Prepare to provide X509_STORE_get1_objects()

The OpenSSL 1.1 API X509_STORE_get0_objects() is not thread safe. It
exposes a naked internal pointer containing certificates, CRLs and
cached objects added by X509_LOOKUP_hash_dir(). Thus, if the store is
shared between threads, it is not possible to inspect this pointer safely
since another thread could concurrently add to it. This may happen in
particular during certificate verification. This API led to security
issues in rust-openssl and is also problematic in current Python.

Other consumers of X509_STORE_get0_objects() are haproxy, isync, openvpn.

The solution is to take a snapshot of the state under a lock and return
that. This is what X509_STORE_get1_objects() does. It returns a newly
allocated stack that needs to be freed with sk_X509_OBJECT_pop_free(),
passing X509_OBJECT_free as a second argument.

Based on a diff by David Benjamin for BoringSSL.
https://boringssl-review.googlesource.com/c/boringssl/+/65787

ok beck jsing

PS: Variants of this have landed in Python and OpenSSL 3 as well. There the
sk_*deep_copy() API is used, which in OpenSSL relies on evaluating function
pointers after casts (BoringSSL fixed that). Instead of using this macro
insanity and exposing that garbage in public, we can do this by implementing
a pedestrian, static sk_X509_OBJECT_deep_copy() by hand.

diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace
index 62d6b5a..bcd5b84 100644 (file)
--- a/lib/libcrypto/Symbols.namespace
+++ b/lib/libcrypto/Symbols.namespace
@@ -525,6 +525,7 @@ _libre_X509_STORE_new
 _libre_X509_STORE_free
 _libre_X509_STORE_up_ref
 _libre_X509_STORE_get0_objects
+_libre_X509_STORE_get1_objects
 _libre_X509_STORE_get_ex_data
 _libre_X509_STORE_set_ex_data
 _libre_X509_STORE_set_flags

diff --git a/lib/libcrypto/hidden/openssl/x509_vfy.h b/lib/libcrypto/hidden/openssl/x509_vfy.h
index b5f2ac1..3502492 100644 (file)
--- a/lib/libcrypto/hidden/openssl/x509_vfy.h
+++ b/lib/libcrypto/hidden/openssl/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.6 2023/07/05 21:14:54 bcook Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.7 2024/02/23 10:39:07 tb Exp $ */
 /*
  * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
  *
@@ -40,6 +40,7 @@ LCRYPTO_USED(X509_STORE_new);
 LCRYPTO_USED(X509_STORE_free);
 LCRYPTO_USED(X509_STORE_up_ref);
 LCRYPTO_USED(X509_STORE_get0_objects);
+LCRYPTO_USED(X509_STORE_get1_objects);
 LCRYPTO_USED(X509_STORE_get_ex_data);
 LCRYPTO_USED(X509_STORE_set_ex_data);
 LCRYPTO_USED(X509_STORE_set_flags);

diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c
index 6bdae0f..7e7a5de 100644 (file)
--- a/lib/libcrypto/x509/x509_lu.c
+++ b/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.62 2023/12/27 01:55:25 tb Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.63 2024/02/23 10:39:07 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -246,6 +246,24 @@ X509_OBJECT_free(X509_OBJECT *a)
 }
 LCRYPTO_ALIAS(X509_OBJECT_free);
 
+static X509_OBJECT *
+x509_object_dup(const X509_OBJECT *obj)
+{
+       X509_OBJECT *copy;
+
+       if ((copy = X509_OBJECT_new()) == NULL) {
+               X509error(ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+
+       copy->type = obj->type;
+       copy->data = obj->data;
+
+       X509_OBJECT_up_ref_count(copy);
+
+       return copy;
+}
+
 void
 X509_STORE_free(X509_STORE *store)
 {
@@ -785,6 +803,53 @@ X509_STORE_get0_objects(X509_STORE *xs)
 }
 LCRYPTO_ALIAS(X509_STORE_get0_objects);
 
+static STACK_OF(X509_OBJECT) *
+sk_X509_OBJECT_deep_copy(const STACK_OF(X509_OBJECT) *objs)
+{
+       STACK_OF(X509_OBJECT) *copy = NULL;
+       X509_OBJECT *obj = NULL;
+       int i;
+
+       if ((copy = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) {
+               X509error(ERR_R_MALLOC_FAILURE);
+               goto err;
+       }
+
+       for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
+               if ((obj = x509_object_dup(sk_X509_OBJECT_value(objs, i))) == NULL)
+                       goto err;
+               if (!sk_X509_OBJECT_push(copy, obj))
+                       goto err;
+               obj = NULL;
+       }
+
+       return copy;
+
+ err:
+       X509_OBJECT_free(obj);
+       sk_X509_OBJECT_pop_free(copy, X509_OBJECT_free);
+
+       return NULL;
+}
+
+STACK_OF(X509_OBJECT) *
+X509_STORE_get1_objects(X509_STORE *store)
+{
+       STACK_OF(X509_OBJECT) *objs;
+
+       if (store == NULL) {
+               X509error(ERR_R_PASSED_NULL_PARAMETER);
+               return NULL;
+       }
+
+       CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+       objs = sk_X509_OBJECT_deep_copy(store->objs);
+       CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+
+       return objs;
+}
+LCRYPTO_ALIAS(X509_STORE_get1_objects);
+
 void *
 X509_STORE_get_ex_data(X509_STORE *xs, int idx)
 {

diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h
index 1aa29ab..d7657a5 100644 (file)
--- a/lib/libcrypto/x509/x509_vfy.h
+++ b/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.64 2023/05/28 05:25:24 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.65 2024/02/23 10:39:07 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -293,6 +293,9 @@ int X509_STORE_up_ref(X509_STORE *x);
 STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
 STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs);
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+STACK_OF(X509_OBJECT) *X509_STORE_get1_objects(X509_STORE *xs);
+#endif
 void *X509_STORE_get_ex_data(X509_STORE *xs, int idx);
 int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);