ssl_rsa.c 34 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "ssl_local.h"
  11. #include "internal/packet.h"
  12. #include <openssl/bio.h>
  13. #include <openssl/objects.h>
  14. #include <openssl/evp.h>
  15. #include <openssl/x509.h>
  16. #include <openssl/pem.h>
  17. static int ssl_set_cert(CERT *c, X509 *x509);
  18. static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
  19. #define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
  20. | SSL_EXT_CLIENT_HELLO \
  21. | SSL_EXT_TLS1_2_SERVER_HELLO \
  22. | SSL_EXT_IGNORE_ON_RESUMPTION)
  23. int SSL_use_certificate(SSL *ssl, X509 *x)
  24. {
  25. int rv;
  26. if (x == NULL) {
  27. SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
  28. return 0;
  29. }
  30. rv = ssl_security_cert(ssl, NULL, x, 0, 1);
  31. if (rv != 1) {
  32. SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv);
  33. return 0;
  34. }
  35. return ssl_set_cert(ssl->cert, x);
  36. }
  37. int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
  38. {
  39. int j;
  40. BIO *in;
  41. int ret = 0;
  42. X509 *x = NULL;
  43. in = BIO_new(BIO_s_file());
  44. if (in == NULL) {
  45. SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
  46. goto end;
  47. }
  48. if (BIO_read_filename(in, file) <= 0) {
  49. SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
  50. goto end;
  51. }
  52. if (type == SSL_FILETYPE_ASN1) {
  53. j = ERR_R_ASN1_LIB;
  54. x = d2i_X509_bio(in, NULL);
  55. } else if (type == SSL_FILETYPE_PEM) {
  56. j = ERR_R_PEM_LIB;
  57. x = PEM_read_bio_X509(in, NULL, ssl->default_passwd_callback,
  58. ssl->default_passwd_callback_userdata);
  59. } else {
  60. SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
  61. goto end;
  62. }
  63. if (x == NULL) {
  64. SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
  65. goto end;
  66. }
  67. ret = SSL_use_certificate(ssl, x);
  68. end:
  69. X509_free(x);
  70. BIO_free(in);
  71. return ret;
  72. }
  73. int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
  74. {
  75. X509 *x;
  76. int ret;
  77. x = d2i_X509(NULL, &d, (long)len);
  78. if (x == NULL) {
  79. SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
  80. return 0;
  81. }
  82. ret = SSL_use_certificate(ssl, x);
  83. X509_free(x);
  84. return ret;
  85. }
  86. #ifndef OPENSSL_NO_RSA
  87. int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
  88. {
  89. EVP_PKEY *pkey;
  90. int ret;
  91. if (rsa == NULL) {
  92. SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
  93. return 0;
  94. }
  95. if ((pkey = EVP_PKEY_new()) == NULL) {
  96. SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
  97. return 0;
  98. }
  99. RSA_up_ref(rsa);
  100. if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
  101. RSA_free(rsa);
  102. EVP_PKEY_free(pkey);
  103. return 0;
  104. }
  105. ret = ssl_set_pkey(ssl->cert, pkey);
  106. EVP_PKEY_free(pkey);
  107. return ret;
  108. }
  109. #endif
  110. static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
  111. {
  112. size_t i;
  113. if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
  114. SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
  115. return 0;
  116. }
  117. if (c->pkeys[i].x509 != NULL) {
  118. EVP_PKEY *pktmp;
  119. pktmp = X509_get0_pubkey(c->pkeys[i].x509);
  120. if (pktmp == NULL) {
  121. SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);
  122. return 0;
  123. }
  124. /*
  125. * The return code from EVP_PKEY_copy_parameters is deliberately
  126. * ignored. Some EVP_PKEY types cannot do this.
  127. */
  128. EVP_PKEY_copy_parameters(pktmp, pkey);
  129. ERR_clear_error();
  130. #ifndef OPENSSL_NO_RSA
  131. /*
  132. * Don't check the public/private key, this is mostly for smart
  133. * cards.
  134. */
  135. if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
  136. && RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
  137. else
  138. #endif
  139. if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
  140. X509_free(c->pkeys[i].x509);
  141. c->pkeys[i].x509 = NULL;
  142. return 0;
  143. }
  144. }
  145. EVP_PKEY_free(c->pkeys[i].privatekey);
  146. EVP_PKEY_up_ref(pkey);
  147. c->pkeys[i].privatekey = pkey;
  148. c->key = &c->pkeys[i];
  149. return 1;
  150. }
  151. #ifndef OPENSSL_NO_RSA
  152. int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
  153. {
  154. int j, ret = 0;
  155. BIO *in;
  156. RSA *rsa = NULL;
  157. in = BIO_new(BIO_s_file());
  158. if (in == NULL) {
  159. SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
  160. goto end;
  161. }
  162. if (BIO_read_filename(in, file) <= 0) {
  163. SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
  164. goto end;
  165. }
  166. if (type == SSL_FILETYPE_ASN1) {
  167. j = ERR_R_ASN1_LIB;
  168. rsa = d2i_RSAPrivateKey_bio(in, NULL);
  169. } else if (type == SSL_FILETYPE_PEM) {
  170. j = ERR_R_PEM_LIB;
  171. rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
  172. ssl->default_passwd_callback,
  173. ssl->default_passwd_callback_userdata);
  174. } else {
  175. SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
  176. goto end;
  177. }
  178. if (rsa == NULL) {
  179. SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
  180. goto end;
  181. }
  182. ret = SSL_use_RSAPrivateKey(ssl, rsa);
  183. RSA_free(rsa);
  184. end:
  185. BIO_free(in);
  186. return ret;
  187. }
  188. int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
  189. {
  190. int ret;
  191. const unsigned char *p;
  192. RSA *rsa;
  193. p = d;
  194. if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
  195. SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
  196. return 0;
  197. }
  198. ret = SSL_use_RSAPrivateKey(ssl, rsa);
  199. RSA_free(rsa);
  200. return ret;
  201. }
  202. #endif /* !OPENSSL_NO_RSA */
  203. int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
  204. {
  205. int ret;
  206. if (pkey == NULL) {
  207. SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
  208. return 0;
  209. }
  210. ret = ssl_set_pkey(ssl->cert, pkey);
  211. return ret;
  212. }
  213. int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
  214. {
  215. int j, ret = 0;
  216. BIO *in;
  217. EVP_PKEY *pkey = NULL;
  218. in = BIO_new(BIO_s_file());
  219. if (in == NULL) {
  220. SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
  221. goto end;
  222. }
  223. if (BIO_read_filename(in, file) <= 0) {
  224. SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
  225. goto end;
  226. }
  227. if (type == SSL_FILETYPE_PEM) {
  228. j = ERR_R_PEM_LIB;
  229. pkey = PEM_read_bio_PrivateKey(in, NULL,
  230. ssl->default_passwd_callback,
  231. ssl->default_passwd_callback_userdata);
  232. } else if (type == SSL_FILETYPE_ASN1) {
  233. j = ERR_R_ASN1_LIB;
  234. pkey = d2i_PrivateKey_bio(in, NULL);
  235. } else {
  236. SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
  237. goto end;
  238. }
  239. if (pkey == NULL) {
  240. SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
  241. goto end;
  242. }
  243. ret = SSL_use_PrivateKey(ssl, pkey);
  244. EVP_PKEY_free(pkey);
  245. end:
  246. BIO_free(in);
  247. return ret;
  248. }
  249. int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
  250. long len)
  251. {
  252. int ret;
  253. const unsigned char *p;
  254. EVP_PKEY *pkey;
  255. p = d;
  256. if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
  257. SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
  258. return 0;
  259. }
  260. ret = SSL_use_PrivateKey(ssl, pkey);
  261. EVP_PKEY_free(pkey);
  262. return ret;
  263. }
  264. int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
  265. {
  266. int rv;
  267. if (x == NULL) {
  268. SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
  269. return 0;
  270. }
  271. rv = ssl_security_cert(NULL, ctx, x, 0, 1);
  272. if (rv != 1) {
  273. SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
  274. return 0;
  275. }
  276. return ssl_set_cert(ctx->cert, x);
  277. }
  278. static int ssl_set_cert(CERT *c, X509 *x)
  279. {
  280. EVP_PKEY *pkey;
  281. size_t i;
  282. pkey = X509_get0_pubkey(x);
  283. if (pkey == NULL) {
  284. SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
  285. return 0;
  286. }
  287. if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
  288. SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
  289. return 0;
  290. }
  291. #ifndef OPENSSL_NO_EC
  292. if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
  293. SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
  294. return 0;
  295. }
  296. #endif
  297. if (c->pkeys[i].privatekey != NULL) {
  298. /*
  299. * The return code from EVP_PKEY_copy_parameters is deliberately
  300. * ignored. Some EVP_PKEY types cannot do this.
  301. */
  302. EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
  303. ERR_clear_error();
  304. #ifndef OPENSSL_NO_RSA
  305. /*
  306. * Don't check the public/private key, this is mostly for smart
  307. * cards.
  308. */
  309. if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA
  310. && RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &
  311. RSA_METHOD_FLAG_NO_CHECK) ;
  312. else
  313. #endif /* OPENSSL_NO_RSA */
  314. if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
  315. /*
  316. * don't fail for a cert/key mismatch, just free current private
  317. * key (when switching to a different cert & key, first this
  318. * function should be used, then ssl_set_pkey
  319. */
  320. EVP_PKEY_free(c->pkeys[i].privatekey);
  321. c->pkeys[i].privatekey = NULL;
  322. /* clear error queue */
  323. ERR_clear_error();
  324. }
  325. }
  326. X509_free(c->pkeys[i].x509);
  327. X509_up_ref(x);
  328. c->pkeys[i].x509 = x;
  329. c->key = &(c->pkeys[i]);
  330. return 1;
  331. }
  332. int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
  333. {
  334. int j;
  335. BIO *in;
  336. int ret = 0;
  337. X509 *x = NULL;
  338. in = BIO_new(BIO_s_file());
  339. if (in == NULL) {
  340. SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
  341. goto end;
  342. }
  343. if (BIO_read_filename(in, file) <= 0) {
  344. SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
  345. goto end;
  346. }
  347. if (type == SSL_FILETYPE_ASN1) {
  348. j = ERR_R_ASN1_LIB;
  349. x = d2i_X509_bio(in, NULL);
  350. } else if (type == SSL_FILETYPE_PEM) {
  351. j = ERR_R_PEM_LIB;
  352. x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
  353. ctx->default_passwd_callback_userdata);
  354. } else {
  355. SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
  356. goto end;
  357. }
  358. if (x == NULL) {
  359. SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
  360. goto end;
  361. }
  362. ret = SSL_CTX_use_certificate(ctx, x);
  363. end:
  364. X509_free(x);
  365. BIO_free(in);
  366. return ret;
  367. }
  368. int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
  369. {
  370. X509 *x;
  371. int ret;
  372. x = d2i_X509(NULL, &d, (long)len);
  373. if (x == NULL) {
  374. SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
  375. return 0;
  376. }
  377. ret = SSL_CTX_use_certificate(ctx, x);
  378. X509_free(x);
  379. return ret;
  380. }
  381. #ifndef OPENSSL_NO_RSA
  382. int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
  383. {
  384. int ret;
  385. EVP_PKEY *pkey;
  386. if (rsa == NULL) {
  387. SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
  388. return 0;
  389. }
  390. if ((pkey = EVP_PKEY_new()) == NULL) {
  391. SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
  392. return 0;
  393. }
  394. RSA_up_ref(rsa);
  395. if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
  396. RSA_free(rsa);
  397. EVP_PKEY_free(pkey);
  398. return 0;
  399. }
  400. ret = ssl_set_pkey(ctx->cert, pkey);
  401. EVP_PKEY_free(pkey);
  402. return ret;
  403. }
  404. int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
  405. {
  406. int j, ret = 0;
  407. BIO *in;
  408. RSA *rsa = NULL;
  409. in = BIO_new(BIO_s_file());
  410. if (in == NULL) {
  411. SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
  412. goto end;
  413. }
  414. if (BIO_read_filename(in, file) <= 0) {
  415. SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
  416. goto end;
  417. }
  418. if (type == SSL_FILETYPE_ASN1) {
  419. j = ERR_R_ASN1_LIB;
  420. rsa = d2i_RSAPrivateKey_bio(in, NULL);
  421. } else if (type == SSL_FILETYPE_PEM) {
  422. j = ERR_R_PEM_LIB;
  423. rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
  424. ctx->default_passwd_callback,
  425. ctx->default_passwd_callback_userdata);
  426. } else {
  427. SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
  428. goto end;
  429. }
  430. if (rsa == NULL) {
  431. SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
  432. goto end;
  433. }
  434. ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
  435. RSA_free(rsa);
  436. end:
  437. BIO_free(in);
  438. return ret;
  439. }
  440. int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
  441. long len)
  442. {
  443. int ret;
  444. const unsigned char *p;
  445. RSA *rsa;
  446. p = d;
  447. if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
  448. SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
  449. return 0;
  450. }
  451. ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
  452. RSA_free(rsa);
  453. return ret;
  454. }
  455. #endif /* !OPENSSL_NO_RSA */
  456. int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
  457. {
  458. if (pkey == NULL) {
  459. SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
  460. return 0;
  461. }
  462. return ssl_set_pkey(ctx->cert, pkey);
  463. }
  464. int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
  465. {
  466. int j, ret = 0;
  467. BIO *in;
  468. EVP_PKEY *pkey = NULL;
  469. in = BIO_new(BIO_s_file());
  470. if (in == NULL) {
  471. SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
  472. goto end;
  473. }
  474. if (BIO_read_filename(in, file) <= 0) {
  475. SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
  476. goto end;
  477. }
  478. if (type == SSL_FILETYPE_PEM) {
  479. j = ERR_R_PEM_LIB;
  480. pkey = PEM_read_bio_PrivateKey(in, NULL,
  481. ctx->default_passwd_callback,
  482. ctx->default_passwd_callback_userdata);
  483. } else if (type == SSL_FILETYPE_ASN1) {
  484. j = ERR_R_ASN1_LIB;
  485. pkey = d2i_PrivateKey_bio(in, NULL);
  486. } else {
  487. SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
  488. goto end;
  489. }
  490. if (pkey == NULL) {
  491. SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
  492. goto end;
  493. }
  494. ret = SSL_CTX_use_PrivateKey(ctx, pkey);
  495. EVP_PKEY_free(pkey);
  496. end:
  497. BIO_free(in);
  498. return ret;
  499. }
  500. int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
  501. const unsigned char *d, long len)
  502. {
  503. int ret;
  504. const unsigned char *p;
  505. EVP_PKEY *pkey;
  506. p = d;
  507. if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
  508. SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
  509. return 0;
  510. }
  511. ret = SSL_CTX_use_PrivateKey(ctx, pkey);
  512. EVP_PKEY_free(pkey);
  513. return ret;
  514. }
  515. /*
  516. * Read a file that contains our certificate in "PEM" format, possibly
  517. * followed by a sequence of CA certificates that should be sent to the peer
  518. * in the Certificate message.
  519. */
  520. static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
  521. {
  522. BIO *in;
  523. int ret = 0;
  524. X509 *x = NULL;
  525. pem_password_cb *passwd_callback;
  526. void *passwd_callback_userdata;
  527. ERR_clear_error(); /* clear error stack for
  528. * SSL_CTX_use_certificate() */
  529. if (ctx != NULL) {
  530. passwd_callback = ctx->default_passwd_callback;
  531. passwd_callback_userdata = ctx->default_passwd_callback_userdata;
  532. } else {
  533. passwd_callback = ssl->default_passwd_callback;
  534. passwd_callback_userdata = ssl->default_passwd_callback_userdata;
  535. }
  536. in = BIO_new(BIO_s_file());
  537. if (in == NULL) {
  538. SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
  539. goto end;
  540. }
  541. if (BIO_read_filename(in, file) <= 0) {
  542. SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
  543. goto end;
  544. }
  545. x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback,
  546. passwd_callback_userdata);
  547. if (x == NULL) {
  548. SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
  549. goto end;
  550. }
  551. if (ctx)
  552. ret = SSL_CTX_use_certificate(ctx, x);
  553. else
  554. ret = SSL_use_certificate(ssl, x);
  555. if (ERR_peek_error() != 0)
  556. ret = 0; /* Key/certificate mismatch doesn't imply
  557. * ret==0 ... */
  558. if (ret) {
  559. /*
  560. * If we could set up our certificate, now proceed to the CA
  561. * certificates.
  562. */
  563. X509 *ca;
  564. int r;
  565. unsigned long err;
  566. if (ctx)
  567. r = SSL_CTX_clear_chain_certs(ctx);
  568. else
  569. r = SSL_clear_chain_certs(ssl);
  570. if (r == 0) {
  571. ret = 0;
  572. goto end;
  573. }
  574. while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
  575. passwd_callback_userdata))
  576. != NULL) {
  577. if (ctx)
  578. r = SSL_CTX_add0_chain_cert(ctx, ca);
  579. else
  580. r = SSL_add0_chain_cert(ssl, ca);
  581. /*
  582. * Note that we must not free ca if it was successfully added to
  583. * the chain (while we must free the main certificate, since its
  584. * reference count is increased by SSL_CTX_use_certificate).
  585. */
  586. if (!r) {
  587. X509_free(ca);
  588. ret = 0;
  589. goto end;
  590. }
  591. }
  592. /* When the while loop ends, it's usually just EOF. */
  593. err = ERR_peek_last_error();
  594. if (ERR_GET_LIB(err) == ERR_LIB_PEM
  595. && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
  596. ERR_clear_error();
  597. else
  598. ret = 0; /* some real error */
  599. }
  600. end:
  601. X509_free(x);
  602. BIO_free(in);
  603. return ret;
  604. }
  605. int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
  606. {
  607. return use_certificate_chain_file(ctx, NULL, file);
  608. }
  609. int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
  610. {
  611. return use_certificate_chain_file(NULL, ssl, file);
  612. }
  613. static int serverinfo_find_extension(const unsigned char *serverinfo,
  614. size_t serverinfo_length,
  615. unsigned int extension_type,
  616. const unsigned char **extension_data,
  617. size_t *extension_length)
  618. {
  619. PACKET pkt, data;
  620. *extension_data = NULL;
  621. *extension_length = 0;
  622. if (serverinfo == NULL || serverinfo_length == 0)
  623. return -1;
  624. if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
  625. return -1;
  626. for (;;) {
  627. unsigned int type = 0;
  628. unsigned long context = 0;
  629. /* end of serverinfo */
  630. if (PACKET_remaining(&pkt) == 0)
  631. return 0; /* Extension not found */
  632. if (!PACKET_get_net_4(&pkt, &context)
  633. || !PACKET_get_net_2(&pkt, &type)
  634. || !PACKET_get_length_prefixed_2(&pkt, &data))
  635. return -1;
  636. if (type == extension_type) {
  637. *extension_data = PACKET_data(&data);
  638. *extension_length = PACKET_remaining(&data);;
  639. return 1; /* Success */
  640. }
  641. }
  642. /* Unreachable */
  643. }
  644. static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
  645. unsigned int context,
  646. const unsigned char *in,
  647. size_t inlen, X509 *x, size_t chainidx,
  648. int *al, void *arg)
  649. {
  650. if (inlen != 0) {
  651. *al = SSL_AD_DECODE_ERROR;
  652. return 0;
  653. }
  654. return 1;
  655. }
  656. static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
  657. const unsigned char *in,
  658. size_t inlen, int *al, void *arg)
  659. {
  660. return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al,
  661. arg);
  662. }
  663. static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
  664. unsigned int context,
  665. const unsigned char **out,
  666. size_t *outlen, X509 *x, size_t chainidx,
  667. int *al, void *arg)
  668. {
  669. const unsigned char *serverinfo = NULL;
  670. size_t serverinfo_length = 0;
  671. /* We only support extensions for the first Certificate */
  672. if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
  673. return 0;
  674. /* Is there serverinfo data for the chosen server cert? */
  675. if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
  676. &serverinfo_length)) != 0) {
  677. /* Find the relevant extension from the serverinfo */
  678. int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
  679. ext_type, out, outlen);
  680. if (retval == -1) {
  681. *al = SSL_AD_INTERNAL_ERROR;
  682. return -1; /* Error */
  683. }
  684. if (retval == 0)
  685. return 0; /* No extension found, don't send extension */
  686. return 1; /* Send extension */
  687. }
  688. return 0; /* No serverinfo data found, don't send
  689. * extension */
  690. }
  691. static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
  692. const unsigned char **out, size_t *outlen,
  693. int *al, void *arg)
  694. {
  695. return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al,
  696. arg);
  697. }
  698. /*
  699. * With a NULL context, this function just checks that the serverinfo data
  700. * parses correctly. With a non-NULL context, it registers callbacks for
  701. * the included extensions.
  702. */
  703. static int serverinfo_process_buffer(unsigned int version,
  704. const unsigned char *serverinfo,
  705. size_t serverinfo_length, SSL_CTX *ctx)
  706. {
  707. PACKET pkt;
  708. if (serverinfo == NULL || serverinfo_length == 0)
  709. return 0;
  710. if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2)
  711. return 0;
  712. if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
  713. return 0;
  714. while (PACKET_remaining(&pkt)) {
  715. unsigned long context = 0;
  716. unsigned int ext_type = 0;
  717. PACKET data;
  718. if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context))
  719. || !PACKET_get_net_2(&pkt, &ext_type)
  720. || !PACKET_get_length_prefixed_2(&pkt, &data))
  721. return 0;
  722. if (ctx == NULL)
  723. continue;
  724. /*
  725. * The old style custom extensions API could be set separately for
  726. * server/client, i.e. you could set one custom extension for a client,
  727. * and *for the same extension in the same SSL_CTX* you could set a
  728. * custom extension for the server as well. It seems quite weird to be
  729. * setting a custom extension for both client and server in a single
  730. * SSL_CTX - but theoretically possible. This isn't possible in the
  731. * new API. Therefore, if we have V1 serverinfo we use the old API. We
  732. * also use the old API even if we have V2 serverinfo but the context
  733. * looks like an old style <= TLSv1.2 extension.
  734. */
  735. if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) {
  736. if (!SSL_CTX_add_server_custom_ext(ctx, ext_type,
  737. serverinfo_srv_add_cb,
  738. NULL, NULL,
  739. serverinfo_srv_parse_cb,
  740. NULL))
  741. return 0;
  742. } else {
  743. if (!SSL_CTX_add_custom_ext(ctx, ext_type, context,
  744. serverinfoex_srv_add_cb,
  745. NULL, NULL,
  746. serverinfoex_srv_parse_cb,
  747. NULL))
  748. return 0;
  749. }
  750. }
  751. return 1;
  752. }
  753. int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
  754. const unsigned char *serverinfo,
  755. size_t serverinfo_length)
  756. {
  757. unsigned char *new_serverinfo;
  758. if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
  759. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_PASSED_NULL_PARAMETER);
  760. return 0;
  761. }
  762. if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
  763. NULL)) {
  764. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
  765. return 0;
  766. }
  767. if (ctx->cert->key == NULL) {
  768. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_INTERNAL_ERROR);
  769. return 0;
  770. }
  771. new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
  772. serverinfo_length);
  773. if (new_serverinfo == NULL) {
  774. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_MALLOC_FAILURE);
  775. return 0;
  776. }
  777. ctx->cert->key->serverinfo = new_serverinfo;
  778. memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
  779. ctx->cert->key->serverinfo_length = serverinfo_length;
  780. /*
  781. * Now that the serverinfo is validated and stored, go ahead and
  782. * register callbacks.
  783. */
  784. if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
  785. ctx)) {
  786. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
  787. return 0;
  788. }
  789. return 1;
  790. }
  791. int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
  792. size_t serverinfo_length)
  793. {
  794. return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo,
  795. serverinfo_length);
  796. }
  797. int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
  798. {
  799. unsigned char *serverinfo = NULL;
  800. unsigned char *tmp;
  801. size_t serverinfo_length = 0;
  802. unsigned char *extension = 0;
  803. long extension_length = 0;
  804. char *name = NULL;
  805. char *header = NULL;
  806. char namePrefix1[] = "SERVERINFO FOR ";
  807. char namePrefix2[] = "SERVERINFOV2 FOR ";
  808. int ret = 0;
  809. BIO *bin = NULL;
  810. size_t num_extensions = 0, contextoff = 0;
  811. if (ctx == NULL || file == NULL) {
  812. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER);
  813. goto end;
  814. }
  815. bin = BIO_new(BIO_s_file());
  816. if (bin == NULL) {
  817. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB);
  818. goto end;
  819. }
  820. if (BIO_read_filename(bin, file) <= 0) {
  821. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_SYS_LIB);
  822. goto end;
  823. }
  824. for (num_extensions = 0;; num_extensions++) {
  825. unsigned int version;
  826. if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
  827. == 0) {
  828. /*
  829. * There must be at least one extension in this file
  830. */
  831. if (num_extensions == 0) {
  832. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
  833. SSL_R_NO_PEM_EXTENSIONS);
  834. goto end;
  835. } else /* End of file, we're done */
  836. break;
  837. }
  838. /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
  839. if (strlen(name) < strlen(namePrefix1)) {
  840. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
  841. goto end;
  842. }
  843. if (strncmp(name, namePrefix1, strlen(namePrefix1)) == 0) {
  844. version = SSL_SERVERINFOV1;
  845. } else {
  846. if (strlen(name) < strlen(namePrefix2)) {
  847. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
  848. SSL_R_PEM_NAME_TOO_SHORT);
  849. goto end;
  850. }
  851. if (strncmp(name, namePrefix2, strlen(namePrefix2)) != 0) {
  852. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
  853. SSL_R_PEM_NAME_BAD_PREFIX);
  854. goto end;
  855. }
  856. version = SSL_SERVERINFOV2;
  857. }
  858. /*
  859. * Check that the decoded PEM data is plausible (valid length field)
  860. */
  861. if (version == SSL_SERVERINFOV1) {
  862. /* 4 byte header: 2 bytes type, 2 bytes len */
  863. if (extension_length < 4
  864. || (extension[2] << 8) + extension[3]
  865. != extension_length - 4) {
  866. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
  867. goto end;
  868. }
  869. /*
  870. * File does not have a context value so we must take account of
  871. * this later.
  872. */
  873. contextoff = 4;
  874. } else {
  875. /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
  876. if (extension_length < 8
  877. || (extension[6] << 8) + extension[7]
  878. != extension_length - 8) {
  879. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
  880. goto end;
  881. }
  882. }
  883. /* Append the decoded extension to the serverinfo buffer */
  884. tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length
  885. + contextoff);
  886. if (tmp == NULL) {
  887. SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
  888. goto end;
  889. }
  890. serverinfo = tmp;
  891. if (contextoff > 0) {
  892. unsigned char *sinfo = serverinfo + serverinfo_length;
  893. /* We know this only uses the last 2 bytes */
  894. sinfo[0] = 0;
  895. sinfo[1] = 0;
  896. sinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
  897. sinfo[3] = SYNTHV1CONTEXT & 0xff;
  898. }
  899. memcpy(serverinfo + serverinfo_length + contextoff,
  900. extension, extension_length);
  901. serverinfo_length += extension_length + contextoff;
  902. OPENSSL_free(name);
  903. name = NULL;
  904. OPENSSL_free(header);
  905. header = NULL;
  906. OPENSSL_free(extension);
  907. extension = NULL;
  908. }
  909. ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo,
  910. serverinfo_length);
  911. end:
  912. /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
  913. OPENSSL_free(name);
  914. OPENSSL_free(header);
  915. OPENSSL_free(extension);
  916. OPENSSL_free(serverinfo);
  917. BIO_free(bin);
  918. return ret;
  919. }
  920. static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
  921. STACK_OF(X509) *chain, int override)
  922. {
  923. int ret = 0;
  924. size_t i;
  925. int j;
  926. int rv;
  927. CERT *c = ssl != NULL ? ssl->cert : ctx->cert;
  928. STACK_OF(X509) *dup_chain = NULL;
  929. EVP_PKEY *pubkey = NULL;
  930. /* Do all security checks before anything else */
  931. rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
  932. if (rv != 1) {
  933. SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
  934. goto out;
  935. }
  936. for (j = 0; j < sk_X509_num(chain); j++) {
  937. rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0);
  938. if (rv != 1) {
  939. SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
  940. goto out;
  941. }
  942. }
  943. pubkey = X509_get_pubkey(x509); /* bumps reference */
  944. if (pubkey == NULL)
  945. goto out;
  946. if (privatekey == NULL) {
  947. privatekey = pubkey;
  948. } else {
  949. /* For RSA, which has no parameters, missing returns 0 */
  950. if (EVP_PKEY_missing_parameters(privatekey)) {
  951. if (EVP_PKEY_missing_parameters(pubkey)) {
  952. /* nobody has parameters? - error */
  953. SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_MISSING_PARAMETERS);
  954. goto out;
  955. } else {
  956. /* copy to privatekey from pubkey */
  957. EVP_PKEY_copy_parameters(privatekey, pubkey);
  958. }
  959. } else if (EVP_PKEY_missing_parameters(pubkey)) {
  960. /* copy to pubkey from privatekey */
  961. EVP_PKEY_copy_parameters(pubkey, privatekey);
  962. } /* else both have parameters */
  963. /* Copied from ssl_set_cert/pkey */
  964. #ifndef OPENSSL_NO_RSA
  965. if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) &&
  966. ((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) & RSA_METHOD_FLAG_NO_CHECK)))
  967. /* no-op */ ;
  968. else
  969. #endif
  970. /* check that key <-> cert match */
  971. if (EVP_PKEY_cmp(pubkey, privatekey) != 1) {
  972. SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH);
  973. goto out;
  974. }
  975. }
  976. if (ssl_cert_lookup_by_pkey(pubkey, &i) == NULL) {
  977. SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
  978. goto out;
  979. }
  980. if (!override && (c->pkeys[i].x509 != NULL
  981. || c->pkeys[i].privatekey != NULL
  982. || c->pkeys[i].chain != NULL)) {
  983. /* No override, and something already there */
  984. SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_NOT_REPLACING_CERTIFICATE);
  985. goto out;
  986. }
  987. if (chain != NULL) {
  988. dup_chain = X509_chain_up_ref(chain);
  989. if (dup_chain == NULL) {
  990. SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, ERR_R_MALLOC_FAILURE);
  991. goto out;
  992. }
  993. }
  994. sk_X509_pop_free(c->pkeys[i].chain, X509_free);
  995. c->pkeys[i].chain = dup_chain;
  996. X509_free(c->pkeys[i].x509);
  997. X509_up_ref(x509);
  998. c->pkeys[i].x509 = x509;
  999. EVP_PKEY_free(c->pkeys[i].privatekey);
  1000. EVP_PKEY_up_ref(privatekey);
  1001. c->pkeys[i].privatekey = privatekey;
  1002. c->key = &(c->pkeys[i]);
  1003. ret = 1;
  1004. out:
  1005. EVP_PKEY_free(pubkey);
  1006. return ret;
  1007. }
  1008. int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
  1009. STACK_OF(X509) *chain, int override)
  1010. {
  1011. return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override);
  1012. }
  1013. int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
  1014. STACK_OF(X509) *chain, int override)
  1015. {
  1016. return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override);
  1017. }