xref: /aosp_15_r20/external/cronet/third_party/netty-tcnative/src/c/sslcontext.c (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b)
1 /*
2  * Copyright 2016 The Netty Project
3  *
4  * The Netty Project licenses this file to you under the Apache License,
5  * version 2.0 (the "License"); you may not use this file except in compliance
6  * with the License. You may obtain a copy of the License at:
7  *
8  *   http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13  * License for the specific language governing permissions and limitations
14  * under the License.
15  */
16 /* Licensed to the Apache Software Foundation (ASF) under one or more
17  * contributor license agreements.  See the NOTICE file distributed with
18  * this work for additional information regarding copyright ownership.
19  * The ASF licenses this file to You under the Apache License, Version 2.0
20  * (the "License"); you may not use this file except in compliance with
21  * the License.  You may obtain a copy of the License at
22  *
23  *     http://www.apache.org/licenses/LICENSE-2.0
24  *
25  * Unless required by applicable law or agreed to in writing, software
26  * distributed under the License is distributed on an "AS IS" BASIS,
27  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
28  * See the License for the specific language governing permissions and
29  * limitations under the License.
30  */
31 
32 #include "tcn.h"
33 
34 #include "apr_thread_rwlock.h"
35 #include "apr_atomic.h"
36 
37 #include "ssl_private.h"
38 #include <stdint.h>
39 
40 extern apr_pool_t *tcn_global_pool;
41 
ssl_context_cleanup(void * data)42 static apr_status_t ssl_context_cleanup(void *data)
43 {
44     tcn_ssl_ctxt_t *c = (tcn_ssl_ctxt_t *)data;
45     JNIEnv *e;
46 
47     if (c) {
48         SSL_CTX_free(c->ctx); // this function is safe to call with NULL
49         c->ctx = NULL;
50 
51         if (c->verifier != NULL) {
52             tcn_get_java_env(&e);
53             (*e)->DeleteGlobalRef(e, c->verifier);
54             c->verifier = NULL;
55         }
56         c->verifier_method = NULL;
57 
58         if (c->cert_requested_callback != NULL) {
59             tcn_get_java_env(&e);
60             (*e)->DeleteGlobalRef(e, c->cert_requested_callback);
61             c->cert_requested_callback = NULL;
62         }
63         c->cert_requested_callback_method = NULL;
64 
65         if (c->next_proto_data != NULL) {
66             free(c->next_proto_data);
67             c->next_proto_data = NULL;
68         }
69         c->next_proto_len = 0;
70 
71         if (c->alpn_proto_data != NULL) {
72             free(c->alpn_proto_data);
73             c->alpn_proto_data = NULL;
74         }
75         c->alpn_proto_len = 0;
76 
77         apr_thread_rwlock_destroy(c->mutex);
78 
79         if (c->ticket_keys != NULL) {
80             free(c->ticket_keys);
81             c->ticket_keys = NULL;
82         }
83         c->ticket_keys_len = 0;
84 
85         if (c->password != NULL) {
86             free(c->password);
87             c->password = NULL;
88         }
89     }
90     return APR_SUCCESS;
91 }
92 
93 /* Initialize server context */
TCN_IMPLEMENT_CALL(jlong,SSLContext,make)94 TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jint protocol, jint mode)
95 {
96     apr_pool_t *p = NULL;
97     tcn_ssl_ctxt_t *c = NULL;
98     SSL_CTX *ctx = NULL;
99 
100     UNREFERENCED(o);
101 
102     switch (protocol) {
103     case SSL_PROTOCOL_TLS:
104     case SSL_PROTOCOL_ALL:
105         if (mode == SSL_MODE_CLIENT)
106             ctx = SSL_CTX_new(SSLv23_client_method());
107         else if (mode == SSL_MODE_SERVER)
108             ctx = SSL_CTX_new(SSLv23_server_method());
109         else
110             ctx = SSL_CTX_new(SSLv23_method());
111         break;
112     case SSL_PROTOCOL_TLSV1_2:
113 #ifndef OPENSSL_NO_TLS1
114         if (mode == SSL_MODE_CLIENT)
115             ctx = SSL_CTX_new(TLSv1_2_client_method());
116         else if (mode == SSL_MODE_SERVER)
117             ctx = SSL_CTX_new(TLSv1_2_server_method());
118         else
119             ctx = SSL_CTX_new(TLSv1_2_method());
120 #endif
121         break;
122     case SSL_PROTOCOL_TLSV1_1:
123 #ifndef OPENSSL_NO_TLS1
124         if (mode == SSL_MODE_CLIENT)
125             ctx = SSL_CTX_new(TLSv1_1_client_method());
126         else if (mode == SSL_MODE_SERVER)
127             ctx = SSL_CTX_new(TLSv1_1_server_method());
128         else
129             ctx = SSL_CTX_new(TLSv1_1_method());
130 #endif
131         break;
132     case SSL_PROTOCOL_TLSV1:
133 #ifndef OPENSSL_NO_TLS1
134         if (mode == SSL_MODE_CLIENT)
135             ctx = SSL_CTX_new(TLSv1_client_method());
136         else if (mode == SSL_MODE_SERVER)
137             ctx = SSL_CTX_new(TLSv1_server_method());
138         else
139             ctx = SSL_CTX_new(TLSv1_method());
140 #endif
141         break;
142     case SSL_PROTOCOL_SSLV3:
143 #ifndef OPENSSL_NO_SSL3
144         if (mode == SSL_MODE_CLIENT)
145             ctx = SSL_CTX_new(SSLv3_client_method());
146         else if (mode == SSL_MODE_SERVER)
147             ctx = SSL_CTX_new(SSLv3_server_method());
148         else
149             ctx = SSL_CTX_new(SSLv3_method());
150 #endif
151         break;
152     case SSL_PROTOCOL_SSLV2:
153 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_NO_SSL2)
154         if (mode == SSL_MODE_CLIENT)
155             ctx = SSL_CTX_new(SSLv2_client_method());
156         else if (mode == SSL_MODE_SERVER)
157             ctx = SSL_CTX_new(SSLv2_server_method());
158         else
159             ctx = SSL_CTX_new(SSLv2_method());
160 #endif
161         break;
162     default:
163         // Try to give the user the highest supported protocol.
164 #ifndef OPENSSL_NO_TLS1
165         if (protocol & SSL_PROTOCOL_TLSV1_2) {
166             if (mode == SSL_MODE_CLIENT)
167                 ctx = SSL_CTX_new(TLSv1_2_client_method());
168             else if (mode == SSL_MODE_SERVER)
169                 ctx = SSL_CTX_new(TLSv1_2_server_method());
170             else
171                 ctx = SSL_CTX_new(TLSv1_2_method());
172             break;
173         } else if (protocol & SSL_PROTOCOL_TLSV1_1) {
174             if (mode == SSL_MODE_CLIENT)
175                 ctx = SSL_CTX_new(TLSv1_1_client_method());
176             else if (mode == SSL_MODE_SERVER)
177                 ctx = SSL_CTX_new(TLSv1_1_server_method());
178             else
179                 ctx = SSL_CTX_new(TLSv1_1_method());
180             break;
181         } else if (protocol & SSL_PROTOCOL_TLSV1) {
182             if (mode == SSL_MODE_CLIENT)
183                 ctx = SSL_CTX_new(TLSv1_client_method());
184             else if (mode == SSL_MODE_SERVER)
185                 ctx = SSL_CTX_new(TLSv1_server_method());
186             else
187                 ctx = SSL_CTX_new(TLSv1_method());
188             break;
189         }
190 #endif
191 #ifndef OPENSSL_NO_SSL3
192         if (protocol & SSL_PROTOCOL_SSLV3) {
193             if (mode == SSL_MODE_CLIENT)
194                 ctx = SSL_CTX_new(SSLv3_client_method());
195             else if (mode == SSL_MODE_SERVER)
196                 ctx = SSL_CTX_new(SSLv3_server_method());
197             else
198                 ctx = SSL_CTX_new(SSLv3_method());
199             break;
200         }
201 #endif
202 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_NO_SSL2)
203         if (protocol & SSL_PROTOCOL_SSLV2) {
204             if (mode == SSL_MODE_CLIENT)
205                 ctx = SSL_CTX_new(SSLv2_client_method());
206             else if (mode == SSL_MODE_SERVER)
207                 ctx = SSL_CTX_new(SSLv2_server_method());
208             else
209                 ctx = SSL_CTX_new(SSLv2_method());
210             break;
211         }
212 #endif
213         tcn_Throw(e, "Unsupported SSL protocol (%d)", protocol);
214         goto cleanup;
215     }
216 
217     if (ctx == NULL) {
218         char err[256];
219         ERR_error_string(ERR_get_error(), err);
220         tcn_Throw(e, "Failed to initialize SSL_CTX (%s)", err);
221         goto cleanup;
222     }
223 
224     TCN_THROW_IF_ERR(apr_pool_create(&p, tcn_global_pool), p);
225 
226     if ((c = apr_pcalloc(p, sizeof(tcn_ssl_ctxt_t))) == NULL) {
227         tcn_ThrowAPRException(e, apr_get_os_error());
228         goto cleanup;
229     }
230 
231     c->protocol = protocol;
232     c->mode     = mode;
233     c->ctx      = ctx;
234     c->pool     = p;
235     if (!(protocol & SSL_PROTOCOL_SSLV2))
236         SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
237     if (!(protocol & SSL_PROTOCOL_SSLV3))
238         SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
239     if (!(protocol & SSL_PROTOCOL_TLSV1))
240         SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
241 #ifdef SSL_OP_NO_TLSv1_1
242     if (!(protocol & SSL_PROTOCOL_TLSV1_1))
243         SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1);
244 #endif
245 #ifdef SSL_OP_NO_TLSv1_2
246     if (!(protocol & SSL_PROTOCOL_TLSV1_2))
247         SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
248 #endif
249     /*
250      * Configure additional context ingredients
251      */
252     SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_DH_USE);
253 #ifdef HAVE_ECC
254     SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_ECDH_USE);
255 #endif
256 
257     SSL_CTX_set_options(c->ctx, SSL_OP_NO_COMPRESSION);
258 
259     /*
260      * Disallow a session from being resumed during a renegotiation,
261      * so that an acceptable cipher suite can be negotiated.
262      */
263     SSL_CTX_set_options(c->ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
264     /**
265      * These options may be set by default but can be dangerous in practice [1].
266      * [1] https://www.openssl.org/docs/man1.0.1/ssl/SSL_CTX_set_options.html
267      */
268     SSL_CTX_clear_options(c->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | SSL_OP_LEGACY_SERVER_CONNECT);
269 
270     /* Release idle buffers to the SSL_CTX free list */
271     SSL_CTX_set_mode(c->ctx, SSL_MODE_RELEASE_BUFFERS);
272 
273     /* Default session context id and cache size */
274     SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
275 
276     /* Session cache is disabled by default */
277     SSL_CTX_set_session_cache_mode(c->ctx, SSL_SESS_CACHE_OFF);
278     /* Longer session timeout */
279     SSL_CTX_set_timeout(c->ctx, 14400);
280     EVP_Digest((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
281                (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
282                &(c->context_id[0]), NULL, EVP_sha1(), NULL);
283     if (mode) {
284 #ifdef HAVE_ECC
285         /* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
286         EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
287         SSL_CTX_set_tmp_ecdh(c->ctx, ecdh);
288         EC_KEY_free(ecdh);
289 #endif
290 
291         SSL_CTX_set_tmp_dh_callback(c->ctx,  SSL_callback_tmp_DH);
292     }
293 
294     // Default depth is 100 and disabled according to https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_verify.html.
295     c->verify_config.verify_depth  = 100;
296     c->verify_config.verify_mode   = SSL_CVERIFY_NONE;
297 
298     /* Set default password callback */
299     SSL_CTX_set_default_passwd_cb(c->ctx, (pem_password_cb *)SSL_password_callback);
300     SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void *) c->password);
301 
302     apr_thread_rwlock_create(&c->mutex, p);
303     /*
304      * Let us cleanup the ssl context when the pool is destroyed
305      */
306     apr_pool_cleanup_register(p, (const void *)c,
307                               ssl_context_cleanup,
308                               apr_pool_cleanup_null);
309 
310     return P2J(c);
311 cleanup:
312     if (p != NULL) {
313         apr_pool_destroy(p);
314     }
315     SSL_CTX_free(ctx); // this function is safe to call with NULL.
316     return 0;
317 }
318 
TCN_IMPLEMENT_CALL(jint,SSLContext,free)319 TCN_IMPLEMENT_CALL(jint, SSLContext, free)(TCN_STDARGS, jlong ctx)
320 {
321     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
322     UNREFERENCED_STDARGS;
323     TCN_ASSERT(ctx != 0);
324     /* Run and destroy the cleanup callback */
325     int result = apr_pool_cleanup_run(c->pool, c, ssl_context_cleanup);
326     apr_pool_destroy(c->pool);
327     return result;
328 }
329 
TCN_IMPLEMENT_CALL(void,SSLContext,setContextId)330 TCN_IMPLEMENT_CALL(void, SSLContext, setContextId)(TCN_STDARGS, jlong ctx,
331                                                    jstring id)
332 {
333     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
334     TCN_ALLOC_CSTRING(id);
335 
336     TCN_ASSERT(ctx != 0);
337     UNREFERENCED(o);
338     if (J2S(id)) {
339         EVP_Digest((const unsigned char *)J2S(id),
340                    (unsigned long)strlen(J2S(id)),
341                    &(c->context_id[0]), NULL, EVP_sha1(), NULL);
342     }
343     TCN_FREE_CSTRING(id);
344 }
345 
TCN_IMPLEMENT_CALL(void,SSLContext,setOptions)346 TCN_IMPLEMENT_CALL(void, SSLContext, setOptions)(TCN_STDARGS, jlong ctx,
347                                                  jint opt)
348 {
349     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
350 
351     UNREFERENCED_STDARGS;
352     TCN_ASSERT(ctx != 0);
353 
354     SSL_CTX_set_options(c->ctx, opt);
355 }
356 
TCN_IMPLEMENT_CALL(jint,SSLContext,getOptions)357 TCN_IMPLEMENT_CALL(jint, SSLContext, getOptions)(TCN_STDARGS, jlong ctx)
358 {
359     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
360 
361     UNREFERENCED_STDARGS;
362     TCN_ASSERT(ctx != 0);
363 
364     return SSL_CTX_get_options(c->ctx);
365 }
366 
TCN_IMPLEMENT_CALL(void,SSLContext,clearOptions)367 TCN_IMPLEMENT_CALL(void, SSLContext, clearOptions)(TCN_STDARGS, jlong ctx,
368                                                    jint opt)
369 {
370     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
371 
372     UNREFERENCED_STDARGS;
373     TCN_ASSERT(ctx != 0);
374     SSL_CTX_clear_options(c->ctx, opt);
375 }
376 
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCipherSuite)377 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCipherSuite)(TCN_STDARGS, jlong ctx,
378                                                          jstring ciphers)
379 {
380     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
381     TCN_ALLOC_CSTRING(ciphers);
382     jboolean rv = JNI_TRUE;
383 
384     UNREFERENCED(o);
385     TCN_ASSERT(ctx != 0);
386     if (!J2S(ciphers))
387         return JNI_FALSE;
388 
389     if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) {
390         char err[256];
391         ERR_error_string(ERR_get_error(), err);
392         tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
393         rv = JNI_FALSE;
394     }
395     TCN_FREE_CSTRING(ciphers);
396     return rv;
397 }
398 
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCertificateChainFile)399 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateChainFile)(TCN_STDARGS, jlong ctx,
400                                                                   jstring file,
401                                                                   jboolean skipfirst)
402 {
403     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
404     jboolean rv = JNI_FALSE;
405     TCN_ALLOC_CSTRING(file);
406 
407     UNREFERENCED(o);
408     TCN_ASSERT(ctx != 0);
409     if (!J2S(file))
410         return JNI_FALSE;
411     if (SSL_CTX_use_certificate_chain(c->ctx, J2S(file), skipfirst) > 0)
412         rv = JNI_TRUE;
413     TCN_FREE_CSTRING(file);
414     return rv;
415 }
416 
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCertificateChainBio)417 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateChainBio)(TCN_STDARGS, jlong ctx,
418                                                                   jlong chain,
419                                                                   jboolean skipfirst)
420 {
421     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
422     BIO *b = J2P(chain, BIO *);
423 
424     UNREFERENCED(o);
425     TCN_ASSERT(ctx != 0);
426     if (b == NULL)
427         return JNI_FALSE;
428     if (SSL_CTX_use_certificate_chain_bio(c->ctx, b, skipfirst) > 0)  {
429         return JNI_TRUE;
430     }
431     return JNI_FALSE;
432 }
433 
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCACertificateBio)434 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCACertificateBio)(TCN_STDARGS, jlong ctx, jlong certs)
435 {
436     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
437     BIO *b = J2P(certs, BIO *);
438 
439     UNREFERENCED(o);
440     TCN_ASSERT(c != NULL);
441 
442     return b != NULL && c->mode != SSL_MODE_CLIENT && SSL_CTX_use_client_CA_bio(c->ctx, b) > 0 ? JNI_TRUE : JNI_FALSE;
443 }
444 
TCN_IMPLEMENT_CALL(void,SSLContext,setTmpDHLength)445 TCN_IMPLEMENT_CALL(void, SSLContext, setTmpDHLength)(TCN_STDARGS, jlong ctx, jint length)
446 {
447     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
448     UNREFERENCED(o);
449     TCN_ASSERT(ctx != 0);
450     switch (length) {
451         case 512:
452             SSL_CTX_set_tmp_dh_callback(c->ctx,  SSL_callback_tmp_DH_512);
453             return;
454         case 1024:
455             SSL_CTX_set_tmp_dh_callback(c->ctx,  SSL_callback_tmp_DH_1024);
456             return;
457         case 2048:
458             SSL_CTX_set_tmp_dh_callback(c->ctx,  SSL_callback_tmp_DH_2048);
459             return;
460         case 4096:
461             SSL_CTX_set_tmp_dh_callback(c->ctx,  SSL_callback_tmp_DH_4096);
462             return;
463         default:
464             tcn_Throw(e, "Unsupported length %s", length);
465             return;
466     }
467 }
468 
TCN_IMPLEMENT_CALL(void,SSLContext,setVerify)469 TCN_IMPLEMENT_CALL(void, SSLContext, setVerify)(TCN_STDARGS, jlong ctx, jint level, jint depth)
470 {
471     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
472 
473     UNREFERENCED(o);
474     TCN_ASSERT(c != NULL);
475 
476     // No need to set the callback for SSL_CTX_set_verify because we override the default certificate verification via SSL_CTX_set_cert_verify_callback.
477     SSL_CTX_set_verify(c->ctx, tcn_set_verify_config(&c->verify_config, level, depth), NULL);
478     SSL_CTX_set_verify_depth(c->ctx, c->verify_config.verify_depth);
479 }
480 
load_pem_key(tcn_ssl_ctxt_t * c,const char * file)481 static EVP_PKEY *load_pem_key(tcn_ssl_ctxt_t *c, const char *file)
482 {
483     BIO *bio = NULL;
484     EVP_PKEY *key = NULL;
485 
486     if ((bio = BIO_new(BIO_s_file())) == NULL) {
487         return NULL;
488     }
489     if (BIO_read_filename(bio, file) <= 0) {
490         BIO_free(bio);
491         return NULL;
492     }
493 
494     key = PEM_read_bio_PrivateKey(bio, NULL, (pem_password_cb *)SSL_password_callback, (void *)c->password);
495 
496     BIO_free(bio);
497     return key;
498 }
499 
load_pem_cert(tcn_ssl_ctxt_t * c,const char * file)500 static X509 *load_pem_cert(tcn_ssl_ctxt_t *c, const char *file)
501 {
502     BIO *bio = NULL;
503     X509 *cert = NULL;
504 
505     if ((bio = BIO_new(BIO_s_file())) == NULL) {
506         return NULL;
507     }
508     if (BIO_read_filename(bio, file) <= 0) {
509         BIO_free(bio);
510         return NULL;
511     }
512     cert = PEM_read_bio_X509_AUX(bio, NULL,
513                 (pem_password_cb *)SSL_password_callback,
514                 (void *)c->password);
515     if (cert == NULL &&
516        (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) {
517         ERR_clear_error();
518         BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
519         cert = d2i_X509_bio(bio, NULL);
520     }
521     BIO_free(bio);
522     return cert;
523 }
524 
ssl_load_pkcs12(tcn_ssl_ctxt_t * c,const char * file,EVP_PKEY ** pkey,X509 ** cert,STACK_OF (X509)** ca)525 static int ssl_load_pkcs12(tcn_ssl_ctxt_t *c, const char *file,
526                            EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
527 {
528     const char *pass;
529     char        buff[PEM_BUFSIZE];
530     int         len, rc = 0;
531     PKCS12     *p12;
532     BIO        *in;
533 
534     if ((in = BIO_new(BIO_s_file())) == 0)
535         return 0;
536     if (BIO_read_filename(in, file) <= 0) {
537         BIO_free(in);
538         return 0;
539     }
540     p12 = d2i_PKCS12_bio(in, 0);
541     if (p12 == 0) {
542         /* Error loading PKCS12 file */
543         goto cleanup;
544     }
545     /* See if an empty password will do */
546     if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, 0, 0)) {
547         pass = "";
548     }
549     else {
550         len = SSL_password_callback(buff, PEM_BUFSIZE, 0, (void *) c->password);
551         if (len < 0) {
552             /* Passpharse callback error */
553             goto cleanup;
554         }
555         if (!PKCS12_verify_mac(p12, buff, len)) {
556             /* Mac verify error (wrong password?) in PKCS12 file */
557             goto cleanup;
558         }
559         pass = buff;
560     }
561     rc = PKCS12_parse(p12, pass, pkey, cert, ca);
562 cleanup:
563     if (p12 != 0)
564         PKCS12_free(p12);
565     BIO_free(in);
566     return rc;
567 }
568 
free_and_reset_pass(tcn_ssl_ctxt_t * c,char * old_password,const jboolean rv)569 static void free_and_reset_pass(tcn_ssl_ctxt_t *c, char* old_password, const jboolean rv) {
570     if (!rv) {
571         if (c->password != NULL) {
572             free(c->password);
573             c->password = NULL;
574         }
575         // Restore old password
576         c->password = old_password;
577     } else if (old_password != NULL) {
578         free(old_password);
579     }
580 }
581 
582 
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCertificate)583 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx,
584                                                          jstring cert, jstring key,
585                                                          jstring password)
586 {
587     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
588     jboolean rv = JNI_TRUE;
589     TCN_ALLOC_CSTRING(cert);
590     TCN_ALLOC_CSTRING(key);
591     TCN_ALLOC_CSTRING(password);
592     EVP_PKEY *pkey = NULL;
593     X509 *xcert = NULL;
594     const char *key_file, *cert_file;
595     const char *p;
596     char *old_password = NULL;
597     char err[256];
598 
599     UNREFERENCED(o);
600     TCN_ASSERT(ctx != 0);
601 
602     if (J2S(password)) {
603         old_password = c->password;
604 
605         c->password = strdup(cpassword);
606         if (c->password == NULL) {
607             rv = JNI_FALSE;
608             goto cleanup;
609         }
610     }
611     key_file  = J2S(key);
612     cert_file = J2S(cert);
613     if (!key_file)
614         key_file = cert_file;
615     if (!key_file || !cert_file) {
616         tcn_Throw(e, "No Certificate file specified or invalid file format");
617         rv = JNI_FALSE;
618         goto cleanup;
619     }
620     if ((p = strrchr(cert_file, '.')) != NULL && strcmp(p, ".pkcs12") == 0) {
621         if (!ssl_load_pkcs12(c, cert_file, &pkey, &xcert, 0)) {
622             ERR_error_string(ERR_get_error(), err);
623             tcn_Throw(e, "Unable to load certificate %s (%s)",
624                       cert_file, err);
625             rv = JNI_FALSE;
626             goto cleanup;
627         }
628     }
629     else {
630         if ((pkey = load_pem_key(c, key_file)) == NULL) {
631             ERR_error_string(ERR_get_error(), err);
632             tcn_Throw(e, "Unable to load certificate key %s (%s)",
633                       key_file, err);
634             rv = JNI_FALSE;
635             goto cleanup;
636         }
637         if ((xcert = load_pem_cert(c, cert_file)) == NULL) {
638             ERR_error_string(ERR_get_error(), err);
639             tcn_Throw(e, "Unable to load certificate %s (%s)",
640                       cert_file, err);
641             rv = JNI_FALSE;
642             goto cleanup;
643         }
644     }
645     if (SSL_CTX_use_certificate(c->ctx, xcert) <= 0) {
646         ERR_error_string(ERR_get_error(), err);
647         tcn_Throw(e, "Error setting certificate (%s)", err);
648         rv = JNI_FALSE;
649         goto cleanup;
650     }
651     if (SSL_CTX_use_PrivateKey(c->ctx, pkey) <= 0) {
652         ERR_error_string(ERR_get_error(), err);
653         tcn_Throw(e, "Error setting private key (%s)", err);
654         rv = JNI_FALSE;
655         goto cleanup;
656     }
657     if (SSL_CTX_check_private_key(c->ctx) <= 0) {
658         ERR_error_string(ERR_get_error(), err);
659         tcn_Throw(e, "Private key does not match the certificate public key (%s)",
660                   err);
661         rv = JNI_FALSE;
662         goto cleanup;
663     }
664 cleanup:
665     TCN_FREE_CSTRING(cert);
666     TCN_FREE_CSTRING(key);
667     TCN_FREE_CSTRING(password);
668     EVP_PKEY_free(pkey); // this function is safe to call with NULL
669     X509_free(xcert); // this function is safe to call with NULL
670     free_and_reset_pass(c, old_password, rv);
671     return rv;
672 }
673 
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setCertificateBio)674 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateBio)(TCN_STDARGS, jlong ctx,
675                                                          jlong cert, jlong key,
676                                                          jstring password)
677 {
678     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
679     BIO *cert_bio = J2P(cert, BIO *);
680     BIO *key_bio = J2P(key, BIO *);
681     EVP_PKEY *pkey = NULL;
682     X509 *xcert = NULL;
683 
684     jboolean rv = JNI_TRUE;
685     TCN_ALLOC_CSTRING(password);
686     char *old_password = NULL;
687     char err[256];
688 
689     UNREFERENCED(o);
690     TCN_ASSERT(ctx != 0);
691 
692     if (J2S(password)) {
693         old_password = c->password;
694 
695         c->password = strdup(cpassword);
696         if (c->password == NULL) {
697             rv = JNI_FALSE;
698             goto cleanup;
699         }
700     }
701 
702     if (!key)
703         key = cert;
704     if (!cert || !key) {
705         tcn_Throw(e, "No Certificate file specified or invalid file format");
706         rv = JNI_FALSE;
707         goto cleanup;
708     }
709 
710     if ((pkey = load_pem_key_bio(c->password, key_bio)) == NULL) {
711         ERR_error_string(ERR_get_error(), err);
712         ERR_clear_error();
713         tcn_Throw(e, "Unable to load certificate key (%s)",err);
714         rv = JNI_FALSE;
715         goto cleanup;
716     }
717     if ((xcert = load_pem_cert_bio(c->password, cert_bio)) == NULL) {
718         ERR_error_string(ERR_get_error(), err);
719         ERR_clear_error();
720         tcn_Throw(e, "Unable to load certificate (%s) ", err);
721         rv = JNI_FALSE;
722         goto cleanup;
723     }
724 
725     if (SSL_CTX_use_certificate(c->ctx, xcert) <= 0) {
726         ERR_error_string(ERR_get_error(), err);
727         ERR_clear_error();
728         tcn_Throw(e, "Error setting certificate (%s)", err);
729         rv = JNI_FALSE;
730         goto cleanup;
731     }
732     if (SSL_CTX_use_PrivateKey(c->ctx, pkey) <= 0) {
733         ERR_error_string(ERR_get_error(), err);
734         ERR_clear_error();
735         tcn_Throw(e, "Error setting private key (%s)", err);
736         rv = JNI_FALSE;
737         goto cleanup;
738     }
739     if (SSL_CTX_check_private_key(c->ctx) <= 0) {
740         ERR_error_string(ERR_get_error(), err);
741         ERR_clear_error();
742 
743         tcn_Throw(e, "Private key does not match the certificate public key (%s)",
744                   err);
745         rv = JNI_FALSE;
746         goto cleanup;
747     }
748 cleanup:
749     TCN_FREE_CSTRING(password);
750     EVP_PKEY_free(pkey); // this function is safe to call with NULL
751     X509_free(xcert); // this function is safe to call with NULL
752     free_and_reset_pass(c, old_password, rv);
753     return rv;
754 }
755 
756 // Convert protos to wire format
initProtocols(JNIEnv * e,unsigned char ** proto_data,unsigned int * proto_len,jobjectArray protos)757 static int initProtocols(JNIEnv *e, unsigned char **proto_data,
758             unsigned int *proto_len, jobjectArray protos) {
759     int i;
760     unsigned char *p_data;
761     // We start with allocate 128 bytes which should be good enough for most use-cases while still be pretty low.
762     // We will call realloc to increase this if needed.
763     size_t p_data_size = 128;
764     size_t p_data_len = 0;
765     jstring proto_string;
766     const char *proto_chars;
767     size_t proto_chars_len;
768     int cnt;
769 
770     if (protos == NULL) {
771         // Guard against NULL protos.
772         return -1;
773     }
774 
775     cnt = (*e)->GetArrayLength(e, protos);
776 
777     if (cnt == 0) {
778         // if cnt is 0 we not need to continue and can just fail fast.
779         return -1;
780     }
781 
782     p_data = (unsigned char *) malloc(p_data_size);
783     if (p_data == NULL) {
784         // Not enough memory?
785         return -1;
786     }
787 
788     for (i = 0; i < cnt; ++i) {
789          proto_string = (jstring) (*e)->GetObjectArrayElement(e, protos, i);
790          proto_chars = (*e)->GetStringUTFChars(e, proto_string, 0);
791 
792          proto_chars_len = strlen(proto_chars);
793          if (proto_chars_len > 0 && proto_chars_len <= MAX_ALPN_NPN_PROTO_SIZE) {
794             // We need to add +1 as each protocol is prefixed by it's length (unsigned char).
795             // For all except of the last one we already have the extra space as everything is
796             // delimited by ','.
797             p_data_len += 1 + proto_chars_len;
798             if (p_data_len > p_data_size) {
799                 // double size
800                 p_data_size <<= 1;
801                 p_data = realloc(p_data, p_data_size);
802                 if (p_data == NULL) {
803                     // Not enough memory?
804                     (*e)->ReleaseStringUTFChars(e, proto_string, proto_chars);
805                     break;
806                 }
807             }
808             // Write the length of the protocol and then increment before memcpy the protocol itself.
809             *p_data = proto_chars_len;
810             ++p_data;
811             memcpy(p_data, proto_chars, proto_chars_len);
812             p_data += proto_chars_len;
813          }
814 
815          // Release the string to prevent memory leaks
816          (*e)->ReleaseStringUTFChars(e, proto_string, proto_chars);
817     }
818 
819     if (p_data == NULL) {
820         // Something went wrong so update the proto_len and return -1
821         *proto_len = 0;
822         return -1;
823     } else {
824         if (*proto_data != NULL) {
825             // Free old data
826             free(*proto_data);
827         }
828         // Decrement pointer again as we incremented it while creating the protocols in wire format.
829         p_data -= p_data_len;
830         *proto_data = p_data;
831         *proto_len = p_data_len;
832         return 0;
833     }
834 }
835 
TCN_IMPLEMENT_CALL(void,SSLContext,setNpnProtos)836 TCN_IMPLEMENT_CALL(void, SSLContext, setNpnProtos)(TCN_STDARGS, jlong ctx, jobjectArray next_protos,
837         jint selectorFailureBehavior)
838 {
839     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
840 
841     TCN_ASSERT(ctx != 0);
842     UNREFERENCED(o);
843 
844     if (initProtocols(e, &c->next_proto_data, &c->next_proto_len, next_protos) == 0) {
845         c->next_selector_failure_behavior = selectorFailureBehavior;
846 
847         // depending on if it's client mode or not we need to call different functions.
848         if (c->mode == SSL_MODE_CLIENT)  {
849             SSL_CTX_set_next_proto_select_cb(c->ctx, SSL_callback_select_next_proto, (void *)c);
850         } else {
851             SSL_CTX_set_next_protos_advertised_cb(c->ctx, SSL_callback_next_protos, (void *)c);
852         }
853     }
854 }
855 
TCN_IMPLEMENT_CALL(void,SSLContext,setAlpnProtos)856 TCN_IMPLEMENT_CALL(void, SSLContext, setAlpnProtos)(TCN_STDARGS, jlong ctx, jobjectArray alpn_protos,
857         jint selectorFailureBehavior)
858 {
859     // Only supported with GCC
860     #if !defined(OPENSSL_IS_BORINGSSL) && (defined(__GNUC__) || defined(__GNUG__))
861         if (!SSL_CTX_set_alpn_protos || !SSL_CTX_set_alpn_select_cb) {
862             UNREFERENCED_STDARGS;
863             UNREFERENCED(ctx);
864             UNREFERENCED(alpn_protos);
865             return;
866         }
867     #endif
868 
869     // We can only support it when either use openssl version >= 1.0.2 or GCC as this way we can use weak linking
870     #if OPENSSL_VERSION_NUMBER >= 0x10002000L || defined(__GNUC__) || defined(__GNUG__)
871         tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
872 
873         TCN_ASSERT(ctx != 0);
874         UNREFERENCED(o);
875 
876         if (initProtocols(e, &c->alpn_proto_data, &c->alpn_proto_len, alpn_protos) == 0) {
877             c->alpn_selector_failure_behavior = selectorFailureBehavior;
878 
879             // depending on if it's client mode or not we need to call different functions.
880             if (c->mode == SSL_MODE_CLIENT)  {
881                 SSL_CTX_set_alpn_protos(c->ctx, c->alpn_proto_data, c->alpn_proto_len);
882             } else {
883                 SSL_CTX_set_alpn_select_cb(c->ctx, SSL_callback_alpn_select_proto, (void *) c);
884 
885             }
886         }
887     #else
888         UNREFERENCED_STDARGS;
889         UNREFERENCED(ctx);
890         UNREFERENCED(alpn_protos);
891     #endif
892 }
893 
TCN_IMPLEMENT_CALL(jlong,SSLContext,setSessionCacheMode)894 TCN_IMPLEMENT_CALL(jlong, SSLContext, setSessionCacheMode)(TCN_STDARGS, jlong ctx, jlong mode)
895 {
896     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
897     return SSL_CTX_set_session_cache_mode(c->ctx, mode);
898 }
899 
TCN_IMPLEMENT_CALL(jlong,SSLContext,getSessionCacheMode)900 TCN_IMPLEMENT_CALL(jlong, SSLContext, getSessionCacheMode)(TCN_STDARGS, jlong ctx)
901 {
902     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
903     return SSL_CTX_get_session_cache_mode(c->ctx);
904 }
905 
TCN_IMPLEMENT_CALL(jlong,SSLContext,setSessionCacheTimeout)906 TCN_IMPLEMENT_CALL(jlong, SSLContext, setSessionCacheTimeout)(TCN_STDARGS, jlong ctx, jlong timeout)
907 {
908     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
909     jlong rv = SSL_CTX_set_timeout(c->ctx, timeout);
910     return rv;
911 }
912 
TCN_IMPLEMENT_CALL(jlong,SSLContext,getSessionCacheTimeout)913 TCN_IMPLEMENT_CALL(jlong, SSLContext, getSessionCacheTimeout)(TCN_STDARGS, jlong ctx)
914 {
915     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
916     return SSL_CTX_get_timeout(c->ctx);
917 }
918 
TCN_IMPLEMENT_CALL(jlong,SSLContext,setSessionCacheSize)919 TCN_IMPLEMENT_CALL(jlong, SSLContext, setSessionCacheSize)(TCN_STDARGS, jlong ctx, jlong size)
920 {
921     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
922     jlong rv = 0;
923 
924     // Also allow size of 0 which is unlimited
925     if (size >= 0) {
926       SSL_CTX_set_session_cache_mode(c->ctx, SSL_SESS_CACHE_SERVER);
927       rv = SSL_CTX_sess_set_cache_size(c->ctx, size);
928     }
929 
930     return rv;
931 }
932 
TCN_IMPLEMENT_CALL(jlong,SSLContext,getSessionCacheSize)933 TCN_IMPLEMENT_CALL(jlong, SSLContext, getSessionCacheSize)(TCN_STDARGS, jlong ctx)
934 {
935     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
936     return SSL_CTX_sess_get_cache_size(c->ctx);
937 }
938 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionNumber)939 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionNumber)(TCN_STDARGS, jlong ctx)
940 {
941     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
942     jlong rv = SSL_CTX_sess_number(c->ctx);
943     return rv;
944 }
945 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionConnect)946 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionConnect)(TCN_STDARGS, jlong ctx)
947 {
948     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
949     jlong rv = SSL_CTX_sess_connect(c->ctx);
950     return rv;
951 }
952 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionConnectGood)953 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionConnectGood)(TCN_STDARGS, jlong ctx)
954 {
955     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
956     jlong rv = SSL_CTX_sess_connect_good(c->ctx);
957     return rv;
958 }
959 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionConnectRenegotiate)960 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionConnectRenegotiate)(TCN_STDARGS, jlong ctx)
961 {
962     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
963     jlong rv = SSL_CTX_sess_connect_renegotiate(c->ctx);
964     return rv;
965 }
966 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionAccept)967 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionAccept)(TCN_STDARGS, jlong ctx)
968 {
969     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
970     jlong rv = SSL_CTX_sess_accept(c->ctx);
971     return rv;
972 }
973 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionAcceptGood)974 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionAcceptGood)(TCN_STDARGS, jlong ctx)
975 {
976     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
977     jlong rv = SSL_CTX_sess_accept_good(c->ctx);
978     return rv;
979 }
980 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionAcceptRenegotiate)981 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionAcceptRenegotiate)(TCN_STDARGS, jlong ctx)
982 {
983     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
984     jlong rv = SSL_CTX_sess_accept_renegotiate(c->ctx);
985     return rv;
986 }
987 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionHits)988 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionHits)(TCN_STDARGS, jlong ctx)
989 {
990     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
991     jlong rv = SSL_CTX_sess_hits(c->ctx);
992     return rv;
993 }
994 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionCbHits)995 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionCbHits)(TCN_STDARGS, jlong ctx)
996 {
997     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
998     jlong rv = SSL_CTX_sess_cb_hits(c->ctx);
999     return rv;
1000 }
1001 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionMisses)1002 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionMisses)(TCN_STDARGS, jlong ctx)
1003 {
1004     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1005     jlong rv = SSL_CTX_sess_misses(c->ctx);
1006     return rv;
1007 }
1008 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionTimeouts)1009 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionTimeouts)(TCN_STDARGS, jlong ctx)
1010 {
1011     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1012     jlong rv = SSL_CTX_sess_timeouts(c->ctx);
1013     return rv;
1014 }
1015 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionCacheFull)1016 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionCacheFull)(TCN_STDARGS, jlong ctx)
1017 {
1018     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1019     jlong rv = SSL_CTX_sess_cache_full(c->ctx);
1020     return rv;
1021 }
1022 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionTicketKeyNew)1023 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionTicketKeyNew)(TCN_STDARGS, jlong ctx)
1024 {
1025     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1026     jlong rv = apr_atomic_read32(&c->ticket_keys_new);
1027     return rv;
1028 }
1029 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionTicketKeyResume)1030 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionTicketKeyResume)(TCN_STDARGS, jlong ctx)
1031 {
1032     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1033     jlong rv = apr_atomic_read32(&c->ticket_keys_resume);
1034     return rv;
1035 }
1036 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionTicketKeyRenew)1037 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionTicketKeyRenew)(TCN_STDARGS, jlong ctx)
1038 {
1039     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1040     jlong rv = apr_atomic_read32(&c->ticket_keys_renew);
1041     return rv;
1042 }
1043 
TCN_IMPLEMENT_CALL(jlong,SSLContext,sessionTicketKeyFail)1044 TCN_IMPLEMENT_CALL(jlong, SSLContext, sessionTicketKeyFail)(TCN_STDARGS, jlong ctx)
1045 {
1046     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1047     jlong rv = apr_atomic_read32(&c->ticket_keys_fail);
1048     return rv;
1049 }
1050 
current_session_key(tcn_ssl_ctxt_t * c,tcn_ssl_ticket_key_t * key)1051 static int current_session_key(tcn_ssl_ctxt_t *c, tcn_ssl_ticket_key_t *key) {
1052     int result = JNI_FALSE;
1053     apr_thread_rwlock_rdlock(c->mutex);
1054     if (c->ticket_keys_len > 0) {
1055         *key = c->ticket_keys[0];
1056         result = JNI_TRUE;
1057     }
1058     apr_thread_rwlock_unlock(c->mutex);
1059     return result;
1060 }
1061 
find_session_key(tcn_ssl_ctxt_t * c,unsigned char key_name[16],tcn_ssl_ticket_key_t * key,int * is_current_key)1062 static int find_session_key(tcn_ssl_ctxt_t *c, unsigned char key_name[16], tcn_ssl_ticket_key_t *key, int *is_current_key) {
1063     int result = JNI_FALSE;
1064     int i;
1065 
1066     apr_thread_rwlock_rdlock(c->mutex);
1067     for (i = 0; i < c->ticket_keys_len; ++i) {
1068         // Check if we have a match for tickets.
1069         if (memcmp(c->ticket_keys[i].key_name, key_name, 16) == 0) {
1070             *key = c->ticket_keys[i];
1071             result = JNI_TRUE;
1072             *is_current_key = (i == 0);
1073             break;
1074         }
1075     }
1076     apr_thread_rwlock_unlock(c->mutex);
1077     return result;
1078 }
1079 
ssl_tlsext_ticket_key_cb(SSL * s,unsigned char key_name[16],unsigned char * iv,EVP_CIPHER_CTX * ctx,HMAC_CTX * hctx,int enc)1080 static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) {
1081      tcn_ssl_ctxt_t *c = SSL_get_app_data2(s);
1082      tcn_ssl_ticket_key_t key;
1083      int is_current_key;
1084 
1085      if (enc) { /* create new session */
1086          if (current_session_key(c, &key)) {
1087              if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) {
1088                  return -1; /* insufficient random */
1089              }
1090 
1091              memcpy(key_name, key.key_name, 16);
1092 
1093              EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key.aes_key, iv);
1094              HMAC_Init_ex(hctx, key.hmac_key, 16, EVP_sha256(), NULL);
1095              apr_atomic_inc32(&c->ticket_keys_new);
1096              return 1;
1097          }
1098          // No ticket configured
1099          return 0;
1100      } else { /* retrieve session */
1101          if (find_session_key(c, key_name, &key, &is_current_key)) {
1102              HMAC_Init_ex(hctx, key.hmac_key, 16, EVP_sha256(), NULL);
1103              EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key.aes_key, iv );
1104              if (!is_current_key) {
1105                  // The ticket matched a key in the list, and we want to upgrade it to the current
1106                  // key.
1107                  apr_atomic_inc32(&c->ticket_keys_renew);
1108                  return 2;
1109              }
1110              // The ticket matched the current key.
1111              apr_atomic_inc32(&c->ticket_keys_resume);
1112              return 1;
1113          }
1114          // No matching ticket.
1115          apr_atomic_inc32(&c->ticket_keys_fail);
1116          return 0;
1117      }
1118 }
1119 
TCN_IMPLEMENT_CALL(void,SSLContext,setSessionTicketKeys0)1120 TCN_IMPLEMENT_CALL(void, SSLContext, setSessionTicketKeys0)(TCN_STDARGS, jlong ctx, jbyteArray keys)
1121 {
1122     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1123     jbyte* b;
1124     jbyte* key;
1125     tcn_ssl_ticket_key_t* ticket_keys;
1126     int i;
1127     int cnt;
1128 
1129     cnt = (*e)->GetArrayLength(e, keys) / SSL_SESSION_TICKET_KEY_SIZE;
1130     b = (*e)->GetByteArrayElements(e, keys, NULL);
1131 
1132     ticket_keys = malloc(sizeof(tcn_ssl_ticket_key_t) * cnt);
1133 
1134     for (i = 0; i < cnt; ++i) {
1135         key = b + (SSL_SESSION_TICKET_KEY_SIZE * i);
1136         memcpy(ticket_keys[i].key_name, key, 16);
1137         memcpy(ticket_keys[i].hmac_key, key + 16, 16);
1138         memcpy(ticket_keys[i].aes_key, key + 32, 16);
1139     }
1140 
1141     (*e)->ReleaseByteArrayElements(e, keys, b, 0);
1142 
1143     apr_thread_rwlock_wrlock(c->mutex);
1144     if (c->ticket_keys) {
1145         free(c->ticket_keys);
1146     }
1147     c->ticket_keys_len = cnt;
1148     c->ticket_keys = ticket_keys;
1149     apr_thread_rwlock_unlock(c->mutex);
1150 
1151     SSL_CTX_set_tlsext_ticket_key_cb(c->ctx, ssl_tlsext_ticket_key_cb);
1152 }
1153 
authentication_method(const SSL * ssl)1154 static const char* authentication_method(const SSL* ssl) {
1155 {
1156     const STACK_OF(SSL_CIPHER) *ciphers = NULL;
1157 
1158     switch (SSL_version(ssl))
1159         {
1160         case SSL2_VERSION:
1161             return SSL_TXT_RSA;
1162         default:
1163             ciphers = SSL_get_ciphers(ssl);
1164             if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) {
1165                 // No cipher available so return UNKNOWN.
1166                 return TCN_UNKNOWN_AUTH_METHOD;
1167             }
1168             return SSL_cipher_authentication_method(sk_SSL_CIPHER_value(ciphers, 0));
1169         }
1170     }
1171 }
1172 /* Android end */
1173 
SSL_cert_verify(X509_STORE_CTX * ctx,void * arg)1174 static int SSL_cert_verify(X509_STORE_CTX *ctx, void *arg) {
1175     /* Get Apache context back through OpenSSL context */
1176     SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
1177     TCN_ASSERT(ssl != NULL);
1178     tcn_ssl_ctxt_t *c = SSL_get_app_data2(ssl);
1179     TCN_ASSERT(c != NULL);
1180     tcn_ssl_verify_config_t* verify_config = SSL_get_app_data4(ssl);
1181     TCN_ASSERT(verify_config != NULL);
1182 
1183     // Get a stack of all certs in the chain
1184     STACK_OF(X509) *sk = X509_STORE_CTX_get0_untrusted(ctx);
1185 
1186     // SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set the limit up to which depth certificates in a chain are
1187     // used during the verification procedure. If the certificate chain is longer than allowed, the certificates above
1188     // the limit are ignored. Error messages are generated as if these certificates would not be present,
1189     // most likely a X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
1190     // https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_verify.html
1191     const int totalQueuedLength = sk_X509_num(sk);
1192     int len = TCN_MIN(verify_config->verify_depth, totalQueuedLength);
1193     unsigned i;
1194     X509 *cert;
1195     int length;
1196     unsigned char *buf;
1197     JNIEnv *e;
1198     jbyteArray array;
1199     jbyteArray bArray;
1200     const char *authMethod;
1201     jstring authMethodString;
1202     jint result;
1203     jclass byteArrayClass = tcn_get_byte_array_class();
1204     tcn_get_java_env(&e);
1205 
1206     // Create the byte[][] array that holds all the certs
1207     array = (*e)->NewObjectArray(e, len, byteArrayClass, NULL);
1208 
1209     for(i = 0; i < len; i++) {
1210         cert = sk_X509_value(sk, i);
1211 
1212         buf = NULL;
1213         length = i2d_X509(cert, &buf);
1214         if (length < 0) {
1215             // In case of error just return an empty byte[][]
1216             array = (*e)->NewObjectArray(e, 0, byteArrayClass, NULL);
1217             if (buf != NULL) {
1218                 // We need to delete the local references so we not leak memory as this method is called via callback.
1219                 OPENSSL_free(buf);
1220             }
1221             break;
1222         }
1223         bArray = (*e)->NewByteArray(e, length);
1224         (*e)->SetByteArrayRegion(e, bArray, 0, length, (jbyte*) buf);
1225         (*e)->SetObjectArrayElement(e, array, i, bArray);
1226 
1227         // Delete the local reference as we not know how long the chain is and local references are otherwise
1228         // only freed once jni method returns.
1229         (*e)->DeleteLocalRef(e, bArray);
1230         OPENSSL_free(buf);
1231     }
1232 
1233     authMethod = authentication_method(ssl);
1234     authMethodString = (*e)->NewStringUTF(e, authMethod);
1235 
1236     result = (*e)->CallIntMethod(e, c->verifier, c->verifier_method, P2J(ssl), array, authMethodString);
1237 
1238 #ifdef X509_V_ERR_UNSPECIFIED
1239     // If we failed to verify for an unknown reason (currently this happens if we can't find a common root) then we should
1240     // fail with the same status as recommended in the OpenSSL docs https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_verify.html
1241     if (result == X509_V_ERR_UNSPECIFIED && len < totalQueuedLength) {
1242         result = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
1243     }
1244 #else
1245     // HACK!
1246     // LibreSSL 2.4.x doesn't support the X509_V_ERR_UNSPECIFIED so we introduce a work around to make sure a supported alert is used.
1247     // This should be reverted when we support LibreSSL 2.5.x (which does support X509_V_ERR_UNSPECIFIED).
1248     if (result == TCN_X509_V_ERR_UNSPECIFIED) {
1249         result = len < totalQueuedLength ? X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY : X509_V_ERR_CERT_REJECTED;
1250     }
1251 #endif
1252 
1253     // TODO(scott): if verify_config->verify_depth == SSL_CVERIFY_OPTIONAL we have the option to let the handshake
1254     // succeed for some of the "informational" error messages (e.g. X509_V_ERR_EMAIL_MISMATCH ?)
1255 
1256     // Set the correct error so it will be included in the alert.
1257     X509_STORE_CTX_set_error(ctx, result);
1258 
1259     // We need to delete the local references so we not leak memory as this method is called via callback.
1260     (*e)->DeleteLocalRef(e, authMethodString);
1261     (*e)->DeleteLocalRef(e, array);
1262 
1263     return result == X509_V_OK ? 1 : 0;
1264 }
1265 
TCN_IMPLEMENT_CALL(void,SSLContext,setCertVerifyCallback)1266 TCN_IMPLEMENT_CALL(void, SSLContext, setCertVerifyCallback)(TCN_STDARGS, jlong ctx, jobject verifier)
1267 {
1268     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1269 
1270     UNREFERENCED(o);
1271     TCN_ASSERT(ctx != 0);
1272 
1273     if (verifier == NULL) {
1274         SSL_CTX_set_cert_verify_callback(c->ctx, NULL, NULL);
1275     } else {
1276         jclass verifier_class = (*e)->GetObjectClass(e, verifier);
1277         jmethodID method = (*e)->GetMethodID(e, verifier_class, "verify", "(J[[BLjava/lang/String;)I");
1278 
1279         if (method == NULL) {
1280             return;
1281         }
1282         // Delete the reference to the previous specified verifier if needed.
1283         if (c->verifier != NULL) {
1284             (*e)->DeleteLocalRef(e, c->verifier);
1285         }
1286         c->verifier = (*e)->NewGlobalRef(e, verifier);
1287         c->verifier_method = method;
1288 
1289         SSL_CTX_set_cert_verify_callback(c->ctx, SSL_cert_verify, NULL);
1290     }
1291 }
1292 
1293 /**
1294  * Returns an array containing all the X500 principal's bytes.
1295  *
1296  * Partly based on code from conscrypt:
1297  * https://android.googlesource.com/platform/external/conscrypt/+/master/src/main/native/org_conscrypt_NativeCrypto.cpp
1298  */
principalBytes(JNIEnv * e,const STACK_OF (X509_NAME)* names)1299 static jobjectArray principalBytes(JNIEnv* e, const STACK_OF(X509_NAME)* names) {
1300     jobjectArray array;
1301     jbyteArray bArray;
1302     int i;
1303     int count;
1304     int length;
1305     unsigned char *buf;
1306     X509_NAME* principal;
1307     jclass byteArrayClass = tcn_get_byte_array_class();
1308 
1309     if (names == NULL) {
1310         return NULL;
1311     }
1312 
1313     count = sk_X509_NAME_num(names);
1314     if (count <= 0) {
1315         return NULL;
1316     }
1317 
1318     array = (*e)->NewObjectArray(e, count, byteArrayClass, NULL);
1319     if (array == NULL) {
1320         return NULL;
1321     }
1322 
1323     for (i = 0; i < count; i++) {
1324         principal = sk_X509_NAME_value(names, i);
1325         buf = NULL;
1326         length = i2d_X509_NAME(principal, &buf);
1327         if (length < 0) {
1328             if (buf != NULL) {
1329                 // We need to delete the local references so we not leak memory as this method is called via callback.
1330                 OPENSSL_free(buf);
1331             }
1332             // In case of error just return an empty byte[][]
1333             return (*e)->NewObjectArray(e, 0, byteArrayClass, NULL);
1334         }
1335         bArray = (*e)->NewByteArray(e, length);
1336         (*e)->SetByteArrayRegion(e, bArray, 0, length, (jbyte*) buf);
1337         (*e)->SetObjectArrayElement(e, array, i, bArray);
1338 
1339         // Delete the local reference as we not know how long the chain is and local references are otherwise
1340         // only freed once jni method returns.
1341         (*e)->DeleteLocalRef(e, bArray);
1342         OPENSSL_free(buf);
1343     }
1344 
1345     return array;
1346 }
1347 
cert_requested(SSL * ssl,X509 ** x509Out,EVP_PKEY ** pkeyOut)1348 static int cert_requested(SSL* ssl, X509** x509Out, EVP_PKEY** pkeyOut) {
1349 #if defined(LIBRESSL_VERSION_NUMBER)
1350     return -1;
1351 #else
1352     tcn_ssl_ctxt_t *c = SSL_get_app_data2(ssl);
1353     int ctype_num;
1354     jbyte* ctype_bytes;
1355     jobjectArray issuers;
1356     JNIEnv *e;
1357     jbyteArray keyTypes;
1358     jobject keyMaterial;
1359     STACK_OF(X509) *chain = NULL;
1360     X509 *cert = NULL;
1361     EVP_PKEY* pkey = NULL;
1362     jlong certChain;
1363     jlong privateKey;
1364     int certChainLen;
1365     int i;
1366 
1367     tcn_get_java_env(&e);
1368 
1369 #if OPENSSL_VERSION_NUMBER < 0x10002000L
1370     char ssl2_ctype = SSL3_CT_RSA_SIGN;
1371     switch (ssl->version) {
1372         case SSL2_VERSION:
1373             ctype_bytes = (jbyte*) &ssl2_ctype;
1374             ctype_num = 1;
1375             break;
1376         case SSL3_VERSION:
1377         case TLS1_VERSION:
1378         case TLS1_1_VERSION:
1379         case TLS1_2_VERSION:
1380         case DTLS1_VERSION:
1381             ctype_bytes = (jbyte*) ssl->s3->tmp.ctype;
1382             ctype_num = ssl->s3->tmp.ctype_num;
1383             break;
1384     }
1385 #else
1386     ctype_num = SSL_get0_certificate_types(ssl, (const uint8_t **) &ctype_bytes);
1387 #endif
1388     if (ctype_num <= 0) {
1389         // Use no certificate
1390         return 0;
1391     }
1392     keyTypes = (*e)->NewByteArray(e, ctype_num);
1393     if (keyTypes == NULL) {
1394         // Something went seriously wrong, bail out!
1395         return -1;
1396     }
1397     (*e)->SetByteArrayRegion(e, keyTypes, 0, ctype_num, ctype_bytes);
1398 
1399     issuers = principalBytes(e,  SSL_get_client_CA_list(ssl));
1400 
1401     // Execute the java callback
1402     keyMaterial = (*e)->CallObjectMethod(e, c->cert_requested_callback, c->cert_requested_callback_method, P2J(ssl), keyTypes, issuers);
1403     if (keyMaterial == NULL) {
1404         return 0;
1405     }
1406 
1407     // Any failure after this line must cause a goto fail to cleanup things.
1408     certChain = (*e)->GetLongField(e, keyMaterial, tcn_get_key_material_certificate_chain_field());
1409     privateKey = (*e)->GetLongField(e, keyMaterial, tcn_get_key_material_private_key_field());
1410 
1411     chain = J2P(certChain, STACK_OF(X509) *);
1412     pkey = J2P(privateKey, EVP_PKEY *);
1413 
1414     if (chain == NULL || pkey == NULL) {
1415         goto fail;
1416     }
1417 
1418     certChainLen = sk_X509_num(chain);
1419 
1420     if (certChainLen <= 0) {
1421        goto fail;
1422     }
1423 
1424     // Skip the first cert in the chain as we will write this to x509Out.
1425     // See https://github.com/netty/netty-tcnative/issues/184
1426     for (i = 1; i < certChainLen; ++i) {
1427         // We need to explicit add extra certs to the chain as stated in:
1428         // https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_client_cert_cb.html
1429         //
1430         // Using SSL_add0_chain_cert(...) here as we not want to increment the reference count.
1431         if (SSL_add0_chain_cert(ssl, sk_X509_value(chain, i)) <= 0) {
1432             goto fail;
1433         }
1434     }
1435 
1436     cert = sk_X509_value(chain, 0);
1437     // Increment the reference count as we already set the chain via SSL_set0_chain(...) and using a cert out of it.
1438     if (tcn_X509_up_ref(cert) <= 0) {
1439         goto fail;
1440     }
1441     *x509Out = cert;
1442     *pkeyOut = pkey;
1443 
1444     // Free the stack it self but not the certs.
1445     sk_X509_free(chain);
1446     return 1;
1447 fail:
1448     ERR_clear_error();
1449     sk_X509_pop_free(chain, X509_free);
1450     EVP_PKEY_free(pkey);
1451 
1452     // TODO: Would it be more correct to return 0 in this case we may not want to use any cert / private key ?
1453     return -1;
1454 #endif /* defined(LIBRESSL_VERSION_NUMBER) */
1455 }
1456 
TCN_IMPLEMENT_CALL(void,SSLContext,setCertRequestedCallback)1457 TCN_IMPLEMENT_CALL(void, SSLContext, setCertRequestedCallback)(TCN_STDARGS, jlong ctx, jobject callback)
1458 {
1459     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1460 
1461     UNREFERENCED(o);
1462     TCN_ASSERT(ctx != 0);
1463 
1464     if (callback == NULL) {
1465         SSL_CTX_set_client_cert_cb(c->ctx, NULL);
1466     } else {
1467         jclass callback_class = (*e)->GetObjectClass(e, callback);
1468         jmethodID method = (*e)->GetMethodID(e, callback_class, "requested", "(J[B[[B)Lio/netty/internal/tcnative/CertificateRequestedCallback$KeyMaterial;");
1469         if (method == NULL) {
1470             return;
1471         }
1472         // Delete the reference to the previous specified verifier if needed.
1473         if (c->cert_requested_callback != NULL) {
1474             (*e)->DeleteLocalRef(e, c->cert_requested_callback);
1475         }
1476         c->cert_requested_callback = (*e)->NewGlobalRef(e, callback);
1477         c->cert_requested_callback_method = method;
1478 
1479         SSL_CTX_set_client_cert_cb(c->ctx, cert_requested);
1480     }
1481 }
1482 
TCN_IMPLEMENT_CALL(jboolean,SSLContext,setSessionIdContext)1483 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setSessionIdContext)(TCN_STDARGS, jlong ctx, jbyteArray sidCtx)
1484 {
1485     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1486     int len = (*e)->GetArrayLength(e, sidCtx);
1487     unsigned char *buf;
1488     int res;
1489 
1490     UNREFERENCED(o);
1491     TCN_ASSERT(ctx != 0);
1492 
1493     buf = malloc(len);
1494 
1495     (*e)->GetByteArrayRegion(e, sidCtx, 0, len, (jbyte*) buf);
1496 
1497     res = SSL_CTX_set_session_id_context(c->ctx, buf, len);
1498     free(buf);
1499 
1500     if (res == 1) {
1501         return JNI_TRUE;
1502     }
1503     return JNI_FALSE;
1504 }
1505 
TCN_IMPLEMENT_CALL(jint,SSLContext,setMode)1506 TCN_IMPLEMENT_CALL(jint, SSLContext, setMode)(TCN_STDARGS, jlong ctx, jint mode)
1507 {
1508     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1509 
1510     UNREFERENCED(o);
1511     TCN_ASSERT(ctx != 0);
1512 
1513     return (jint) SSL_CTX_set_mode(c->ctx, mode);
1514 }
1515 
1516 
TCN_IMPLEMENT_CALL(jint,SSLContext,getMode)1517 TCN_IMPLEMENT_CALL(jint, SSLContext, getMode)(TCN_STDARGS, jlong ctx)
1518 {
1519     tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
1520 
1521     UNREFERENCED(o);
1522     TCN_ASSERT(ctx != 0);
1523 
1524     return (jint) SSL_CTX_get_mode(c->ctx);
1525 }
1526