1 /* 2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include "ssl_local.h" 12 #include "internal/packet.h" 13 #include "internal/ssl_unwrap.h" 14 #include <openssl/bio.h> 15 #include <openssl/objects.h> 16 #include <openssl/evp.h> 17 #include <openssl/x509.h> 18 #include <openssl/x509v3.h> 19 #include <openssl/pem.h> 20 21 static int ssl_set_cert(CERT *c, X509 *x509, SSL_CTX *ctx); 22 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey, SSL_CTX *ctx); 23 24 #define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ 25 | SSL_EXT_CLIENT_HELLO \ 26 | SSL_EXT_TLS1_2_SERVER_HELLO \ 27 | SSL_EXT_IGNORE_ON_RESUMPTION) 28 29 #define NAME_PREFIX1 "SERVERINFO FOR " 30 #define NAME_PREFIX2 "SERVERINFOV2 FOR " 31 32 int SSL_use_certificate(SSL *ssl, X509 *x) 33 { 34 int rv; 35 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); 36 37 if (sc == NULL) 38 return 0; 39 40 if (x == NULL) { 41 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 42 return 0; 43 } 44 45 rv = ssl_security_cert(sc, NULL, x, 0, 1); 46 if (rv != 1) { 47 ERR_raise(ERR_LIB_SSL, rv); 48 return 0; 49 } 50 51 return ssl_set_cert(sc->cert, x, SSL_CONNECTION_GET_CTX(sc)); 52 } 53 54 int SSL_use_certificate_file(SSL *ssl, const char *file, int type) 55 { 56 int j; 57 BIO *in = NULL; 58 int ret = 0; 59 X509 *cert = NULL, *x = NULL; 60 61 if (file == NULL) { 62 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 63 goto end; 64 } 65 66 in = BIO_new(BIO_s_file()); 67 if (in == NULL) { 68 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 69 goto end; 70 } 71 72 if (BIO_read_filename(in, file) <= 0) { 73 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); 74 goto end; 75 } 76 77 x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq); 78 if (x == NULL) { 79 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 80 goto end; 81 } 82 if (type == SSL_FILETYPE_ASN1) { 83 j = ERR_R_ASN1_LIB; 84 cert = d2i_X509_bio(in, &x); 85 } else if (type == SSL_FILETYPE_PEM) { 86 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); 87 88 if (sc == NULL) 89 goto end; 90 91 j = ERR_R_PEM_LIB; 92 cert = PEM_read_bio_X509(in, &x, sc->default_passwd_callback, 93 sc->default_passwd_callback_userdata); 94 } else { 95 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); 96 goto end; 97 } 98 99 if (cert == NULL) { 100 ERR_raise(ERR_LIB_SSL, j); 101 goto end; 102 } 103 104 ret = SSL_use_certificate(ssl, x); 105 end: 106 X509_free(x); 107 BIO_free(in); 108 return ret; 109 } 110 111 int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) 112 { 113 X509 *x; 114 int ret; 115 116 x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq); 117 if (x == NULL) { 118 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 119 return 0; 120 } 121 122 if (d2i_X509(&x, &d, (long)len)== NULL) { 123 X509_free(x); 124 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 125 return 0; 126 } 127 128 ret = SSL_use_certificate(ssl, x); 129 X509_free(x); 130 return ret; 131 } 132 133 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey, SSL_CTX *ctx) 134 { 135 size_t i; 136 137 if (ssl_cert_lookup_by_pkey(pkey, &i, ctx) == NULL) { 138 ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE); 139 return 0; 140 } 141 142 if (c->pkeys[i].x509 != NULL 143 && !X509_check_private_key(c->pkeys[i].x509, pkey)) 144 return 0; 145 if (!EVP_PKEY_up_ref(pkey)) 146 return 0; 147 148 EVP_PKEY_free(c->pkeys[i].privatekey); 149 c->pkeys[i].privatekey = pkey; 150 c->key = &c->pkeys[i]; 151 return 1; 152 } 153 154 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) 155 { 156 int ret; 157 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); 158 159 if (sc == NULL) 160 return 0; 161 162 if (pkey == NULL) { 163 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 164 return 0; 165 } 166 ret = ssl_set_pkey(sc->cert, pkey, SSL_CONNECTION_GET_CTX(sc)); 167 return ret; 168 } 169 170 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) 171 { 172 int j, ret = 0; 173 BIO *in = NULL; 174 EVP_PKEY *pkey = NULL; 175 176 if (file == NULL) { 177 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 178 goto end; 179 } 180 181 in = BIO_new(BIO_s_file()); 182 if (in == NULL) { 183 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 184 goto end; 185 } 186 187 if (BIO_read_filename(in, file) <= 0) { 188 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); 189 goto end; 190 } 191 if (type == SSL_FILETYPE_PEM) { 192 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); 193 194 if (sc == NULL) 195 goto end; 196 197 j = ERR_R_PEM_LIB; 198 pkey = PEM_read_bio_PrivateKey_ex(in, NULL, 199 sc->default_passwd_callback, 200 sc->default_passwd_callback_userdata, 201 ssl->ctx->libctx, 202 ssl->ctx->propq); 203 } else if (type == SSL_FILETYPE_ASN1) { 204 j = ERR_R_ASN1_LIB; 205 pkey = d2i_PrivateKey_ex_bio(in, NULL, ssl->ctx->libctx, 206 ssl->ctx->propq); 207 } else { 208 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); 209 goto end; 210 } 211 if (pkey == NULL) { 212 ERR_raise(ERR_LIB_SSL, j); 213 goto end; 214 } 215 ret = SSL_use_PrivateKey(ssl, pkey); 216 EVP_PKEY_free(pkey); 217 end: 218 BIO_free(in); 219 return ret; 220 } 221 222 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, 223 long len) 224 { 225 int ret; 226 const unsigned char *p; 227 EVP_PKEY *pkey; 228 229 p = d; 230 if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ssl->ctx->libctx, 231 ssl->ctx->propq)) == NULL) { 232 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 233 return 0; 234 } 235 236 ret = SSL_use_PrivateKey(ssl, pkey); 237 EVP_PKEY_free(pkey); 238 return ret; 239 } 240 241 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) 242 { 243 int rv; 244 if (x == NULL) { 245 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 246 return 0; 247 } 248 249 rv = ssl_security_cert(NULL, ctx, x, 0, 1); 250 if (rv != 1) { 251 ERR_raise(ERR_LIB_SSL, rv); 252 return 0; 253 } 254 return ssl_set_cert(ctx->cert, x, ctx); 255 } 256 257 static int ssl_set_cert(CERT *c, X509 *x, SSL_CTX *ctx) 258 { 259 EVP_PKEY *pkey; 260 size_t i; 261 262 pkey = X509_get0_pubkey(x); 263 if (pkey == NULL) { 264 ERR_raise(ERR_LIB_SSL, SSL_R_X509_LIB); 265 return 0; 266 } 267 268 if (ssl_cert_lookup_by_pkey(pkey, &i, ctx) == NULL) { 269 ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE); 270 return 0; 271 } 272 273 if (i == SSL_PKEY_ECC && !EVP_PKEY_can_sign(pkey)) { 274 ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING); 275 return 0; 276 } 277 278 if (c->pkeys[i].privatekey != NULL) { 279 /* 280 * The return code from EVP_PKEY_copy_parameters is deliberately 281 * ignored. Some EVP_PKEY types cannot do this. 282 * coverity[check_return] 283 */ 284 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); 285 ERR_clear_error(); 286 287 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { 288 /* 289 * don't fail for a cert/key mismatch, just free current private 290 * key (when switching to a different cert & key, first this 291 * function should be used, then ssl_set_pkey 292 */ 293 EVP_PKEY_free(c->pkeys[i].privatekey); 294 c->pkeys[i].privatekey = NULL; 295 /* clear error queue */ 296 ERR_clear_error(); 297 } 298 } 299 300 if (!X509_up_ref(x)) 301 return 0; 302 303 X509_free(c->pkeys[i].x509); 304 c->pkeys[i].x509 = x; 305 c->key = &(c->pkeys[i]); 306 307 return 1; 308 } 309 310 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) 311 { 312 int j = SSL_R_BAD_VALUE; 313 BIO *in = NULL; 314 int ret = 0; 315 X509 *x = NULL, *cert = NULL; 316 317 if (file == NULL) { 318 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 319 goto end; 320 } 321 322 in = BIO_new(BIO_s_file()); 323 if (in == NULL) { 324 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 325 goto end; 326 } 327 328 if (BIO_read_filename(in, file) <= 0) { 329 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); 330 goto end; 331 } 332 333 x = X509_new_ex(ctx->libctx, ctx->propq); 334 if (x == NULL) { 335 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 336 goto end; 337 } 338 if (type == SSL_FILETYPE_ASN1) { 339 j = ERR_R_ASN1_LIB; 340 cert = d2i_X509_bio(in, &x); 341 } else if (type == SSL_FILETYPE_PEM) { 342 j = ERR_R_PEM_LIB; 343 cert = PEM_read_bio_X509(in, &x, ctx->default_passwd_callback, 344 ctx->default_passwd_callback_userdata); 345 } else { 346 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); 347 goto end; 348 } 349 if (cert == NULL) { 350 ERR_raise(ERR_LIB_SSL, j); 351 goto end; 352 } 353 354 ret = SSL_CTX_use_certificate(ctx, x); 355 end: 356 X509_free(x); 357 BIO_free(in); 358 return ret; 359 } 360 361 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) 362 { 363 X509 *x; 364 int ret; 365 366 x = X509_new_ex(ctx->libctx, ctx->propq); 367 if (x == NULL) { 368 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 369 return 0; 370 } 371 372 if (d2i_X509(&x, &d, (long)len) == NULL) { 373 X509_free(x); 374 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 375 return 0; 376 } 377 378 ret = SSL_CTX_use_certificate(ctx, x); 379 X509_free(x); 380 return ret; 381 } 382 383 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 384 { 385 if (pkey == NULL) { 386 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 387 return 0; 388 } 389 return ssl_set_pkey(ctx->cert, pkey, ctx); 390 } 391 392 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) 393 { 394 int j, ret = 0; 395 BIO *in = NULL; 396 EVP_PKEY *pkey = NULL; 397 398 if (file == NULL) { 399 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 400 goto end; 401 } 402 403 in = BIO_new(BIO_s_file()); 404 if (in == NULL) { 405 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 406 goto end; 407 } 408 409 if (BIO_read_filename(in, file) <= 0) { 410 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); 411 goto end; 412 } 413 if (type == SSL_FILETYPE_PEM) { 414 j = ERR_R_PEM_LIB; 415 pkey = PEM_read_bio_PrivateKey_ex(in, NULL, 416 ctx->default_passwd_callback, 417 ctx->default_passwd_callback_userdata, 418 ctx->libctx, ctx->propq); 419 } else if (type == SSL_FILETYPE_ASN1) { 420 j = ERR_R_ASN1_LIB; 421 pkey = d2i_PrivateKey_ex_bio(in, NULL, ctx->libctx, ctx->propq); 422 } else { 423 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); 424 goto end; 425 } 426 if (pkey == NULL) { 427 ERR_raise(ERR_LIB_SSL, j); 428 goto end; 429 } 430 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 431 EVP_PKEY_free(pkey); 432 end: 433 BIO_free(in); 434 return ret; 435 } 436 437 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, 438 const unsigned char *d, long len) 439 { 440 int ret; 441 const unsigned char *p; 442 EVP_PKEY *pkey; 443 444 p = d; 445 if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ctx->libctx, 446 ctx->propq)) == NULL) { 447 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 448 return 0; 449 } 450 451 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 452 EVP_PKEY_free(pkey); 453 return ret; 454 } 455 456 /* 457 * Read a file that contains our certificate in "PEM" format, possibly 458 * followed by a sequence of CA certificates that should be sent to the peer 459 * in the Certificate message. 460 */ 461 static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) 462 { 463 BIO *in = NULL; 464 int ret = 0; 465 X509 *x = NULL; 466 pem_password_cb *passwd_callback; 467 void *passwd_callback_userdata; 468 SSL_CTX *real_ctx = (ssl == NULL) ? ctx : ssl->ctx; 469 470 if (ctx == NULL && ssl == NULL) 471 return 0; 472 473 ERR_clear_error(); /* clear error stack for 474 * SSL_CTX_use_certificate() */ 475 476 if (ctx != NULL) { 477 passwd_callback = ctx->default_passwd_callback; 478 passwd_callback_userdata = ctx->default_passwd_callback_userdata; 479 } else { 480 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); 481 482 if (sc == NULL) 483 return 0; 484 485 passwd_callback = sc->default_passwd_callback; 486 passwd_callback_userdata = sc->default_passwd_callback_userdata; 487 } 488 489 if (file == NULL) { 490 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 491 goto end; 492 } 493 494 in = BIO_new(BIO_s_file()); 495 if (in == NULL) { 496 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 497 goto end; 498 } 499 500 if (BIO_read_filename(in, file) <= 0) { 501 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); 502 goto end; 503 } 504 505 x = X509_new_ex(real_ctx->libctx, real_ctx->propq); 506 if (x == NULL) { 507 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 508 goto end; 509 } 510 if (PEM_read_bio_X509_AUX(in, &x, passwd_callback, 511 passwd_callback_userdata) == NULL) { 512 ERR_raise(ERR_LIB_SSL, ERR_R_PEM_LIB); 513 goto end; 514 } 515 516 if (ctx) 517 ret = SSL_CTX_use_certificate(ctx, x); 518 else 519 ret = SSL_use_certificate(ssl, x); 520 521 if (ERR_peek_error() != 0) 522 ret = 0; /* Key/certificate mismatch doesn't imply 523 * ret==0 ... */ 524 if (ret) { 525 /* 526 * If we could set up our certificate, now proceed to the CA 527 * certificates. 528 */ 529 X509 *ca; 530 int r; 531 unsigned long err; 532 533 if (ctx) 534 r = SSL_CTX_clear_chain_certs(ctx); 535 else 536 r = SSL_clear_chain_certs(ssl); 537 538 if (r == 0) { 539 ret = 0; 540 goto end; 541 } 542 543 while (1) { 544 ca = X509_new_ex(real_ctx->libctx, real_ctx->propq); 545 if (ca == NULL) { 546 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 547 goto end; 548 } 549 if (PEM_read_bio_X509(in, &ca, passwd_callback, 550 passwd_callback_userdata) != NULL) { 551 if (ctx) 552 r = SSL_CTX_add0_chain_cert(ctx, ca); 553 else 554 r = SSL_add0_chain_cert(ssl, ca); 555 /* 556 * Note that we must not free ca if it was successfully added to 557 * the chain (while we must free the main certificate, since its 558 * reference count is increased by SSL_CTX_use_certificate). 559 */ 560 if (!r) { 561 X509_free(ca); 562 ret = 0; 563 goto end; 564 } 565 } else { 566 X509_free(ca); 567 break; 568 } 569 } 570 /* When the while loop ends, it's usually just EOF. */ 571 err = ERR_peek_last_error(); 572 if (ERR_GET_LIB(err) == ERR_LIB_PEM 573 && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) 574 ERR_clear_error(); 575 else 576 ret = 0; /* some real error */ 577 } 578 579 end: 580 X509_free(x); 581 BIO_free(in); 582 return ret; 583 } 584 585 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) 586 { 587 return use_certificate_chain_file(ctx, NULL, file); 588 } 589 590 int SSL_use_certificate_chain_file(SSL *ssl, const char *file) 591 { 592 return use_certificate_chain_file(NULL, ssl, file); 593 } 594 595 static int serverinfo_find_extension(const unsigned char *serverinfo, 596 size_t serverinfo_length, 597 unsigned int extension_type, 598 const unsigned char **extension_data, 599 size_t *extension_length) 600 { 601 PACKET pkt, data; 602 603 *extension_data = NULL; 604 *extension_length = 0; 605 if (serverinfo == NULL || serverinfo_length == 0) 606 return -1; 607 608 if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length)) 609 return -1; 610 611 for (;;) { 612 unsigned int type = 0; 613 unsigned long context = 0; 614 615 /* end of serverinfo */ 616 if (PACKET_remaining(&pkt) == 0) 617 return 0; /* Extension not found */ 618 619 if (!PACKET_get_net_4(&pkt, &context) 620 || !PACKET_get_net_2(&pkt, &type) 621 || !PACKET_get_length_prefixed_2(&pkt, &data)) 622 return -1; 623 624 if (type == extension_type) { 625 *extension_data = PACKET_data(&data); 626 *extension_length = PACKET_remaining(&data); 627 return 1; /* Success */ 628 } 629 } 630 /* Unreachable */ 631 } 632 633 static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type, 634 unsigned int context, 635 const unsigned char *in, 636 size_t inlen, X509 *x, size_t chainidx, 637 int *al, void *arg) 638 { 639 640 if (inlen != 0) { 641 *al = SSL_AD_DECODE_ERROR; 642 return 0; 643 } 644 645 return 1; 646 } 647 648 static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, 649 const unsigned char *in, 650 size_t inlen, int *al, void *arg) 651 { 652 return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al, 653 arg); 654 } 655 656 static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type, 657 unsigned int context, 658 const unsigned char **out, 659 size_t *outlen, X509 *x, size_t chainidx, 660 int *al, void *arg) 661 { 662 const unsigned char *serverinfo = NULL; 663 size_t serverinfo_length = 0; 664 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); 665 666 if (sc == NULL) { 667 *al = SSL_AD_INTERNAL_ERROR; 668 return -1; 669 } 670 671 /* We only support extensions for the first Certificate */ 672 if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0) 673 return 0; 674 675 /* Is there serverinfo data for the chosen server cert? */ 676 if ((ssl_get_server_cert_serverinfo(sc, &serverinfo, 677 &serverinfo_length)) != 0) { 678 /* Find the relevant extension from the serverinfo */ 679 int retval = serverinfo_find_extension(serverinfo, serverinfo_length, 680 ext_type, out, outlen); 681 if (retval == -1) { 682 *al = SSL_AD_INTERNAL_ERROR; 683 return -1; /* Error */ 684 } 685 if (retval == 0) 686 return 0; /* No extension found, don't send extension */ 687 return 1; /* Send extension */ 688 } 689 return 0; /* No serverinfo data found, don't send 690 * extension */ 691 } 692 693 static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, 694 const unsigned char **out, size_t *outlen, 695 int *al, void *arg) 696 { 697 return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al, 698 arg); 699 } 700 701 /* 702 * With a NULL context, this function just checks that the serverinfo data 703 * parses correctly. With a non-NULL context, it registers callbacks for 704 * the included extensions. 705 */ 706 static int serverinfo_process_buffer(unsigned int version, 707 const unsigned char *serverinfo, 708 size_t serverinfo_length, SSL_CTX *ctx) 709 { 710 PACKET pkt; 711 712 if (serverinfo == NULL || serverinfo_length == 0) 713 return 0; 714 715 if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2) 716 return 0; 717 718 if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length)) 719 return 0; 720 721 while (PACKET_remaining(&pkt)) { 722 unsigned long context = 0; 723 unsigned int ext_type = 0; 724 PACKET data; 725 726 if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context)) 727 || !PACKET_get_net_2(&pkt, &ext_type) 728 || !PACKET_get_length_prefixed_2(&pkt, &data)) 729 return 0; 730 731 if (ctx == NULL) 732 continue; 733 734 /* 735 * The old style custom extensions API could be set separately for 736 * server/client, i.e. you could set one custom extension for a client, 737 * and *for the same extension in the same SSL_CTX* you could set a 738 * custom extension for the server as well. It seems quite weird to be 739 * setting a custom extension for both client and server in a single 740 * SSL_CTX - but theoretically possible. This isn't possible in the 741 * new API. Therefore, if we have V1 serverinfo we use the old API. We 742 * also use the old API even if we have V2 serverinfo but the context 743 * looks like an old style <= TLSv1.2 extension. 744 */ 745 if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) { 746 if (!SSL_CTX_add_server_custom_ext(ctx, ext_type, 747 serverinfo_srv_add_cb, 748 NULL, NULL, 749 serverinfo_srv_parse_cb, 750 NULL)) 751 return 0; 752 } else { 753 if (!SSL_CTX_add_custom_ext(ctx, ext_type, context, 754 serverinfoex_srv_add_cb, 755 NULL, NULL, 756 serverinfoex_srv_parse_cb, 757 NULL)) 758 return 0; 759 } 760 } 761 762 return 1; 763 } 764 765 static size_t extension_contextoff(unsigned int version) 766 { 767 return version == SSL_SERVERINFOV1 ? 4 : 0; 768 } 769 770 static size_t extension_append_length(unsigned int version, size_t extension_length) 771 { 772 return extension_length + extension_contextoff(version); 773 } 774 775 static void extension_append(unsigned int version, 776 const unsigned char *extension, 777 const size_t extension_length, 778 unsigned char *serverinfo) 779 { 780 const size_t contextoff = extension_contextoff(version); 781 782 if (contextoff > 0) { 783 /* We know this only uses the last 2 bytes */ 784 serverinfo[0] = 0; 785 serverinfo[1] = 0; 786 serverinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff; 787 serverinfo[3] = SYNTHV1CONTEXT & 0xff; 788 } 789 790 memcpy(serverinfo + contextoff, extension, extension_length); 791 } 792 793 int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, 794 const unsigned char *serverinfo, 795 size_t serverinfo_length) 796 { 797 unsigned char *new_serverinfo = NULL; 798 799 if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) { 800 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 801 return 0; 802 } 803 if (version == SSL_SERVERINFOV1) { 804 /* 805 * Convert serverinfo version v1 to v2 and call yourself recursively 806 * over the converted serverinfo. 807 */ 808 const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1, 809 serverinfo_length); 810 unsigned char *sinfo; 811 int ret; 812 813 sinfo = OPENSSL_malloc(sinfo_length); 814 if (sinfo == NULL) 815 return 0; 816 817 extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo); 818 819 ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo, 820 sinfo_length); 821 822 OPENSSL_free(sinfo); 823 return ret; 824 } 825 if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length, 826 NULL)) { 827 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA); 828 return 0; 829 } 830 if (ctx->cert->key == NULL) { 831 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); 832 return 0; 833 } 834 new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo, 835 serverinfo_length); 836 if (new_serverinfo == NULL) 837 return 0; 838 ctx->cert->key->serverinfo = new_serverinfo; 839 memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length); 840 ctx->cert->key->serverinfo_length = serverinfo_length; 841 842 /* 843 * Now that the serverinfo is validated and stored, go ahead and 844 * register callbacks. 845 */ 846 if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length, 847 ctx)) { 848 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA); 849 return 0; 850 } 851 return 1; 852 } 853 854 int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, 855 size_t serverinfo_length) 856 { 857 return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo, 858 serverinfo_length); 859 } 860 861 int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) 862 { 863 unsigned char *serverinfo = NULL; 864 unsigned char *tmp; 865 size_t serverinfo_length = 0; 866 unsigned char *extension = 0; 867 long extension_length = 0; 868 char *name = NULL; 869 char *header = NULL; 870 unsigned int name_len; 871 int ret = 0; 872 BIO *bin = NULL; 873 size_t num_extensions = 0; 874 875 if (ctx == NULL || file == NULL) { 876 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 877 goto end; 878 } 879 880 bin = BIO_new(BIO_s_file()); 881 if (bin == NULL) { 882 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 883 goto end; 884 } 885 if (BIO_read_filename(bin, file) <= 0) { 886 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); 887 goto end; 888 } 889 890 for (num_extensions = 0;; num_extensions++) { 891 unsigned int version; 892 size_t append_length; 893 894 if (PEM_read_bio(bin, &name, &header, &extension, &extension_length) 895 == 0) { 896 /* 897 * There must be at least one extension in this file 898 */ 899 if (num_extensions == 0) { 900 ERR_raise(ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS); 901 goto end; 902 } else /* End of file, we're done */ 903 break; 904 } 905 /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */ 906 name_len = strlen(name); 907 if (name_len < sizeof(NAME_PREFIX1) - 1) { 908 ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT); 909 goto end; 910 } 911 if (HAS_PREFIX(name, NAME_PREFIX1)) { 912 version = SSL_SERVERINFOV1; 913 } else { 914 if (name_len < sizeof(NAME_PREFIX2) - 1) { 915 ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT); 916 goto end; 917 } 918 if (!HAS_PREFIX(name, NAME_PREFIX2)) { 919 ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX); 920 goto end; 921 } 922 version = SSL_SERVERINFOV2; 923 } 924 /* 925 * Check that the decoded PEM data is plausible (valid length field) 926 */ 927 if (version == SSL_SERVERINFOV1) { 928 /* 4 byte header: 2 bytes type, 2 bytes len */ 929 if (extension_length < 4 930 || (extension[2] << 8) + extension[3] 931 != extension_length - 4) { 932 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA); 933 goto end; 934 } 935 } else { 936 /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */ 937 if (extension_length < 8 938 || (extension[6] << 8) + extension[7] 939 != extension_length - 8) { 940 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA); 941 goto end; 942 } 943 } 944 /* Append the decoded extension to the serverinfo buffer */ 945 append_length = extension_append_length(version, extension_length); 946 tmp = OPENSSL_realloc(serverinfo, serverinfo_length + append_length); 947 if (tmp == NULL) 948 goto end; 949 serverinfo = tmp; 950 extension_append(version, extension, extension_length, 951 serverinfo + serverinfo_length); 952 serverinfo_length += append_length; 953 954 OPENSSL_free(name); 955 name = NULL; 956 OPENSSL_free(header); 957 header = NULL; 958 OPENSSL_free(extension); 959 extension = NULL; 960 } 961 962 ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo, 963 serverinfo_length); 964 end: 965 /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */ 966 OPENSSL_free(name); 967 OPENSSL_free(header); 968 OPENSSL_free(extension); 969 OPENSSL_free(serverinfo); 970 BIO_free(bin); 971 return ret; 972 } 973 974 static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, 975 STACK_OF(X509) *chain, int override) 976 { 977 int ret = 0; 978 size_t i; 979 int j; 980 int rv; 981 CERT *c; 982 STACK_OF(X509) *dup_chain = NULL; 983 EVP_PKEY *pubkey = NULL; 984 SSL_CONNECTION *sc = NULL; 985 986 if (ctx == NULL && 987 (sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL) 988 return 0; 989 990 c = sc != NULL ? sc->cert : ctx->cert; 991 /* Do all security checks before anything else */ 992 rv = ssl_security_cert(sc, ctx, x509, 0, 1); 993 if (rv != 1) { 994 ERR_raise(ERR_LIB_SSL, rv); 995 goto out; 996 } 997 for (j = 0; j < sk_X509_num(chain); j++) { 998 rv = ssl_security_cert(sc, ctx, sk_X509_value(chain, j), 0, 0); 999 if (rv != 1) { 1000 ERR_raise(ERR_LIB_SSL, rv); 1001 goto out; 1002 } 1003 } 1004 1005 pubkey = X509_get_pubkey(x509); /* bumps reference */ 1006 if (pubkey == NULL) 1007 goto out; 1008 if (privatekey == NULL) { 1009 privatekey = pubkey; 1010 } else { 1011 /* For RSA, which has no parameters, missing returns 0 */ 1012 if (EVP_PKEY_missing_parameters(privatekey)) { 1013 if (EVP_PKEY_missing_parameters(pubkey)) { 1014 /* nobody has parameters? - error */ 1015 ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS); 1016 goto out; 1017 } else { 1018 /* copy to privatekey from pubkey */ 1019 if (!EVP_PKEY_copy_parameters(privatekey, pubkey)) { 1020 ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED); 1021 goto out; 1022 } 1023 } 1024 } else if (EVP_PKEY_missing_parameters(pubkey)) { 1025 /* copy to pubkey from privatekey */ 1026 if (!EVP_PKEY_copy_parameters(pubkey, privatekey)) { 1027 ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED); 1028 goto out; 1029 } 1030 } /* else both have parameters */ 1031 1032 /* check that key <-> cert match */ 1033 if (EVP_PKEY_eq(pubkey, privatekey) != 1) { 1034 ERR_raise(ERR_LIB_SSL, SSL_R_PRIVATE_KEY_MISMATCH); 1035 goto out; 1036 } 1037 } 1038 if (ssl_cert_lookup_by_pkey(pubkey, &i, ctx) == NULL) { 1039 ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE); 1040 goto out; 1041 } 1042 1043 if (!override && (c->pkeys[i].x509 != NULL 1044 || c->pkeys[i].privatekey != NULL 1045 || c->pkeys[i].chain != NULL)) { 1046 /* No override, and something already there */ 1047 ERR_raise(ERR_LIB_SSL, SSL_R_NOT_REPLACING_CERTIFICATE); 1048 goto out; 1049 } 1050 1051 if (chain != NULL) { 1052 dup_chain = X509_chain_up_ref(chain); 1053 if (dup_chain == NULL) { 1054 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB); 1055 goto out; 1056 } 1057 } 1058 1059 if (!X509_up_ref(x509)) 1060 goto out; 1061 1062 if (!EVP_PKEY_up_ref(privatekey)) { 1063 X509_free(x509); 1064 goto out; 1065 } 1066 1067 OSSL_STACK_OF_X509_free(c->pkeys[i].chain); 1068 c->pkeys[i].chain = dup_chain; 1069 1070 X509_free(c->pkeys[i].x509); 1071 c->pkeys[i].x509 = x509; 1072 1073 EVP_PKEY_free(c->pkeys[i].privatekey); 1074 c->pkeys[i].privatekey = privatekey; 1075 1076 c->key = &(c->pkeys[i]); 1077 1078 ret = 1; 1079 out: 1080 EVP_PKEY_free(pubkey); 1081 return ret; 1082 } 1083 1084 int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, 1085 STACK_OF(X509) *chain, int override) 1086 { 1087 return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override); 1088 } 1089 1090 int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, 1091 STACK_OF(X509) *chain, int override) 1092 { 1093 return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override); 1094 } 1095