2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "ssl_local.h"
12 #include "internal/packet.h"
13 #include <openssl/bio.h>
14 #include <openssl/objects.h>
15 #include <openssl/evp.h>
16 #include <openssl/x509.h>
17 #include <openssl/x509v3.h>
18 #include <openssl/pem.h>
20 static int ssl_set_cert(CERT
*c
, X509
*x509
);
21 static int ssl_set_pkey(CERT
*c
, EVP_PKEY
*pkey
);
23 #define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
24 | SSL_EXT_CLIENT_HELLO \
25 | SSL_EXT_TLS1_2_SERVER_HELLO \
26 | SSL_EXT_IGNORE_ON_RESUMPTION)
28 int SSL_use_certificate(SSL
*ssl
, X509
*x
)
32 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
36 rv
= ssl_security_cert(ssl
, NULL
, x
, 0, 1);
38 ERR_raise(ERR_LIB_SSL
, rv
);
42 return ssl_set_cert(ssl
->cert
, x
);
45 int SSL_use_certificate_file(SSL
*ssl
, const char *file
, int type
)
50 X509
*cert
= NULL
, *x
= NULL
;
52 in
= BIO_new(BIO_s_file());
54 ERR_raise(ERR_LIB_SSL
, ERR_R_BUF_LIB
);
58 if (BIO_read_filename(in
, file
) <= 0) {
59 ERR_raise(ERR_LIB_SSL
, ERR_R_SYS_LIB
);
63 if (type
!= SSL_FILETYPE_ASN1
&& type
!= SSL_FILETYPE_PEM
) {
64 ERR_raise(ERR_LIB_SSL
, SSL_R_BAD_SSL_FILETYPE
);
67 x
= X509_new_ex(ssl
->ctx
->libctx
, ssl
->ctx
->propq
);
69 ERR_raise(ERR_LIB_SSL
, ERR_R_MALLOC_FAILURE
);
72 if (type
== SSL_FILETYPE_ASN1
) {
74 cert
= d2i_X509_bio(in
, &x
);
75 } else if (type
== SSL_FILETYPE_PEM
) {
77 cert
= PEM_read_bio_X509(in
, &x
, ssl
->default_passwd_callback
,
78 ssl
->default_passwd_callback_userdata
);
80 ERR_raise(ERR_LIB_SSL
, SSL_R_BAD_SSL_FILETYPE
);
85 ERR_raise(ERR_LIB_SSL
, j
);
89 ret
= SSL_use_certificate(ssl
, x
);
96 int SSL_use_certificate_ASN1(SSL
*ssl
, const unsigned char *d
, int len
)
101 x
= X509_new_ex(ssl
->ctx
->libctx
, ssl
->ctx
->propq
);
103 ERR_raise(ERR_LIB_SSL
, ERR_R_MALLOC_FAILURE
);
107 if (d2i_X509(&x
, &d
, (long)len
)== NULL
) {
109 ERR_raise(ERR_LIB_SSL
, ERR_R_ASN1_LIB
);
113 ret
= SSL_use_certificate(ssl
, x
);
118 #ifndef OPENSSL_NO_RSA
119 int SSL_use_RSAPrivateKey(SSL
*ssl
, RSA
*rsa
)
125 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
128 if ((pkey
= EVP_PKEY_new()) == NULL
) {
129 ERR_raise(ERR_LIB_SSL
, ERR_R_EVP_LIB
);
134 if (EVP_PKEY_assign_RSA(pkey
, rsa
) <= 0) {
140 ret
= ssl_set_pkey(ssl
->cert
, pkey
);
146 static int ssl_set_pkey(CERT
*c
, EVP_PKEY
*pkey
)
150 if (ssl_cert_lookup_by_pkey(pkey
, &i
) == NULL
) {
151 ERR_raise(ERR_LIB_SSL
, SSL_R_UNKNOWN_CERTIFICATE_TYPE
);
155 if (c
->pkeys
[i
].x509
!= NULL
) {
157 pktmp
= X509_get0_pubkey(c
->pkeys
[i
].x509
);
159 ERR_raise(ERR_LIB_SSL
, ERR_R_MALLOC_FAILURE
);
163 * The return code from EVP_PKEY_copy_parameters is deliberately
164 * ignored. Some EVP_PKEY types cannot do this.
166 EVP_PKEY_copy_parameters(pktmp
, pkey
);
169 if (!X509_check_private_key(c
->pkeys
[i
].x509
, pkey
)) {
170 X509_free(c
->pkeys
[i
].x509
);
171 c
->pkeys
[i
].x509
= NULL
;
176 EVP_PKEY_free(c
->pkeys
[i
].privatekey
);
177 EVP_PKEY_up_ref(pkey
);
178 c
->pkeys
[i
].privatekey
= pkey
;
179 c
->key
= &c
->pkeys
[i
];
183 #ifndef OPENSSL_NO_RSA
184 int SSL_use_RSAPrivateKey_file(SSL
*ssl
, const char *file
, int type
)
190 in
= BIO_new(BIO_s_file());
192 ERR_raise(ERR_LIB_SSL
, ERR_R_BUF_LIB
);
196 if (BIO_read_filename(in
, file
) <= 0) {
197 ERR_raise(ERR_LIB_SSL
, ERR_R_SYS_LIB
);
200 if (type
== SSL_FILETYPE_ASN1
) {
202 rsa
= d2i_RSAPrivateKey_bio(in
, NULL
);
203 } else if (type
== SSL_FILETYPE_PEM
) {
205 rsa
= PEM_read_bio_RSAPrivateKey(in
, NULL
,
206 ssl
->default_passwd_callback
,
207 ssl
->default_passwd_callback_userdata
);
209 ERR_raise(ERR_LIB_SSL
, SSL_R_BAD_SSL_FILETYPE
);
213 ERR_raise(ERR_LIB_SSL
, j
);
216 ret
= SSL_use_RSAPrivateKey(ssl
, rsa
);
223 int SSL_use_RSAPrivateKey_ASN1(SSL
*ssl
, const unsigned char *d
, long len
)
226 const unsigned char *p
;
230 if ((rsa
= d2i_RSAPrivateKey(NULL
, &p
, (long)len
)) == NULL
) {
231 ERR_raise(ERR_LIB_SSL
, ERR_R_ASN1_LIB
);
235 ret
= SSL_use_RSAPrivateKey(ssl
, rsa
);
239 #endif /* !OPENSSL_NO_RSA */
241 int SSL_use_PrivateKey(SSL
*ssl
, EVP_PKEY
*pkey
)
246 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
249 ret
= ssl_set_pkey(ssl
->cert
, pkey
);
253 int SSL_use_PrivateKey_file(SSL
*ssl
, const char *file
, int type
)
257 EVP_PKEY
*pkey
= NULL
;
259 in
= BIO_new(BIO_s_file());
261 ERR_raise(ERR_LIB_SSL
, ERR_R_BUF_LIB
);
265 if (BIO_read_filename(in
, file
) <= 0) {
266 ERR_raise(ERR_LIB_SSL
, ERR_R_SYS_LIB
);
269 if (type
== SSL_FILETYPE_PEM
) {
271 pkey
= PEM_read_bio_PrivateKey_ex(in
, NULL
,
272 ssl
->default_passwd_callback
,
273 ssl
->default_passwd_callback_userdata
,
276 } else if (type
== SSL_FILETYPE_ASN1
) {
278 pkey
= d2i_PrivateKey_ex_bio(in
, NULL
, ssl
->ctx
->libctx
,
281 ERR_raise(ERR_LIB_SSL
, SSL_R_BAD_SSL_FILETYPE
);
285 ERR_raise(ERR_LIB_SSL
, j
);
288 ret
= SSL_use_PrivateKey(ssl
, pkey
);
295 int SSL_use_PrivateKey_ASN1(int type
, SSL
*ssl
, const unsigned char *d
,
299 const unsigned char *p
;
303 if ((pkey
= d2i_PrivateKey_ex(type
, NULL
, &p
, (long)len
, ssl
->ctx
->libctx
,
304 ssl
->ctx
->propq
)) == NULL
) {
305 ERR_raise(ERR_LIB_SSL
, ERR_R_ASN1_LIB
);
309 ret
= SSL_use_PrivateKey(ssl
, pkey
);
314 int SSL_CTX_use_certificate(SSL_CTX
*ctx
, X509
*x
)
318 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
322 rv
= ssl_security_cert(NULL
, ctx
, x
, 0, 1);
324 ERR_raise(ERR_LIB_SSL
, rv
);
327 return ssl_set_cert(ctx
->cert
, x
);
330 static int ssl_set_cert(CERT
*c
, X509
*x
)
335 pkey
= X509_get0_pubkey(x
);
337 ERR_raise(ERR_LIB_SSL
, SSL_R_X509_LIB
);
341 if (ssl_cert_lookup_by_pkey(pkey
, &i
) == NULL
) {
342 ERR_raise(ERR_LIB_SSL
, SSL_R_UNKNOWN_CERTIFICATE_TYPE
);
345 #ifndef OPENSSL_NO_EC
346 if (i
== SSL_PKEY_ECC
&& !EVP_PKEY_can_sign(pkey
)) {
347 ERR_raise(ERR_LIB_SSL
, SSL_R_ECC_CERT_NOT_FOR_SIGNING
);
351 if (c
->pkeys
[i
].privatekey
!= NULL
) {
353 * The return code from EVP_PKEY_copy_parameters is deliberately
354 * ignored. Some EVP_PKEY types cannot do this.
356 EVP_PKEY_copy_parameters(pkey
, c
->pkeys
[i
].privatekey
);
359 if (!X509_check_private_key(x
, c
->pkeys
[i
].privatekey
)) {
361 * don't fail for a cert/key mismatch, just free current private
362 * key (when switching to a different cert & key, first this
363 * function should be used, then ssl_set_pkey
365 EVP_PKEY_free(c
->pkeys
[i
].privatekey
);
366 c
->pkeys
[i
].privatekey
= NULL
;
367 /* clear error queue */
372 X509_free(c
->pkeys
[i
].x509
);
374 c
->pkeys
[i
].x509
= x
;
375 c
->key
= &(c
->pkeys
[i
]);
380 int SSL_CTX_use_certificate_file(SSL_CTX
*ctx
, const char *file
, int type
)
382 int j
= SSL_R_BAD_VALUE
;
385 X509
*x
= NULL
, *cert
= NULL
;
387 in
= BIO_new(BIO_s_file());
389 ERR_raise(ERR_LIB_SSL
, ERR_R_BUF_LIB
);
393 if (BIO_read_filename(in
, file
) <= 0) {
394 ERR_raise(ERR_LIB_SSL
, ERR_R_SYS_LIB
);
397 if (type
!= SSL_FILETYPE_ASN1
&& type
!= SSL_FILETYPE_PEM
) {
398 ERR_raise(ERR_LIB_SSL
, SSL_R_BAD_SSL_FILETYPE
);
401 x
= X509_new_ex(ctx
->libctx
, ctx
->propq
);
403 ERR_raise(ERR_LIB_SSL
, ERR_R_MALLOC_FAILURE
);
406 if (type
== SSL_FILETYPE_ASN1
) {
408 cert
= d2i_X509_bio(in
, &x
);
409 } else if (type
== SSL_FILETYPE_PEM
) {
411 cert
= PEM_read_bio_X509(in
, &x
, ctx
->default_passwd_callback
,
412 ctx
->default_passwd_callback_userdata
);
415 ERR_raise(ERR_LIB_SSL
, j
);
419 ret
= SSL_CTX_use_certificate(ctx
, x
);
426 int SSL_CTX_use_certificate_ASN1(SSL_CTX
*ctx
, int len
, const unsigned char *d
)
431 x
= X509_new_ex(ctx
->libctx
, ctx
->propq
);
433 ERR_raise(ERR_LIB_SSL
, ERR_R_MALLOC_FAILURE
);
437 if (d2i_X509(&x
, &d
, (long)len
) == NULL
) {
439 ERR_raise(ERR_LIB_SSL
, ERR_R_ASN1_LIB
);
443 ret
= SSL_CTX_use_certificate(ctx
, x
);
448 #ifndef OPENSSL_NO_RSA
449 int SSL_CTX_use_RSAPrivateKey(SSL_CTX
*ctx
, RSA
*rsa
)
455 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
458 if ((pkey
= EVP_PKEY_new()) == NULL
) {
459 ERR_raise(ERR_LIB_SSL
, ERR_R_EVP_LIB
);
464 if (EVP_PKEY_assign_RSA(pkey
, rsa
) <= 0) {
470 ret
= ssl_set_pkey(ctx
->cert
, pkey
);
475 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX
*ctx
, const char *file
, int type
)
481 in
= BIO_new(BIO_s_file());
483 ERR_raise(ERR_LIB_SSL
, ERR_R_BUF_LIB
);
487 if (BIO_read_filename(in
, file
) <= 0) {
488 ERR_raise(ERR_LIB_SSL
, ERR_R_SYS_LIB
);
491 if (type
== SSL_FILETYPE_ASN1
) {
493 rsa
= d2i_RSAPrivateKey_bio(in
, NULL
);
494 } else if (type
== SSL_FILETYPE_PEM
) {
496 rsa
= PEM_read_bio_RSAPrivateKey(in
, NULL
,
497 ctx
->default_passwd_callback
,
498 ctx
->default_passwd_callback_userdata
);
500 ERR_raise(ERR_LIB_SSL
, SSL_R_BAD_SSL_FILETYPE
);
504 ERR_raise(ERR_LIB_SSL
, j
);
507 ret
= SSL_CTX_use_RSAPrivateKey(ctx
, rsa
);
514 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX
*ctx
, const unsigned char *d
,
518 const unsigned char *p
;
522 if ((rsa
= d2i_RSAPrivateKey(NULL
, &p
, (long)len
)) == NULL
) {
523 ERR_raise(ERR_LIB_SSL
, ERR_R_ASN1_LIB
);
527 ret
= SSL_CTX_use_RSAPrivateKey(ctx
, rsa
);
531 #endif /* !OPENSSL_NO_RSA */
533 int SSL_CTX_use_PrivateKey(SSL_CTX
*ctx
, EVP_PKEY
*pkey
)
536 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
539 return ssl_set_pkey(ctx
->cert
, pkey
);
542 int SSL_CTX_use_PrivateKey_file(SSL_CTX
*ctx
, const char *file
, int type
)
546 EVP_PKEY
*pkey
= NULL
;
548 in
= BIO_new(BIO_s_file());
550 ERR_raise(ERR_LIB_SSL
, ERR_R_BUF_LIB
);
554 if (BIO_read_filename(in
, file
) <= 0) {
555 ERR_raise(ERR_LIB_SSL
, ERR_R_SYS_LIB
);
558 if (type
== SSL_FILETYPE_PEM
) {
560 pkey
= PEM_read_bio_PrivateKey_ex(in
, NULL
,
561 ctx
->default_passwd_callback
,
562 ctx
->default_passwd_callback_userdata
,
563 ctx
->libctx
, ctx
->propq
);
564 } else if (type
== SSL_FILETYPE_ASN1
) {
566 pkey
= d2i_PrivateKey_ex_bio(in
, NULL
, ctx
->libctx
, ctx
->propq
);
568 ERR_raise(ERR_LIB_SSL
, SSL_R_BAD_SSL_FILETYPE
);
572 ERR_raise(ERR_LIB_SSL
, j
);
575 ret
= SSL_CTX_use_PrivateKey(ctx
, pkey
);
582 int SSL_CTX_use_PrivateKey_ASN1(int type
, SSL_CTX
*ctx
,
583 const unsigned char *d
, long len
)
586 const unsigned char *p
;
590 if ((pkey
= d2i_PrivateKey_ex(type
, NULL
, &p
, (long)len
, ctx
->libctx
,
591 ctx
->propq
)) == NULL
) {
592 ERR_raise(ERR_LIB_SSL
, ERR_R_ASN1_LIB
);
596 ret
= SSL_CTX_use_PrivateKey(ctx
, pkey
);
602 * Read a file that contains our certificate in "PEM" format, possibly
603 * followed by a sequence of CA certificates that should be sent to the peer
604 * in the Certificate message.
606 static int use_certificate_chain_file(SSL_CTX
*ctx
, SSL
*ssl
, const char *file
)
611 pem_password_cb
*passwd_callback
;
612 void *passwd_callback_userdata
;
613 SSL_CTX
*real_ctx
= (ssl
== NULL
) ? ctx
: ssl
->ctx
;
615 ERR_clear_error(); /* clear error stack for
616 * SSL_CTX_use_certificate() */
619 passwd_callback
= ctx
->default_passwd_callback
;
620 passwd_callback_userdata
= ctx
->default_passwd_callback_userdata
;
622 passwd_callback
= ssl
->default_passwd_callback
;
623 passwd_callback_userdata
= ssl
->default_passwd_callback_userdata
;
626 in
= BIO_new(BIO_s_file());
628 ERR_raise(ERR_LIB_SSL
, ERR_R_BUF_LIB
);
632 if (BIO_read_filename(in
, file
) <= 0) {
633 ERR_raise(ERR_LIB_SSL
, ERR_R_SYS_LIB
);
637 x
= X509_new_ex(real_ctx
->libctx
, real_ctx
->propq
);
639 ERR_raise(ERR_LIB_SSL
, ERR_R_MALLOC_FAILURE
);
642 if (PEM_read_bio_X509_AUX(in
, &x
, passwd_callback
,
643 passwd_callback_userdata
) == NULL
) {
644 ERR_raise(ERR_LIB_SSL
, ERR_R_PEM_LIB
);
649 ret
= SSL_CTX_use_certificate(ctx
, x
);
651 ret
= SSL_use_certificate(ssl
, x
);
653 if (ERR_peek_error() != 0)
654 ret
= 0; /* Key/certificate mismatch doesn't imply
658 * If we could set up our certificate, now proceed to the CA
666 r
= SSL_CTX_clear_chain_certs(ctx
);
668 r
= SSL_clear_chain_certs(ssl
);
676 ca
= X509_new_ex(real_ctx
->libctx
, real_ctx
->propq
);
678 ERR_raise(ERR_LIB_SSL
, ERR_R_MALLOC_FAILURE
);
681 if (PEM_read_bio_X509(in
, &ca
, passwd_callback
,
682 passwd_callback_userdata
) != NULL
) {
684 r
= SSL_CTX_add0_chain_cert(ctx
, ca
);
686 r
= SSL_add0_chain_cert(ssl
, ca
);
688 * Note that we must not free ca if it was successfully added to
689 * the chain (while we must free the main certificate, since its
690 * reference count is increased by SSL_CTX_use_certificate).
702 /* When the while loop ends, it's usually just EOF. */
703 err
= ERR_peek_last_error();
704 if (ERR_GET_LIB(err
) == ERR_LIB_PEM
705 && ERR_GET_REASON(err
) == PEM_R_NO_START_LINE
)
708 ret
= 0; /* some real error */
717 int SSL_CTX_use_certificate_chain_file(SSL_CTX
*ctx
, const char *file
)
719 return use_certificate_chain_file(ctx
, NULL
, file
);
722 int SSL_use_certificate_chain_file(SSL
*ssl
, const char *file
)
724 return use_certificate_chain_file(NULL
, ssl
, file
);
727 static int serverinfo_find_extension(const unsigned char *serverinfo
,
728 size_t serverinfo_length
,
729 unsigned int extension_type
,
730 const unsigned char **extension_data
,
731 size_t *extension_length
)
735 *extension_data
= NULL
;
736 *extension_length
= 0;
737 if (serverinfo
== NULL
|| serverinfo_length
== 0)
740 if (!PACKET_buf_init(&pkt
, serverinfo
, serverinfo_length
))
744 unsigned int type
= 0;
745 unsigned long context
= 0;
747 /* end of serverinfo */
748 if (PACKET_remaining(&pkt
) == 0)
749 return 0; /* Extension not found */
751 if (!PACKET_get_net_4(&pkt
, &context
)
752 || !PACKET_get_net_2(&pkt
, &type
)
753 || !PACKET_get_length_prefixed_2(&pkt
, &data
))
756 if (type
== extension_type
) {
757 *extension_data
= PACKET_data(&data
);
758 *extension_length
= PACKET_remaining(&data
);;
759 return 1; /* Success */
765 static int serverinfoex_srv_parse_cb(SSL
*s
, unsigned int ext_type
,
766 unsigned int context
,
767 const unsigned char *in
,
768 size_t inlen
, X509
*x
, size_t chainidx
,
773 *al
= SSL_AD_DECODE_ERROR
;
780 static int serverinfo_srv_parse_cb(SSL
*s
, unsigned int ext_type
,
781 const unsigned char *in
,
782 size_t inlen
, int *al
, void *arg
)
784 return serverinfoex_srv_parse_cb(s
, ext_type
, 0, in
, inlen
, NULL
, 0, al
,
788 static int serverinfoex_srv_add_cb(SSL
*s
, unsigned int ext_type
,
789 unsigned int context
,
790 const unsigned char **out
,
791 size_t *outlen
, X509
*x
, size_t chainidx
,
794 const unsigned char *serverinfo
= NULL
;
795 size_t serverinfo_length
= 0;
797 /* We only support extensions for the first Certificate */
798 if ((context
& SSL_EXT_TLS1_3_CERTIFICATE
) != 0 && chainidx
> 0)
801 /* Is there serverinfo data for the chosen server cert? */
802 if ((ssl_get_server_cert_serverinfo(s
, &serverinfo
,
803 &serverinfo_length
)) != 0) {
804 /* Find the relevant extension from the serverinfo */
805 int retval
= serverinfo_find_extension(serverinfo
, serverinfo_length
,
806 ext_type
, out
, outlen
);
808 *al
= SSL_AD_INTERNAL_ERROR
;
809 return -1; /* Error */
812 return 0; /* No extension found, don't send extension */
813 return 1; /* Send extension */
815 return 0; /* No serverinfo data found, don't send
819 static int serverinfo_srv_add_cb(SSL
*s
, unsigned int ext_type
,
820 const unsigned char **out
, size_t *outlen
,
823 return serverinfoex_srv_add_cb(s
, ext_type
, 0, out
, outlen
, NULL
, 0, al
,
828 * With a NULL context, this function just checks that the serverinfo data
829 * parses correctly. With a non-NULL context, it registers callbacks for
830 * the included extensions.
832 static int serverinfo_process_buffer(unsigned int version
,
833 const unsigned char *serverinfo
,
834 size_t serverinfo_length
, SSL_CTX
*ctx
)
838 if (serverinfo
== NULL
|| serverinfo_length
== 0)
841 if (version
!= SSL_SERVERINFOV1
&& version
!= SSL_SERVERINFOV2
)
844 if (!PACKET_buf_init(&pkt
, serverinfo
, serverinfo_length
))
847 while (PACKET_remaining(&pkt
)) {
848 unsigned long context
= 0;
849 unsigned int ext_type
= 0;
852 if ((version
== SSL_SERVERINFOV2
&& !PACKET_get_net_4(&pkt
, &context
))
853 || !PACKET_get_net_2(&pkt
, &ext_type
)
854 || !PACKET_get_length_prefixed_2(&pkt
, &data
))
861 * The old style custom extensions API could be set separately for
862 * server/client, i.e. you could set one custom extension for a client,
863 * and *for the same extension in the same SSL_CTX* you could set a
864 * custom extension for the server as well. It seems quite weird to be
865 * setting a custom extension for both client and server in a single
866 * SSL_CTX - but theoretically possible. This isn't possible in the
867 * new API. Therefore, if we have V1 serverinfo we use the old API. We
868 * also use the old API even if we have V2 serverinfo but the context
869 * looks like an old style <= TLSv1.2 extension.
871 if (version
== SSL_SERVERINFOV1
|| context
== SYNTHV1CONTEXT
) {
872 if (!SSL_CTX_add_server_custom_ext(ctx
, ext_type
,
873 serverinfo_srv_add_cb
,
875 serverinfo_srv_parse_cb
,
879 if (!SSL_CTX_add_custom_ext(ctx
, ext_type
, context
,
880 serverinfoex_srv_add_cb
,
882 serverinfoex_srv_parse_cb
,
891 int SSL_CTX_use_serverinfo_ex(SSL_CTX
*ctx
, unsigned int version
,
892 const unsigned char *serverinfo
,
893 size_t serverinfo_length
)
895 unsigned char *new_serverinfo
;
897 if (ctx
== NULL
|| serverinfo
== NULL
|| serverinfo_length
== 0) {
898 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
901 if (!serverinfo_process_buffer(version
, serverinfo
, serverinfo_length
,
903 ERR_raise(ERR_LIB_SSL
, SSL_R_INVALID_SERVERINFO_DATA
);
906 if (ctx
->cert
->key
== NULL
) {
907 ERR_raise(ERR_LIB_SSL
, ERR_R_INTERNAL_ERROR
);
910 new_serverinfo
= OPENSSL_realloc(ctx
->cert
->key
->serverinfo
,
912 if (new_serverinfo
== NULL
) {
913 ERR_raise(ERR_LIB_SSL
, ERR_R_MALLOC_FAILURE
);
916 ctx
->cert
->key
->serverinfo
= new_serverinfo
;
917 memcpy(ctx
->cert
->key
->serverinfo
, serverinfo
, serverinfo_length
);
918 ctx
->cert
->key
->serverinfo_length
= serverinfo_length
;
921 * Now that the serverinfo is validated and stored, go ahead and
922 * register callbacks.
924 if (!serverinfo_process_buffer(version
, serverinfo
, serverinfo_length
,
926 ERR_raise(ERR_LIB_SSL
, SSL_R_INVALID_SERVERINFO_DATA
);
932 int SSL_CTX_use_serverinfo(SSL_CTX
*ctx
, const unsigned char *serverinfo
,
933 size_t serverinfo_length
)
935 return SSL_CTX_use_serverinfo_ex(ctx
, SSL_SERVERINFOV1
, serverinfo
,
939 int SSL_CTX_use_serverinfo_file(SSL_CTX
*ctx
, const char *file
)
941 unsigned char *serverinfo
= NULL
;
943 size_t serverinfo_length
= 0;
944 unsigned char *extension
= 0;
945 long extension_length
= 0;
948 static const char namePrefix1
[] = "SERVERINFO FOR ";
949 static const char namePrefix2
[] = "SERVERINFOV2 FOR ";
950 unsigned int name_len
;
953 size_t num_extensions
= 0, contextoff
= 0;
955 if (ctx
== NULL
|| file
== NULL
) {
956 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
960 bin
= BIO_new(BIO_s_file());
962 ERR_raise(ERR_LIB_SSL
, ERR_R_BUF_LIB
);
965 if (BIO_read_filename(bin
, file
) <= 0) {
966 ERR_raise(ERR_LIB_SSL
, ERR_R_SYS_LIB
);
970 for (num_extensions
= 0;; num_extensions
++) {
971 unsigned int version
;
973 if (PEM_read_bio(bin
, &name
, &header
, &extension
, &extension_length
)
976 * There must be at least one extension in this file
978 if (num_extensions
== 0) {
979 ERR_raise(ERR_LIB_SSL
, SSL_R_NO_PEM_EXTENSIONS
);
981 } else /* End of file, we're done */
984 /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
985 name_len
= strlen(name
);
986 if (name_len
< sizeof(namePrefix1
) - 1) {
987 ERR_raise(ERR_LIB_SSL
, SSL_R_PEM_NAME_TOO_SHORT
);
990 if (strncmp(name
, namePrefix1
, sizeof(namePrefix1
) - 1) == 0) {
991 version
= SSL_SERVERINFOV1
;
993 if (name_len
< sizeof(namePrefix2
) - 1) {
994 ERR_raise(ERR_LIB_SSL
, SSL_R_PEM_NAME_TOO_SHORT
);
997 if (strncmp(name
, namePrefix2
, sizeof(namePrefix2
) - 1) != 0) {
998 ERR_raise(ERR_LIB_SSL
, SSL_R_PEM_NAME_BAD_PREFIX
);
1001 version
= SSL_SERVERINFOV2
;
1004 * Check that the decoded PEM data is plausible (valid length field)
1006 if (version
== SSL_SERVERINFOV1
) {
1007 /* 4 byte header: 2 bytes type, 2 bytes len */
1008 if (extension_length
< 4
1009 || (extension
[2] << 8) + extension
[3]
1010 != extension_length
- 4) {
1011 ERR_raise(ERR_LIB_SSL
, SSL_R_BAD_DATA
);
1015 * File does not have a context value so we must take account of
1020 /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
1021 if (extension_length
< 8
1022 || (extension
[6] << 8) + extension
[7]
1023 != extension_length
- 8) {
1024 ERR_raise(ERR_LIB_SSL
, SSL_R_BAD_DATA
);
1028 /* Append the decoded extension to the serverinfo buffer */
1029 tmp
= OPENSSL_realloc(serverinfo
, serverinfo_length
+ extension_length
1032 ERR_raise(ERR_LIB_SSL
, ERR_R_MALLOC_FAILURE
);
1036 if (contextoff
> 0) {
1037 unsigned char *sinfo
= serverinfo
+ serverinfo_length
;
1039 /* We know this only uses the last 2 bytes */
1042 sinfo
[2] = (SYNTHV1CONTEXT
>> 8) & 0xff;
1043 sinfo
[3] = SYNTHV1CONTEXT
& 0xff;
1045 memcpy(serverinfo
+ serverinfo_length
+ contextoff
,
1046 extension
, extension_length
);
1047 serverinfo_length
+= extension_length
+ contextoff
;
1051 OPENSSL_free(header
);
1053 OPENSSL_free(extension
);
1057 ret
= SSL_CTX_use_serverinfo_ex(ctx
, SSL_SERVERINFOV2
, serverinfo
,
1060 /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
1062 OPENSSL_free(header
);
1063 OPENSSL_free(extension
);
1064 OPENSSL_free(serverinfo
);
1069 static int ssl_set_cert_and_key(SSL
*ssl
, SSL_CTX
*ctx
, X509
*x509
, EVP_PKEY
*privatekey
,
1070 STACK_OF(X509
) *chain
, int override
)
1076 CERT
*c
= ssl
!= NULL
? ssl
->cert
: ctx
->cert
;
1077 STACK_OF(X509
) *dup_chain
= NULL
;
1078 EVP_PKEY
*pubkey
= NULL
;
1080 /* Do all security checks before anything else */
1081 rv
= ssl_security_cert(ssl
, ctx
, x509
, 0, 1);
1083 ERR_raise(ERR_LIB_SSL
, rv
);
1086 for (j
= 0; j
< sk_X509_num(chain
); j
++) {
1087 rv
= ssl_security_cert(ssl
, ctx
, sk_X509_value(chain
, j
), 0, 0);
1089 ERR_raise(ERR_LIB_SSL
, rv
);
1094 pubkey
= X509_get_pubkey(x509
); /* bumps reference */
1097 if (privatekey
== NULL
) {
1098 privatekey
= pubkey
;
1100 /* For RSA, which has no parameters, missing returns 0 */
1101 if (EVP_PKEY_missing_parameters(privatekey
)) {
1102 if (EVP_PKEY_missing_parameters(pubkey
)) {
1103 /* nobody has parameters? - error */
1104 ERR_raise(ERR_LIB_SSL
, SSL_R_MISSING_PARAMETERS
);
1107 /* copy to privatekey from pubkey */
1108 EVP_PKEY_copy_parameters(privatekey
, pubkey
);
1110 } else if (EVP_PKEY_missing_parameters(pubkey
)) {
1111 /* copy to pubkey from privatekey */
1112 EVP_PKEY_copy_parameters(pubkey
, privatekey
);
1113 } /* else both have parameters */
1115 /* check that key <-> cert match */
1116 if (EVP_PKEY_eq(pubkey
, privatekey
) != 1) {
1117 ERR_raise(ERR_LIB_SSL
, SSL_R_PRIVATE_KEY_MISMATCH
);
1121 if (ssl_cert_lookup_by_pkey(pubkey
, &i
) == NULL
) {
1122 ERR_raise(ERR_LIB_SSL
, SSL_R_UNKNOWN_CERTIFICATE_TYPE
);
1126 if (!override
&& (c
->pkeys
[i
].x509
!= NULL
1127 || c
->pkeys
[i
].privatekey
!= NULL
1128 || c
->pkeys
[i
].chain
!= NULL
)) {
1129 /* No override, and something already there */
1130 ERR_raise(ERR_LIB_SSL
, SSL_R_NOT_REPLACING_CERTIFICATE
);
1134 if (chain
!= NULL
) {
1135 dup_chain
= X509_chain_up_ref(chain
);
1136 if (dup_chain
== NULL
) {
1137 ERR_raise(ERR_LIB_SSL
, ERR_R_MALLOC_FAILURE
);
1142 sk_X509_pop_free(c
->pkeys
[i
].chain
, X509_free
);
1143 c
->pkeys
[i
].chain
= dup_chain
;
1145 X509_free(c
->pkeys
[i
].x509
);
1147 c
->pkeys
[i
].x509
= x509
;
1149 EVP_PKEY_free(c
->pkeys
[i
].privatekey
);
1150 EVP_PKEY_up_ref(privatekey
);
1151 c
->pkeys
[i
].privatekey
= privatekey
;
1153 c
->key
= &(c
->pkeys
[i
]);
1157 EVP_PKEY_free(pubkey
);
1161 int SSL_use_cert_and_key(SSL
*ssl
, X509
*x509
, EVP_PKEY
*privatekey
,
1162 STACK_OF(X509
) *chain
, int override
)
1164 return ssl_set_cert_and_key(ssl
, NULL
, x509
, privatekey
, chain
, override
);
1167 int SSL_CTX_use_cert_and_key(SSL_CTX
*ctx
, X509
*x509
, EVP_PKEY
*privatekey
,
1168 STACK_OF(X509
) *chain
, int override
)
1170 return ssl_set_cert_and_key(NULL
, ctx
, x509
, privatekey
, chain
, override
);