong ctx, jlong timeout)
907 {
908 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
909 jlong rv = SSL_CTX_set_timeout(c->ctx, timeout);
910 return rv;
911 }
912
TCN_IMPLEMENT_CALL(jlong,SSLContext,getSessionCacheTimeout)913 TCN_IMPLEMENT_CALL(jlong, SSLContext, getSessionCacheTimeout)(TCN_STDARGS, jlong ctx)
914 {
915 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
916 return SSL_CTX_get_timeout(c->ctx);
917 }
918
TCN_IMPLEMENT_CALL(jlong,SSLContext,setSessionCacheSize)919 TCN_IMPLEMENT_CALL(jlong, SSLContext, setSessionCacheSize)(TCN_STDARGS, jlong ctx, jlong size)
920 {
921 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
922 jlong rv = 0;
923
924 // Also allow size of 0 which is unlimited
925 if (size >= 0) {
926 SSL_CTX_set_session_cache_mode(c->ctx, SSL_SESS_CACHE_SERVER);
927 rv = SSL_CTX_sess_set_cache_size(c->ctx, size);
928 }
929
930 return rv;
931 }
932
TCN_IMPLEMENT_CALL(jlong,SSLContext,getSessionCacheSize)933 TCN_IMPLEMENT_CALL(jlong, SSLContext, getSessionCacheSize)(TCN_STDARGS, jlong ctx)
934 {
935 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
936 return SSL_CTX_sess_get_cache_size(c->ctx);
937 }
938
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionNumber)939 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionNumber)(TCN_STDARGS, jlong ctx)
940 {
941 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
942 jlong rv = SSL_CTX_sess_number(c->ctx);
943 return rv;
944 }
945
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionConnect)946 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionConnect)(TCN_STDARGS, jlong ctx)
947 {
948 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
949 jlong rv = SSL_CTX_sess_connect(c->ctx);
950 return rv;
951 }
952
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionConnectGood)953 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionConnectGood)(TCN_STDARGS, jlong ctx)
954 {
955 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
956 jlong rv = SSL_CTX_sess_connect_good(c->ctx);
957 return rv;
958 }
959
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionConnectRenegotiate)960 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionConnectRenegotiate)(TCN_STDARGS, jlong ctx)
961 {
962 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
963 jlong rv = SSL_CTX_sess_connect_renegotiate(c->ctx);
964 return rv;
965 }
966
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionAccept)967 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionAccept)(TCN_STDARGS, jlong ctx)
968 {
969 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
970 jlong rv = SSL_CTX_sess_accept(c->ctx);
971 return rv;
972 }
973
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionAcceptGood)974 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionAcceptGood)(TCN_STDARGS, jlong ctx)
975 {
976 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
977 jlong rv = SSL_CTX_sess_accept_good(c->ctx);
978 return rv;
979 }
980
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionAcceptRenegotiate)981 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionAcceptRenegotiate)(TCN_STDARGS, jlong ctx)
982 {
983 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
984 jlong rv = SSL_CTX_sess_accept_renegotiate(c->ctx);
985 return rv;
986 }
987
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionHits)988 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionHits)(TCN_STDARGS, jlong ctx)
989 {
990 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
991 jlong rv = SSL_CTX_sess_hits(c->ctx);
992 return rv;
993 }
994
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionCbHits)995 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionCbHits)(TCN_STDARGS, jlong ctx)
996 {
997 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
998 jlong rv = SSL_CTX_sess_cb_hits(c->ctx);
999 return rv;
1000 }
1001
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionMisses)1002 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionMisses)(TCN_STDARGS, jlong ctx)
1003 {
1004 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1005 jlong rv = SSL_CTX_sess_misses(c->ctx);
1006 return rv;
1007 }
1008
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionTimeouts)1009 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionTimeouts)(TCN_STDARGS, jlong ctx)
1010 {
1011 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1012 jlong rv = SSL_CTX_sess_timeouts(c->ctx);
1013 return rv;
1014 }
1015
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionCacheFull)1016 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionCacheFull)(TCN_STDARGS, jlong ctx)
1017 {
1018 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1019 jlong rv = SSL_CTX_sess_cache_full(c->ctx);
1020 return rv;
1021 }
1022
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionTicketKeyNew)1023 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionTicketKeyNew)(TCN_STDARGS, jlong ctx)
1024 {
1025 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1026 jlong rv = apr_atomic_read32(&c->ticket_keys_new);
1027 return rv;
1028 }
1029
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionTicketKeyResume)1030 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionTicketKeyResume)(TCN_STDARGS, jlong ctx)
1031 {
1032 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1033 jlong rv = apr_atomic_read32(&c->ticket_keys_resume);
1034 return rv;
1035 }
1036
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionTicketKeyRenew)1037 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionTicketKeyRenew)(TCN_STDARGS, jlong ctx)
1038 {
1039 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1040 jlong rv = apr_atomic_read32(&c->ticket_keys_renew);
1041 return rv;
1042 }
1043
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionTicketKeyFail)1044 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionTicketKeyFail)(TCN_STDARGS, jlong ctx)
1045 {
1046 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1047 jlong rv = apr_atomic_read32(&c->ticket_keys_fail);
1048 return rv;
1049 }
1050
current_session_key(tcn_ssl_ctxt_t * c,tcn_ssl_ticket_key_t * key)1051 static int current_session_key(tcn_ssl_ctxt_t *c, tcn_ssl_ticket_key_t *key) {
1052 int result = JNI_FALSE;
1053 apr_thread_rwlock_rdlock(c->mutex);
1054 if (c->ticket_keys_len > 0) {
1055 *key = c->ticket_keys[0];
1056 result = JNI_TRUE;
1057 }
1058 apr_thread_rwlock_unlock(c->mutex);
1059 return result;
1060 }
1061
find_session_key(tcn_ssl_ctxt_t * c,unsigned char key_name[16],tcn_ssl_ticket_key_t * key,int * is_current_key)1062 static int find_session_key(tcn_ssl_ctxt_t *c, unsigned char key_name[16], tcn_ssl_ticket_key_t *key, int *is_current_key) {
1063 int result = JNI_FALSE;
1064 int i;
1065
1066 apr_thread_rwlock_rdlock(c->mutex);
1067 for (i = 0; i < c->ticket_keys_len; ++i) {
1068 // Check if we have a match for tickets.
1069 if (memcmp(c->ticket_keys[i].key_name, key_name, 16) == 0) {
1070 *key = c->ticket_keys[i];
1071 result = JNI_TRUE;
1072 *is_current_key = (i == 0);
1073 break;
1074 }
1075 }
1076 apr_thread_rwlock_unlock(c->mutex);
1077 return result;
1078 }
1079
ssl_tlsext_ticket_key_cb(SSL * s,unsigned char key_name[16],unsigned char * iv,EVP_CIPHER_CTX * ctx,HMAC_CTX * hctx,int enc)1080 static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) {
1081 tcn_ssl_ctxt_t *c = SSL_get_app_data2(s);
1082 tcn_ssl_ticket_key_t key;
1083 int is_current_key;
1084
1085 if (enc) { /* create new session */
1086 if (current_session_key(c, &key)) {
1087 if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) {
1088 return -1; /* insufficient random */
1089 }
1090
1091 memcpy(key_name, key.key_name, 16);
1092
1093 EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key.aes_key, iv);
1094 HMAC_Init_ex(hctx, key.hmac_key, 16, EVP_sha256(), NULL);
1095 apr_atomic_inc32(&c->ticket_keys_new);
1096 return 1;
1097 }
1098 // No ticket configured
1099 return 0;
1100 } else { /* retrieve session */
1101 if (find_session_key(c, key_name, &key, &is_current_key)) {
1102 HMAC_Init_ex(hctx, key.hmac_key, 16, EVP_sha256(), NULL);
1103 EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key.aes_key, iv );
1104 if (!is_current_key) {
1105 // The ticket matched a key in the list, and we want to upgrade it to the current
1106 // key.
1107 apr_atomic_inc32(&c->ticket_keys_renew);
1108 return 2;
1109 }
1110 // The ticket matched the current key.
1111 apr_atomic_inc32(&c->ticket_keys_resume);
1112 return 1;
1113 }
1114 // No matching ticket.
1115 apr_atomic_inc32(&c->ticket_keys_fail);
1116 return 0;
1117 }
1118 }
1119
TCN_IMPLEMENT_CALL(void,SSLContext,setSessionTicketKeys0)1120 TCN_IMPLEMENT_CALL(void, SSLContext, setSessionTicketKeys0)(TCN_STDARGS, jlong ctx, jbyteArray keys)
1121 {
1122 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1123 jbyte* b;
1124 jbyte* key;
1125 tcn_ssl_ticket_key_t* ticket_keys;
1126 int i;
1127 int cnt;
1128
1129 cnt = (*e)->GetArrayLength(e, keys) / SSL_SESSION_TICKET_KEY_SIZE;
1130 b = (*e)->GetByteArrayElements(e, keys, NULL);
1131
1132 ticket_keys = malloc(sizeof(tcn_ssl_ticket_key_t) * cnt);
1133
1134 for (i = 0; i < cnt; ++i) {
1135 key = b + (SSL_SESSION_TICKET_KEY_SIZE * i);
1136 memcpy(ticket_keys[i].key_name, key, 16);
1137 memcpy(ticket_keys[i].hmac_key, key + 16, 16);
1138 memcpy(ticket_keys[i].aes_key, key + 32, 16);
1139 }
1140
1141 (*e)->ReleaseByteArrayElements(e, keys, b, 0);
1142
1143 apr_thread_rwlock_wrlock(c->mutex);
1144 if (c->ticket_keys) {
1145 free(c->ticket_keys);
1146 }
1147 c->ticket_keys_len = cnt;
1148 c->ticket_keys = ticket_keys;
1149 apr_thread_rwlock_unlock(c->mutex);
1150
1151 SSL_CTX_set_tlsext_ticket_key_cb(c->ctx, ssl_tlsext_ticket_key_cb);
1152 }
1153
authentication_method(const SSL * ssl)1154 static const char* authentication_method(const SSL* ssl) {
1155 {
1156 const STACK_OF(SSL_CIPHER) *ciphers = NULL;
1157
1158 switch (SSL_version(ssl))
1159 {
1160 case SSL2_VERSION:
1161 return SSL_TXT_RSA;
1162 default:
1163 ciphers = SSL_get_ciphers(ssl);
1164 if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) {
1165 // No cipher available so return UNKNOWN.
1166 return TCN_UNKNOWN_AUTH_METHOD;
1167 }
1168 return SSL_cipher_authentication_method(sk_SSL_CIPHER_value(ciphers, 0));
1169 }
1170 }
1171 }
1172 /* Android end */
1173
SSL_cert_verify(X509_STORE_CTX * ctx,void * arg)1174 static int SSL_cert_verify(X509_STORE_CTX *ctx, void *arg) {
1175 /* Get Apache context back through OpenSSL context */
1176 SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
1177 TCN_ASSERT(ssl != NULL);
1178 tcn_ssl_ctxt_t *c = SSL_get_app_data2(ssl);
1179 TCN_ASSERT(c != NULL);
1180 tcn_ssl_verify_config_t* verify_config = SSL_get_app_data4(ssl);
1181 TCN_ASSERT(verify_config != NULL);
1182
1183 // Get a stack of all certs in the chain
1184 STACK_OF(X509) *sk = X509_STORE_CTX_get0_untrusted(ctx);
1185
1186 // SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set the limit up to which depth certificates in a chain are
1187 // used during the verification procedure. If the certificate chain is longer than allowed, the certificates above
1188 // the limit are ignored. Error messages are generated as if these certificates would not be present,
1189 // most likely a X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
1190 // https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_verify.html
1191 const int totalQueuedLength = sk_X509_num(sk);
1192 int len = TCN_MIN(verify_config->verify_depth, totalQueuedLength);
1193 unsigned i;
1194 X509 *cert;
1195 int length;
1196 unsigned char *buf;
1197 JNIEnv *e;
1198 jbyteArray array;
1199 jbyteArray bArray;
1200 const char *authMethod;
1201 jstring authMethodString;
1202 jint result;
1203 jclass byteArrayClass = tcn_get_byte_array_class();
1204 tcn_get_java_env(&e);
1205
1206 // Create the byte[][] array that holds all the certs
1207 array = (*e)->NewObjectArray(e, len, byteArrayClass, NULL);
1208
1209 for(i = 0; i < len; i++) {
1210 cert = sk_X509_value(sk, i);
1211
1212 buf = NULL;
1213 length = i2d_X509(cert, &buf);
1214 if (length < 0) {
1215 // In case of error just return an empty byte[][]
1216 array = (*e)->NewObjectArray(e, 0, byteArrayClass, NULL);
1217 if (buf != NULL) {
1218 // We need to delete the local references so we not leak memory as this method is called via callback.
1219 OPENSSL_free(buf);
1220 }
1221 break;
1222 }
1223 bArray = (*e)->NewByteArray(e, length);
1224 (*e)->SetByteArrayRegion(e, bArray, 0, length, (jbyte*) buf);
1225 (*e)->SetObjectArrayElement(e, array, i, bArray);
1226
1227 // Delete the local reference as we not know how long the chain is and local references are otherwise
1228 // only freed once jni method returns.
1229 (*e)->DeleteLocalRef(e, bArray);
1230 OPENSSL_free(buf);
1231 }
1232
1233 authMethod = authentication_method(ssl);
1234 authMethodString = (*e)->NewStringUTF(e, authMethod);
1235
1236 result = (*e)->CallIntMethod(e, c->verifier, c->verifier_method, P2J(ssl), array, authMethodString);
1237
1238 #ifdef X509_V_ERR_UNSPECIFIED
1239 // If we failed to verify for an unknown reason (currently this happens if we can't find a common root) then we should
1240 // fail with the same status as recommended in the OpenSSL docs https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_verify.html
1241 if (result == X509_V_ERR_UNSPECIFIED && len < totalQueuedLength) {
1242 result = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
1243 }
1244 #else
1245 // HACK!
1246 // LibreSSL 2.4.x doesn't support the X509_V_ERR_UNSPECIFIED so we introduce a work around to make sure a supported alert is used.
1247 // This should be reverted when we support LibreSSL 2.5.x (which does support X509_V_ERR_UNSPECIFIED).
1248 if (result == TCN_X509_V_ERR_UNSPECIFIED) {
1249 result = len < totalQueuedLength ? X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY : X509_V_ERR_CERT_REJECTED;
1250 }
1251 #endif
1252
1253 // TODO(scott): if verify_config->verify_depth == SSL_CVERIFY_OPTIONAL we have the option to let the handshake
1254 // succeed for some of the "informational" error messages (e.g. X509_V_ERR_EMAIL_MISMATCH ?)
1255
1256 // Set the correct error so it will be included in the alert.
1257 X509_STORE_CTX_set_error(ctx, result);
1258
1259 // We need to delete the local references so we not leak memory as this method is called via callback.
1260 (*e)->DeleteLocalRef(e, authMethodString);
1261 (*e)->DeleteLocalRef(e, array);
1262
1263 return result == X509_V_OK ? 1 : 0;
1264 }
1265
TCN_IMPLEMENT_CALL(void,SSLContext,setCertVerifyCallback)1266 TCN_IMPLEMENT_CALL(void, SSLContext, setCertVerifyCallback)(TCN_STDARGS, jlong ctx, jobject verifier)
1267 {
1268 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1269
1270 UNREFERENCED(o);
1271 TCN_ASSERT(ctx != 0);
1272
1273 if (verifier == NULL) {
1274 SSL_CTX_set_cert_verify_callback(c->ctx, NULL, NULL);
1275 } else {
1276 jclass verifier_class = (*e)->GetObjectClass(e, verifier);
1277 jmethodID method = (*e)->GetMethodID(e, verifier_class, "verify", "(J[[BLjava/lang/String;)I");
1278
1279 if (method == NULL) {
1280 return;
1281 }
1282 // Delete the reference to the previous specified verifier if needed.
1283 if (c->verifier != NULL) {
1284 (*e)->DeleteLocalRef(e, c->verifier);
1285 }
1286 c->verifier = (*e)->NewGlobalRef(e, verifier);
1287 c->verifier_method = method;
1288
1289 SSL_CTX_set_cert_verify_callback(c->ctx, SSL_cert_verify, NULL);
1290 }
1291 }
1292
1293 /**
1294 * Returns an array containing all the X500 principal's bytes.
1295 *
1296 * Partly based on code from conscrypt:
1297 * https://android.googlesource.com/platform/external/conscrypt/+/master/src/main/native/org_conscrypt_NativeCrypto.cpp
1298 */
principalBytes(JNIEnv * e,const STACK_OF (X509_NAME)* names)1299 static jobjectArray principalBytes(JNIEnv* e, const STACK_OF(X509_NAME)* names) {
1300 jobjectArray array;
1301 jbyteArray bArray;
1302 int i;
1303 int count;
1304 int length;
1305 unsigned char *buf;
1306 X509_NAME* principal;
1307 jclass byteArrayClass = tcn_get_byte_array_class();
1308
1309 if (names == NULL) {
1310 return NULL;
1311 }
1312
1313 count = sk_X509_NAME_num(names);
1314 if (count <= 0) {
1315 return NULL;
1316 }
1317
1318 array = (*e)->NewObjectArray(e, count, byteArrayClass, NULL);
1319 if (array == NULL) {
1320 return NULL;
1321 }
1322
1323 for (i = 0; i < count; i++) {
1324 principal = sk_X509_NAME_value(names, i);
1325 buf = NULL;
1326 length = i2d_X509_NAME(principal, &buf);
1327 if (length < 0) {
1328 if (buf != NULL) {
1329 // We need to delete the local references so we not leak memory as this method is called via callback.
1330 OPENSSL_free(buf);
1331 }
1332 // In case of error just return an empty byte[][]
1333 return (*e)->NewObjectArray(e, 0, byteArrayClass, NULL);
1334 }
1335 bArray = (*e)->NewByteArray(e, length);
1336 (*e)->SetByteArrayRegion(e, bArray, 0, length, (jbyte*) buf);
1337 (*e)->SetObjectArrayElement(e, array, i, bArray);
1338
1339 // Delete the local reference as we not know how long the chain is and local references are otherwise
1340 // only freed once jni method returns.
1341 (*e)->DeleteLocalRef(e, bArray);
1342 OPENSSL_free(buf);
1343 }
1344
1345 return array;
1346 }
1347
cert_requested(SSL * ssl,X509 ** x509Out,EVP_PKEY ** pkeyOut)1348 static int cert_requested(SSL* ssl, X509** x509Out, EVP_PKEY** pkeyOut) {
1349 #if defined(LIBRESSL_VERSION_NUMBER)
1350 return -1;
1351 #else
1352 tcn_ssl_ctxt_t *c = SSL_get_app_data2(ssl);
1353 int ctype_num;
1354 jbyte* ctype_bytes;
1355 jobjectArray issuers;
1356 JNIEnv *e;
1357 jbyteArray keyTypes;
1358 jobject keyMaterial;
1359 STACK_OF(X509) *chain = NULL;
1360 X509 *cert = NULL;
1361 EVP_PKEY* pkey = NULL;
1362 jlong certChain;
1363 jlong privateKey;
1364 int certChainLen;
1365 int i;
1366
1367 tcn_get_java_env(&e);
1368
1369 #if OPENSSL_VERSION_NUMBER < 0x10002000L
1370 char ssl2_ctype = SSL3_CT_RSA_SIGN;
1371 switch (ssl->version) {
1372 case SSL2_VERSION:
1373 ctype_bytes = (jbyte*) &ssl2_ctype;
1374 ctype_num = 1;
1375 break;
1376 case SSL3_VERSION:
1377 case TLS1_VERSION:
1378 case TLS1_1_VERSION:
1379 case TLS1_2_VERSION:
1380 case DTLS1_VERSION:
1381 ctype_bytes = (jbyte*) ssl->s3->tmp.ctype;
1382 ctype_num = ssl->s3->tmp.ctype_num;
1383 break;
1384 }
1385 #else
1386 ctype_num = SSL_get0_certificate_types(ssl, (const uint8_t **) &ctype_bytes);
1387 #endif
1388 if (ctype_num <= 0) {
1389 // Use no certificate
1390 return 0;
1391 }
1392 keyTypes = (*e)->NewByteArray(e, ctype_num);
1393 if (keyTypes == NULL) {
1394 // Something went seriously wrong, bail out!
1395 return -1;
1396 }
1397 (*e)->SetByteArrayRegion(e, keyTypes, 0, ctype_num, ctype_bytes);
1398
1399 issuers = principalBytes(e, SSL_get_client_CA_list(ssl));
1400
1401 // Execute the java callback
1402 keyMaterial = (*e)->CallObjectMethod(e, c->cert_requested_callback, c->cert_requested_callback_method, P2J(ssl), keyTypes, issuers);
1403 if (keyMaterial == NULL) {
1404 return 0;
1405 }
1406
1407 // Any failure after this line must cause a goto fail to cleanup things.
1408 certChain = (*e)->GetLongField(e, keyMaterial, tcn_get_key_material_certificate_chain_field());
1409 privateKey = (*e)->GetLongField(e, keyMaterial, tcn_get_key_material_private_key_field());
1410
1411 chain = J2P(certChain, STACK_OF(X509) *);
1412 pkey = J2P(privateKey, EVP_PKEY *);
1413
1414 if (chain == NULL || pkey == NULL) {
1415 goto fail;
1416 }
1417
1418 certChainLen = sk_X509_num(chain);
1419
1420 if (certChainLen <= 0) {
1421 goto fail;
1422 }
1423
1424 // Skip the first cert in the chain as we will write this to x509Out.
1425 // See https://github.com/netty/netty-tcnative/issues/184
1426 for (i = 1; i < certChainLen; ++i) {
1427 // We need to explicit add extra certs to the chain as stated in:
1428 // https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_client_cert_cb.html
1429 //
1430 // Using SSL_add0_chain_cert(...) here as we not want to increment the reference count.
1431 if (SSL_add0_chain_cert(ssl, sk_X509_value(chain, i)) <= 0) {
1432 goto fail;
1433 }
1434 }
1435
1436 cert = sk_X509_value(chain, 0);
1437 // Increment the reference count as we already set the chain via SSL_set0_chain(...) and using a cert out of it.
1438 if (tcn_X509_up_ref(cert) <= 0) {
1439 goto fail;
1440 }
1441 *x509Out = cert;
1442 *pkeyOut = pkey;
1443
1444 // Free the stack it self but not the certs.
1445 sk_X509_free(chain);
1446 return 1;
1447 fail:
1448 ERR_clear_error();
1449 sk_X509_pop_free(chain, X509_free);
1450 EVP_PKEY_free(pkey);
1451
1452 // TODO: Would it be more correct to return 0 in this case we may not want to use any cert / private key ?
1453 return -1;
1454 #endif /* defined(LIBRESSL_VERSION_NUMBER) */
1455 }
1456
TCN_IMPLEMENT_CALL(void,SSLContext,setCertRequestedCallback)1457 TCN_IMPLEMENT_CALL(void, SSLContext, setCertRequestedCallback)(TCN_STDARGS, jlong ctx, jobject callback)
1458 {
1459 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1460
1461 UNREFERENCED(o);
1462 TCN_ASSERT(ctx != 0);
1463
1464 if (callback == NULL) {
1465 SSL_CTX_set_client_cert_cb(c->ctx, NULL);
1466 } else {
1467 jclass callback_class = (*e)->GetObjectClass(e, callback);
1468 jmethodID method = (*e)->GetMethodID(e, callback_class, "requested", "(J[B[[B)Lio/netty/internal/tcnative/CertificateRequestedCallback$KeyMaterial;");
1469 if (method == NULL) {
1470 return;
1471 }
1472 // Delete the reference to the previous specified verifier if needed.
1473 if (c->cert_requested_callback != NULL) {
1474 (*e)->DeleteLocalRef(e, c->cert_requested_callback);
1475 }
1476 c->cert_requested_callback = (*e)->NewGlobalRef(e, callback);
1477 c->cert_requested_callback_method = method;
1478
1479 SSL_CTX_set_client_cert_cb(c->ctx, cert_requested);
1480 }
1481 }
1482
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setSessionIdContext)1483 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setSessionIdContext)(TCN_STDARGS, jlong ctx, jbyteArray sidCtx)
1484 {
1485 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1486 int len = (*e)->GetArrayLength(e, sidCtx);
1487 unsigned char *buf;
1488 int res;
1489
1490 UNREFERENCED(o);
1491 TCN_ASSERT(ctx != 0);
1492
1493 buf = malloc(len);
1494
1495 (*e)->GetByteArrayRegion(e, sidCtx, 0, len, (jbyte*) buf);
1496
1497 res = SSL_CTX_set_session_id_context(c->ctx, buf, len);
1498 free(buf);
1499
1500 if (res == 1) {
1501 return JNI_TRUE;
1502 }
1503 return JNI_FALSE;
1504 }
1505
TCN_IMPLEMENT_CALL(jint,SSLContext,setMode)1506 TCN_IMPLEMENT_CALL(jint, SSLContext, setMode)(TCN_STDARGS, jlong ctx, jint mode)
1507 {
1508 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1509
1510 UNREFERENCED(o);
1511 TCN_ASSERT(ctx != 0);
1512
1513 return (jint) SSL_CTX_set_mode(c->ctx, mode);
1514 }
1515
1516
TCN_IMPLEMENT_CALL(jint,SSLContext,getMode)1517 TCN_IMPLEMENT_CALL(jint, SSLContext, getMode)(TCN_STDARGS, jlong ctx)
1518 {
1519 tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1520
1521 UNREFERENCED(o);
1522 TCN_ASSERT(ctx != 0);
1523
1524 return (jint) SSL_CTX_get_mode(c->ctx);
1525 }
1526