1 /*
2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "ssl_local.h"
12 #include "internal/packet.h"
13 #include "internal/ssl_unwrap.h"
14 #include <openssl/bio.h>
15 #include <openssl/objects.h>
16 #include <openssl/evp.h>
17 #include <openssl/x509.h>
18 #include <openssl/x509v3.h>
19 #include <openssl/pem.h>
20
21 static int ssl_set_cert(CERT *c, X509 *x509, SSL_CTX *ctx);
22 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey, SSL_CTX *ctx);
23
24 #define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
25 | SSL_EXT_CLIENT_HELLO \
26 | SSL_EXT_TLS1_2_SERVER_HELLO \
27 | SSL_EXT_IGNORE_ON_RESUMPTION)
28
29 #define NAME_PREFIX1 "SERVERINFO FOR "
30 #define NAME_PREFIX2 "SERVERINFOV2 FOR "
31
SSL_use_certificate(SSL * ssl,X509 * x)32 int SSL_use_certificate(SSL *ssl, X509 *x)
33 {
34 int rv;
35 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
36
37 if (sc == NULL)
38 return 0;
39
40 if (x == NULL) {
41 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
42 return 0;
43 }
44
45 rv = ssl_security_cert(sc, NULL, x, 0, 1);
46 if (rv != 1) {
47 ERR_raise(ERR_LIB_SSL, rv);
48 return 0;
49 }
50
51 return ssl_set_cert(sc->cert, x, SSL_CONNECTION_GET_CTX(sc));
52 }
53
SSL_use_certificate_file(SSL * ssl,const char * file,int type)54 int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
55 {
56 int j;
57 BIO *in = NULL;
58 int ret = 0;
59 X509 *cert = NULL, *x = NULL;
60
61 if (file == NULL) {
62 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
63 goto end;
64 }
65
66 in = BIO_new(BIO_s_file());
67 if (in == NULL) {
68 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
69 goto end;
70 }
71
72 if (BIO_read_filename(in, file) <= 0) {
73 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
74 goto end;
75 }
76
77 x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
78 if (x == NULL) {
79 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
80 goto end;
81 }
82 if (type == SSL_FILETYPE_ASN1) {
83 j = ERR_R_ASN1_LIB;
84 cert = d2i_X509_bio(in, &x);
85 } else if (type == SSL_FILETYPE_PEM) {
86 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
87
88 if (sc == NULL)
89 goto end;
90
91 j = ERR_R_PEM_LIB;
92 cert = PEM_read_bio_X509(in, &x, sc->default_passwd_callback,
93 sc->default_passwd_callback_userdata);
94 } else {
95 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
96 goto end;
97 }
98
99 if (cert == NULL) {
100 ERR_raise(ERR_LIB_SSL, j);
101 goto end;
102 }
103
104 ret = SSL_use_certificate(ssl, x);
105 end:
106 X509_free(x);
107 BIO_free(in);
108 return ret;
109 }
110
SSL_use_certificate_ASN1(SSL * ssl,const unsigned char * d,int len)111 int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
112 {
113 X509 *x;
114 int ret;
115
116 x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
117 if (x == NULL) {
118 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
119 return 0;
120 }
121
122 if (d2i_X509(&x, &d, (long)len) == NULL) {
123 X509_free(x);
124 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
125 return 0;
126 }
127
128 ret = SSL_use_certificate(ssl, x);
129 X509_free(x);
130 return ret;
131 }
132
ssl_set_pkey(CERT * c,EVP_PKEY * pkey,SSL_CTX * ctx)133 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey, SSL_CTX *ctx)
134 {
135 size_t i;
136
137 if (ssl_cert_lookup_by_pkey(pkey, &i, ctx) == NULL) {
138 ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
139 return 0;
140 }
141
142 if (c->pkeys[i].x509 != NULL
143 && !X509_check_private_key(c->pkeys[i].x509, pkey))
144 return 0;
145 if (!EVP_PKEY_up_ref(pkey))
146 return 0;
147
148 EVP_PKEY_free(c->pkeys[i].privatekey);
149 c->pkeys[i].privatekey = pkey;
150 c->key = &c->pkeys[i];
151 return 1;
152 }
153
SSL_use_PrivateKey(SSL * ssl,EVP_PKEY * pkey)154 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
155 {
156 int ret;
157 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
158
159 if (sc == NULL)
160 return 0;
161
162 if (pkey == NULL) {
163 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
164 return 0;
165 }
166 ret = ssl_set_pkey(sc->cert, pkey, SSL_CONNECTION_GET_CTX(sc));
167 return ret;
168 }
169
SSL_use_PrivateKey_file(SSL * ssl,const char * file,int type)170 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
171 {
172 int j, ret = 0;
173 BIO *in = NULL;
174 EVP_PKEY *pkey = NULL;
175
176 if (file == NULL) {
177 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
178 goto end;
179 }
180
181 in = BIO_new(BIO_s_file());
182 if (in == NULL) {
183 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
184 goto end;
185 }
186
187 if (BIO_read_filename(in, file) <= 0) {
188 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
189 goto end;
190 }
191 if (type == SSL_FILETYPE_PEM) {
192 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
193
194 if (sc == NULL)
195 goto end;
196
197 j = ERR_R_PEM_LIB;
198 pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
199 sc->default_passwd_callback,
200 sc->default_passwd_callback_userdata,
201 ssl->ctx->libctx,
202 ssl->ctx->propq);
203 } else if (type == SSL_FILETYPE_ASN1) {
204 j = ERR_R_ASN1_LIB;
205 pkey = d2i_PrivateKey_ex_bio(in, NULL, ssl->ctx->libctx,
206 ssl->ctx->propq);
207 } else {
208 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
209 goto end;
210 }
211 if (pkey == NULL) {
212 ERR_raise(ERR_LIB_SSL, j);
213 goto end;
214 }
215 ret = SSL_use_PrivateKey(ssl, pkey);
216 EVP_PKEY_free(pkey);
217 end:
218 BIO_free(in);
219 return ret;
220 }
221
SSL_use_PrivateKey_ASN1(int type,SSL * ssl,const unsigned char * d,long len)222 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
223 long len)
224 {
225 int ret;
226 const unsigned char *p;
227 EVP_PKEY *pkey;
228
229 p = d;
230 if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ssl->ctx->libctx,
231 ssl->ctx->propq))
232 == NULL) {
233 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
234 return 0;
235 }
236
237 ret = SSL_use_PrivateKey(ssl, pkey);
238 EVP_PKEY_free(pkey);
239 return ret;
240 }
241
SSL_CTX_use_certificate(SSL_CTX * ctx,X509 * x)242 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
243 {
244 int rv;
245 if (x == NULL) {
246 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
247 return 0;
248 }
249
250 rv = ssl_security_cert(NULL, ctx, x, 0, 1);
251 if (rv != 1) {
252 ERR_raise(ERR_LIB_SSL, rv);
253 return 0;
254 }
255 return ssl_set_cert(ctx->cert, x, ctx);
256 }
257
ssl_set_cert(CERT * c,X509 * x,SSL_CTX * ctx)258 static int ssl_set_cert(CERT *c, X509 *x, SSL_CTX *ctx)
259 {
260 EVP_PKEY *pkey;
261 size_t i;
262
263 pkey = X509_get0_pubkey(x);
264 if (pkey == NULL) {
265 ERR_raise(ERR_LIB_SSL, SSL_R_X509_LIB);
266 return 0;
267 }
268
269 if (ssl_cert_lookup_by_pkey(pkey, &i, ctx) == NULL) {
270 ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
271 return 0;
272 }
273
274 if (i == SSL_PKEY_ECC && !EVP_PKEY_can_sign(pkey)) {
275 ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
276 return 0;
277 }
278
279 if (c->pkeys[i].privatekey != NULL) {
280 /*
281 * The return code from EVP_PKEY_copy_parameters is deliberately
282 * ignored. Some EVP_PKEY types cannot do this.
283 * coverity[check_return]
284 */
285 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
286 ERR_clear_error();
287
288 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
289 /*
290 * don't fail for a cert/key mismatch, just free current private
291 * key (when switching to a different cert & key, first this
292 * function should be used, then ssl_set_pkey
293 */
294 EVP_PKEY_free(c->pkeys[i].privatekey);
295 c->pkeys[i].privatekey = NULL;
296 /* clear error queue */
297 ERR_clear_error();
298 }
299 }
300
301 if (!X509_up_ref(x))
302 return 0;
303
304 X509_free(c->pkeys[i].x509);
305 c->pkeys[i].x509 = x;
306 c->key = &(c->pkeys[i]);
307
308 return 1;
309 }
310
SSL_CTX_use_certificate_file(SSL_CTX * ctx,const char * file,int type)311 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
312 {
313 int j = SSL_R_BAD_VALUE;
314 BIO *in = NULL;
315 int ret = 0;
316 X509 *x = NULL, *cert = NULL;
317
318 if (file == NULL) {
319 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
320 goto end;
321 }
322
323 in = BIO_new(BIO_s_file());
324 if (in == NULL) {
325 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
326 goto end;
327 }
328
329 if (BIO_read_filename(in, file) <= 0) {
330 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
331 goto end;
332 }
333
334 x = X509_new_ex(ctx->libctx, ctx->propq);
335 if (x == NULL) {
336 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
337 goto end;
338 }
339 if (type == SSL_FILETYPE_ASN1) {
340 j = ERR_R_ASN1_LIB;
341 cert = d2i_X509_bio(in, &x);
342 } else if (type == SSL_FILETYPE_PEM) {
343 j = ERR_R_PEM_LIB;
344 cert = PEM_read_bio_X509(in, &x, ctx->default_passwd_callback,
345 ctx->default_passwd_callback_userdata);
346 } else {
347 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
348 goto end;
349 }
350 if (cert == NULL) {
351 ERR_raise(ERR_LIB_SSL, j);
352 goto end;
353 }
354
355 ret = SSL_CTX_use_certificate(ctx, x);
356 end:
357 X509_free(x);
358 BIO_free(in);
359 return ret;
360 }
361
SSL_CTX_use_certificate_ASN1(SSL_CTX * ctx,int len,const unsigned char * d)362 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
363 {
364 X509 *x;
365 int ret;
366
367 x = X509_new_ex(ctx->libctx, ctx->propq);
368 if (x == NULL) {
369 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
370 return 0;
371 }
372
373 if (d2i_X509(&x, &d, (long)len) == NULL) {
374 X509_free(x);
375 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
376 return 0;
377 }
378
379 ret = SSL_CTX_use_certificate(ctx, x);
380 X509_free(x);
381 return ret;
382 }
383
SSL_CTX_use_PrivateKey(SSL_CTX * ctx,EVP_PKEY * pkey)384 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
385 {
386 if (pkey == NULL) {
387 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
388 return 0;
389 }
390 return ssl_set_pkey(ctx->cert, pkey, ctx);
391 }
392
SSL_CTX_use_PrivateKey_file(SSL_CTX * ctx,const char * file,int type)393 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
394 {
395 int j, ret = 0;
396 BIO *in = NULL;
397 EVP_PKEY *pkey = NULL;
398
399 if (file == NULL) {
400 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
401 goto end;
402 }
403
404 in = BIO_new(BIO_s_file());
405 if (in == NULL) {
406 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
407 goto end;
408 }
409
410 if (BIO_read_filename(in, file) <= 0) {
411 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
412 goto end;
413 }
414 if (type == SSL_FILETYPE_PEM) {
415 j = ERR_R_PEM_LIB;
416 pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
417 ctx->default_passwd_callback,
418 ctx->default_passwd_callback_userdata,
419 ctx->libctx, ctx->propq);
420 } else if (type == SSL_FILETYPE_ASN1) {
421 j = ERR_R_ASN1_LIB;
422 pkey = d2i_PrivateKey_ex_bio(in, NULL, ctx->libctx, ctx->propq);
423 } else {
424 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
425 goto end;
426 }
427 if (pkey == NULL) {
428 ERR_raise(ERR_LIB_SSL, j);
429 goto end;
430 }
431 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
432 EVP_PKEY_free(pkey);
433 end:
434 BIO_free(in);
435 return ret;
436 }
437
SSL_CTX_use_PrivateKey_ASN1(int type,SSL_CTX * ctx,const unsigned char * d,long len)438 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
439 const unsigned char *d, long len)
440 {
441 int ret;
442 const unsigned char *p;
443 EVP_PKEY *pkey;
444
445 p = d;
446 if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ctx->libctx,
447 ctx->propq))
448 == NULL) {
449 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
450 return 0;
451 }
452
453 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
454 EVP_PKEY_free(pkey);
455 return ret;
456 }
457
458 /*
459 * Read a file that contains our certificate in "PEM" format, possibly
460 * followed by a sequence of CA certificates that should be sent to the peer
461 * in the Certificate message.
462 */
use_certificate_chain_file(SSL_CTX * ctx,SSL * ssl,const char * file)463 static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
464 {
465 BIO *in = NULL;
466 int ret = 0;
467 X509 *x = NULL;
468 pem_password_cb *passwd_callback;
469 void *passwd_callback_userdata;
470 SSL_CTX *real_ctx = (ssl == NULL) ? ctx : ssl->ctx;
471
472 if (ctx == NULL && ssl == NULL)
473 return 0;
474
475 ERR_clear_error(); /* clear error stack for
476 * SSL_CTX_use_certificate() */
477
478 if (ctx != NULL) {
479 passwd_callback = ctx->default_passwd_callback;
480 passwd_callback_userdata = ctx->default_passwd_callback_userdata;
481 } else {
482 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
483
484 if (sc == NULL)
485 return 0;
486
487 passwd_callback = sc->default_passwd_callback;
488 passwd_callback_userdata = sc->default_passwd_callback_userdata;
489 }
490
491 if (file == NULL) {
492 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
493 goto end;
494 }
495
496 in = BIO_new(BIO_s_file());
497 if (in == NULL) {
498 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
499 goto end;
500 }
501
502 if (BIO_read_filename(in, file) <= 0) {
503 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
504 goto end;
505 }
506
507 x = X509_new_ex(real_ctx->libctx, real_ctx->propq);
508 if (x == NULL) {
509 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
510 goto end;
511 }
512 if (PEM_read_bio_X509_AUX(in, &x, passwd_callback,
513 passwd_callback_userdata)
514 == NULL) {
515 ERR_raise(ERR_LIB_SSL, ERR_R_PEM_LIB);
516 goto end;
517 }
518
519 if (ctx)
520 ret = SSL_CTX_use_certificate(ctx, x);
521 else
522 ret = SSL_use_certificate(ssl, x);
523
524 if (ERR_peek_error() != 0)
525 ret = 0; /* Key/certificate mismatch doesn't imply
526 * ret==0 ... */
527 if (ret) {
528 /*
529 * If we could set up our certificate, now proceed to the CA
530 * certificates.
531 */
532 X509 *ca;
533 int r;
534 unsigned long err;
535
536 if (ctx)
537 r = SSL_CTX_clear_chain_certs(ctx);
538 else
539 r = SSL_clear_chain_certs(ssl);
540
541 if (r == 0) {
542 ret = 0;
543 goto end;
544 }
545
546 while (1) {
547 ca = X509_new_ex(real_ctx->libctx, real_ctx->propq);
548 if (ca == NULL) {
549 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
550 goto end;
551 }
552 if (PEM_read_bio_X509(in, &ca, passwd_callback,
553 passwd_callback_userdata)
554 != NULL) {
555 if (ctx)
556 r = SSL_CTX_add0_chain_cert(ctx, ca);
557 else
558 r = SSL_add0_chain_cert(ssl, ca);
559 /*
560 * Note that we must not free ca if it was successfully added to
561 * the chain (while we must free the main certificate, since its
562 * reference count is increased by SSL_CTX_use_certificate).
563 */
564 if (!r) {
565 X509_free(ca);
566 ret = 0;
567 goto end;
568 }
569 } else {
570 X509_free(ca);
571 break;
572 }
573 }
574 /* When the while loop ends, it's usually just EOF. */
575 err = ERR_peek_last_error();
576 if (ERR_GET_LIB(err) == ERR_LIB_PEM
577 && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
578 ERR_clear_error();
579 else
580 ret = 0; /* some real error */
581 }
582
583 end:
584 X509_free(x);
585 BIO_free(in);
586 return ret;
587 }
588
SSL_CTX_use_certificate_chain_file(SSL_CTX * ctx,const char * file)589 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
590 {
591 return use_certificate_chain_file(ctx, NULL, file);
592 }
593
SSL_use_certificate_chain_file(SSL * ssl,const char * file)594 int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
595 {
596 return use_certificate_chain_file(NULL, ssl, file);
597 }
598
serverinfo_find_extension(const unsigned char * serverinfo,size_t serverinfo_length,unsigned int extension_type,const unsigned char ** extension_data,size_t * extension_length)599 static int serverinfo_find_extension(const unsigned char *serverinfo,
600 size_t serverinfo_length,
601 unsigned int extension_type,
602 const unsigned char **extension_data,
603 size_t *extension_length)
604 {
605 PACKET pkt, data;
606
607 *extension_data = NULL;
608 *extension_length = 0;
609 if (serverinfo == NULL || serverinfo_length == 0)
610 return -1;
611
612 if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
613 return -1;
614
615 for (;;) {
616 unsigned int type = 0;
617 unsigned long context = 0;
618
619 /* end of serverinfo */
620 if (PACKET_remaining(&pkt) == 0)
621 return 0; /* Extension not found */
622
623 if (!PACKET_get_net_4(&pkt, &context)
624 || !PACKET_get_net_2(&pkt, &type)
625 || !PACKET_get_length_prefixed_2(&pkt, &data))
626 return -1;
627
628 if (type == extension_type) {
629 *extension_data = PACKET_data(&data);
630 *extension_length = PACKET_remaining(&data);
631 return 1; /* Success */
632 }
633 }
634 /* Unreachable */
635 }
636
serverinfoex_srv_parse_cb(SSL * s,unsigned int ext_type,unsigned int context,const unsigned char * in,size_t inlen,X509 * x,size_t chainidx,int * al,void * arg)637 static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
638 unsigned int context,
639 const unsigned char *in,
640 size_t inlen, X509 *x, size_t chainidx,
641 int *al, void *arg)
642 {
643
644 if (inlen != 0) {
645 *al = SSL_AD_DECODE_ERROR;
646 return 0;
647 }
648
649 return 1;
650 }
651
serverinfo_srv_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)652 static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
653 const unsigned char *in,
654 size_t inlen, int *al, void *arg)
655 {
656 return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al,
657 arg);
658 }
659
serverinfoex_srv_add_cb(SSL * s,unsigned int ext_type,unsigned int context,const unsigned char ** out,size_t * outlen,X509 * x,size_t chainidx,int * al,void * arg)660 static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
661 unsigned int context,
662 const unsigned char **out,
663 size_t *outlen, X509 *x, size_t chainidx,
664 int *al, void *arg)
665 {
666 const unsigned char *serverinfo = NULL;
667 size_t serverinfo_length = 0;
668 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
669
670 if (sc == NULL) {
671 *al = SSL_AD_INTERNAL_ERROR;
672 return -1;
673 }
674
675 /* We only support extensions for the first Certificate */
676 if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
677 return 0;
678
679 /* Is there serverinfo data for the chosen server cert? */
680 if ((ssl_get_server_cert_serverinfo(sc, &serverinfo,
681 &serverinfo_length))
682 != 0) {
683 /* Find the relevant extension from the serverinfo */
684 int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
685 ext_type, out, outlen);
686 if (retval == -1) {
687 *al = SSL_AD_INTERNAL_ERROR;
688 return -1; /* Error */
689 }
690 if (retval == 0)
691 return 0; /* No extension found, don't send extension */
692 return 1; /* Send extension */
693 }
694 return 0; /* No serverinfo data found, don't send
695 * extension */
696 }
697
serverinfo_srv_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)698 static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
699 const unsigned char **out, size_t *outlen,
700 int *al, void *arg)
701 {
702 return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al,
703 arg);
704 }
705
706 /*
707 * With a NULL context, this function just checks that the serverinfo data
708 * parses correctly. With a non-NULL context, it registers callbacks for
709 * the included extensions.
710 */
serverinfo_process_buffer(unsigned int version,const unsigned char * serverinfo,size_t serverinfo_length,SSL_CTX * ctx)711 static int serverinfo_process_buffer(unsigned int version,
712 const unsigned char *serverinfo,
713 size_t serverinfo_length, SSL_CTX *ctx)
714 {
715 PACKET pkt;
716
717 if (serverinfo == NULL || serverinfo_length == 0)
718 return 0;
719
720 if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2)
721 return 0;
722
723 if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
724 return 0;
725
726 while (PACKET_remaining(&pkt)) {
727 unsigned long context = 0;
728 unsigned int ext_type = 0;
729 PACKET data;
730
731 if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context))
732 || !PACKET_get_net_2(&pkt, &ext_type)
733 || !PACKET_get_length_prefixed_2(&pkt, &data))
734 return 0;
735
736 if (ctx == NULL)
737 continue;
738
739 /*
740 * The old style custom extensions API could be set separately for
741 * server/client, i.e. you could set one custom extension for a client,
742 * and *for the same extension in the same SSL_CTX* you could set a
743 * custom extension for the server as well. It seems quite weird to be
744 * setting a custom extension for both client and server in a single
745 * SSL_CTX - but theoretically possible. This isn't possible in the
746 * new API. Therefore, if we have V1 serverinfo we use the old API. We
747 * also use the old API even if we have V2 serverinfo but the context
748 * looks like an old style <= TLSv1.2 extension.
749 */
750 if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) {
751 if (!SSL_CTX_add_server_custom_ext(ctx, ext_type,
752 serverinfo_srv_add_cb,
753 NULL, NULL,
754 serverinfo_srv_parse_cb,
755 NULL))
756 return 0;
757 } else {
758 if (!SSL_CTX_add_custom_ext(ctx, ext_type, context,
759 serverinfoex_srv_add_cb,
760 NULL, NULL,
761 serverinfoex_srv_parse_cb,
762 NULL))
763 return 0;
764 }
765 }
766
767 return 1;
768 }
769
extension_contextoff(unsigned int version)770 static size_t extension_contextoff(unsigned int version)
771 {
772 return version == SSL_SERVERINFOV1 ? 4 : 0;
773 }
774
extension_append_length(unsigned int version,size_t extension_length)775 static size_t extension_append_length(unsigned int version, size_t extension_length)
776 {
777 return extension_length + extension_contextoff(version);
778 }
779
extension_append(unsigned int version,const unsigned char * extension,const size_t extension_length,unsigned char * serverinfo)780 static void extension_append(unsigned int version,
781 const unsigned char *extension,
782 const size_t extension_length,
783 unsigned char *serverinfo)
784 {
785 const size_t contextoff = extension_contextoff(version);
786
787 if (contextoff > 0) {
788 /* We know this only uses the last 2 bytes */
789 serverinfo[0] = 0;
790 serverinfo[1] = 0;
791 serverinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
792 serverinfo[3] = SYNTHV1CONTEXT & 0xff;
793 }
794
795 memcpy(serverinfo + contextoff, extension, extension_length);
796 }
797
SSL_CTX_use_serverinfo_ex(SSL_CTX * ctx,unsigned int version,const unsigned char * serverinfo,size_t serverinfo_length)798 int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
799 const unsigned char *serverinfo,
800 size_t serverinfo_length)
801 {
802 unsigned char *new_serverinfo = NULL;
803
804 if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
805 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
806 return 0;
807 }
808 if (version == SSL_SERVERINFOV1) {
809 /*
810 * Convert serverinfo version v1 to v2 and call yourself recursively
811 * over the converted serverinfo.
812 */
813 const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1,
814 serverinfo_length);
815 unsigned char *sinfo;
816 int ret;
817
818 sinfo = OPENSSL_malloc(sinfo_length);
819 if (sinfo == NULL)
820 return 0;
821
822 extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo);
823
824 ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo,
825 sinfo_length);
826
827 OPENSSL_free(sinfo);
828 return ret;
829 }
830 if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
831 NULL)) {
832 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
833 return 0;
834 }
835 if (ctx->cert->key == NULL) {
836 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
837 return 0;
838 }
839 new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
840 serverinfo_length);
841 if (new_serverinfo == NULL)
842 return 0;
843 ctx->cert->key->serverinfo = new_serverinfo;
844 memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
845 ctx->cert->key->serverinfo_length = serverinfo_length;
846
847 /*
848 * Now that the serverinfo is validated and stored, go ahead and
849 * register callbacks.
850 */
851 if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
852 ctx)) {
853 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
854 return 0;
855 }
856 return 1;
857 }
858
SSL_CTX_use_serverinfo(SSL_CTX * ctx,const unsigned char * serverinfo,size_t serverinfo_length)859 int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
860 size_t serverinfo_length)
861 {
862 return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo,
863 serverinfo_length);
864 }
865
SSL_CTX_use_serverinfo_file(SSL_CTX * ctx,const char * file)866 int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
867 {
868 unsigned char *serverinfo = NULL;
869 unsigned char *tmp;
870 size_t serverinfo_length = 0;
871 unsigned char *extension = 0;
872 long extension_length = 0;
873 char *name = NULL;
874 char *header = NULL;
875 unsigned int name_len;
876 int ret = 0;
877 BIO *bin = NULL;
878 size_t num_extensions = 0;
879
880 if (ctx == NULL || file == NULL) {
881 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
882 goto end;
883 }
884
885 bin = BIO_new(BIO_s_file());
886 if (bin == NULL) {
887 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
888 goto end;
889 }
890 if (BIO_read_filename(bin, file) <= 0) {
891 ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
892 goto end;
893 }
894
895 for (num_extensions = 0;; num_extensions++) {
896 unsigned int version;
897 size_t append_length;
898
899 if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
900 == 0) {
901 /*
902 * There must be at least one extension in this file
903 */
904 if (num_extensions == 0) {
905 ERR_raise(ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS);
906 goto end;
907 } else /* End of file, we're done */
908 break;
909 }
910 /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
911 name_len = strlen(name);
912 if (name_len < sizeof(NAME_PREFIX1) - 1) {
913 ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
914 goto end;
915 }
916 if (HAS_PREFIX(name, NAME_PREFIX1)) {
917 version = SSL_SERVERINFOV1;
918 } else {
919 if (name_len < sizeof(NAME_PREFIX2) - 1) {
920 ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
921 goto end;
922 }
923 if (!HAS_PREFIX(name, NAME_PREFIX2)) {
924 ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX);
925 goto end;
926 }
927 version = SSL_SERVERINFOV2;
928 }
929 /*
930 * Check that the decoded PEM data is plausible (valid length field)
931 */
932 if (version == SSL_SERVERINFOV1) {
933 /* 4 byte header: 2 bytes type, 2 bytes len */
934 if (extension_length < 4
935 || (extension[2] << 8) + extension[3]
936 != extension_length - 4) {
937 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
938 goto end;
939 }
940 } else {
941 /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
942 if (extension_length < 8
943 || (extension[6] << 8) + extension[7]
944 != extension_length - 8) {
945 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
946 goto end;
947 }
948 }
949 /* Append the decoded extension to the serverinfo buffer */
950 append_length = extension_append_length(version, extension_length);
951 tmp = OPENSSL_realloc(serverinfo, serverinfo_length + append_length);
952 if (tmp == NULL)
953 goto end;
954 serverinfo = tmp;
955 extension_append(version, extension, extension_length,
956 serverinfo + serverinfo_length);
957 serverinfo_length += append_length;
958
959 OPENSSL_free(name);
960 name = NULL;
961 OPENSSL_free(header);
962 header = NULL;
963 OPENSSL_free(extension);
964 extension = NULL;
965 }
966
967 ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo,
968 serverinfo_length);
969 end:
970 /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
971 OPENSSL_free(name);
972 OPENSSL_free(header);
973 OPENSSL_free(extension);
974 OPENSSL_free(serverinfo);
975 BIO_free(bin);
976 return ret;
977 }
978
ssl_set_cert_and_key(SSL * ssl,SSL_CTX * ctx,X509 * x509,EVP_PKEY * privatekey,STACK_OF (X509)* chain,int override)979 static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
980 STACK_OF(X509) *chain, int override)
981 {
982 int ret = 0;
983 size_t i;
984 int j;
985 int rv;
986 CERT *c;
987 STACK_OF(X509) *dup_chain = NULL;
988 EVP_PKEY *pubkey = NULL;
989 SSL_CONNECTION *sc = NULL;
990
991 if (ctx == NULL && (sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL)
992 return 0;
993
994 c = sc != NULL ? sc->cert : ctx->cert;
995 /* Do all security checks before anything else */
996 rv = ssl_security_cert(sc, ctx, x509, 0, 1);
997 if (rv != 1) {
998 ERR_raise(ERR_LIB_SSL, rv);
999 goto out;
1000 }
1001 for (j = 0; j < sk_X509_num(chain); j++) {
1002 rv = ssl_security_cert(sc, ctx, sk_X509_value(chain, j), 0, 0);
1003 if (rv != 1) {
1004 ERR_raise(ERR_LIB_SSL, rv);
1005 goto out;
1006 }
1007 }
1008
1009 pubkey = X509_get_pubkey(x509); /* bumps reference */
1010 if (pubkey == NULL)
1011 goto out;
1012 if (privatekey == NULL) {
1013 privatekey = pubkey;
1014 } else {
1015 /* For RSA, which has no parameters, missing returns 0 */
1016 if (EVP_PKEY_missing_parameters(privatekey)) {
1017 if (EVP_PKEY_missing_parameters(pubkey)) {
1018 /* nobody has parameters? - error */
1019 ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
1020 goto out;
1021 } else {
1022 /* copy to privatekey from pubkey */
1023 if (!EVP_PKEY_copy_parameters(privatekey, pubkey)) {
1024 ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
1025 goto out;
1026 }
1027 }
1028 } else if (EVP_PKEY_missing_parameters(pubkey)) {
1029 /* copy to pubkey from privatekey */
1030 if (!EVP_PKEY_copy_parameters(pubkey, privatekey)) {
1031 ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
1032 goto out;
1033 }
1034 } /* else both have parameters */
1035
1036 /* check that key <-> cert match */
1037 if (EVP_PKEY_eq(pubkey, privatekey) != 1) {
1038 ERR_raise(ERR_LIB_SSL, SSL_R_PRIVATE_KEY_MISMATCH);
1039 goto out;
1040 }
1041 }
1042 if (ssl_cert_lookup_by_pkey(pubkey, &i, ctx) == NULL) {
1043 ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1044 goto out;
1045 }
1046
1047 if (!override && (c->pkeys[i].x509 != NULL || c->pkeys[i].privatekey != NULL || c->pkeys[i].chain != NULL)) {
1048 /* No override, and something already there */
1049 ERR_raise(ERR_LIB_SSL, SSL_R_NOT_REPLACING_CERTIFICATE);
1050 goto out;
1051 }
1052
1053 if (chain != NULL) {
1054 dup_chain = X509_chain_up_ref(chain);
1055 if (dup_chain == NULL) {
1056 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1057 goto out;
1058 }
1059 }
1060
1061 if (!X509_up_ref(x509)) {
1062 OSSL_STACK_OF_X509_free(dup_chain);
1063 goto out;
1064 }
1065
1066 if (!EVP_PKEY_up_ref(privatekey)) {
1067 OSSL_STACK_OF_X509_free(dup_chain);
1068 X509_free(x509);
1069 goto out;
1070 }
1071
1072 OSSL_STACK_OF_X509_free(c->pkeys[i].chain);
1073 c->pkeys[i].chain = dup_chain;
1074
1075 X509_free(c->pkeys[i].x509);
1076 c->pkeys[i].x509 = x509;
1077
1078 EVP_PKEY_free(c->pkeys[i].privatekey);
1079 c->pkeys[i].privatekey = privatekey;
1080
1081 c->key = &(c->pkeys[i]);
1082
1083 ret = 1;
1084 out:
1085 EVP_PKEY_free(pubkey);
1086 return ret;
1087 }
1088
SSL_use_cert_and_key(SSL * ssl,X509 * x509,EVP_PKEY * privatekey,STACK_OF (X509)* chain,int override)1089 int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
1090 STACK_OF(X509) *chain, int override)
1091 {
1092 return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override);
1093 }
1094
SSL_CTX_use_cert_and_key(SSL_CTX * ctx,X509 * x509,EVP_PKEY * privatekey,STACK_OF (X509)* chain,int override)1095 int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
1096 STACK_OF(X509) *chain, int override)
1097 {
1098 return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override);
1099 }
1100