ssl_rsa.c 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059
  1. /*
  2. * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "ssl_local.h"
  11. #include "internal/packet.h"
  12. #include <openssl/bio.h>
  13. #include <openssl/objects.h>
  14. #include <openssl/evp.h>
  15. #include <openssl/x509.h>
  16. #include <openssl/x509v3.h>
  17. #include <openssl/pem.h>
  18. static int ssl_set_cert(CERT *c, X509 *x509, SSL_CTX *ctx);
  19. static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey, SSL_CTX *ctx);
  20. #define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
  21. | SSL_EXT_CLIENT_HELLO \
  22. | SSL_EXT_TLS1_2_SERVER_HELLO \
  23. | SSL_EXT_IGNORE_ON_RESUMPTION)
  24. #define NAME_PREFIX1 "SERVERINFO FOR "
  25. #define NAME_PREFIX2 "SERVERINFOV2 FOR "
  26. int SSL_use_certificate(SSL *ssl, X509 *x)
  27. {
  28. int rv;
  29. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  30. if (sc == NULL)
  31. return 0;
  32. if (x == NULL) {
  33. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  34. return 0;
  35. }
  36. rv = ssl_security_cert(sc, NULL, x, 0, 1);
  37. if (rv != 1) {
  38. ERR_raise(ERR_LIB_SSL, rv);
  39. return 0;
  40. }
  41. return ssl_set_cert(sc->cert, x, SSL_CONNECTION_GET_CTX(sc));
  42. }
  43. int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
  44. {
  45. int j;
  46. BIO *in;
  47. int ret = 0;
  48. X509 *cert = NULL, *x = NULL;
  49. in = BIO_new(BIO_s_file());
  50. if (in == NULL) {
  51. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  52. goto end;
  53. }
  54. if (BIO_read_filename(in, file) <= 0) {
  55. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  56. goto end;
  57. }
  58. x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
  59. if (x == NULL) {
  60. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  61. goto end;
  62. }
  63. if (type == SSL_FILETYPE_ASN1) {
  64. j = ERR_R_ASN1_LIB;
  65. cert = d2i_X509_bio(in, &x);
  66. } else if (type == SSL_FILETYPE_PEM) {
  67. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  68. if (sc == NULL)
  69. goto end;
  70. j = ERR_R_PEM_LIB;
  71. cert = PEM_read_bio_X509(in, &x, sc->default_passwd_callback,
  72. sc->default_passwd_callback_userdata);
  73. } else {
  74. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
  75. goto end;
  76. }
  77. if (cert == NULL) {
  78. ERR_raise(ERR_LIB_SSL, j);
  79. goto end;
  80. }
  81. ret = SSL_use_certificate(ssl, x);
  82. end:
  83. X509_free(x);
  84. BIO_free(in);
  85. return ret;
  86. }
  87. int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
  88. {
  89. X509 *x;
  90. int ret;
  91. x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
  92. if (x == NULL) {
  93. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  94. return 0;
  95. }
  96. if (d2i_X509(&x, &d, (long)len)== NULL) {
  97. X509_free(x);
  98. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  99. return 0;
  100. }
  101. ret = SSL_use_certificate(ssl, x);
  102. X509_free(x);
  103. return ret;
  104. }
  105. static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey, SSL_CTX *ctx)
  106. {
  107. size_t i;
  108. if (ssl_cert_lookup_by_pkey(pkey, &i, ctx) == NULL) {
  109. ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
  110. return 0;
  111. }
  112. if (c->pkeys[i].x509 != NULL
  113. && !X509_check_private_key(c->pkeys[i].x509, pkey))
  114. return 0;
  115. EVP_PKEY_free(c->pkeys[i].privatekey);
  116. EVP_PKEY_up_ref(pkey);
  117. c->pkeys[i].privatekey = pkey;
  118. c->key = &c->pkeys[i];
  119. return 1;
  120. }
  121. int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
  122. {
  123. int ret;
  124. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  125. if (sc == NULL)
  126. return 0;
  127. if (pkey == NULL) {
  128. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  129. return 0;
  130. }
  131. ret = ssl_set_pkey(sc->cert, pkey, SSL_CONNECTION_GET_CTX(sc));
  132. return ret;
  133. }
  134. int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
  135. {
  136. int j, ret = 0;
  137. BIO *in;
  138. EVP_PKEY *pkey = NULL;
  139. in = BIO_new(BIO_s_file());
  140. if (in == NULL) {
  141. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  142. goto end;
  143. }
  144. if (BIO_read_filename(in, file) <= 0) {
  145. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  146. goto end;
  147. }
  148. if (type == SSL_FILETYPE_PEM) {
  149. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  150. if (sc == NULL)
  151. goto end;
  152. j = ERR_R_PEM_LIB;
  153. pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
  154. sc->default_passwd_callback,
  155. sc->default_passwd_callback_userdata,
  156. ssl->ctx->libctx,
  157. ssl->ctx->propq);
  158. } else if (type == SSL_FILETYPE_ASN1) {
  159. j = ERR_R_ASN1_LIB;
  160. pkey = d2i_PrivateKey_ex_bio(in, NULL, ssl->ctx->libctx,
  161. ssl->ctx->propq);
  162. } else {
  163. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
  164. goto end;
  165. }
  166. if (pkey == NULL) {
  167. ERR_raise(ERR_LIB_SSL, j);
  168. goto end;
  169. }
  170. ret = SSL_use_PrivateKey(ssl, pkey);
  171. EVP_PKEY_free(pkey);
  172. end:
  173. BIO_free(in);
  174. return ret;
  175. }
  176. int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
  177. long len)
  178. {
  179. int ret;
  180. const unsigned char *p;
  181. EVP_PKEY *pkey;
  182. p = d;
  183. if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ssl->ctx->libctx,
  184. ssl->ctx->propq)) == NULL) {
  185. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  186. return 0;
  187. }
  188. ret = SSL_use_PrivateKey(ssl, pkey);
  189. EVP_PKEY_free(pkey);
  190. return ret;
  191. }
  192. int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
  193. {
  194. int rv;
  195. if (x == NULL) {
  196. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  197. return 0;
  198. }
  199. rv = ssl_security_cert(NULL, ctx, x, 0, 1);
  200. if (rv != 1) {
  201. ERR_raise(ERR_LIB_SSL, rv);
  202. return 0;
  203. }
  204. return ssl_set_cert(ctx->cert, x, ctx);
  205. }
  206. static int ssl_set_cert(CERT *c, X509 *x, SSL_CTX *ctx)
  207. {
  208. EVP_PKEY *pkey;
  209. size_t i;
  210. pkey = X509_get0_pubkey(x);
  211. if (pkey == NULL) {
  212. ERR_raise(ERR_LIB_SSL, SSL_R_X509_LIB);
  213. return 0;
  214. }
  215. if (ssl_cert_lookup_by_pkey(pkey, &i, ctx) == NULL) {
  216. ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
  217. return 0;
  218. }
  219. if (i == SSL_PKEY_ECC && !EVP_PKEY_can_sign(pkey)) {
  220. ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
  221. return 0;
  222. }
  223. if (c->pkeys[i].privatekey != NULL) {
  224. /*
  225. * The return code from EVP_PKEY_copy_parameters is deliberately
  226. * ignored. Some EVP_PKEY types cannot do this.
  227. * coverity[check_return]
  228. */
  229. EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
  230. ERR_clear_error();
  231. if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
  232. /*
  233. * don't fail for a cert/key mismatch, just free current private
  234. * key (when switching to a different cert & key, first this
  235. * function should be used, then ssl_set_pkey
  236. */
  237. EVP_PKEY_free(c->pkeys[i].privatekey);
  238. c->pkeys[i].privatekey = NULL;
  239. /* clear error queue */
  240. ERR_clear_error();
  241. }
  242. }
  243. X509_free(c->pkeys[i].x509);
  244. X509_up_ref(x);
  245. c->pkeys[i].x509 = x;
  246. c->key = &(c->pkeys[i]);
  247. return 1;
  248. }
  249. int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
  250. {
  251. int j = SSL_R_BAD_VALUE;
  252. BIO *in;
  253. int ret = 0;
  254. X509 *x = NULL, *cert = NULL;
  255. in = BIO_new(BIO_s_file());
  256. if (in == NULL) {
  257. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  258. goto end;
  259. }
  260. if (BIO_read_filename(in, file) <= 0) {
  261. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  262. goto end;
  263. }
  264. x = X509_new_ex(ctx->libctx, ctx->propq);
  265. if (x == NULL) {
  266. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  267. goto end;
  268. }
  269. if (type == SSL_FILETYPE_ASN1) {
  270. j = ERR_R_ASN1_LIB;
  271. cert = d2i_X509_bio(in, &x);
  272. } else if (type == SSL_FILETYPE_PEM) {
  273. j = ERR_R_PEM_LIB;
  274. cert = PEM_read_bio_X509(in, &x, ctx->default_passwd_callback,
  275. ctx->default_passwd_callback_userdata);
  276. } else {
  277. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
  278. goto end;
  279. }
  280. if (cert == NULL) {
  281. ERR_raise(ERR_LIB_SSL, j);
  282. goto end;
  283. }
  284. ret = SSL_CTX_use_certificate(ctx, x);
  285. end:
  286. X509_free(x);
  287. BIO_free(in);
  288. return ret;
  289. }
  290. int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
  291. {
  292. X509 *x;
  293. int ret;
  294. x = X509_new_ex(ctx->libctx, ctx->propq);
  295. if (x == NULL) {
  296. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  297. return 0;
  298. }
  299. if (d2i_X509(&x, &d, (long)len) == NULL) {
  300. X509_free(x);
  301. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  302. return 0;
  303. }
  304. ret = SSL_CTX_use_certificate(ctx, x);
  305. X509_free(x);
  306. return ret;
  307. }
  308. int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
  309. {
  310. if (pkey == NULL) {
  311. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  312. return 0;
  313. }
  314. return ssl_set_pkey(ctx->cert, pkey, ctx);
  315. }
  316. int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
  317. {
  318. int j, ret = 0;
  319. BIO *in;
  320. EVP_PKEY *pkey = NULL;
  321. in = BIO_new(BIO_s_file());
  322. if (in == NULL) {
  323. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  324. goto end;
  325. }
  326. if (BIO_read_filename(in, file) <= 0) {
  327. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  328. goto end;
  329. }
  330. if (type == SSL_FILETYPE_PEM) {
  331. j = ERR_R_PEM_LIB;
  332. pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
  333. ctx->default_passwd_callback,
  334. ctx->default_passwd_callback_userdata,
  335. ctx->libctx, ctx->propq);
  336. } else if (type == SSL_FILETYPE_ASN1) {
  337. j = ERR_R_ASN1_LIB;
  338. pkey = d2i_PrivateKey_ex_bio(in, NULL, ctx->libctx, ctx->propq);
  339. } else {
  340. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
  341. goto end;
  342. }
  343. if (pkey == NULL) {
  344. ERR_raise(ERR_LIB_SSL, j);
  345. goto end;
  346. }
  347. ret = SSL_CTX_use_PrivateKey(ctx, pkey);
  348. EVP_PKEY_free(pkey);
  349. end:
  350. BIO_free(in);
  351. return ret;
  352. }
  353. int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
  354. const unsigned char *d, long len)
  355. {
  356. int ret;
  357. const unsigned char *p;
  358. EVP_PKEY *pkey;
  359. p = d;
  360. if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ctx->libctx,
  361. ctx->propq)) == NULL) {
  362. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  363. return 0;
  364. }
  365. ret = SSL_CTX_use_PrivateKey(ctx, pkey);
  366. EVP_PKEY_free(pkey);
  367. return ret;
  368. }
  369. /*
  370. * Read a file that contains our certificate in "PEM" format, possibly
  371. * followed by a sequence of CA certificates that should be sent to the peer
  372. * in the Certificate message.
  373. */
  374. static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
  375. {
  376. BIO *in;
  377. int ret = 0;
  378. X509 *x = NULL;
  379. pem_password_cb *passwd_callback;
  380. void *passwd_callback_userdata;
  381. SSL_CTX *real_ctx = (ssl == NULL) ? ctx : ssl->ctx;
  382. if (ctx == NULL && ssl == NULL)
  383. return 0;
  384. ERR_clear_error(); /* clear error stack for
  385. * SSL_CTX_use_certificate() */
  386. if (ctx != NULL) {
  387. passwd_callback = ctx->default_passwd_callback;
  388. passwd_callback_userdata = ctx->default_passwd_callback_userdata;
  389. } else {
  390. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  391. if (sc == NULL)
  392. return 0;
  393. passwd_callback = sc->default_passwd_callback;
  394. passwd_callback_userdata = sc->default_passwd_callback_userdata;
  395. }
  396. in = BIO_new(BIO_s_file());
  397. if (in == NULL) {
  398. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  399. goto end;
  400. }
  401. if (BIO_read_filename(in, file) <= 0) {
  402. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  403. goto end;
  404. }
  405. x = X509_new_ex(real_ctx->libctx, real_ctx->propq);
  406. if (x == NULL) {
  407. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  408. goto end;
  409. }
  410. if (PEM_read_bio_X509_AUX(in, &x, passwd_callback,
  411. passwd_callback_userdata) == NULL) {
  412. ERR_raise(ERR_LIB_SSL, ERR_R_PEM_LIB);
  413. goto end;
  414. }
  415. if (ctx)
  416. ret = SSL_CTX_use_certificate(ctx, x);
  417. else
  418. ret = SSL_use_certificate(ssl, x);
  419. if (ERR_peek_error() != 0)
  420. ret = 0; /* Key/certificate mismatch doesn't imply
  421. * ret==0 ... */
  422. if (ret) {
  423. /*
  424. * If we could set up our certificate, now proceed to the CA
  425. * certificates.
  426. */
  427. X509 *ca;
  428. int r;
  429. unsigned long err;
  430. if (ctx)
  431. r = SSL_CTX_clear_chain_certs(ctx);
  432. else
  433. r = SSL_clear_chain_certs(ssl);
  434. if (r == 0) {
  435. ret = 0;
  436. goto end;
  437. }
  438. while (1) {
  439. ca = X509_new_ex(real_ctx->libctx, real_ctx->propq);
  440. if (ca == NULL) {
  441. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  442. goto end;
  443. }
  444. if (PEM_read_bio_X509(in, &ca, passwd_callback,
  445. passwd_callback_userdata) != NULL) {
  446. if (ctx)
  447. r = SSL_CTX_add0_chain_cert(ctx, ca);
  448. else
  449. r = SSL_add0_chain_cert(ssl, ca);
  450. /*
  451. * Note that we must not free ca if it was successfully added to
  452. * the chain (while we must free the main certificate, since its
  453. * reference count is increased by SSL_CTX_use_certificate).
  454. */
  455. if (!r) {
  456. X509_free(ca);
  457. ret = 0;
  458. goto end;
  459. }
  460. } else {
  461. X509_free(ca);
  462. break;
  463. }
  464. }
  465. /* When the while loop ends, it's usually just EOF. */
  466. err = ERR_peek_last_error();
  467. if (ERR_GET_LIB(err) == ERR_LIB_PEM
  468. && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
  469. ERR_clear_error();
  470. else
  471. ret = 0; /* some real error */
  472. }
  473. end:
  474. X509_free(x);
  475. BIO_free(in);
  476. return ret;
  477. }
  478. int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
  479. {
  480. return use_certificate_chain_file(ctx, NULL, file);
  481. }
  482. int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
  483. {
  484. return use_certificate_chain_file(NULL, ssl, file);
  485. }
  486. static int serverinfo_find_extension(const unsigned char *serverinfo,
  487. size_t serverinfo_length,
  488. unsigned int extension_type,
  489. const unsigned char **extension_data,
  490. size_t *extension_length)
  491. {
  492. PACKET pkt, data;
  493. *extension_data = NULL;
  494. *extension_length = 0;
  495. if (serverinfo == NULL || serverinfo_length == 0)
  496. return -1;
  497. if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
  498. return -1;
  499. for (;;) {
  500. unsigned int type = 0;
  501. unsigned long context = 0;
  502. /* end of serverinfo */
  503. if (PACKET_remaining(&pkt) == 0)
  504. return 0; /* Extension not found */
  505. if (!PACKET_get_net_4(&pkt, &context)
  506. || !PACKET_get_net_2(&pkt, &type)
  507. || !PACKET_get_length_prefixed_2(&pkt, &data))
  508. return -1;
  509. if (type == extension_type) {
  510. *extension_data = PACKET_data(&data);
  511. *extension_length = PACKET_remaining(&data);
  512. return 1; /* Success */
  513. }
  514. }
  515. /* Unreachable */
  516. }
  517. static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
  518. unsigned int context,
  519. const unsigned char *in,
  520. size_t inlen, X509 *x, size_t chainidx,
  521. int *al, void *arg)
  522. {
  523. if (inlen != 0) {
  524. *al = SSL_AD_DECODE_ERROR;
  525. return 0;
  526. }
  527. return 1;
  528. }
  529. static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
  530. const unsigned char *in,
  531. size_t inlen, int *al, void *arg)
  532. {
  533. return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al,
  534. arg);
  535. }
  536. static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
  537. unsigned int context,
  538. const unsigned char **out,
  539. size_t *outlen, X509 *x, size_t chainidx,
  540. int *al, void *arg)
  541. {
  542. const unsigned char *serverinfo = NULL;
  543. size_t serverinfo_length = 0;
  544. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  545. if (sc == NULL) {
  546. *al = SSL_AD_INTERNAL_ERROR;
  547. return -1;
  548. }
  549. /* We only support extensions for the first Certificate */
  550. if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
  551. return 0;
  552. /* Is there serverinfo data for the chosen server cert? */
  553. if ((ssl_get_server_cert_serverinfo(sc, &serverinfo,
  554. &serverinfo_length)) != 0) {
  555. /* Find the relevant extension from the serverinfo */
  556. int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
  557. ext_type, out, outlen);
  558. if (retval == -1) {
  559. *al = SSL_AD_INTERNAL_ERROR;
  560. return -1; /* Error */
  561. }
  562. if (retval == 0)
  563. return 0; /* No extension found, don't send extension */
  564. return 1; /* Send extension */
  565. }
  566. return 0; /* No serverinfo data found, don't send
  567. * extension */
  568. }
  569. static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
  570. const unsigned char **out, size_t *outlen,
  571. int *al, void *arg)
  572. {
  573. return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al,
  574. arg);
  575. }
  576. /*
  577. * With a NULL context, this function just checks that the serverinfo data
  578. * parses correctly. With a non-NULL context, it registers callbacks for
  579. * the included extensions.
  580. */
  581. static int serverinfo_process_buffer(unsigned int version,
  582. const unsigned char *serverinfo,
  583. size_t serverinfo_length, SSL_CTX *ctx)
  584. {
  585. PACKET pkt;
  586. if (serverinfo == NULL || serverinfo_length == 0)
  587. return 0;
  588. if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2)
  589. return 0;
  590. if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
  591. return 0;
  592. while (PACKET_remaining(&pkt)) {
  593. unsigned long context = 0;
  594. unsigned int ext_type = 0;
  595. PACKET data;
  596. if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context))
  597. || !PACKET_get_net_2(&pkt, &ext_type)
  598. || !PACKET_get_length_prefixed_2(&pkt, &data))
  599. return 0;
  600. if (ctx == NULL)
  601. continue;
  602. /*
  603. * The old style custom extensions API could be set separately for
  604. * server/client, i.e. you could set one custom extension for a client,
  605. * and *for the same extension in the same SSL_CTX* you could set a
  606. * custom extension for the server as well. It seems quite weird to be
  607. * setting a custom extension for both client and server in a single
  608. * SSL_CTX - but theoretically possible. This isn't possible in the
  609. * new API. Therefore, if we have V1 serverinfo we use the old API. We
  610. * also use the old API even if we have V2 serverinfo but the context
  611. * looks like an old style <= TLSv1.2 extension.
  612. */
  613. if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) {
  614. if (!SSL_CTX_add_server_custom_ext(ctx, ext_type,
  615. serverinfo_srv_add_cb,
  616. NULL, NULL,
  617. serverinfo_srv_parse_cb,
  618. NULL))
  619. return 0;
  620. } else {
  621. if (!SSL_CTX_add_custom_ext(ctx, ext_type, context,
  622. serverinfoex_srv_add_cb,
  623. NULL, NULL,
  624. serverinfoex_srv_parse_cb,
  625. NULL))
  626. return 0;
  627. }
  628. }
  629. return 1;
  630. }
  631. static size_t extension_contextoff(unsigned int version)
  632. {
  633. return version == SSL_SERVERINFOV1 ? 4 : 0;
  634. }
  635. static size_t extension_append_length(unsigned int version, size_t extension_length)
  636. {
  637. return extension_length + extension_contextoff(version);
  638. }
  639. static void extension_append(unsigned int version,
  640. const unsigned char *extension,
  641. const size_t extension_length,
  642. unsigned char *serverinfo)
  643. {
  644. const size_t contextoff = extension_contextoff(version);
  645. if (contextoff > 0) {
  646. /* We know this only uses the last 2 bytes */
  647. serverinfo[0] = 0;
  648. serverinfo[1] = 0;
  649. serverinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
  650. serverinfo[3] = SYNTHV1CONTEXT & 0xff;
  651. }
  652. memcpy(serverinfo + contextoff, extension, extension_length);
  653. }
  654. int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
  655. const unsigned char *serverinfo,
  656. size_t serverinfo_length)
  657. {
  658. unsigned char *new_serverinfo = NULL;
  659. if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
  660. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  661. return 0;
  662. }
  663. if (version == SSL_SERVERINFOV1) {
  664. /*
  665. * Convert serverinfo version v1 to v2 and call yourself recursively
  666. * over the converted serverinfo.
  667. */
  668. const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1,
  669. serverinfo_length);
  670. unsigned char *sinfo;
  671. int ret;
  672. sinfo = OPENSSL_malloc(sinfo_length);
  673. if (sinfo == NULL)
  674. return 0;
  675. extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo);
  676. ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo,
  677. sinfo_length);
  678. OPENSSL_free(sinfo);
  679. return ret;
  680. }
  681. if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
  682. NULL)) {
  683. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
  684. return 0;
  685. }
  686. if (ctx->cert->key == NULL) {
  687. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  688. return 0;
  689. }
  690. new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
  691. serverinfo_length);
  692. if (new_serverinfo == NULL)
  693. return 0;
  694. ctx->cert->key->serverinfo = new_serverinfo;
  695. memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
  696. ctx->cert->key->serverinfo_length = serverinfo_length;
  697. /*
  698. * Now that the serverinfo is validated and stored, go ahead and
  699. * register callbacks.
  700. */
  701. if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
  702. ctx)) {
  703. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
  704. return 0;
  705. }
  706. return 1;
  707. }
  708. int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
  709. size_t serverinfo_length)
  710. {
  711. return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo,
  712. serverinfo_length);
  713. }
  714. int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
  715. {
  716. unsigned char *serverinfo = NULL;
  717. unsigned char *tmp;
  718. size_t serverinfo_length = 0;
  719. unsigned char *extension = 0;
  720. long extension_length = 0;
  721. char *name = NULL;
  722. char *header = NULL;
  723. unsigned int name_len;
  724. int ret = 0;
  725. BIO *bin = NULL;
  726. size_t num_extensions = 0;
  727. if (ctx == NULL || file == NULL) {
  728. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  729. goto end;
  730. }
  731. bin = BIO_new(BIO_s_file());
  732. if (bin == NULL) {
  733. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  734. goto end;
  735. }
  736. if (BIO_read_filename(bin, file) <= 0) {
  737. ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  738. goto end;
  739. }
  740. for (num_extensions = 0;; num_extensions++) {
  741. unsigned int version;
  742. size_t append_length;
  743. if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
  744. == 0) {
  745. /*
  746. * There must be at least one extension in this file
  747. */
  748. if (num_extensions == 0) {
  749. ERR_raise(ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS);
  750. goto end;
  751. } else /* End of file, we're done */
  752. break;
  753. }
  754. /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
  755. name_len = strlen(name);
  756. if (name_len < sizeof(NAME_PREFIX1) - 1) {
  757. ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
  758. goto end;
  759. }
  760. if (HAS_PREFIX(name, NAME_PREFIX1)) {
  761. version = SSL_SERVERINFOV1;
  762. } else {
  763. if (name_len < sizeof(NAME_PREFIX2) - 1) {
  764. ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
  765. goto end;
  766. }
  767. if (!HAS_PREFIX(name, NAME_PREFIX2)) {
  768. ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX);
  769. goto end;
  770. }
  771. version = SSL_SERVERINFOV2;
  772. }
  773. /*
  774. * Check that the decoded PEM data is plausible (valid length field)
  775. */
  776. if (version == SSL_SERVERINFOV1) {
  777. /* 4 byte header: 2 bytes type, 2 bytes len */
  778. if (extension_length < 4
  779. || (extension[2] << 8) + extension[3]
  780. != extension_length - 4) {
  781. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
  782. goto end;
  783. }
  784. } else {
  785. /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
  786. if (extension_length < 8
  787. || (extension[6] << 8) + extension[7]
  788. != extension_length - 8) {
  789. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
  790. goto end;
  791. }
  792. }
  793. /* Append the decoded extension to the serverinfo buffer */
  794. append_length = extension_append_length(version, extension_length);
  795. tmp = OPENSSL_realloc(serverinfo, serverinfo_length + append_length);
  796. if (tmp == NULL)
  797. goto end;
  798. serverinfo = tmp;
  799. extension_append(version, extension, extension_length,
  800. serverinfo + serverinfo_length);
  801. serverinfo_length += append_length;
  802. OPENSSL_free(name);
  803. name = NULL;
  804. OPENSSL_free(header);
  805. header = NULL;
  806. OPENSSL_free(extension);
  807. extension = NULL;
  808. }
  809. ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo,
  810. serverinfo_length);
  811. end:
  812. /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
  813. OPENSSL_free(name);
  814. OPENSSL_free(header);
  815. OPENSSL_free(extension);
  816. OPENSSL_free(serverinfo);
  817. BIO_free(bin);
  818. return ret;
  819. }
  820. static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
  821. STACK_OF(X509) *chain, int override)
  822. {
  823. int ret = 0;
  824. size_t i;
  825. int j;
  826. int rv;
  827. CERT *c;
  828. STACK_OF(X509) *dup_chain = NULL;
  829. EVP_PKEY *pubkey = NULL;
  830. SSL_CONNECTION *sc = NULL;
  831. if (ctx == NULL &&
  832. (sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL)
  833. return 0;
  834. c = sc != NULL ? sc->cert : ctx->cert;
  835. /* Do all security checks before anything else */
  836. rv = ssl_security_cert(sc, ctx, x509, 0, 1);
  837. if (rv != 1) {
  838. ERR_raise(ERR_LIB_SSL, rv);
  839. goto out;
  840. }
  841. for (j = 0; j < sk_X509_num(chain); j++) {
  842. rv = ssl_security_cert(sc, ctx, sk_X509_value(chain, j), 0, 0);
  843. if (rv != 1) {
  844. ERR_raise(ERR_LIB_SSL, rv);
  845. goto out;
  846. }
  847. }
  848. pubkey = X509_get_pubkey(x509); /* bumps reference */
  849. if (pubkey == NULL)
  850. goto out;
  851. if (privatekey == NULL) {
  852. privatekey = pubkey;
  853. } else {
  854. /* For RSA, which has no parameters, missing returns 0 */
  855. if (EVP_PKEY_missing_parameters(privatekey)) {
  856. if (EVP_PKEY_missing_parameters(pubkey)) {
  857. /* nobody has parameters? - error */
  858. ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
  859. goto out;
  860. } else {
  861. /* copy to privatekey from pubkey */
  862. if (!EVP_PKEY_copy_parameters(privatekey, pubkey)) {
  863. ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
  864. goto out;
  865. }
  866. }
  867. } else if (EVP_PKEY_missing_parameters(pubkey)) {
  868. /* copy to pubkey from privatekey */
  869. if (!EVP_PKEY_copy_parameters(pubkey, privatekey)) {
  870. ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
  871. goto out;
  872. }
  873. } /* else both have parameters */
  874. /* check that key <-> cert match */
  875. if (EVP_PKEY_eq(pubkey, privatekey) != 1) {
  876. ERR_raise(ERR_LIB_SSL, SSL_R_PRIVATE_KEY_MISMATCH);
  877. goto out;
  878. }
  879. }
  880. if (ssl_cert_lookup_by_pkey(pubkey, &i, ctx) == NULL) {
  881. ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
  882. goto out;
  883. }
  884. if (!override && (c->pkeys[i].x509 != NULL
  885. || c->pkeys[i].privatekey != NULL
  886. || c->pkeys[i].chain != NULL)) {
  887. /* No override, and something already there */
  888. ERR_raise(ERR_LIB_SSL, SSL_R_NOT_REPLACING_CERTIFICATE);
  889. goto out;
  890. }
  891. if (chain != NULL) {
  892. dup_chain = X509_chain_up_ref(chain);
  893. if (dup_chain == NULL) {
  894. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  895. goto out;
  896. }
  897. }
  898. OSSL_STACK_OF_X509_free(c->pkeys[i].chain);
  899. c->pkeys[i].chain = dup_chain;
  900. X509_free(c->pkeys[i].x509);
  901. X509_up_ref(x509);
  902. c->pkeys[i].x509 = x509;
  903. EVP_PKEY_free(c->pkeys[i].privatekey);
  904. EVP_PKEY_up_ref(privatekey);
  905. c->pkeys[i].privatekey = privatekey;
  906. c->key = &(c->pkeys[i]);
  907. ret = 1;
  908. out:
  909. EVP_PKEY_free(pubkey);
  910. return ret;
  911. }
  912. int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
  913. STACK_OF(X509) *chain, int override)
  914. {
  915. return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override);
  916. }
  917. int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
  918. STACK_OF(X509) *chain, int override)
  919. {
  920. return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override);
  921. }