2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "ssl_local.h"
12 #include "internal/packet.h"
13 #include <openssl/bio.h>
14 #include <openssl/objects.h>
15 #include <openssl/evp.h>
16 #include <openssl/x509.h>
17 #include <openssl/x509v3.h>
18 #include <openssl/pem.h>
22 static int ssl_set_cert(CERT
*c
, X509
*x509
);
23 static int ssl_set_pkey(CERT
*c
, EVP_PKEY
*pkey
);
25 #define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
26 | SSL_EXT_CLIENT_HELLO \
27 | SSL_EXT_TLS1_2_SERVER_HELLO \
28 | SSL_EXT_IGNORE_ON_RESUMPTION)
30 int SSL_use_certificate(SSL
*ssl
, X509
*x
)
34 SSLerr(SSL_F_SSL_USE_CERTIFICATE
, ERR_R_PASSED_NULL_PARAMETER
);
38 rv
= ssl_security_cert(ssl
, NULL
, x
, 0, 1);
40 SSLerr(SSL_F_SSL_USE_CERTIFICATE
, rv
);
44 return ssl_set_cert(ssl
->cert
, x
);
47 int SSL_use_certificate_file(SSL
*ssl
, const char *file
, int type
)
52 X509
*cert
= NULL
, *x
= NULL
;
54 in
= BIO_new(BIO_s_file());
56 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE
, ERR_R_BUF_LIB
);
60 if (BIO_read_filename(in
, file
) <= 0) {
61 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE
, ERR_R_SYS_LIB
);
65 if (type
!= SSL_FILETYPE_ASN1
&& type
!= SSL_FILETYPE_PEM
) {
66 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE
, SSL_R_BAD_SSL_FILETYPE
);
69 x
= X509_new_with_libctx(ssl
->ctx
->libctx
, ssl
->ctx
->propq
);
71 SSLerr(0, ERR_R_MALLOC_FAILURE
);
74 if (type
== SSL_FILETYPE_ASN1
) {
76 cert
= d2i_X509_bio(in
, &x
);
77 } else if (type
== SSL_FILETYPE_PEM
) {
79 cert
= PEM_read_bio_X509(in
, &x
, ssl
->default_passwd_callback
,
80 ssl
->default_passwd_callback_userdata
);
82 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE
, SSL_R_BAD_SSL_FILETYPE
);
87 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE
, j
);
91 ret
= SSL_use_certificate(ssl
, x
);
98 int SSL_use_certificate_ASN1(SSL
*ssl
, const unsigned char *d
, int len
)
103 x
= X509_new_with_libctx(ssl
->ctx
->libctx
, ssl
->ctx
->propq
);
105 SSLerr(0, ERR_R_MALLOC_FAILURE
);
109 if (d2i_X509(&x
, &d
, (long)len
)== NULL
) {
111 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1
, ERR_R_ASN1_LIB
);
115 ret
= SSL_use_certificate(ssl
, x
);
120 #ifndef OPENSSL_NO_RSA
121 int SSL_use_RSAPrivateKey(SSL
*ssl
, RSA
*rsa
)
127 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY
, ERR_R_PASSED_NULL_PARAMETER
);
130 if ((pkey
= EVP_PKEY_new()) == NULL
) {
131 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY
, ERR_R_EVP_LIB
);
136 if (EVP_PKEY_assign_RSA(pkey
, rsa
) <= 0) {
142 ret
= ssl_set_pkey(ssl
->cert
, pkey
);
148 static int ssl_set_pkey(CERT
*c
, EVP_PKEY
*pkey
)
152 if (ssl_cert_lookup_by_pkey(pkey
, &i
) == NULL
) {
153 SSLerr(SSL_F_SSL_SET_PKEY
, SSL_R_UNKNOWN_CERTIFICATE_TYPE
);
157 if (c
->pkeys
[i
].x509
!= NULL
) {
159 pktmp
= X509_get0_pubkey(c
->pkeys
[i
].x509
);
161 SSLerr(SSL_F_SSL_SET_PKEY
, ERR_R_MALLOC_FAILURE
);
165 * The return code from EVP_PKEY_copy_parameters is deliberately
166 * ignored. Some EVP_PKEY types cannot do this.
168 EVP_PKEY_copy_parameters(pktmp
, pkey
);
171 #ifndef OPENSSL_NO_RSA
173 * Don't check the public/private key, this is mostly for smart
176 if (EVP_PKEY_id(pkey
) == EVP_PKEY_RSA
177 && RSA_flags(EVP_PKEY_get0_RSA(pkey
)) & RSA_METHOD_FLAG_NO_CHECK
) ;
180 if (!X509_check_private_key(c
->pkeys
[i
].x509
, pkey
)) {
181 X509_free(c
->pkeys
[i
].x509
);
182 c
->pkeys
[i
].x509
= NULL
;
187 EVP_PKEY_free(c
->pkeys
[i
].privatekey
);
188 EVP_PKEY_up_ref(pkey
);
189 c
->pkeys
[i
].privatekey
= pkey
;
190 c
->key
= &c
->pkeys
[i
];
194 #ifndef OPENSSL_NO_RSA
195 int SSL_use_RSAPrivateKey_file(SSL
*ssl
, const char *file
, int type
)
201 in
= BIO_new(BIO_s_file());
203 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE
, ERR_R_BUF_LIB
);
207 if (BIO_read_filename(in
, file
) <= 0) {
208 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE
, ERR_R_SYS_LIB
);
211 if (type
== SSL_FILETYPE_ASN1
) {
213 rsa
= d2i_RSAPrivateKey_bio(in
, NULL
);
214 } else if (type
== SSL_FILETYPE_PEM
) {
216 rsa
= PEM_read_bio_RSAPrivateKey(in
, NULL
,
217 ssl
->default_passwd_callback
,
218 ssl
->default_passwd_callback_userdata
);
220 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE
, SSL_R_BAD_SSL_FILETYPE
);
224 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE
, j
);
227 ret
= SSL_use_RSAPrivateKey(ssl
, rsa
);
234 int SSL_use_RSAPrivateKey_ASN1(SSL
*ssl
, const unsigned char *d
, long len
)
237 const unsigned char *p
;
241 if ((rsa
= d2i_RSAPrivateKey(NULL
, &p
, (long)len
)) == NULL
) {
242 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1
, ERR_R_ASN1_LIB
);
246 ret
= SSL_use_RSAPrivateKey(ssl
, rsa
);
250 #endif /* !OPENSSL_NO_RSA */
252 int SSL_use_PrivateKey(SSL
*ssl
, EVP_PKEY
*pkey
)
257 SSLerr(SSL_F_SSL_USE_PRIVATEKEY
, ERR_R_PASSED_NULL_PARAMETER
);
260 ret
= ssl_set_pkey(ssl
->cert
, pkey
);
264 int SSL_use_PrivateKey_file(SSL
*ssl
, const char *file
, int type
)
268 EVP_PKEY
*pkey
= NULL
;
270 in
= BIO_new(BIO_s_file());
272 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE
, ERR_R_BUF_LIB
);
276 if (BIO_read_filename(in
, file
) <= 0) {
277 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE
, ERR_R_SYS_LIB
);
280 if (type
== SSL_FILETYPE_PEM
) {
282 pkey
= PEM_read_bio_PrivateKey_ex(in
, NULL
,
283 ssl
->default_passwd_callback
,
284 ssl
->default_passwd_callback_userdata
,
287 } else if (type
== SSL_FILETYPE_ASN1
) {
289 pkey
= d2i_PrivateKey_ex_bio(in
, NULL
, ssl
->ctx
->libctx
,
292 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE
, SSL_R_BAD_SSL_FILETYPE
);
296 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE
, j
);
299 ret
= SSL_use_PrivateKey(ssl
, pkey
);
306 int SSL_use_PrivateKey_ASN1(int type
, SSL
*ssl
, const unsigned char *d
,
310 const unsigned char *p
;
314 if ((pkey
= d2i_PrivateKey_ex(type
, NULL
, &p
, (long)len
, ssl
->ctx
->libctx
,
315 ssl
->ctx
->propq
)) == NULL
) {
316 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1
, ERR_R_ASN1_LIB
);
320 ret
= SSL_use_PrivateKey(ssl
, pkey
);
325 int SSL_CTX_use_certificate(SSL_CTX
*ctx
, X509
*x
)
329 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE
, ERR_R_PASSED_NULL_PARAMETER
);
333 rv
= ssl_security_cert(NULL
, ctx
, x
, 0, 1);
335 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE
, rv
);
338 return ssl_set_cert(ctx
->cert
, x
);
341 static int ssl_set_cert(CERT
*c
, X509
*x
)
346 pkey
= X509_get0_pubkey(x
);
348 SSLerr(SSL_F_SSL_SET_CERT
, SSL_R_X509_LIB
);
352 if (ssl_cert_lookup_by_pkey(pkey
, &i
) == NULL
) {
353 SSLerr(SSL_F_SSL_SET_CERT
, SSL_R_UNKNOWN_CERTIFICATE_TYPE
);
356 #ifndef OPENSSL_NO_EC
357 if (i
== SSL_PKEY_ECC
&& !EVP_PKEY_can_sign(pkey
)) {
358 SSLerr(SSL_F_SSL_SET_CERT
, SSL_R_ECC_CERT_NOT_FOR_SIGNING
);
362 if (c
->pkeys
[i
].privatekey
!= NULL
) {
364 * The return code from EVP_PKEY_copy_parameters is deliberately
365 * ignored. Some EVP_PKEY types cannot do this.
367 EVP_PKEY_copy_parameters(pkey
, c
->pkeys
[i
].privatekey
);
370 #ifndef OPENSSL_NO_RSA
372 * Don't check the public/private key, this is mostly for smart
375 if (EVP_PKEY_id(c
->pkeys
[i
].privatekey
) == EVP_PKEY_RSA
376 && RSA_flags(EVP_PKEY_get0_RSA(c
->pkeys
[i
].privatekey
)) &
377 RSA_METHOD_FLAG_NO_CHECK
) ;
379 #endif /* OPENSSL_NO_RSA */
380 if (!X509_check_private_key(x
, c
->pkeys
[i
].privatekey
)) {
382 * don't fail for a cert/key mismatch, just free current private
383 * key (when switching to a different cert & key, first this
384 * function should be used, then ssl_set_pkey
386 EVP_PKEY_free(c
->pkeys
[i
].privatekey
);
387 c
->pkeys
[i
].privatekey
= NULL
;
388 /* clear error queue */
393 X509_free(c
->pkeys
[i
].x509
);
395 c
->pkeys
[i
].x509
= x
;
396 c
->key
= &(c
->pkeys
[i
]);
401 int SSL_CTX_use_certificate_file(SSL_CTX
*ctx
, const char *file
, int type
)
403 int j
= SSL_R_BAD_VALUE
;
406 X509
*x
= NULL
, *cert
= NULL
;
408 in
= BIO_new(BIO_s_file());
410 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
, ERR_R_BUF_LIB
);
414 if (BIO_read_filename(in
, file
) <= 0) {
415 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
, ERR_R_SYS_LIB
);
418 if (type
!= SSL_FILETYPE_ASN1
&& type
!= SSL_FILETYPE_PEM
) {
419 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
, SSL_R_BAD_SSL_FILETYPE
);
422 x
= X509_new_with_libctx(ctx
->libctx
, ctx
->propq
);
424 SSLerr(0, ERR_R_MALLOC_FAILURE
);
427 if (type
== SSL_FILETYPE_ASN1
) {
429 cert
= d2i_X509_bio(in
, &x
);
430 } else if (type
== SSL_FILETYPE_PEM
) {
432 cert
= PEM_read_bio_X509(in
, &x
, ctx
->default_passwd_callback
,
433 ctx
->default_passwd_callback_userdata
);
436 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
, j
);
440 ret
= SSL_CTX_use_certificate(ctx
, x
);
447 int SSL_CTX_use_certificate_ASN1(SSL_CTX
*ctx
, int len
, const unsigned char *d
)
452 x
= X509_new_with_libctx(ctx
->libctx
, ctx
->propq
);
454 SSLerr(0, ERR_R_MALLOC_FAILURE
);
458 if (d2i_X509(&x
, &d
, (long)len
) == NULL
) {
460 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1
, ERR_R_ASN1_LIB
);
464 ret
= SSL_CTX_use_certificate(ctx
, x
);
469 #ifndef OPENSSL_NO_RSA
470 int SSL_CTX_use_RSAPrivateKey(SSL_CTX
*ctx
, RSA
*rsa
)
476 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY
, ERR_R_PASSED_NULL_PARAMETER
);
479 if ((pkey
= EVP_PKEY_new()) == NULL
) {
480 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY
, ERR_R_EVP_LIB
);
485 if (EVP_PKEY_assign_RSA(pkey
, rsa
) <= 0) {
491 ret
= ssl_set_pkey(ctx
->cert
, pkey
);
496 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX
*ctx
, const char *file
, int type
)
502 in
= BIO_new(BIO_s_file());
504 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE
, ERR_R_BUF_LIB
);
508 if (BIO_read_filename(in
, file
) <= 0) {
509 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE
, ERR_R_SYS_LIB
);
512 if (type
== SSL_FILETYPE_ASN1
) {
514 rsa
= d2i_RSAPrivateKey_bio(in
, NULL
);
515 } else if (type
== SSL_FILETYPE_PEM
) {
517 rsa
= PEM_read_bio_RSAPrivateKey(in
, NULL
,
518 ctx
->default_passwd_callback
,
519 ctx
->default_passwd_callback_userdata
);
521 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE
, SSL_R_BAD_SSL_FILETYPE
);
525 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE
, j
);
528 ret
= SSL_CTX_use_RSAPrivateKey(ctx
, rsa
);
535 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX
*ctx
, const unsigned char *d
,
539 const unsigned char *p
;
543 if ((rsa
= d2i_RSAPrivateKey(NULL
, &p
, (long)len
)) == NULL
) {
544 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1
, ERR_R_ASN1_LIB
);
548 ret
= SSL_CTX_use_RSAPrivateKey(ctx
, rsa
);
552 #endif /* !OPENSSL_NO_RSA */
554 int SSL_CTX_use_PrivateKey(SSL_CTX
*ctx
, EVP_PKEY
*pkey
)
557 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY
, ERR_R_PASSED_NULL_PARAMETER
);
560 return ssl_set_pkey(ctx
->cert
, pkey
);
563 int SSL_CTX_use_PrivateKey_file(SSL_CTX
*ctx
, const char *file
, int type
)
567 EVP_PKEY
*pkey
= NULL
;
569 in
= BIO_new(BIO_s_file());
571 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE
, ERR_R_BUF_LIB
);
575 if (BIO_read_filename(in
, file
) <= 0) {
576 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE
, ERR_R_SYS_LIB
);
579 if (type
== SSL_FILETYPE_PEM
) {
581 pkey
= PEM_read_bio_PrivateKey_ex(in
, NULL
,
582 ctx
->default_passwd_callback
,
583 ctx
->default_passwd_callback_userdata
,
584 ctx
->libctx
, ctx
->propq
);
585 } else if (type
== SSL_FILETYPE_ASN1
) {
587 pkey
= d2i_PrivateKey_ex_bio(in
, NULL
, ctx
->libctx
, ctx
->propq
);
589 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE
, SSL_R_BAD_SSL_FILETYPE
);
593 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE
, j
);
596 ret
= SSL_CTX_use_PrivateKey(ctx
, pkey
);
603 int SSL_CTX_use_PrivateKey_ASN1(int type
, SSL_CTX
*ctx
,
604 const unsigned char *d
, long len
)
607 const unsigned char *p
;
611 if ((pkey
= d2i_PrivateKey_ex(type
, NULL
, &p
, (long)len
, ctx
->libctx
,
612 ctx
->propq
)) == NULL
) {
613 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1
, ERR_R_ASN1_LIB
);
617 ret
= SSL_CTX_use_PrivateKey(ctx
, pkey
);
623 * Read a file that contains our certificate in "PEM" format, possibly
624 * followed by a sequence of CA certificates that should be sent to the peer
625 * in the Certificate message.
627 static int use_certificate_chain_file(SSL_CTX
*ctx
, SSL
*ssl
, const char *file
)
632 pem_password_cb
*passwd_callback
;
633 void *passwd_callback_userdata
;
634 SSL_CTX
*real_ctx
= (ssl
== NULL
) ? ctx
: ssl
->ctx
;
636 ERR_clear_error(); /* clear error stack for
637 * SSL_CTX_use_certificate() */
640 passwd_callback
= ctx
->default_passwd_callback
;
641 passwd_callback_userdata
= ctx
->default_passwd_callback_userdata
;
643 passwd_callback
= ssl
->default_passwd_callback
;
644 passwd_callback_userdata
= ssl
->default_passwd_callback_userdata
;
647 in
= BIO_new(BIO_s_file());
649 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE
, ERR_R_BUF_LIB
);
653 if (BIO_read_filename(in
, file
) <= 0) {
654 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE
, ERR_R_SYS_LIB
);
658 x
= X509_new_with_libctx(real_ctx
->libctx
, real_ctx
->propq
);
660 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE
, ERR_R_MALLOC_FAILURE
);
663 if (PEM_read_bio_X509_AUX(in
, &x
, passwd_callback
,
664 passwd_callback_userdata
) == NULL
) {
665 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE
, ERR_R_PEM_LIB
);
670 ret
= SSL_CTX_use_certificate(ctx
, x
);
672 ret
= SSL_use_certificate(ssl
, x
);
674 if (ERR_peek_error() != 0)
675 ret
= 0; /* Key/certificate mismatch doesn't imply
679 * If we could set up our certificate, now proceed to the CA
687 r
= SSL_CTX_clear_chain_certs(ctx
);
689 r
= SSL_clear_chain_certs(ssl
);
697 ca
= X509_new_with_libctx(real_ctx
->libctx
, real_ctx
->propq
);
699 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE
, ERR_R_MALLOC_FAILURE
);
702 if (PEM_read_bio_X509(in
, &ca
, passwd_callback
,
703 passwd_callback_userdata
) != NULL
) {
705 r
= SSL_CTX_add0_chain_cert(ctx
, ca
);
707 r
= SSL_add0_chain_cert(ssl
, ca
);
709 * Note that we must not free ca if it was successfully added to
710 * the chain (while we must free the main certificate, since its
711 * reference count is increased by SSL_CTX_use_certificate).
723 /* When the while loop ends, it's usually just EOF. */
724 err
= ERR_peek_last_error();
725 if (ERR_GET_LIB(err
) == ERR_LIB_PEM
726 && ERR_GET_REASON(err
) == PEM_R_NO_START_LINE
)
729 ret
= 0; /* some real error */
738 int SSL_CTX_use_certificate_chain_file(SSL_CTX
*ctx
, const char *file
)
740 return use_certificate_chain_file(ctx
, NULL
, file
);
743 int SSL_use_certificate_chain_file(SSL
*ssl
, const char *file
)
745 return use_certificate_chain_file(NULL
, ssl
, file
);
748 static int serverinfo_find_extension(const unsigned char *serverinfo
,
749 size_t serverinfo_length
,
750 unsigned int extension_type
,
751 const unsigned char **extension_data
,
752 size_t *extension_length
)
756 *extension_data
= NULL
;
757 *extension_length
= 0;
758 if (serverinfo
== NULL
|| serverinfo_length
== 0)
761 if (!PACKET_buf_init(&pkt
, serverinfo
, serverinfo_length
))
765 unsigned int type
= 0;
766 unsigned long context
= 0;
768 /* end of serverinfo */
769 if (PACKET_remaining(&pkt
) == 0)
770 return 0; /* Extension not found */
772 if (!PACKET_get_net_4(&pkt
, &context
)
773 || !PACKET_get_net_2(&pkt
, &type
)
774 || !PACKET_get_length_prefixed_2(&pkt
, &data
))
777 if (type
== extension_type
) {
778 *extension_data
= PACKET_data(&data
);
779 *extension_length
= PACKET_remaining(&data
);;
780 return 1; /* Success */
786 static int serverinfoex_srv_parse_cb(SSL
*s
, unsigned int ext_type
,
787 unsigned int context
,
788 const unsigned char *in
,
789 size_t inlen
, X509
*x
, size_t chainidx
,
794 *al
= SSL_AD_DECODE_ERROR
;
801 static int serverinfo_srv_parse_cb(SSL
*s
, unsigned int ext_type
,
802 const unsigned char *in
,
803 size_t inlen
, int *al
, void *arg
)
805 return serverinfoex_srv_parse_cb(s
, ext_type
, 0, in
, inlen
, NULL
, 0, al
,
809 static int serverinfoex_srv_add_cb(SSL
*s
, unsigned int ext_type
,
810 unsigned int context
,
811 const unsigned char **out
,
812 size_t *outlen
, X509
*x
, size_t chainidx
,
815 const unsigned char *serverinfo
= NULL
;
816 size_t serverinfo_length
= 0;
818 /* We only support extensions for the first Certificate */
819 if ((context
& SSL_EXT_TLS1_3_CERTIFICATE
) != 0 && chainidx
> 0)
822 /* Is there serverinfo data for the chosen server cert? */
823 if ((ssl_get_server_cert_serverinfo(s
, &serverinfo
,
824 &serverinfo_length
)) != 0) {
825 /* Find the relevant extension from the serverinfo */
826 int retval
= serverinfo_find_extension(serverinfo
, serverinfo_length
,
827 ext_type
, out
, outlen
);
829 *al
= SSL_AD_INTERNAL_ERROR
;
830 return -1; /* Error */
833 return 0; /* No extension found, don't send extension */
834 return 1; /* Send extension */
836 return 0; /* No serverinfo data found, don't send
840 static int serverinfo_srv_add_cb(SSL
*s
, unsigned int ext_type
,
841 const unsigned char **out
, size_t *outlen
,
844 return serverinfoex_srv_add_cb(s
, ext_type
, 0, out
, outlen
, NULL
, 0, al
,
849 * With a NULL context, this function just checks that the serverinfo data
850 * parses correctly. With a non-NULL context, it registers callbacks for
851 * the included extensions.
853 static int serverinfo_process_buffer(unsigned int version
,
854 const unsigned char *serverinfo
,
855 size_t serverinfo_length
, SSL_CTX
*ctx
)
859 if (serverinfo
== NULL
|| serverinfo_length
== 0)
862 if (version
!= SSL_SERVERINFOV1
&& version
!= SSL_SERVERINFOV2
)
865 if (!PACKET_buf_init(&pkt
, serverinfo
, serverinfo_length
))
868 while (PACKET_remaining(&pkt
)) {
869 unsigned long context
= 0;
870 unsigned int ext_type
= 0;
873 if ((version
== SSL_SERVERINFOV2
&& !PACKET_get_net_4(&pkt
, &context
))
874 || !PACKET_get_net_2(&pkt
, &ext_type
)
875 || !PACKET_get_length_prefixed_2(&pkt
, &data
))
882 * The old style custom extensions API could be set separately for
883 * server/client, i.e. you could set one custom extension for a client,
884 * and *for the same extension in the same SSL_CTX* you could set a
885 * custom extension for the server as well. It seems quite weird to be
886 * setting a custom extension for both client and server in a single
887 * SSL_CTX - but theoretically possible. This isn't possible in the
888 * new API. Therefore, if we have V1 serverinfo we use the old API. We
889 * also use the old API even if we have V2 serverinfo but the context
890 * looks like an old style <= TLSv1.2 extension.
892 if (version
== SSL_SERVERINFOV1
|| context
== SYNTHV1CONTEXT
) {
893 if (!SSL_CTX_add_server_custom_ext(ctx
, ext_type
,
894 serverinfo_srv_add_cb
,
896 serverinfo_srv_parse_cb
,
900 if (!SSL_CTX_add_custom_ext(ctx
, ext_type
, context
,
901 serverinfoex_srv_add_cb
,
903 serverinfoex_srv_parse_cb
,
912 int SSL_CTX_use_serverinfo_ex(SSL_CTX
*ctx
, unsigned int version
,
913 const unsigned char *serverinfo
,
914 size_t serverinfo_length
)
916 unsigned char *new_serverinfo
;
918 if (ctx
== NULL
|| serverinfo
== NULL
|| serverinfo_length
== 0) {
919 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX
, ERR_R_PASSED_NULL_PARAMETER
);
922 if (!serverinfo_process_buffer(version
, serverinfo
, serverinfo_length
,
924 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX
, SSL_R_INVALID_SERVERINFO_DATA
);
927 if (ctx
->cert
->key
== NULL
) {
928 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX
, ERR_R_INTERNAL_ERROR
);
931 new_serverinfo
= OPENSSL_realloc(ctx
->cert
->key
->serverinfo
,
933 if (new_serverinfo
== NULL
) {
934 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX
, ERR_R_MALLOC_FAILURE
);
937 ctx
->cert
->key
->serverinfo
= new_serverinfo
;
938 memcpy(ctx
->cert
->key
->serverinfo
, serverinfo
, serverinfo_length
);
939 ctx
->cert
->key
->serverinfo_length
= serverinfo_length
;
942 * Now that the serverinfo is validated and stored, go ahead and
943 * register callbacks.
945 if (!serverinfo_process_buffer(version
, serverinfo
, serverinfo_length
,
947 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX
, SSL_R_INVALID_SERVERINFO_DATA
);
953 int SSL_CTX_use_serverinfo(SSL_CTX
*ctx
, const unsigned char *serverinfo
,
954 size_t serverinfo_length
)
956 return SSL_CTX_use_serverinfo_ex(ctx
, SSL_SERVERINFOV1
, serverinfo
,
960 int SSL_CTX_use_serverinfo_file(SSL_CTX
*ctx
, const char *file
)
962 unsigned char *serverinfo
= NULL
;
964 size_t serverinfo_length
= 0;
965 unsigned char *extension
= 0;
966 long extension_length
= 0;
969 static const char namePrefix1
[] = "SERVERINFO FOR ";
970 static const char namePrefix2
[] = "SERVERINFOV2 FOR ";
971 unsigned int name_len
;
974 size_t num_extensions
= 0, contextoff
= 0;
976 if (ctx
== NULL
|| file
== NULL
) {
977 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE
, ERR_R_PASSED_NULL_PARAMETER
);
981 bin
= BIO_new(BIO_s_file());
983 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE
, ERR_R_BUF_LIB
);
986 if (BIO_read_filename(bin
, file
) <= 0) {
987 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE
, ERR_R_SYS_LIB
);
991 for (num_extensions
= 0;; num_extensions
++) {
992 unsigned int version
;
994 if (PEM_read_bio(bin
, &name
, &header
, &extension
, &extension_length
)
997 * There must be at least one extension in this file
999 if (num_extensions
== 0) {
1000 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE
,
1001 SSL_R_NO_PEM_EXTENSIONS
);
1003 } else /* End of file, we're done */
1006 /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
1007 name_len
= strlen(name
);
1008 if (name_len
< sizeof(namePrefix1
) - 1) {
1009 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE
, SSL_R_PEM_NAME_TOO_SHORT
);
1012 if (strncmp(name
, namePrefix1
, sizeof(namePrefix1
) - 1) == 0) {
1013 version
= SSL_SERVERINFOV1
;
1015 if (name_len
< sizeof(namePrefix2
) - 1) {
1016 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE
,
1017 SSL_R_PEM_NAME_TOO_SHORT
);
1020 if (strncmp(name
, namePrefix2
, sizeof(namePrefix2
) - 1) != 0) {
1021 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE
,
1022 SSL_R_PEM_NAME_BAD_PREFIX
);
1025 version
= SSL_SERVERINFOV2
;
1028 * Check that the decoded PEM data is plausible (valid length field)
1030 if (version
== SSL_SERVERINFOV1
) {
1031 /* 4 byte header: 2 bytes type, 2 bytes len */
1032 if (extension_length
< 4
1033 || (extension
[2] << 8) + extension
[3]
1034 != extension_length
- 4) {
1035 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE
, SSL_R_BAD_DATA
);
1039 * File does not have a context value so we must take account of
1044 /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
1045 if (extension_length
< 8
1046 || (extension
[6] << 8) + extension
[7]
1047 != extension_length
- 8) {
1048 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE
, SSL_R_BAD_DATA
);
1052 /* Append the decoded extension to the serverinfo buffer */
1053 tmp
= OPENSSL_realloc(serverinfo
, serverinfo_length
+ extension_length
1056 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE
, ERR_R_MALLOC_FAILURE
);
1060 if (contextoff
> 0) {
1061 unsigned char *sinfo
= serverinfo
+ serverinfo_length
;
1063 /* We know this only uses the last 2 bytes */
1066 sinfo
[2] = (SYNTHV1CONTEXT
>> 8) & 0xff;
1067 sinfo
[3] = SYNTHV1CONTEXT
& 0xff;
1069 memcpy(serverinfo
+ serverinfo_length
+ contextoff
,
1070 extension
, extension_length
);
1071 serverinfo_length
+= extension_length
+ contextoff
;
1075 OPENSSL_free(header
);
1077 OPENSSL_free(extension
);
1081 ret
= SSL_CTX_use_serverinfo_ex(ctx
, SSL_SERVERINFOV2
, serverinfo
,
1084 /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
1086 OPENSSL_free(header
);
1087 OPENSSL_free(extension
);
1088 OPENSSL_free(serverinfo
);
1093 static int ssl_set_cert_and_key(SSL
*ssl
, SSL_CTX
*ctx
, X509
*x509
, EVP_PKEY
*privatekey
,
1094 STACK_OF(X509
) *chain
, int override
)
1100 CERT
*c
= ssl
!= NULL
? ssl
->cert
: ctx
->cert
;
1101 STACK_OF(X509
) *dup_chain
= NULL
;
1102 EVP_PKEY
*pubkey
= NULL
;
1104 /* Do all security checks before anything else */
1105 rv
= ssl_security_cert(ssl
, ctx
, x509
, 0, 1);
1107 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY
, rv
);
1110 for (j
= 0; j
< sk_X509_num(chain
); j
++) {
1111 rv
= ssl_security_cert(ssl
, ctx
, sk_X509_value(chain
, j
), 0, 0);
1113 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY
, rv
);
1118 pubkey
= X509_get_pubkey(x509
); /* bumps reference */
1121 if (privatekey
== NULL
) {
1122 privatekey
= pubkey
;
1124 /* For RSA, which has no parameters, missing returns 0 */
1125 if (EVP_PKEY_missing_parameters(privatekey
)) {
1126 if (EVP_PKEY_missing_parameters(pubkey
)) {
1127 /* nobody has parameters? - error */
1128 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY
, SSL_R_MISSING_PARAMETERS
);
1131 /* copy to privatekey from pubkey */
1132 EVP_PKEY_copy_parameters(privatekey
, pubkey
);
1134 } else if (EVP_PKEY_missing_parameters(pubkey
)) {
1135 /* copy to pubkey from privatekey */
1136 EVP_PKEY_copy_parameters(pubkey
, privatekey
);
1137 } /* else both have parameters */
1139 /* Copied from ssl_set_cert/pkey */
1140 #ifndef OPENSSL_NO_RSA
1141 if ((EVP_PKEY_id(privatekey
) == EVP_PKEY_RSA
) &&
1142 ((RSA_flags(EVP_PKEY_get0_RSA(privatekey
)) & RSA_METHOD_FLAG_NO_CHECK
)))
1146 /* check that key <-> cert match */
1147 if (EVP_PKEY_eq(pubkey
, privatekey
) != 1) {
1148 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY
, SSL_R_PRIVATE_KEY_MISMATCH
);
1152 if (ssl_cert_lookup_by_pkey(pubkey
, &i
) == NULL
) {
1153 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY
, SSL_R_UNKNOWN_CERTIFICATE_TYPE
);
1157 if (!override
&& (c
->pkeys
[i
].x509
!= NULL
1158 || c
->pkeys
[i
].privatekey
!= NULL
1159 || c
->pkeys
[i
].chain
!= NULL
)) {
1160 /* No override, and something already there */
1161 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY
, SSL_R_NOT_REPLACING_CERTIFICATE
);
1165 if (chain
!= NULL
) {
1166 dup_chain
= X509_chain_up_ref(chain
);
1167 if (dup_chain
== NULL
) {
1168 SSLerr(SSL_F_SSL_SET_CERT_AND_KEY
, ERR_R_MALLOC_FAILURE
);
1173 sk_X509_pop_free(c
->pkeys
[i
].chain
, X509_free
);
1174 c
->pkeys
[i
].chain
= dup_chain
;
1176 X509_free(c
->pkeys
[i
].x509
);
1178 c
->pkeys
[i
].x509
= x509
;
1180 EVP_PKEY_free(c
->pkeys
[i
].privatekey
);
1181 EVP_PKEY_up_ref(privatekey
);
1182 c
->pkeys
[i
].privatekey
= privatekey
;
1184 c
->key
= &(c
->pkeys
[i
]);
1188 EVP_PKEY_free(pubkey
);
1192 int SSL_use_cert_and_key(SSL
*ssl
, X509
*x509
, EVP_PKEY
*privatekey
,
1193 STACK_OF(X509
) *chain
, int override
)
1195 return ssl_set_cert_and_key(ssl
, NULL
, x509
, privatekey
, chain
, override
);
1198 int SSL_CTX_use_cert_and_key(SSL_CTX
*ctx
, X509
*x509
, EVP_PKEY
*privatekey
,
1199 STACK_OF(X509
) *chain
, int override
)
1201 return ssl_set_cert_and_key(NULL
, ctx
, x509
, privatekey
, chain
, override
);