1/*
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include "ssl_local.h"
12#include "internal/packet.h"
13#include <openssl/bio.h>
14#include <openssl/objects.h>
15#include <openssl/evp.h>
16#include <openssl/x509.h>
17#include <openssl/pem.h>
18
19static int ssl_set_cert(CERT *c, X509 *x509);
20static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
21
22#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
23 | SSL_EXT_CLIENT_HELLO \
24 | SSL_EXT_TLS1_2_SERVER_HELLO \
25 | SSL_EXT_IGNORE_ON_RESUMPTION)
26
27int SSL_use_certificate(SSL *ssl, X509 *x)
28{
29 int rv;
30 if (x == NULL) {
31 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
32 return 0;
33 }
34 rv = ssl_security_cert(ssl, NULL, x, 0, 1);
35 if (rv != 1) {
36 SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv);
37 return 0;
38 }
39
40 return ssl_set_cert(ssl->cert, x);
41}
42
43int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
44{
45 int j;
46 BIO *in;
47 int ret = 0;
48 X509 *x = NULL;
49
50 in = BIO_new(BIO_s_file());
51 if (in == NULL) {
52 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
53 goto end;
54 }
55
56 if (BIO_read_filename(in, file) <= 0) {
57 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
58 goto end;
59 }
60 if (type == SSL_FILETYPE_ASN1) {
61 j = ERR_R_ASN1_LIB;
62 x = d2i_X509_bio(in, NULL);
63 } else if (type == SSL_FILETYPE_PEM) {
64 j = ERR_R_PEM_LIB;
65 x = PEM_read_bio_X509(in, NULL, ssl->default_passwd_callback,
66 ssl->default_passwd_callback_userdata);
67 } else {
68 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
69 goto end;
70 }
71
72 if (x == NULL) {
73 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
74 goto end;
75 }
76
77 ret = SSL_use_certificate(ssl, x);
78 end:
79 X509_free(x);
80 BIO_free(in);
81 return ret;
82}
83
84int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
85{
86 X509 *x;
87 int ret;
88
89 x = d2i_X509(NULL, &d, (long)len);
90 if (x == NULL) {
91 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
92 return 0;
93 }
94
95 ret = SSL_use_certificate(ssl, x);
96 X509_free(x);
97 return ret;
98}
99
100#ifndef OPENSSL_NO_RSA
101int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
102{
103 EVP_PKEY *pkey;
104 int ret;
105
106 if (rsa == NULL) {
107 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
108 return 0;
109 }
110 if ((pkey = EVP_PKEY_new()) == NULL) {
111 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
112 return 0;
113 }
114
115 RSA_up_ref(rsa);
116 if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
117 RSA_free(rsa);
118 EVP_PKEY_free(pkey);
119 return 0;
120 }
121
122 ret = ssl_set_pkey(ssl->cert, pkey);
123 EVP_PKEY_free(pkey);
124 return ret;
125}
126#endif
127
128static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
129{
130 size_t i;
131
132 if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
133 SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
134 return 0;
135 }
136
137 if (c->pkeys[i].x509 != NULL) {
138 EVP_PKEY *pktmp;
139 pktmp = X509_get0_pubkey(c->pkeys[i].x509);
140 if (pktmp == NULL) {
141 SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);
142 return 0;
143 }
144 /*
145 * The return code from EVP_PKEY_copy_parameters is deliberately
146 * ignored. Some EVP_PKEY types cannot do this.
147 */
148 EVP_PKEY_copy_parameters(pktmp, pkey);
149 ERR_clear_error();
150
151#ifndef OPENSSL_NO_RSA
152 /*
153 * Don't check the public/private key, this is mostly for smart
154 * cards.
155 */
156 if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
157 && RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
158 else
159#endif
160 if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
161 X509_free(c->pkeys[i].x509);
162 c->pkeys[i].x509 = NULL;
163 return 0;
164 }
165 }
166
167 EVP_PKEY_free(c->pkeys[i].privatekey);
168 EVP_PKEY_up_ref(pkey);
169 c->pkeys[i].privatekey = pkey;
170 c->key = &c->pkeys[i];
171 return 1;
172}
173
174#ifndef OPENSSL_NO_RSA
175int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
176{
177 int j, ret = 0;
178 BIO *in;
179 RSA *rsa = NULL;
180
181 in = BIO_new(BIO_s_file());
182 if (in == NULL) {
183 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
184 goto end;
185 }
186
187 if (BIO_read_filename(in, file) <= 0) {
188 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
189 goto end;
190 }
191 if (type == SSL_FILETYPE_ASN1) {
192 j = ERR_R_ASN1_LIB;
193 rsa = d2i_RSAPrivateKey_bio(in, NULL);
194 } else if (type == SSL_FILETYPE_PEM) {
195 j = ERR_R_PEM_LIB;
196 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
197 ssl->default_passwd_callback,
198 ssl->default_passwd_callback_userdata);
199 } else {
200 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
201 goto end;
202 }
203 if (rsa == NULL) {
204 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
205 goto end;
206 }
207 ret = SSL_use_RSAPrivateKey(ssl, rsa);
208 RSA_free(rsa);
209 end:
210 BIO_free(in);
211 return ret;
212}
213
214int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
215{
216 int ret;
217 const unsigned char *p;
218 RSA *rsa;
219
220 p = d;
221 if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
222 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
223 return 0;
224 }
225
226 ret = SSL_use_RSAPrivateKey(ssl, rsa);
227 RSA_free(rsa);
228 return ret;
229}
230#endif /* !OPENSSL_NO_RSA */
231
232int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
233{
234 int ret;
235
236 if (pkey == NULL) {
237 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
238 return 0;
239 }
240 ret = ssl_set_pkey(ssl->cert, pkey);
241 return ret;
242}
243
244int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
245{
246 int j, ret = 0;
247 BIO *in;
248 EVP_PKEY *pkey = NULL;
249
250 in = BIO_new(BIO_s_file());
251 if (in == NULL) {
252 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
253 goto end;
254 }
255
256 if (BIO_read_filename(in, file) <= 0) {
257 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
258 goto end;
259 }
260 if (type == SSL_FILETYPE_PEM) {
261 j = ERR_R_PEM_LIB;
262 pkey = PEM_read_bio_PrivateKey(in, NULL,
263 ssl->default_passwd_callback,
264 ssl->default_passwd_callback_userdata);
265 } else if (type == SSL_FILETYPE_ASN1) {
266 j = ERR_R_ASN1_LIB;
267 pkey = d2i_PrivateKey_bio(in, NULL);
268 } else {
269 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
270 goto end;
271 }
272 if (pkey == NULL) {
273 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
274 goto end;
275 }
276 ret = SSL_use_PrivateKey(ssl, pkey);
277 EVP_PKEY_free(pkey);
278 end:
279 BIO_free(in);
280 return ret;
281}
282
283int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
284 long len)
285{
286 int ret;
287 const unsigned char *p;
288 EVP_PKEY *pkey;
289
290 p = d;
291 if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
292 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
293 return 0;
294 }
295
296 ret = SSL_use_PrivateKey(ssl, pkey);
297 EVP_PKEY_free(pkey);
298 return ret;
299}
300
301int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
302{
303 int rv;
304 if (x == NULL) {
305 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
306 return 0;
307 }
308 rv = ssl_security_cert(NULL, ctx, x, 0, 1);
309 if (rv != 1) {
310 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
311 return 0;
312 }
313 return ssl_set_cert(ctx->cert, x);
314}
315
316static int ssl_set_cert(CERT *c, X509 *x)
317{
318 EVP_PKEY *pkey;
319 size_t i;
320
321 pkey = X509_get0_pubkey(x);
322 if (pkey == NULL) {
323 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
324 return 0;
325 }
326
327 if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
328 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
329 return 0;
330 }
331#ifndef OPENSSL_NO_EC
332 if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
333 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
334 return 0;
335 }
336#endif
337 if (c->pkeys[i].privatekey != NULL) {
338 /*
339 * The return code from EVP_PKEY_copy_parameters is deliberately
340 * ignored. Some EVP_PKEY types cannot do this.
341 */
342 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
343 ERR_clear_error();
344
345#ifndef OPENSSL_NO_RSA
346 /*
347 * Don't check the public/private key, this is mostly for smart
348 * cards.
349 */
350 if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA
351 && RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &
352 RSA_METHOD_FLAG_NO_CHECK) ;
353 else
354#endif /* OPENSSL_NO_RSA */
355 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
356 /*
357 * don't fail for a cert/key mismatch, just free current private
358 * key (when switching to a different cert & key, first this
359 * function should be used, then ssl_set_pkey
360 */
361 EVP_PKEY_free(c->pkeys[i].privatekey);
362 c->pkeys[i].privatekey = NULL;
363 /* clear error queue */
364 ERR_clear_error();
365 }
366 }
367
368 X509_free(c->pkeys[i].x509);
369 X509_up_ref(x);
370 c->pkeys[i].x509 = x;
371 c->key = &(c->pkeys[i]);
372
373 return 1;
374}
375
376int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
377{
378 int j;
379 BIO *in;
380 int ret = 0;
381 X509 *x = NULL;
382
383 in = BIO_new(BIO_s_file());
384 if (in == NULL) {
385 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
386 goto end;
387 }
388
389 if (BIO_read_filename(in, file) <= 0) {
390 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
391 goto end;
392 }
393 if (type == SSL_FILETYPE_ASN1) {
394 j = ERR_R_ASN1_LIB;
395 x = d2i_X509_bio(in, NULL);
396 } else if (type == SSL_FILETYPE_PEM) {
397 j = ERR_R_PEM_LIB;
398 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
399 ctx->default_passwd_callback_userdata);
400 } else {
401 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
402 goto end;
403 }
404
405 if (x == NULL) {
406 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
407 goto end;
408 }
409
410 ret = SSL_CTX_use_certificate(ctx, x);
411 end:
412 X509_free(x);
413 BIO_free(in);
414 return ret;
415}
416
417int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
418{
419 X509 *x;
420 int ret;
421
422 x = d2i_X509(NULL, &d, (long)len);
423 if (x == NULL) {
424 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
425 return 0;
426 }
427
428 ret = SSL_CTX_use_certificate(ctx, x);
429 X509_free(x);
430 return ret;
431}
432
433#ifndef OPENSSL_NO_RSA
434int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
435{
436 int ret;
437 EVP_PKEY *pkey;
438
439 if (rsa == NULL) {
440 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
441 return 0;
442 }
443 if ((pkey = EVP_PKEY_new()) == NULL) {
444 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
445 return 0;
446 }
447
448 RSA_up_ref(rsa);
449 if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
450 RSA_free(rsa);
451 EVP_PKEY_free(pkey);
452 return 0;
453 }
454
455 ret = ssl_set_pkey(ctx->cert, pkey);
456 EVP_PKEY_free(pkey);
457 return ret;
458}
459
460int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
461{
462 int j, ret = 0;
463 BIO *in;
464 RSA *rsa = NULL;
465
466 in = BIO_new(BIO_s_file());
467 if (in == NULL) {
468 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
469 goto end;
470 }
471
472 if (BIO_read_filename(in, file) <= 0) {
473 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
474 goto end;
475 }
476 if (type == SSL_FILETYPE_ASN1) {
477 j = ERR_R_ASN1_LIB;
478 rsa = d2i_RSAPrivateKey_bio(in, NULL);
479 } else if (type == SSL_FILETYPE_PEM) {
480 j = ERR_R_PEM_LIB;
481 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
482 ctx->default_passwd_callback,
483 ctx->default_passwd_callback_userdata);
484 } else {
485 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
486 goto end;
487 }
488 if (rsa == NULL) {
489 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
490 goto end;
491 }
492 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
493 RSA_free(rsa);
494 end:
495 BIO_free(in);
496 return ret;
497}
498
499int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
500 long len)
501{
502 int ret;
503 const unsigned char *p;
504 RSA *rsa;
505
506 p = d;
507 if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
508 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
509 return 0;
510 }
511
512 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
513 RSA_free(rsa);
514 return ret;
515}
516#endif /* !OPENSSL_NO_RSA */
517
518int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
519{
520 if (pkey == NULL) {
521 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
522 return 0;
523 }
524 return ssl_set_pkey(ctx->cert, pkey);
525}
526
527int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
528{
529 int j, ret = 0;
530 BIO *in;
531 EVP_PKEY *pkey = NULL;
532
533 in = BIO_new(BIO_s_file());
534 if (in == NULL) {
535 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
536 goto end;
537 }
538
539 if (BIO_read_filename(in, file) <= 0) {
540 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
541 goto end;
542 }
543 if (type == SSL_FILETYPE_PEM) {
544 j = ERR_R_PEM_LIB;
545 pkey = PEM_read_bio_PrivateKey(in, NULL,
546 ctx->default_passwd_callback,
547 ctx->default_passwd_callback_userdata);
548 } else if (type == SSL_FILETYPE_ASN1) {
549 j = ERR_R_ASN1_LIB;
550 pkey = d2i_PrivateKey_bio(in, NULL);
551 } else {
552 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
553 goto end;
554 }
555 if (pkey == NULL) {
556 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
557 goto end;
558 }
559 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
560 EVP_PKEY_free(pkey);
561 end:
562 BIO_free(in);
563 return ret;
564}
565
566int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
567 const unsigned char *d, long len)
568{
569 int ret;
570 const unsigned char *p;
571 EVP_PKEY *pkey;
572
573 p = d;
574 if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
575 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
576 return 0;
577 }
578
579 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
580 EVP_PKEY_free(pkey);
581 return ret;
582}
583
584/*
585 * Read a file that contains our certificate in "PEM" format, possibly
586 * followed by a sequence of CA certificates that should be sent to the peer
587 * in the Certificate message.
588 */
589static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
590{
591 BIO *in;
592 int ret = 0;
593 X509 *x = NULL;
594 pem_password_cb *passwd_callback;
595 void *passwd_callback_userdata;
596
597 ERR_clear_error(); /* clear error stack for
598 * SSL_CTX_use_certificate() */
599
600 if (ctx != NULL) {
601 passwd_callback = ctx->default_passwd_callback;
602 passwd_callback_userdata = ctx->default_passwd_callback_userdata;
603 } else {
604 passwd_callback = ssl->default_passwd_callback;
605 passwd_callback_userdata = ssl->default_passwd_callback_userdata;
606 }
607
608 in = BIO_new(BIO_s_file());
609 if (in == NULL) {
610 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
611 goto end;
612 }
613
614 if (BIO_read_filename(in, file) <= 0) {
615 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
616 goto end;
617 }
618
619 x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback,
620 passwd_callback_userdata);
621 if (x == NULL) {
622 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
623 goto end;
624 }
625
626 if (ctx)
627 ret = SSL_CTX_use_certificate(ctx, x);
628 else
629 ret = SSL_use_certificate(ssl, x);
630
631 if (ERR_peek_error() != 0)
632 ret = 0; /* Key/certificate mismatch doesn't imply
633 * ret==0 ... */
634 if (ret) {
635 /*
636 * If we could set up our certificate, now proceed to the CA
637 * certificates.
638 */
639 X509 *ca;
640 int r;
641 unsigned long err;
642
643 if (ctx)
644 r = SSL_CTX_clear_chain_certs(ctx);
645 else
646 r = SSL_clear_chain_certs(ssl);
647
648 if (r == 0) {
649 ret = 0;
650 goto end;
651 }
652
653 while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
654 passwd_callback_userdata))
655 != NULL) {
656 if (ctx)
657 r = SSL_CTX_add0_chain_cert(ctx, ca);
658 else
659 r = SSL_add0_chain_cert(ssl, ca);
660 /*
661 * Note that we must not free ca if it was successfully added to
662 * the chain (while we must free the main certificate, since its
663 * reference count is increased by SSL_CTX_use_certificate).
664 */
665 if (!r) {
666 X509_free(ca);
667 ret = 0;
668 goto end;
669 }
670 }
671 /* When the while loop ends, it's usually just EOF. */
672 err = ERR_peek_last_error();
673 if (ERR_GET_LIB(err) == ERR_LIB_PEM
674 && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
675 ERR_clear_error();
676 else
677 ret = 0; /* some real error */
678 }
679
680 end:
681 X509_free(x);
682 BIO_free(in);
683 return ret;
684}
685
686int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
687{
688 return use_certificate_chain_file(ctx, NULL, file);
689}
690
691int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
692{
693 return use_certificate_chain_file(NULL, ssl, file);
694}
695
696static int serverinfo_find_extension(const unsigned char *serverinfo,
697 size_t serverinfo_length,
698 unsigned int extension_type,
699 const unsigned char **extension_data,
700 size_t *extension_length)
701{
702 PACKET pkt, data;
703
704 *extension_data = NULL;
705 *extension_length = 0;
706 if (serverinfo == NULL || serverinfo_length == 0)
707 return -1;
708
709 if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
710 return -1;
711
712 for (;;) {
713 unsigned int type = 0;
714 unsigned long context = 0;
715
716 /* end of serverinfo */
717 if (PACKET_remaining(&pkt) == 0)
718 return 0; /* Extension not found */
719
720 if (!PACKET_get_net_4(&pkt, &context)
721 || !PACKET_get_net_2(&pkt, &type)
722 || !PACKET_get_length_prefixed_2(&pkt, &data))
723 return -1;
724
725 if (type == extension_type) {
726 *extension_data = PACKET_data(&data);
727 *extension_length = PACKET_remaining(&data);;
728 return 1; /* Success */
729 }
730 }
731 /* Unreachable */
732}
733
734static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
735 unsigned int context,
736 const unsigned char *in,
737 size_t inlen, X509 *x, size_t chainidx,
738 int *al, void *arg)
739{
740
741 if (inlen != 0) {
742 *al = SSL_AD_DECODE_ERROR;
743 return 0;
744 }
745
746 return 1;
747}
748
749static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
750 const unsigned char *in,
751 size_t inlen, int *al, void *arg)
752{
753 return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al,
754 arg);
755}
756
757static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
758 unsigned int context,
759 const unsigned char **out,
760 size_t *outlen, X509 *x, size_t chainidx,
761 int *al, void *arg)
762{
763 const unsigned char *serverinfo = NULL;
764 size_t serverinfo_length = 0;
765
766 /* We only support extensions for the first Certificate */
767 if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
768 return 0;
769
770 /* Is there serverinfo data for the chosen server cert? */
771 if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
772 &serverinfo_length)) != 0) {
773 /* Find the relevant extension from the serverinfo */
774 int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
775 ext_type, out, outlen);
776 if (retval == -1) {
777 *al = SSL_AD_INTERNAL_ERROR;
778 return -1; /* Error */
779 }
780 if (retval == 0)
781 return 0; /* No extension found, don't send extension */
782 return 1; /* Send extension */
783 }
784 return 0; /* No serverinfo data found, don't send
785 * extension */
786}
787
788static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
789 const unsigned char **out, size_t *outlen,
790 int *al, void *arg)
791{
792 return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al,
793 arg);
794}
795
796/*
797 * With a NULL context, this function just checks that the serverinfo data
798 * parses correctly. With a non-NULL context, it registers callbacks for
799 * the included extensions.
800 */
801static int serverinfo_process_buffer(unsigned int version,
802 const unsigned char *serverinfo,
803 size_t serverinfo_length, SSL_CTX *ctx)
804{
805 PACKET pkt;
806
807 if (serverinfo == NULL || serverinfo_length == 0)
808 return 0;
809
810 if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2)
811 return 0;
812
813 if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
814 return 0;
815
816 while (PACKET_remaining(&pkt)) {
817 unsigned long context = 0;
818 unsigned int ext_type = 0;
819 PACKET data;
820
821 if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context))
822 || !PACKET_get_net_2(&pkt, &ext_type)
823 || !PACKET_get_length_prefixed_2(&pkt, &data))
824 return 0;
825
826 if (ctx == NULL)
827 continue;
828
829 /*
830 * The old style custom extensions API could be set separately for
831 * server/client, i.e. you could set one custom extension for a client,
832 * and *for the same extension in the same SSL_CTX* you could set a
833 * custom extension for the server as well. It seems quite weird to be
834 * setting a custom extension for both client and server in a single
835 * SSL_CTX - but theoretically possible. This isn't possible in the
836 * new API. Therefore, if we have V1 serverinfo we use the old API. We
837 * also use the old API even if we have V2 serverinfo but the context
838 * looks like an old style <= TLSv1.2 extension.
839 */
840 if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) {
841 if (!SSL_CTX_add_server_custom_ext(ctx, ext_type,
842 serverinfo_srv_add_cb,
843 NULL, NULL,
844 serverinfo_srv_parse_cb,
845 NULL))
846 return 0;
847 } else {
848 if (!SSL_CTX_add_custom_ext(ctx, ext_type, context,
849 serverinfoex_srv_add_cb,
850 NULL, NULL,
851 serverinfoex_srv_parse_cb,
852 NULL))
853 return 0;
854 }
855 }
856
857 return 1;
858}
859
860int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
861 const unsigned char *serverinfo,
862 size_t serverinfo_length)
863{
864 unsigned char *new_serverinfo;
865
866 if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
867 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_PASSED_NULL_PARAMETER);
868 return 0;
869 }
870 if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
871 NULL)) {
872 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
873 return 0;
874 }
875 if (ctx->cert->key == NULL) {
876 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_INTERNAL_ERROR);
877 return 0;
878 }
879 new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
880 serverinfo_length);
881 if (new_serverinfo == NULL) {
882 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_MALLOC_FAILURE);
883 return 0;
884 }
885 ctx->cert->key->serverinfo = new_serverinfo;
886 memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
887 ctx->cert->key->serverinfo_length = serverinfo_length;
888
889 /*
890 * Now that the serverinfo is validated and stored, go ahead and
891 * register callbacks.
892 */
893 if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
894 ctx)) {
895 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
896 return 0;
897 }
898 return 1;
899}
900
901int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
902 size_t serverinfo_length)
903{
904 return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo,
905 serverinfo_length);
906}
907
908int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
909{
910 unsigned char *serverinfo = NULL;
911 unsigned char *tmp;
912 size_t serverinfo_length = 0;
913 unsigned char *extension = 0;
914 long extension_length = 0;
915 char *name = NULL;
916 char *header = NULL;
917 static const char namePrefix1[] = "SERVERINFO FOR ";
918 static const char namePrefix2[] = "SERVERINFOV2 FOR ";
919 unsigned int name_len;
920 int ret = 0;
921 BIO *bin = NULL;
922 size_t num_extensions = 0, contextoff = 0;
923
924 if (ctx == NULL || file == NULL) {
925 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER);
926 goto end;
927 }
928
929 bin = BIO_new(BIO_s_file());
930 if (bin == NULL) {
931 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB);
932 goto end;
933 }
934 if (BIO_read_filename(bin, file) <= 0) {
935 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_SYS_LIB);
936 goto end;
937 }
938
939 for (num_extensions = 0;; num_extensions++) {
940 unsigned int version;
941
942 if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
943 == 0) {
944 /*
945 * There must be at least one extension in this file
946 */
947 if (num_extensions == 0) {
948 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
949 SSL_R_NO_PEM_EXTENSIONS);
950 goto end;
951 } else /* End of file, we're done */
952 break;
953 }
954 /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
955 name_len = strlen(name);
956 if (name_len < sizeof(namePrefix1) - 1) {
957 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
958 goto end;
959 }
960 if (strncmp(name, namePrefix1, sizeof(namePrefix1) - 1) == 0) {
961 version = SSL_SERVERINFOV1;
962 } else {
963 if (name_len < sizeof(namePrefix2) - 1) {
964 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
965 SSL_R_PEM_NAME_TOO_SHORT);
966 goto end;
967 }
968 if (strncmp(name, namePrefix2, sizeof(namePrefix2) - 1) != 0) {
969 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
970 SSL_R_PEM_NAME_BAD_PREFIX);
971 goto end;
972 }
973 version = SSL_SERVERINFOV2;
974 }
975 /*
976 * Check that the decoded PEM data is plausible (valid length field)
977 */
978 if (version == SSL_SERVERINFOV1) {
979 /* 4 byte header: 2 bytes type, 2 bytes len */
980 if (extension_length < 4
981 || (extension[2] << 8) + extension[3]
982 != extension_length - 4) {
983 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
984 goto end;
985 }
986 /*
987 * File does not have a context value so we must take account of
988 * this later.
989 */
990 contextoff = 4;
991 } else {
992 /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
993 if (extension_length < 8
994 || (extension[6] << 8) + extension[7]
995 != extension_length - 8) {
996 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
997 goto end;
998 }
999 }
1000 /* Append the decoded extension to the serverinfo buffer */
1001 tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length
1002 + contextoff);
1003 if (tmp == NULL) {
1004 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
1005 goto end;
1006 }
1007 serverinfo = tmp;
1008 if (contextoff > 0) {
1009 unsigned char *sinfo = serverinfo + serverinfo_length;
1010
1011 /* We know this only uses the last 2 bytes */
1012 sinfo[0] = 0;
1013 sinfo[1] = 0;
1014 sinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
1015 sinfo[3] = SYNTHV1CONTEXT & 0xff;
1016 }
1017 memcpy(serverinfo + serverinfo_length + contextoff,
1018 extension, extension_length);
1019 serverinfo_length += extension_length + contextoff;
1020
1021 OPENSSL_free(name);
1022 name = NULL;
1023 OPENSSL_free(header);
1024 header = NULL;
1025 OPENSSL_free(extension);
1026 extension = NULL;
1027 }
1028
1029 ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo,
1030 serverinfo_length);
1031 end:
1032 /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
1033 OPENSSL_free(name);
1034 OPENSSL_free(header);
1035 OPENSSL_free(extension);
1036 OPENSSL_free(serverinfo);
1037 BIO_free(bin);
1038 return ret;
1039}
1040
1041static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
1042 STACK_OF(X509) *chain, int override)
1043{
1044 int ret = 0;
1045 size_t i;
1046 int j;
1047 int rv;
1048 CERT *c = ssl != NULL ? ssl->cert : ctx->cert;
1049 STACK_OF(X509) *dup_chain = NULL;
1050 EVP_PKEY *pubkey = NULL;
1051
1052 /* Do all security checks before anything else */
1053 rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
1054 if (rv != 1) {
1055 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
1056 goto out;
1057 }
1058 for (j = 0; j < sk_X509_num(chain); j++) {
1059 rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0);
1060 if (rv != 1) {
1061 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
1062 goto out;
1063 }
1064 }
1065
1066 pubkey = X509_get_pubkey(x509); /* bumps reference */
1067 if (pubkey == NULL)
1068 goto out;
1069 if (privatekey == NULL) {
1070 privatekey = pubkey;
1071 } else {
1072 /* For RSA, which has no parameters, missing returns 0 */
1073 if (EVP_PKEY_missing_parameters(privatekey)) {
1074 if (EVP_PKEY_missing_parameters(pubkey)) {
1075 /* nobody has parameters? - error */
1076 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_MISSING_PARAMETERS);
1077 goto out;
1078 } else {
1079 /* copy to privatekey from pubkey */
1080 EVP_PKEY_copy_parameters(privatekey, pubkey);
1081 }
1082 } else if (EVP_PKEY_missing_parameters(pubkey)) {
1083 /* copy to pubkey from privatekey */
1084 EVP_PKEY_copy_parameters(pubkey, privatekey);
1085 } /* else both have parameters */
1086
1087 /* Copied from ssl_set_cert/pkey */
1088#ifndef OPENSSL_NO_RSA
1089 if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) &&
1090 ((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) & RSA_METHOD_FLAG_NO_CHECK)))
1091 /* no-op */ ;
1092 else
1093#endif
1094 /* check that key <-> cert match */
1095 if (EVP_PKEY_cmp(pubkey, privatekey) != 1) {
1096 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH);
1097 goto out;
1098 }
1099 }
1100 if (ssl_cert_lookup_by_pkey(pubkey, &i) == NULL) {
1101 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1102 goto out;
1103 }
1104
1105 if (!override && (c->pkeys[i].x509 != NULL
1106 || c->pkeys[i].privatekey != NULL
1107 || c->pkeys[i].chain != NULL)) {
1108 /* No override, and something already there */
1109 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_NOT_REPLACING_CERTIFICATE);
1110 goto out;
1111 }
1112
1113 if (chain != NULL) {
1114 dup_chain = X509_chain_up_ref(chain);
1115 if (dup_chain == NULL) {
1116 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, ERR_R_MALLOC_FAILURE);
1117 goto out;
1118 }
1119 }
1120
1121 sk_X509_pop_free(c->pkeys[i].chain, X509_free);
1122 c->pkeys[i].chain = dup_chain;
1123
1124 X509_free(c->pkeys[i].x509);
1125 X509_up_ref(x509);
1126 c->pkeys[i].x509 = x509;
1127
1128 EVP_PKEY_free(c->pkeys[i].privatekey);
1129 EVP_PKEY_up_ref(privatekey);
1130 c->pkeys[i].privatekey = privatekey;
1131
1132 c->key = &(c->pkeys[i]);
1133
1134 ret = 1;
1135 out:
1136 EVP_PKEY_free(pubkey);
1137 return ret;
1138}
1139
1140int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
1141 STACK_OF(X509) *chain, int override)
1142{
1143 return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override);
1144}
1145
1146int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
1147 STACK_OF(X509) *chain, int override)
1148{
1149 return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override);
1150}
1151