ssl_rsa.c 31 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063
  1. /*
  2. * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "ssl_local.h"
  11. #include "internal/packet.h"
  12. #include <openssl/bio.h>
  13. #include <openssl/objects.h>
  14. #include <openssl/evp.h>
  15. #include <openssl/x509.h>
  16. #include <openssl/x509v3.h>
  17. #include <openssl/pem.h>
  18. static int ssl_set_cert(CERT *c, X509 *x509);
  19. static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
  20. #define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
  21. | SSL_EXT_CLIENT_HELLO \
  22. | SSL_EXT_TLS1_2_SERVER_HELLO \
  23. | SSL_EXT_IGNORE_ON_RESUMPTION)
  24. #define NAME_PREFIX1 "SERVERINFO FOR "
  25. #define NAME_PREFIX2 "SERVERINFOV2 FOR "
  26. int SSL_use_certificate(SSL *ssl, X509 *x)
  27. {
  28. int rv;
  29. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  30. if (sc == NULL)
  31. return 0;
  32. if (x == NULL) {
  33. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  34. return 0;
  35. }
  36. rv = ssl_security_cert(sc, NULL, x, 0, 1);
  37. if (rv != 1) {
  38. ERR_raise(ERR_LIB_SSL, rv);
  39. return 0;
  40. }
  41. return ssl_set_cert(sc->cert, x);
  42. }
  43. int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
  44. {
  45. int j;
  46. BIO *in;
  47. int ret = 0;
  48. X509 *cert = NULL, *x = NULL;
  49. in = BIO_new(BIO_s_file());
  50. if (in == NULL) {
  51. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  52. goto end;
  53. }
  54. if (BIO_read_filename(in, file) <= 0) {
  55. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  56. goto end;
  57. }
  58. if (type != SSL_FILETYPE_ASN1 && type != SSL_FILETYPE_PEM) {
  59. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
  60. goto end;
  61. }
  62. x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
  63. if (x == NULL) {
  64. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  65. goto end;
  66. }
  67. if (type == SSL_FILETYPE_ASN1) {
  68. j = ERR_R_ASN1_LIB;
  69. cert = d2i_X509_bio(in, &x);
  70. } else if (type == SSL_FILETYPE_PEM) {
  71. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  72. if (sc == NULL)
  73. goto end;
  74. j = ERR_R_PEM_LIB;
  75. cert = PEM_read_bio_X509(in, &x, sc->default_passwd_callback,
  76. sc->default_passwd_callback_userdata);
  77. } else {
  78. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
  79. goto end;
  80. }
  81. if (cert == NULL) {
  82. ERR_raise(ERR_LIB_SSL, j);
  83. goto end;
  84. }
  85. ret = SSL_use_certificate(ssl, x);
  86. end:
  87. X509_free(x);
  88. BIO_free(in);
  89. return ret;
  90. }
  91. int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
  92. {
  93. X509 *x;
  94. int ret;
  95. x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
  96. if (x == NULL) {
  97. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  98. return 0;
  99. }
  100. if (d2i_X509(&x, &d, (long)len)== NULL) {
  101. X509_free(x);
  102. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  103. return 0;
  104. }
  105. ret = SSL_use_certificate(ssl, x);
  106. X509_free(x);
  107. return ret;
  108. }
  109. static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
  110. {
  111. size_t i;
  112. if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
  113. ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
  114. return 0;
  115. }
  116. if (c->pkeys[i].x509 != NULL
  117. && !X509_check_private_key(c->pkeys[i].x509, pkey))
  118. return 0;
  119. EVP_PKEY_free(c->pkeys[i].privatekey);
  120. EVP_PKEY_up_ref(pkey);
  121. c->pkeys[i].privatekey = pkey;
  122. c->key = &c->pkeys[i];
  123. return 1;
  124. }
  125. int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
  126. {
  127. int ret;
  128. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  129. if (sc == NULL)
  130. return 0;
  131. if (pkey == NULL) {
  132. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  133. return 0;
  134. }
  135. ret = ssl_set_pkey(sc->cert, pkey);
  136. return ret;
  137. }
  138. int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
  139. {
  140. int j, ret = 0;
  141. BIO *in;
  142. EVP_PKEY *pkey = NULL;
  143. in = BIO_new(BIO_s_file());
  144. if (in == NULL) {
  145. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  146. goto end;
  147. }
  148. if (BIO_read_filename(in, file) <= 0) {
  149. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  150. goto end;
  151. }
  152. if (type == SSL_FILETYPE_PEM) {
  153. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  154. if (sc == NULL)
  155. goto end;
  156. j = ERR_R_PEM_LIB;
  157. pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
  158. sc->default_passwd_callback,
  159. sc->default_passwd_callback_userdata,
  160. ssl->ctx->libctx,
  161. ssl->ctx->propq);
  162. } else if (type == SSL_FILETYPE_ASN1) {
  163. j = ERR_R_ASN1_LIB;
  164. pkey = d2i_PrivateKey_ex_bio(in, NULL, ssl->ctx->libctx,
  165. ssl->ctx->propq);
  166. } else {
  167. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
  168. goto end;
  169. }
  170. if (pkey == NULL) {
  171. ERR_raise(ERR_LIB_SSL, j);
  172. goto end;
  173. }
  174. ret = SSL_use_PrivateKey(ssl, pkey);
  175. EVP_PKEY_free(pkey);
  176. end:
  177. BIO_free(in);
  178. return ret;
  179. }
  180. int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
  181. long len)
  182. {
  183. int ret;
  184. const unsigned char *p;
  185. EVP_PKEY *pkey;
  186. p = d;
  187. if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ssl->ctx->libctx,
  188. ssl->ctx->propq)) == NULL) {
  189. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  190. return 0;
  191. }
  192. ret = SSL_use_PrivateKey(ssl, pkey);
  193. EVP_PKEY_free(pkey);
  194. return ret;
  195. }
  196. int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
  197. {
  198. int rv;
  199. if (x == NULL) {
  200. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  201. return 0;
  202. }
  203. rv = ssl_security_cert(NULL, ctx, x, 0, 1);
  204. if (rv != 1) {
  205. ERR_raise(ERR_LIB_SSL, rv);
  206. return 0;
  207. }
  208. return ssl_set_cert(ctx->cert, x);
  209. }
  210. static int ssl_set_cert(CERT *c, X509 *x)
  211. {
  212. EVP_PKEY *pkey;
  213. size_t i;
  214. pkey = X509_get0_pubkey(x);
  215. if (pkey == NULL) {
  216. ERR_raise(ERR_LIB_SSL, SSL_R_X509_LIB);
  217. return 0;
  218. }
  219. if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
  220. ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
  221. return 0;
  222. }
  223. if (i == SSL_PKEY_ECC && !EVP_PKEY_can_sign(pkey)) {
  224. ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
  225. return 0;
  226. }
  227. if (c->pkeys[i].privatekey != NULL) {
  228. /*
  229. * The return code from EVP_PKEY_copy_parameters is deliberately
  230. * ignored. Some EVP_PKEY types cannot do this.
  231. * coverity[check_return]
  232. */
  233. EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
  234. ERR_clear_error();
  235. if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
  236. /*
  237. * don't fail for a cert/key mismatch, just free current private
  238. * key (when switching to a different cert & key, first this
  239. * function should be used, then ssl_set_pkey
  240. */
  241. EVP_PKEY_free(c->pkeys[i].privatekey);
  242. c->pkeys[i].privatekey = NULL;
  243. /* clear error queue */
  244. ERR_clear_error();
  245. }
  246. }
  247. X509_free(c->pkeys[i].x509);
  248. X509_up_ref(x);
  249. c->pkeys[i].x509 = x;
  250. c->key = &(c->pkeys[i]);
  251. return 1;
  252. }
  253. int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
  254. {
  255. int j = SSL_R_BAD_VALUE;
  256. BIO *in;
  257. int ret = 0;
  258. X509 *x = NULL, *cert = NULL;
  259. in = BIO_new(BIO_s_file());
  260. if (in == NULL) {
  261. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  262. goto end;
  263. }
  264. if (BIO_read_filename(in, file) <= 0) {
  265. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  266. goto end;
  267. }
  268. if (type != SSL_FILETYPE_ASN1 && type != SSL_FILETYPE_PEM) {
  269. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
  270. goto end;
  271. }
  272. x = X509_new_ex(ctx->libctx, ctx->propq);
  273. if (x == NULL) {
  274. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  275. goto end;
  276. }
  277. if (type == SSL_FILETYPE_ASN1) {
  278. j = ERR_R_ASN1_LIB;
  279. cert = d2i_X509_bio(in, &x);
  280. } else if (type == SSL_FILETYPE_PEM) {
  281. j = ERR_R_PEM_LIB;
  282. cert = PEM_read_bio_X509(in, &x, ctx->default_passwd_callback,
  283. ctx->default_passwd_callback_userdata);
  284. }
  285. if (cert == NULL) {
  286. ERR_raise(ERR_LIB_SSL, j);
  287. goto end;
  288. }
  289. ret = SSL_CTX_use_certificate(ctx, x);
  290. end:
  291. X509_free(x);
  292. BIO_free(in);
  293. return ret;
  294. }
  295. int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
  296. {
  297. X509 *x;
  298. int ret;
  299. x = X509_new_ex(ctx->libctx, ctx->propq);
  300. if (x == NULL) {
  301. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  302. return 0;
  303. }
  304. if (d2i_X509(&x, &d, (long)len) == NULL) {
  305. X509_free(x);
  306. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  307. return 0;
  308. }
  309. ret = SSL_CTX_use_certificate(ctx, x);
  310. X509_free(x);
  311. return ret;
  312. }
  313. int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
  314. {
  315. if (pkey == NULL) {
  316. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  317. return 0;
  318. }
  319. return ssl_set_pkey(ctx->cert, pkey);
  320. }
  321. int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
  322. {
  323. int j, ret = 0;
  324. BIO *in;
  325. EVP_PKEY *pkey = NULL;
  326. in = BIO_new(BIO_s_file());
  327. if (in == NULL) {
  328. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  329. goto end;
  330. }
  331. if (BIO_read_filename(in, file) <= 0) {
  332. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  333. goto end;
  334. }
  335. if (type == SSL_FILETYPE_PEM) {
  336. j = ERR_R_PEM_LIB;
  337. pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
  338. ctx->default_passwd_callback,
  339. ctx->default_passwd_callback_userdata,
  340. ctx->libctx, ctx->propq);
  341. } else if (type == SSL_FILETYPE_ASN1) {
  342. j = ERR_R_ASN1_LIB;
  343. pkey = d2i_PrivateKey_ex_bio(in, NULL, ctx->libctx, ctx->propq);
  344. } else {
  345. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
  346. goto end;
  347. }
  348. if (pkey == NULL) {
  349. ERR_raise(ERR_LIB_SSL, j);
  350. goto end;
  351. }
  352. ret = SSL_CTX_use_PrivateKey(ctx, pkey);
  353. EVP_PKEY_free(pkey);
  354. end:
  355. BIO_free(in);
  356. return ret;
  357. }
  358. int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
  359. const unsigned char *d, long len)
  360. {
  361. int ret;
  362. const unsigned char *p;
  363. EVP_PKEY *pkey;
  364. p = d;
  365. if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ctx->libctx,
  366. ctx->propq)) == NULL) {
  367. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  368. return 0;
  369. }
  370. ret = SSL_CTX_use_PrivateKey(ctx, pkey);
  371. EVP_PKEY_free(pkey);
  372. return ret;
  373. }
  374. /*
  375. * Read a file that contains our certificate in "PEM" format, possibly
  376. * followed by a sequence of CA certificates that should be sent to the peer
  377. * in the Certificate message.
  378. */
  379. static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
  380. {
  381. BIO *in;
  382. int ret = 0;
  383. X509 *x = NULL;
  384. pem_password_cb *passwd_callback;
  385. void *passwd_callback_userdata;
  386. SSL_CTX *real_ctx = (ssl == NULL) ? ctx : ssl->ctx;
  387. if (ctx == NULL && ssl == NULL)
  388. return 0;
  389. ERR_clear_error(); /* clear error stack for
  390. * SSL_CTX_use_certificate() */
  391. if (ctx != NULL) {
  392. passwd_callback = ctx->default_passwd_callback;
  393. passwd_callback_userdata = ctx->default_passwd_callback_userdata;
  394. } else {
  395. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  396. if (sc == NULL)
  397. return 0;
  398. passwd_callback = sc->default_passwd_callback;
  399. passwd_callback_userdata = sc->default_passwd_callback_userdata;
  400. }
  401. in = BIO_new(BIO_s_file());
  402. if (in == NULL) {
  403. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  404. goto end;
  405. }
  406. if (BIO_read_filename(in, file) <= 0) {
  407. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  408. goto end;
  409. }
  410. x = X509_new_ex(real_ctx->libctx, real_ctx->propq);
  411. if (x == NULL) {
  412. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  413. goto end;
  414. }
  415. if (PEM_read_bio_X509_AUX(in, &x, passwd_callback,
  416. passwd_callback_userdata) == NULL) {
  417. ERR_raise(ERR_LIB_SSL, ERR_R_PEM_LIB);
  418. goto end;
  419. }
  420. if (ctx)
  421. ret = SSL_CTX_use_certificate(ctx, x);
  422. else
  423. ret = SSL_use_certificate(ssl, x);
  424. if (ERR_peek_error() != 0)
  425. ret = 0; /* Key/certificate mismatch doesn't imply
  426. * ret==0 ... */
  427. if (ret) {
  428. /*
  429. * If we could set up our certificate, now proceed to the CA
  430. * certificates.
  431. */
  432. X509 *ca;
  433. int r;
  434. unsigned long err;
  435. if (ctx)
  436. r = SSL_CTX_clear_chain_certs(ctx);
  437. else
  438. r = SSL_clear_chain_certs(ssl);
  439. if (r == 0) {
  440. ret = 0;
  441. goto end;
  442. }
  443. while (1) {
  444. ca = X509_new_ex(real_ctx->libctx, real_ctx->propq);
  445. if (ca == NULL) {
  446. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  447. goto end;
  448. }
  449. if (PEM_read_bio_X509(in, &ca, passwd_callback,
  450. passwd_callback_userdata) != NULL) {
  451. if (ctx)
  452. r = SSL_CTX_add0_chain_cert(ctx, ca);
  453. else
  454. r = SSL_add0_chain_cert(ssl, ca);
  455. /*
  456. * Note that we must not free ca if it was successfully added to
  457. * the chain (while we must free the main certificate, since its
  458. * reference count is increased by SSL_CTX_use_certificate).
  459. */
  460. if (!r) {
  461. X509_free(ca);
  462. ret = 0;
  463. goto end;
  464. }
  465. } else {
  466. X509_free(ca);
  467. break;
  468. }
  469. }
  470. /* When the while loop ends, it's usually just EOF. */
  471. err = ERR_peek_last_error();
  472. if (ERR_GET_LIB(err) == ERR_LIB_PEM
  473. && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
  474. ERR_clear_error();
  475. else
  476. ret = 0; /* some real error */
  477. }
  478. end:
  479. X509_free(x);
  480. BIO_free(in);
  481. return ret;
  482. }
  483. int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
  484. {
  485. return use_certificate_chain_file(ctx, NULL, file);
  486. }
  487. int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
  488. {
  489. return use_certificate_chain_file(NULL, ssl, file);
  490. }
  491. static int serverinfo_find_extension(const unsigned char *serverinfo,
  492. size_t serverinfo_length,
  493. unsigned int extension_type,
  494. const unsigned char **extension_data,
  495. size_t *extension_length)
  496. {
  497. PACKET pkt, data;
  498. *extension_data = NULL;
  499. *extension_length = 0;
  500. if (serverinfo == NULL || serverinfo_length == 0)
  501. return -1;
  502. if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
  503. return -1;
  504. for (;;) {
  505. unsigned int type = 0;
  506. unsigned long context = 0;
  507. /* end of serverinfo */
  508. if (PACKET_remaining(&pkt) == 0)
  509. return 0; /* Extension not found */
  510. if (!PACKET_get_net_4(&pkt, &context)
  511. || !PACKET_get_net_2(&pkt, &type)
  512. || !PACKET_get_length_prefixed_2(&pkt, &data))
  513. return -1;
  514. if (type == extension_type) {
  515. *extension_data = PACKET_data(&data);
  516. *extension_length = PACKET_remaining(&data);
  517. return 1; /* Success */
  518. }
  519. }
  520. /* Unreachable */
  521. }
  522. static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
  523. unsigned int context,
  524. const unsigned char *in,
  525. size_t inlen, X509 *x, size_t chainidx,
  526. int *al, void *arg)
  527. {
  528. if (inlen != 0) {
  529. *al = SSL_AD_DECODE_ERROR;
  530. return 0;
  531. }
  532. return 1;
  533. }
  534. static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
  535. const unsigned char *in,
  536. size_t inlen, int *al, void *arg)
  537. {
  538. return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al,
  539. arg);
  540. }
  541. static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
  542. unsigned int context,
  543. const unsigned char **out,
  544. size_t *outlen, X509 *x, size_t chainidx,
  545. int *al, void *arg)
  546. {
  547. const unsigned char *serverinfo = NULL;
  548. size_t serverinfo_length = 0;
  549. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  550. if (sc == NULL) {
  551. *al = SSL_AD_INTERNAL_ERROR;
  552. return -1;
  553. }
  554. /* We only support extensions for the first Certificate */
  555. if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
  556. return 0;
  557. /* Is there serverinfo data for the chosen server cert? */
  558. if ((ssl_get_server_cert_serverinfo(sc, &serverinfo,
  559. &serverinfo_length)) != 0) {
  560. /* Find the relevant extension from the serverinfo */
  561. int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
  562. ext_type, out, outlen);
  563. if (retval == -1) {
  564. *al = SSL_AD_INTERNAL_ERROR;
  565. return -1; /* Error */
  566. }
  567. if (retval == 0)
  568. return 0; /* No extension found, don't send extension */
  569. return 1; /* Send extension */
  570. }
  571. return 0; /* No serverinfo data found, don't send
  572. * extension */
  573. }
  574. static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
  575. const unsigned char **out, size_t *outlen,
  576. int *al, void *arg)
  577. {
  578. return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al,
  579. arg);
  580. }
  581. /*
  582. * With a NULL context, this function just checks that the serverinfo data
  583. * parses correctly. With a non-NULL context, it registers callbacks for
  584. * the included extensions.
  585. */
  586. static int serverinfo_process_buffer(unsigned int version,
  587. const unsigned char *serverinfo,
  588. size_t serverinfo_length, SSL_CTX *ctx)
  589. {
  590. PACKET pkt;
  591. if (serverinfo == NULL || serverinfo_length == 0)
  592. return 0;
  593. if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2)
  594. return 0;
  595. if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
  596. return 0;
  597. while (PACKET_remaining(&pkt)) {
  598. unsigned long context = 0;
  599. unsigned int ext_type = 0;
  600. PACKET data;
  601. if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context))
  602. || !PACKET_get_net_2(&pkt, &ext_type)
  603. || !PACKET_get_length_prefixed_2(&pkt, &data))
  604. return 0;
  605. if (ctx == NULL)
  606. continue;
  607. /*
  608. * The old style custom extensions API could be set separately for
  609. * server/client, i.e. you could set one custom extension for a client,
  610. * and *for the same extension in the same SSL_CTX* you could set a
  611. * custom extension for the server as well. It seems quite weird to be
  612. * setting a custom extension for both client and server in a single
  613. * SSL_CTX - but theoretically possible. This isn't possible in the
  614. * new API. Therefore, if we have V1 serverinfo we use the old API. We
  615. * also use the old API even if we have V2 serverinfo but the context
  616. * looks like an old style <= TLSv1.2 extension.
  617. */
  618. if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) {
  619. if (!SSL_CTX_add_server_custom_ext(ctx, ext_type,
  620. serverinfo_srv_add_cb,
  621. NULL, NULL,
  622. serverinfo_srv_parse_cb,
  623. NULL))
  624. return 0;
  625. } else {
  626. if (!SSL_CTX_add_custom_ext(ctx, ext_type, context,
  627. serverinfoex_srv_add_cb,
  628. NULL, NULL,
  629. serverinfoex_srv_parse_cb,
  630. NULL))
  631. return 0;
  632. }
  633. }
  634. return 1;
  635. }
  636. static size_t extension_contextoff(unsigned int version)
  637. {
  638. return version == SSL_SERVERINFOV1 ? 4 : 0;
  639. }
  640. static size_t extension_append_length(unsigned int version, size_t extension_length)
  641. {
  642. return extension_length + extension_contextoff(version);
  643. }
  644. static void extension_append(unsigned int version,
  645. const unsigned char *extension,
  646. const size_t extension_length,
  647. unsigned char *serverinfo)
  648. {
  649. const size_t contextoff = extension_contextoff(version);
  650. if (contextoff > 0) {
  651. /* We know this only uses the last 2 bytes */
  652. serverinfo[0] = 0;
  653. serverinfo[1] = 0;
  654. serverinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
  655. serverinfo[3] = SYNTHV1CONTEXT & 0xff;
  656. }
  657. memcpy(serverinfo + contextoff, extension, extension_length);
  658. }
  659. int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
  660. const unsigned char *serverinfo,
  661. size_t serverinfo_length)
  662. {
  663. unsigned char *new_serverinfo = NULL;
  664. if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
  665. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  666. return 0;
  667. }
  668. if (version == SSL_SERVERINFOV1) {
  669. /*
  670. * Convert serverinfo version v1 to v2 and call yourself recursively
  671. * over the converted serverinfo.
  672. */
  673. const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1,
  674. serverinfo_length);
  675. unsigned char *sinfo;
  676. int ret;
  677. sinfo = OPENSSL_malloc(sinfo_length);
  678. if (sinfo == NULL)
  679. return 0;
  680. extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo);
  681. ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo,
  682. sinfo_length);
  683. OPENSSL_free(sinfo);
  684. return ret;
  685. }
  686. if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
  687. NULL)) {
  688. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
  689. return 0;
  690. }
  691. if (ctx->cert->key == NULL) {
  692. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  693. return 0;
  694. }
  695. new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
  696. serverinfo_length);
  697. if (new_serverinfo == NULL)
  698. return 0;
  699. ctx->cert->key->serverinfo = new_serverinfo;
  700. memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
  701. ctx->cert->key->serverinfo_length = serverinfo_length;
  702. /*
  703. * Now that the serverinfo is validated and stored, go ahead and
  704. * register callbacks.
  705. */
  706. if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
  707. ctx)) {
  708. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
  709. return 0;
  710. }
  711. return 1;
  712. }
  713. int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
  714. size_t serverinfo_length)
  715. {
  716. return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo,
  717. serverinfo_length);
  718. }
  719. int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
  720. {
  721. unsigned char *serverinfo = NULL;
  722. unsigned char *tmp;
  723. size_t serverinfo_length = 0;
  724. unsigned char *extension = 0;
  725. long extension_length = 0;
  726. char *name = NULL;
  727. char *header = NULL;
  728. unsigned int name_len;
  729. int ret = 0;
  730. BIO *bin = NULL;
  731. size_t num_extensions = 0;
  732. if (ctx == NULL || file == NULL) {
  733. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  734. goto end;
  735. }
  736. bin = BIO_new(BIO_s_file());
  737. if (bin == NULL) {
  738. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  739. goto end;
  740. }
  741. if (BIO_read_filename(bin, file) <= 0) {
  742. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  743. goto end;
  744. }
  745. for (num_extensions = 0;; num_extensions++) {
  746. unsigned int version;
  747. size_t append_length;
  748. if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
  749. == 0) {
  750. /*
  751. * There must be at least one extension in this file
  752. */
  753. if (num_extensions == 0) {
  754. ERR_raise(ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS);
  755. goto end;
  756. } else /* End of file, we're done */
  757. break;
  758. }
  759. /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
  760. name_len = strlen(name);
  761. if (name_len < sizeof(NAME_PREFIX1) - 1) {
  762. ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
  763. goto end;
  764. }
  765. if (HAS_PREFIX(name, NAME_PREFIX1)) {
  766. version = SSL_SERVERINFOV1;
  767. } else {
  768. if (name_len < sizeof(NAME_PREFIX2) - 1) {
  769. ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
  770. goto end;
  771. }
  772. if (!HAS_PREFIX(name, NAME_PREFIX2)) {
  773. ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX);
  774. goto end;
  775. }
  776. version = SSL_SERVERINFOV2;
  777. }
  778. /*
  779. * Check that the decoded PEM data is plausible (valid length field)
  780. */
  781. if (version == SSL_SERVERINFOV1) {
  782. /* 4 byte header: 2 bytes type, 2 bytes len */
  783. if (extension_length < 4
  784. || (extension[2] << 8) + extension[3]
  785. != extension_length - 4) {
  786. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
  787. goto end;
  788. }
  789. } else {
  790. /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
  791. if (extension_length < 8
  792. || (extension[6] << 8) + extension[7]
  793. != extension_length - 8) {
  794. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
  795. goto end;
  796. }
  797. }
  798. /* Append the decoded extension to the serverinfo buffer */
  799. append_length = extension_append_length(version, extension_length);
  800. tmp = OPENSSL_realloc(serverinfo, serverinfo_length + append_length);
  801. if (tmp == NULL)
  802. goto end;
  803. serverinfo = tmp;
  804. extension_append(version, extension, extension_length,
  805. serverinfo + serverinfo_length);
  806. serverinfo_length += append_length;
  807. OPENSSL_free(name);
  808. name = NULL;
  809. OPENSSL_free(header);
  810. header = NULL;
  811. OPENSSL_free(extension);
  812. extension = NULL;
  813. }
  814. ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo,
  815. serverinfo_length);
  816. end:
  817. /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
  818. OPENSSL_free(name);
  819. OPENSSL_free(header);
  820. OPENSSL_free(extension);
  821. OPENSSL_free(serverinfo);
  822. BIO_free(bin);
  823. return ret;
  824. }
  825. static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
  826. STACK_OF(X509) *chain, int override)
  827. {
  828. int ret = 0;
  829. size_t i;
  830. int j;
  831. int rv;
  832. CERT *c;
  833. STACK_OF(X509) *dup_chain = NULL;
  834. EVP_PKEY *pubkey = NULL;
  835. SSL_CONNECTION *sc = NULL;
  836. if (ctx == NULL &&
  837. (sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL)
  838. return 0;
  839. c = sc != NULL ? sc->cert : ctx->cert;
  840. /* Do all security checks before anything else */
  841. rv = ssl_security_cert(sc, ctx, x509, 0, 1);
  842. if (rv != 1) {
  843. ERR_raise(ERR_LIB_SSL, rv);
  844. goto out;
  845. }
  846. for (j = 0; j < sk_X509_num(chain); j++) {
  847. rv = ssl_security_cert(sc, ctx, sk_X509_value(chain, j), 0, 0);
  848. if (rv != 1) {
  849. ERR_raise(ERR_LIB_SSL, rv);
  850. goto out;
  851. }
  852. }
  853. pubkey = X509_get_pubkey(x509); /* bumps reference */
  854. if (pubkey == NULL)
  855. goto out;
  856. if (privatekey == NULL) {
  857. privatekey = pubkey;
  858. } else {
  859. /* For RSA, which has no parameters, missing returns 0 */
  860. if (EVP_PKEY_missing_parameters(privatekey)) {
  861. if (EVP_PKEY_missing_parameters(pubkey)) {
  862. /* nobody has parameters? - error */
  863. ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
  864. goto out;
  865. } else {
  866. /* copy to privatekey from pubkey */
  867. if (!EVP_PKEY_copy_parameters(privatekey, pubkey)) {
  868. ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
  869. goto out;
  870. }
  871. }
  872. } else if (EVP_PKEY_missing_parameters(pubkey)) {
  873. /* copy to pubkey from privatekey */
  874. if (!EVP_PKEY_copy_parameters(pubkey, privatekey)) {
  875. ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
  876. goto out;
  877. }
  878. } /* else both have parameters */
  879. /* check that key <-> cert match */
  880. if (EVP_PKEY_eq(pubkey, privatekey) != 1) {
  881. ERR_raise(ERR_LIB_SSL, SSL_R_PRIVATE_KEY_MISMATCH);
  882. goto out;
  883. }
  884. }
  885. if (ssl_cert_lookup_by_pkey(pubkey, &i) == NULL) {
  886. ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
  887. goto out;
  888. }
  889. if (!override && (c->pkeys[i].x509 != NULL
  890. || c->pkeys[i].privatekey != NULL
  891. || c->pkeys[i].chain != NULL)) {
  892. /* No override, and something already there */
  893. ERR_raise(ERR_LIB_SSL, SSL_R_NOT_REPLACING_CERTIFICATE);
  894. goto out;
  895. }
  896. if (chain != NULL) {
  897. dup_chain = X509_chain_up_ref(chain);
  898. if (dup_chain == NULL) {
  899. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  900. goto out;
  901. }
  902. }
  903. OSSL_STACK_OF_X509_free(c->pkeys[i].chain);
  904. c->pkeys[i].chain = dup_chain;
  905. X509_free(c->pkeys[i].x509);
  906. X509_up_ref(x509);
  907. c->pkeys[i].x509 = x509;
  908. EVP_PKEY_free(c->pkeys[i].privatekey);
  909. EVP_PKEY_up_ref(privatekey);
  910. c->pkeys[i].privatekey = privatekey;
  911. c->key = &(c->pkeys[i]);
  912. ret = 1;
  913. out:
  914. EVP_PKEY_free(pubkey);
  915. return ret;
  916. }
  917. int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
  918. STACK_OF(X509) *chain, int override)
  919. {
  920. return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override);
  921. }
  922. int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
  923. STACK_OF(X509) *chain, int override)
  924. {
  925. return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override);
  926. }