ssl/ssl_rsa.c

   1 /*
   2  * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include "ssl_local.h"
  12 #include "internal/packet.h"
  13 #include <openssl/bio.h>
  14 #include <openssl/objects.h>
  15 #include <openssl/evp.h>
  16 #include <openssl/x509.h>
  17 #include <openssl/x509v3.h>
  18 #include <openssl/pem.h>
  19
  20 static int ssl_set_cert(CERT *c, X509 *x509, SSL_CTX *ctx);
  21 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey, SSL_CTX *ctx);
  22
  23 #define  SYNTHV1CONTEXT     (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
  24                              | SSL_EXT_CLIENT_HELLO \
  25                              | SSL_EXT_TLS1_2_SERVER_HELLO \
  26                              | SSL_EXT_IGNORE_ON_RESUMPTION)
  27
  28 #define NAME_PREFIX1 "SERVERINFO FOR "
  29 #define NAME_PREFIX2 "SERVERINFOV2 FOR "
  30
  31 int SSL_use_certificate(SSL *ssl, X509 *x)
  32 {
  33     int rv;
  34     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  35
  36     if (sc == NULL)
  37         return 0;
  38
  39     if (x == NULL) {
  40         ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  41         return 0;
  42     }
  43
  44     rv = ssl_security_cert(sc, NULL, x, 0, 1);
  45     if (rv != 1) {
  46         ERR_raise(ERR_LIB_SSL, rv);
  47         return 0;
  48     }
  49
  50     return ssl_set_cert(sc->cert, x, SSL_CONNECTION_GET_CTX(sc));
  51 }
  52
  53 int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
  54 {
  55     int j;
  56     BIO *in;
  57     int ret = 0;
  58     X509 *cert = NULL, *x = NULL;
  59
  60     in = BIO_new(BIO_s_file());
  61     if (in == NULL) {
  62         ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  63         goto end;
  64     }
  65
  66     if (BIO_read_filename(in, file) <= 0) {
  67         ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
  68         goto end;
  69     }
  70
  71     if (type != SSL_FILETYPE_ASN1 && type != SSL_FILETYPE_PEM) {
  72         ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
  73         goto end;
  74     }
  75     x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
  76     if (x == NULL) {
  77         ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  78         goto end;
  79     }
  80     if (type == SSL_FILETYPE_ASN1) {
  81         j = ERR_R_ASN1_LIB;
  82         cert = d2i_X509_bio(in, &x);
  83     } else if (type == SSL_FILETYPE_PEM) {
  84         SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  85
  86         if (sc == NULL)
  87             goto end;
  88
  89         j = ERR_R_PEM_LIB;
  90         cert = PEM_read_bio_X509(in, &x, sc->default_passwd_callback,
  91                                  sc->default_passwd_callback_userdata);
  92     } else {
  93         ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
  94         goto end;
  95     }
  96
  97     if (cert == NULL) {
  98         ERR_raise(ERR_LIB_SSL, j);
  99         goto end;
 100     }
 101
 102     ret = SSL_use_certificate(ssl, x);
 103  end:
 104     X509_free(x);
 105     BIO_free(in);
 106     return ret;
 107 }
 108
 109 int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
 110 {
 111     X509 *x;
 112     int ret;
 113
 114     x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
 115     if (x == NULL) {
 116         ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
 117         return 0;
 118     }
 119
 120     if (d2i_X509(&x, &d, (long)len)== NULL) {
 121         X509_free(x);
 122         ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
 123         return 0;
 124     }
 125
 126     ret = SSL_use_certificate(ssl, x);
 127     X509_free(x);
 128     return ret;
 129 }
 130
 131 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey, SSL_CTX *ctx)
 132 {
 133     size_t i;
 134
 135     if (ssl_cert_lookup_by_pkey(pkey, &i, ctx) == NULL) {
 136         ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
 137         return 0;
 138     }
 139
 140     if (c->pkeys[i].x509 != NULL
 141             && !X509_check_private_key(c->pkeys[i].x509, pkey))
 142         return 0;
 143
 144     EVP_PKEY_free(c->pkeys[i].privatekey);
 145     EVP_PKEY_up_ref(pkey);
 146     c->pkeys[i].privatekey = pkey;
 147     c->key = &c->pkeys[i];
 148     return 1;
 149 }
 150
 151 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
 152 {
 153     int ret;
 154     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
 155
 156     if (sc == NULL)
 157         return 0;
 158
 159     if (pkey == NULL) {
 160         ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
 161         return 0;
 162     }
 163     ret = ssl_set_pkey(sc->cert, pkey, SSL_CONNECTION_GET_CTX(sc));
 164     return ret;
 165 }
 166
 167 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
 168 {
 169     int j, ret = 0;
 170     BIO *in;
 171     EVP_PKEY *pkey = NULL;
 172
 173     in = BIO_new(BIO_s_file());
 174     if (in == NULL) {
 175         ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
 176         goto end;
 177     }
 178
 179     if (BIO_read_filename(in, file) <= 0) {
 180         ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
 181         goto end;
 182     }
 183     if (type == SSL_FILETYPE_PEM) {
 184         SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
 185
 186         if (sc == NULL)
 187             goto end;
 188
 189         j = ERR_R_PEM_LIB;
 190         pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
 191                                           sc->default_passwd_callback,
 192                                           sc->default_passwd_callback_userdata,
 193                                           ssl->ctx->libctx,
 194                                           ssl->ctx->propq);
 195     } else if (type == SSL_FILETYPE_ASN1) {
 196         j = ERR_R_ASN1_LIB;
 197         pkey = d2i_PrivateKey_ex_bio(in, NULL, ssl->ctx->libctx,
 198                                      ssl->ctx->propq);
 199     } else {
 200         ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
 201         goto end;
 202     }
 203     if (pkey == NULL) {
 204         ERR_raise(ERR_LIB_SSL, j);
 205         goto end;
 206     }
 207     ret = SSL_use_PrivateKey(ssl, pkey);
 208     EVP_PKEY_free(pkey);
 209  end:
 210     BIO_free(in);
 211     return ret;
 212 }
 213
 214 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
 215                             long len)
 216 {
 217     int ret;
 218     const unsigned char *p;
 219     EVP_PKEY *pkey;
 220
 221     p = d;
 222     if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ssl->ctx->libctx,
 223                                   ssl->ctx->propq)) == NULL) {
 224         ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
 225         return 0;
 226     }
 227
 228     ret = SSL_use_PrivateKey(ssl, pkey);
 229     EVP_PKEY_free(pkey);
 230     return ret;
 231 }
 232
 233 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
 234 {
 235     int rv;
 236     if (x == NULL) {
 237         ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
 238         return 0;
 239     }
 240
 241     rv = ssl_security_cert(NULL, ctx, x, 0, 1);
 242     if (rv != 1) {
 243         ERR_raise(ERR_LIB_SSL, rv);
 244         return 0;
 245     }
 246     return ssl_set_cert(ctx->cert, x, ctx);
 247 }
 248
 249 static int ssl_set_cert(CERT *c, X509 *x, SSL_CTX *ctx)
 250 {
 251     EVP_PKEY *pkey;
 252     size_t i;
 253
 254     pkey = X509_get0_pubkey(x);
 255     if (pkey == NULL) {
 256         ERR_raise(ERR_LIB_SSL, SSL_R_X509_LIB);
 257         return 0;
 258     }
 259
 260     if (ssl_cert_lookup_by_pkey(pkey, &i, ctx) == NULL) {
 261         ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
 262         return 0;
 263     }
 264
 265     if (i == SSL_PKEY_ECC && !EVP_PKEY_can_sign(pkey)) {
 266         ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
 267         return 0;
 268     }
 269
 270     if (c->pkeys[i].privatekey != NULL) {
 271         /*
 272          * The return code from EVP_PKEY_copy_parameters is deliberately
 273          * ignored. Some EVP_PKEY types cannot do this.
 274          * coverity[check_return]
 275          */
 276         EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
 277         ERR_clear_error();
 278
 279         if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
 280             /*
 281              * don't fail for a cert/key mismatch, just free current private
 282              * key (when switching to a different cert & key, first this
 283              * function should be used, then ssl_set_pkey
 284              */
 285             EVP_PKEY_free(c->pkeys[i].privatekey);
 286             c->pkeys[i].privatekey = NULL;
 287             /* clear error queue */
 288             ERR_clear_error();
 289         }
 290     }
 291
 292     X509_free(c->pkeys[i].x509);
 293     X509_up_ref(x);
 294     c->pkeys[i].x509 = x;
 295     c->key = &(c->pkeys[i]);
 296
 297     return 1;
 298 }
 299
 300 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
 301 {
 302     int j = SSL_R_BAD_VALUE;
 303     BIO *in;
 304     int ret = 0;
 305     X509 *x = NULL, *cert = NULL;
 306
 307     in = BIO_new(BIO_s_file());
 308     if (in == NULL) {
 309         ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
 310         goto end;
 311     }
 312
 313     if (BIO_read_filename(in, file) <= 0) {
 314         ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
 315         goto end;
 316     }
 317     if (type != SSL_FILETYPE_ASN1 && type != SSL_FILETYPE_PEM) {
 318         ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
 319         goto end;
 320     }
 321     x = X509_new_ex(ctx->libctx, ctx->propq);
 322     if (x == NULL) {
 323         ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
 324         goto end;
 325     }
 326     if (type == SSL_FILETYPE_ASN1) {
 327         j = ERR_R_ASN1_LIB;
 328         cert = d2i_X509_bio(in, &x);
 329     } else if (type == SSL_FILETYPE_PEM) {
 330         j = ERR_R_PEM_LIB;
 331         cert = PEM_read_bio_X509(in, &x, ctx->default_passwd_callback,
 332                                  ctx->default_passwd_callback_userdata);
 333     }
 334     if (cert == NULL) {
 335         ERR_raise(ERR_LIB_SSL, j);
 336         goto end;
 337     }
 338
 339     ret = SSL_CTX_use_certificate(ctx, x);
 340  end:
 341     X509_free(x);
 342     BIO_free(in);
 343     return ret;
 344 }
 345
 346 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
 347 {
 348     X509 *x;
 349     int ret;
 350
 351     x = X509_new_ex(ctx->libctx, ctx->propq);
 352     if (x == NULL) {
 353         ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
 354         return 0;
 355     }
 356
 357     if (d2i_X509(&x, &d, (long)len) == NULL) {
 358         X509_free(x);
 359         ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
 360         return 0;
 361     }
 362
 363     ret = SSL_CTX_use_certificate(ctx, x);
 364     X509_free(x);
 365     return ret;
 366 }
 367
 368 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 369 {
 370     if (pkey == NULL) {
 371         ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
 372         return 0;
 373     }
 374     return ssl_set_pkey(ctx->cert, pkey, ctx);
 375 }
 376
 377 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 378 {
 379     int j, ret = 0;
 380     BIO *in;
 381     EVP_PKEY *pkey = NULL;
 382
 383     in = BIO_new(BIO_s_file());
 384     if (in == NULL) {
 385         ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
 386         goto end;
 387     }
 388
 389     if (BIO_read_filename(in, file) <= 0) {
 390         ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
 391         goto end;
 392     }
 393     if (type == SSL_FILETYPE_PEM) {
 394         j = ERR_R_PEM_LIB;
 395         pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
 396                                        ctx->default_passwd_callback,
 397                                        ctx->default_passwd_callback_userdata,
 398                                        ctx->libctx, ctx->propq);
 399     } else if (type == SSL_FILETYPE_ASN1) {
 400         j = ERR_R_ASN1_LIB;
 401         pkey = d2i_PrivateKey_ex_bio(in, NULL, ctx->libctx, ctx->propq);
 402     } else {
 403         ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
 404         goto end;
 405     }
 406     if (pkey == NULL) {
 407         ERR_raise(ERR_LIB_SSL, j);
 408         goto end;
 409     }
 410     ret = SSL_CTX_use_PrivateKey(ctx, pkey);
 411     EVP_PKEY_free(pkey);
 412  end:
 413     BIO_free(in);
 414     return ret;
 415 }
 416
 417 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
 418                                 const unsigned char *d, long len)
 419 {
 420     int ret;
 421     const unsigned char *p;
 422     EVP_PKEY *pkey;
 423
 424     p = d;
 425     if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ctx->libctx,
 426                                   ctx->propq)) == NULL) {
 427         ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
 428         return 0;
 429     }
 430
 431     ret = SSL_CTX_use_PrivateKey(ctx, pkey);
 432     EVP_PKEY_free(pkey);
 433     return ret;
 434 }
 435
 436 /*
 437  * Read a file that contains our certificate in "PEM" format, possibly
 438  * followed by a sequence of CA certificates that should be sent to the peer
 439  * in the Certificate message.
 440  */
 441 static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
 442 {
 443     BIO *in;
 444     int ret = 0;
 445     X509 *x = NULL;
 446     pem_password_cb *passwd_callback;
 447     void *passwd_callback_userdata;
 448     SSL_CTX *real_ctx = (ssl == NULL) ? ctx : ssl->ctx;
 449
 450     if (ctx == NULL && ssl == NULL)
 451         return 0;
 452
 453     ERR_clear_error();          /* clear error stack for
 454                                  * SSL_CTX_use_certificate() */
 455
 456     if (ctx != NULL) {
 457         passwd_callback = ctx->default_passwd_callback;
 458         passwd_callback_userdata = ctx->default_passwd_callback_userdata;
 459     } else {
 460         SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
 461
 462         if (sc == NULL)
 463             return 0;
 464
 465         passwd_callback = sc->default_passwd_callback;
 466         passwd_callback_userdata = sc->default_passwd_callback_userdata;
 467     }
 468
 469     in = BIO_new(BIO_s_file());
 470     if (in == NULL) {
 471         ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
 472         goto end;
 473     }
 474
 475     if (BIO_read_filename(in, file) <= 0) {
 476         ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
 477         goto end;
 478     }
 479
 480     x = X509_new_ex(real_ctx->libctx, real_ctx->propq);
 481     if (x == NULL) {
 482         ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
 483         goto end;
 484     }
 485     if (PEM_read_bio_X509_AUX(in, &x, passwd_callback,
 486                               passwd_callback_userdata) == NULL) {
 487         ERR_raise(ERR_LIB_SSL, ERR_R_PEM_LIB);
 488         goto end;
 489     }
 490
 491     if (ctx)
 492         ret = SSL_CTX_use_certificate(ctx, x);
 493     else
 494         ret = SSL_use_certificate(ssl, x);
 495
 496     if (ERR_peek_error() != 0)
 497         ret = 0;                /* Key/certificate mismatch doesn't imply
 498                                  * ret==0 ... */
 499     if (ret) {
 500         /*
 501          * If we could set up our certificate, now proceed to the CA
 502          * certificates.
 503          */
 504         X509 *ca;
 505         int r;
 506         unsigned long err;
 507
 508         if (ctx)
 509             r = SSL_CTX_clear_chain_certs(ctx);
 510         else
 511             r = SSL_clear_chain_certs(ssl);
 512
 513         if (r == 0) {
 514             ret = 0;
 515             goto end;
 516         }
 517
 518         while (1) {
 519             ca = X509_new_ex(real_ctx->libctx, real_ctx->propq);
 520             if (ca == NULL) {
 521                 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
 522                 goto end;
 523             }
 524             if (PEM_read_bio_X509(in, &ca, passwd_callback,
 525                                   passwd_callback_userdata) != NULL) {
 526                 if (ctx)
 527                     r = SSL_CTX_add0_chain_cert(ctx, ca);
 528                 else
 529                     r = SSL_add0_chain_cert(ssl, ca);
 530                 /*
 531                  * Note that we must not free ca if it was successfully added to
 532                  * the chain (while we must free the main certificate, since its
 533                  * reference count is increased by SSL_CTX_use_certificate).
 534                  */
 535                 if (!r) {
 536                     X509_free(ca);
 537                     ret = 0;
 538                     goto end;
 539                 }
 540             } else {
 541                 X509_free(ca);
 542                 break;
 543             }
 544         }
 545         /* When the while loop ends, it's usually just EOF. */
 546         err = ERR_peek_last_error();
 547         if (ERR_GET_LIB(err) == ERR_LIB_PEM
 548             && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
 549             ERR_clear_error();
 550         else
 551             ret = 0;            /* some real error */
 552     }
 553
 554  end:
 555     X509_free(x);
 556     BIO_free(in);
 557     return ret;
 558 }
 559
 560 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 561 {
 562     return use_certificate_chain_file(ctx, NULL, file);
 563 }
 564
 565 int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
 566 {
 567     return use_certificate_chain_file(NULL, ssl, file);
 568 }
 569
 570 static int serverinfo_find_extension(const unsigned char *serverinfo,
 571                                      size_t serverinfo_length,
 572                                      unsigned int extension_type,
 573                                      const unsigned char **extension_data,
 574                                      size_t *extension_length)
 575 {
 576     PACKET pkt, data;
 577
 578     *extension_data = NULL;
 579     *extension_length = 0;
 580     if (serverinfo == NULL || serverinfo_length == 0)
 581         return -1;
 582
 583     if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
 584         return -1;
 585
 586     for (;;) {
 587         unsigned int type = 0;
 588         unsigned long context = 0;
 589
 590         /* end of serverinfo */
 591         if (PACKET_remaining(&pkt) == 0)
 592             return 0;           /* Extension not found */
 593
 594         if (!PACKET_get_net_4(&pkt, &context)
 595                 || !PACKET_get_net_2(&pkt, &type)
 596                 || !PACKET_get_length_prefixed_2(&pkt, &data))
 597             return -1;
 598
 599         if (type == extension_type) {
 600             *extension_data = PACKET_data(&data);
 601             *extension_length = PACKET_remaining(&data);
 602             return 1;           /* Success */
 603         }
 604     }
 605     /* Unreachable */
 606 }
 607
 608 static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
 609                                      unsigned int context,
 610                                      const unsigned char *in,
 611                                      size_t inlen, X509 *x, size_t chainidx,
 612                                      int *al, void *arg)
 613 {
 614
 615     if (inlen != 0) {
 616         *al = SSL_AD_DECODE_ERROR;
 617         return 0;
 618     }
 619
 620     return 1;
 621 }
 622
 623 static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
 624                                    const unsigned char *in,
 625                                    size_t inlen, int *al, void *arg)
 626 {
 627     return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al,
 628                                      arg);
 629 }
 630
 631 static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
 632                                    unsigned int context,
 633                                    const unsigned char **out,
 634                                    size_t *outlen, X509 *x, size_t chainidx,
 635                                    int *al, void *arg)
 636 {
 637     const unsigned char *serverinfo = NULL;
 638     size_t serverinfo_length = 0;
 639     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
 640
 641     if (sc == NULL) {
 642         *al = SSL_AD_INTERNAL_ERROR;
 643         return -1;
 644     }
 645
 646     /* We only support extensions for the first Certificate */
 647     if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
 648         return 0;
 649
 650     /* Is there serverinfo data for the chosen server cert? */
 651     if ((ssl_get_server_cert_serverinfo(sc, &serverinfo,
 652                                         &serverinfo_length)) != 0) {
 653         /* Find the relevant extension from the serverinfo */
 654         int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
 655                                                ext_type, out, outlen);
 656         if (retval == -1) {
 657             *al = SSL_AD_INTERNAL_ERROR;
 658             return -1;          /* Error */
 659         }
 660         if (retval == 0)
 661             return 0;           /* No extension found, don't send extension */
 662         return 1;               /* Send extension */
 663     }
 664     return 0;                   /* No serverinfo data found, don't send
 665                                  * extension */
 666 }
 667
 668 static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
 669                                  const unsigned char **out, size_t *outlen,
 670                                  int *al, void *arg)
 671 {
 672     return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al,
 673                                    arg);
 674 }
 675
 676 /*
 677  * With a NULL context, this function just checks that the serverinfo data
 678  * parses correctly.  With a non-NULL context, it registers callbacks for
 679  * the included extensions.
 680  */
 681 static int serverinfo_process_buffer(unsigned int version,
 682                                      const unsigned char *serverinfo,
 683                                      size_t serverinfo_length, SSL_CTX *ctx)
 684 {
 685     PACKET pkt;
 686
 687     if (serverinfo == NULL || serverinfo_length == 0)
 688         return 0;
 689
 690     if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2)
 691         return 0;
 692
 693     if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
 694         return 0;
 695
 696     while (PACKET_remaining(&pkt)) {
 697         unsigned long context = 0;
 698         unsigned int ext_type = 0;
 699         PACKET data;
 700
 701         if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context))
 702                 || !PACKET_get_net_2(&pkt, &ext_type)
 703                 || !PACKET_get_length_prefixed_2(&pkt, &data))
 704             return 0;
 705
 706         if (ctx == NULL)
 707             continue;
 708
 709         /*
 710          * The old style custom extensions API could be set separately for
 711          * server/client, i.e. you could set one custom extension for a client,
 712          * and *for the same extension in the same SSL_CTX* you could set a
 713          * custom extension for the server as well. It seems quite weird to be
 714          * setting a custom extension for both client and server in a single
 715          * SSL_CTX - but theoretically possible. This isn't possible in the
 716          * new API. Therefore, if we have V1 serverinfo we use the old API. We
 717          * also use the old API even if we have V2 serverinfo but the context
 718          * looks like an old style <= TLSv1.2 extension.
 719          */
 720         if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) {
 721             if (!SSL_CTX_add_server_custom_ext(ctx, ext_type,
 722                                                serverinfo_srv_add_cb,
 723                                                NULL, NULL,
 724                                                serverinfo_srv_parse_cb,
 725                                                NULL))
 726                 return 0;
 727         } else {
 728             if (!SSL_CTX_add_custom_ext(ctx, ext_type, context,
 729                                         serverinfoex_srv_add_cb,
 730                                         NULL, NULL,
 731                                         serverinfoex_srv_parse_cb,
 732                                         NULL))
 733                 return 0;
 734         }
 735     }
 736
 737     return 1;
 738 }
 739
 740 static size_t extension_contextoff(unsigned int version)
 741 {
 742     return version == SSL_SERVERINFOV1 ? 4 : 0;
 743 }
 744
 745 static size_t extension_append_length(unsigned int version, size_t extension_length)
 746 {
 747     return extension_length + extension_contextoff(version);
 748 }
 749
 750 static void extension_append(unsigned int version,
 751                              const unsigned char *extension,
 752                              const size_t extension_length,
 753                              unsigned char *serverinfo)
 754 {
 755     const size_t contextoff = extension_contextoff(version);
 756
 757     if (contextoff > 0) {
 758         /* We know this only uses the last 2 bytes */
 759         serverinfo[0] = 0;
 760         serverinfo[1] = 0;
 761         serverinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
 762         serverinfo[3] = SYNTHV1CONTEXT & 0xff;
 763     }
 764
 765     memcpy(serverinfo + contextoff, extension, extension_length);
 766 }
 767
 768 int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
 769                               const unsigned char *serverinfo,
 770                               size_t serverinfo_length)
 771 {
 772     unsigned char *new_serverinfo = NULL;
 773
 774     if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
 775         ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
 776         return 0;
 777     }
 778     if (version == SSL_SERVERINFOV1) {
 779         /*
 780          * Convert serverinfo version v1 to v2 and call yourself recursively
 781          * over the converted serverinfo.
 782          */
 783         const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1,
 784                                                             serverinfo_length);
 785         unsigned char *sinfo;
 786         int ret;
 787
 788         sinfo = OPENSSL_malloc(sinfo_length);
 789         if (sinfo == NULL)
 790             return 0;
 791
 792         extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo);
 793
 794         ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo,
 795                                         sinfo_length);
 796
 797         OPENSSL_free(sinfo);
 798         return ret;
 799     }
 800     if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
 801                                    NULL)) {
 802         ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
 803         return 0;
 804     }
 805     if (ctx->cert->key == NULL) {
 806         ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
 807         return 0;
 808     }
 809     new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
 810                                      serverinfo_length);
 811     if (new_serverinfo == NULL)
 812         return 0;
 813     ctx->cert->key->serverinfo = new_serverinfo;
 814     memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
 815     ctx->cert->key->serverinfo_length = serverinfo_length;
 816
 817     /*
 818      * Now that the serverinfo is validated and stored, go ahead and
 819      * register callbacks.
 820      */
 821     if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
 822                                    ctx)) {
 823         ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
 824         return 0;
 825     }
 826     return 1;
 827 }
 828
 829 int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
 830                            size_t serverinfo_length)
 831 {
 832     return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo,
 833                                      serverinfo_length);
 834 }
 835
 836 int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
 837 {
 838     unsigned char *serverinfo = NULL;
 839     unsigned char *tmp;
 840     size_t serverinfo_length = 0;
 841     unsigned char *extension = 0;
 842     long extension_length = 0;
 843     char *name = NULL;
 844     char *header = NULL;
 845     unsigned int name_len;
 846     int ret = 0;
 847     BIO *bin = NULL;
 848     size_t num_extensions = 0;
 849
 850     if (ctx == NULL || file == NULL) {
 851         ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
 852         goto end;
 853     }
 854
 855     bin = BIO_new(BIO_s_file());
 856     if (bin == NULL) {
 857         ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
 858         goto end;
 859     }
 860     if (BIO_read_filename(bin, file) <= 0) {
 861         ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
 862         goto end;
 863     }
 864
 865     for (num_extensions = 0;; num_extensions++) {
 866         unsigned int version;
 867         size_t append_length;
 868
 869         if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
 870             == 0) {
 871             /*
 872              * There must be at least one extension in this file
 873              */
 874             if (num_extensions == 0) {
 875                 ERR_raise(ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS);
 876                 goto end;
 877             } else              /* End of file, we're done */
 878                 break;
 879         }
 880         /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
 881         name_len = strlen(name);
 882         if (name_len < sizeof(NAME_PREFIX1) - 1) {
 883             ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
 884             goto end;
 885         }
 886         if (HAS_PREFIX(name, NAME_PREFIX1)) {
 887             version = SSL_SERVERINFOV1;
 888         } else {
 889             if (name_len < sizeof(NAME_PREFIX2) - 1) {
 890                 ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
 891                 goto end;
 892             }
 893             if (!HAS_PREFIX(name, NAME_PREFIX2)) {
 894                 ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX);
 895                 goto end;
 896             }
 897             version = SSL_SERVERINFOV2;
 898         }
 899         /*
 900          * Check that the decoded PEM data is plausible (valid length field)
 901          */
 902         if (version == SSL_SERVERINFOV1) {
 903             /* 4 byte header: 2 bytes type, 2 bytes len */
 904             if (extension_length < 4
 905                     || (extension[2] << 8) + extension[3]
 906                        != extension_length - 4) {
 907                 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
 908                 goto end;
 909             }
 910         } else {
 911             /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
 912             if (extension_length < 8
 913                     || (extension[6] << 8) + extension[7]
 914                        != extension_length - 8) {
 915                 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
 916                 goto end;
 917             }
 918         }
 919         /* Append the decoded extension to the serverinfo buffer */
 920         append_length = extension_append_length(version, extension_length);
 921         tmp = OPENSSL_realloc(serverinfo, serverinfo_length + append_length);
 922         if (tmp == NULL)
 923             goto end;
 924         serverinfo = tmp;
 925         extension_append(version, extension, extension_length,
 926                          serverinfo + serverinfo_length);
 927         serverinfo_length += append_length;
 928
 929         OPENSSL_free(name);
 930         name = NULL;
 931         OPENSSL_free(header);
 932         header = NULL;
 933         OPENSSL_free(extension);
 934         extension = NULL;
 935     }
 936
 937     ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo,
 938                                     serverinfo_length);
 939  end:
 940     /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
 941     OPENSSL_free(name);
 942     OPENSSL_free(header);
 943     OPENSSL_free(extension);
 944     OPENSSL_free(serverinfo);
 945     BIO_free(bin);
 946     return ret;
 947 }
 948
 949 static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
 950                                 STACK_OF(X509) *chain, int override)
 951 {
 952     int ret = 0;
 953     size_t i;
 954     int j;
 955     int rv;
 956     CERT *c;
 957     STACK_OF(X509) *dup_chain = NULL;
 958     EVP_PKEY *pubkey = NULL;
 959     SSL_CONNECTION *sc = NULL;
 960
 961     if (ctx == NULL &&
 962         (sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL)
 963         return 0;
 964
 965     c = sc != NULL ? sc->cert : ctx->cert;
 966     /* Do all security checks before anything else */
 967     rv = ssl_security_cert(sc, ctx, x509, 0, 1);
 968     if (rv != 1) {
 969         ERR_raise(ERR_LIB_SSL, rv);
 970         goto out;
 971     }
 972     for (j = 0; j < sk_X509_num(chain); j++) {
 973         rv = ssl_security_cert(sc, ctx, sk_X509_value(chain, j), 0, 0);
 974         if (rv != 1) {
 975             ERR_raise(ERR_LIB_SSL, rv);
 976             goto out;
 977         }
 978     }
 979
 980     pubkey = X509_get_pubkey(x509); /* bumps reference */
 981     if (pubkey == NULL)
 982         goto out;
 983     if (privatekey == NULL) {
 984         privatekey = pubkey;
 985     } else {
 986         /* For RSA, which has no parameters, missing returns 0 */
 987         if (EVP_PKEY_missing_parameters(privatekey)) {
 988             if (EVP_PKEY_missing_parameters(pubkey)) {
 989                 /* nobody has parameters? - error */
 990                 ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
 991                 goto out;
 992             } else {
 993                 /* copy to privatekey from pubkey */
 994                 if (!EVP_PKEY_copy_parameters(privatekey, pubkey)) {
 995                     ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
 996                     goto out;
 997                 }
 998             }
 999         } else if (EVP_PKEY_missing_parameters(pubkey)) {
1000             /* copy to pubkey from privatekey */
1001             if (!EVP_PKEY_copy_parameters(pubkey, privatekey)) {
1002                 ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
1003                 goto out;
1004             }
1005         } /* else both have parameters */
1006
1007         /* check that key <-> cert match */
1008         if (EVP_PKEY_eq(pubkey, privatekey) != 1) {
1009             ERR_raise(ERR_LIB_SSL, SSL_R_PRIVATE_KEY_MISMATCH);
1010             goto out;
1011         }
1012     }
1013     if (ssl_cert_lookup_by_pkey(pubkey, &i, ctx) == NULL) {
1014         ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1015         goto out;
1016     }
1017
1018     if (!override && (c->pkeys[i].x509 != NULL
1019                       || c->pkeys[i].privatekey != NULL
1020                       || c->pkeys[i].chain != NULL)) {
1021         /* No override, and something already there */
1022         ERR_raise(ERR_LIB_SSL, SSL_R_NOT_REPLACING_CERTIFICATE);
1023         goto out;
1024     }
1025
1026     if (chain != NULL) {
1027         dup_chain = X509_chain_up_ref(chain);
1028         if  (dup_chain == NULL) {
1029             ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1030             goto out;
1031         }
1032     }
1033
1034     OSSL_STACK_OF_X509_free(c->pkeys[i].chain);
1035     c->pkeys[i].chain = dup_chain;
1036
1037     X509_free(c->pkeys[i].x509);
1038     X509_up_ref(x509);
1039     c->pkeys[i].x509 = x509;
1040
1041     EVP_PKEY_free(c->pkeys[i].privatekey);
1042     EVP_PKEY_up_ref(privatekey);
1043     c->pkeys[i].privatekey = privatekey;
1044
1045     c->key = &(c->pkeys[i]);
1046
1047     ret = 1;
1048  out:
1049     EVP_PKEY_free(pubkey);
1050     return ret;
1051 }
1052
1053 int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
1054                          STACK_OF(X509) *chain, int override)
1055 {
1056     return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override);
1057 }
1058
1059 int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
1060                              STACK_OF(X509) *chain, int override)
1061 {
1062     return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override);
1063 }