1
/*
2
 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9

10
#include <stdio.h>
11
#include "ssl_local.h"
12
#include "internal/packet.h"
13
#include "internal/ssl_unwrap.h"
14
#include <openssl/bio.h>
15
#include <openssl/objects.h>
16
#include <openssl/evp.h>
17
#include <openssl/x509.h>
18
#include <openssl/x509v3.h>
19
#include <openssl/pem.h>
20

21
static int ssl_set_cert(CERT *c, X509 *x509, SSL_CTX *ctx);
22
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey, SSL_CTX *ctx);
23

24
#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
25
    | SSL_EXT_CLIENT_HELLO                            \
26
    | SSL_EXT_TLS1_2_SERVER_HELLO                     \
27
    | SSL_EXT_IGNORE_ON_RESUMPTION)
28

29
#define NAME_PREFIX1 "SERVERINFO FOR "
30
#define NAME_PREFIX2 "SERVERINFOV2 FOR "
31

32
int SSL_use_certificate(SSL *ssl, X509 *x)
33
{
34
    int rv;
35
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
36

37
    if (sc == NULL)
38
        return 0;
39

40
    if (x == NULL) {
41
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
42
        return 0;
43
    }
44

45
    rv = ssl_security_cert(sc, NULL, x, 0, 1);
46
    if (rv != 1) {
47
        ERR_raise(ERR_LIB_SSL, rv);
48
        return 0;
49
    }
50

51
    return ssl_set_cert(sc->cert, x, SSL_CONNECTION_GET_CTX(sc));
52
}
53

54
int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
55
{
56
    int j;
57
    BIO *in = NULL;
58
    int ret = 0;
59
    X509 *cert = NULL, *x = NULL;
60

61
    if (file == NULL) {
62
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
63
        goto end;
64
    }
65

66
    in = BIO_new(BIO_s_file());
67
    if (in == NULL) {
68
        ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
69
        goto end;
70
    }
71

72
    if (BIO_read_filename(in, file) <= 0) {
73
        ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
74
        goto end;
75
    }
76

77
    x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
78
    if (x == NULL) {
79
        ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
80
        goto end;
81
    }
82
    if (type == SSL_FILETYPE_ASN1) {
83
        j = ERR_R_ASN1_LIB;
84
        cert = d2i_X509_bio(in, &x);
85
    } else if (type == SSL_FILETYPE_PEM) {
86
        SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
87

88
        if (sc == NULL)
89
            goto end;
90

91
        j = ERR_R_PEM_LIB;
92
        cert = PEM_read_bio_X509(in, &x, sc->default_passwd_callback,
93
            sc->default_passwd_callback_userdata);
94
    } else {
95
        ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
96
        goto end;
97
    }
98

99
    if (cert == NULL) {
100
        ERR_raise(ERR_LIB_SSL, j);
101
        goto end;
102
    }
103

104
    ret = SSL_use_certificate(ssl, x);
105
end:
106
    X509_free(x);
107
    BIO_free(in);
108
    return ret;
109
}
110

111
int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
112
{
113
    X509 *x;
114
    int ret;
115

116
    x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
117
    if (x == NULL) {
118
        ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
119
        return 0;
120
    }
121

122
    if (d2i_X509(&x, &d, (long)len) == NULL) {
123
        X509_free(x);
124
        ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
125
        return 0;
126
    }
127

128
    ret = SSL_use_certificate(ssl, x);
129
    X509_free(x);
130
    return ret;
131
}
132

133
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey, SSL_CTX *ctx)
134
{
135
    size_t i;
136

137
    if (ssl_cert_lookup_by_pkey(pkey, &i, ctx) == NULL) {
138
        ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
139
        return 0;
140
    }
141

142
    if (c->pkeys[i].x509 != NULL
143
        && !X509_check_private_key(c->pkeys[i].x509, pkey))
144
        return 0;
145
    if (!EVP_PKEY_up_ref(pkey))
146
        return 0;
147

148
    EVP_PKEY_free(c->pkeys[i].privatekey);
149
    c->pkeys[i].privatekey = pkey;
150
    c->key = &c->pkeys[i];
151
    return 1;
152
}
153

154
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
155
{
156
    int ret;
157
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
158

159
    if (sc == NULL)
160
        return 0;
161

162
    if (pkey == NULL) {
163
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
164
        return 0;
165
    }
166
    ret = ssl_set_pkey(sc->cert, pkey, SSL_CONNECTION_GET_CTX(sc));
167
    return ret;
168
}
169

170
int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
171
{
172
    int j, ret = 0;
173
    BIO *in = NULL;
174
    EVP_PKEY *pkey = NULL;
175

176
    if (file == NULL) {
177
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
178
        goto end;
179
    }
180

181
    in = BIO_new(BIO_s_file());
182
    if (in == NULL) {
183
        ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
184
        goto end;
185
    }
186

187
    if (BIO_read_filename(in, file) <= 0) {
188
        ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
189
        goto end;
190
    }
191
    if (type == SSL_FILETYPE_PEM) {
192
        SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
193

194
        if (sc == NULL)
195
            goto end;
196

197
        j = ERR_R_PEM_LIB;
198
        pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
199
            sc->default_passwd_callback,
200
            sc->default_passwd_callback_userdata,
201
            ssl->ctx->libctx,
202
            ssl->ctx->propq);
203
    } else if (type == SSL_FILETYPE_ASN1) {
204
        j = ERR_R_ASN1_LIB;
205
        pkey = d2i_PrivateKey_ex_bio(in, NULL, ssl->ctx->libctx,
206
            ssl->ctx->propq);
207
    } else {
208
        ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
209
        goto end;
210
    }
211
    if (pkey == NULL) {
212
        ERR_raise(ERR_LIB_SSL, j);
213
        goto end;
214
    }
215
    ret = SSL_use_PrivateKey(ssl, pkey);
216
    EVP_PKEY_free(pkey);
217
end:
218
    BIO_free(in);
219
    return ret;
220
}
221

222
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
223
    long len)
224
{
225
    int ret;
226
    const unsigned char *p;
227
    EVP_PKEY *pkey;
228

229
    p = d;
230
    if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ssl->ctx->libctx,
231
             ssl->ctx->propq))
232
        == NULL) {
233
        ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
234
        return 0;
235
    }
236

237
    ret = SSL_use_PrivateKey(ssl, pkey);
238
    EVP_PKEY_free(pkey);
239
    return ret;
240
}
241

242
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
243
{
244
    int rv;
245
    if (x == NULL) {
246
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
247
        return 0;
248
    }
249

250
    rv = ssl_security_cert(NULL, ctx, x, 0, 1);
251
    if (rv != 1) {
252
        ERR_raise(ERR_LIB_SSL, rv);
253
        return 0;
254
    }
255
    return ssl_set_cert(ctx->cert, x, ctx);
256
}
257

258
static int ssl_set_cert(CERT *c, X509 *x, SSL_CTX *ctx)
259
{
260
    EVP_PKEY *pkey;
261
    size_t i;
262

263
    pkey = X509_get0_pubkey(x);
264
    if (pkey == NULL) {
265
        ERR_raise(ERR_LIB_SSL, SSL_R_X509_LIB);
266
        return 0;
267
    }
268

269
    if (ssl_cert_lookup_by_pkey(pkey, &i, ctx) == NULL) {
270
        ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
271
        return 0;
272
    }
273

274
    if (i == SSL_PKEY_ECC && !EVP_PKEY_can_sign(pkey)) {
275
        ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
276
        return 0;
277
    }
278

279
    if (c->pkeys[i].privatekey != NULL) {
280
        /*
281
         * The return code from EVP_PKEY_copy_parameters is deliberately
282
         * ignored. Some EVP_PKEY types cannot do this.
283
         * coverity[check_return]
284
         */
285
        EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
286
        ERR_clear_error();
287

288
        if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
289
            /*
290
             * don't fail for a cert/key mismatch, just free current private
291
             * key (when switching to a different cert & key, first this
292
             * function should be used, then ssl_set_pkey
293
             */
294
            EVP_PKEY_free(c->pkeys[i].privatekey);
295
            c->pkeys[i].privatekey = NULL;
296
            /* clear error queue */
297
            ERR_clear_error();
298
        }
299
    }
300

301
    if (!X509_up_ref(x))
302
        return 0;
303

304
    X509_free(c->pkeys[i].x509);
305
    c->pkeys[i].x509 = x;
306
    c->key = &(c->pkeys[i]);
307

308
    return 1;
309
}
310

311
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
312
{
313
    int j = SSL_R_BAD_VALUE;
314
    BIO *in = NULL;
315
    int ret = 0;
316
    X509 *x = NULL, *cert = NULL;
317

318
    if (file == NULL) {
319
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
320
        goto end;
321
    }
322

323
    in = BIO_new(BIO_s_file());
324
    if (in == NULL) {
325
        ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
326
        goto end;
327
    }
328

329
    if (BIO_read_filename(in, file) <= 0) {
330
        ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
331
        goto end;
332
    }
333

334
    x = X509_new_ex(ctx->libctx, ctx->propq);
335
    if (x == NULL) {
336
        ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
337
        goto end;
338
    }
339
    if (type == SSL_FILETYPE_ASN1) {
340
        j = ERR_R_ASN1_LIB;
341
        cert = d2i_X509_bio(in, &x);
342
    } else if (type == SSL_FILETYPE_PEM) {
343
        j = ERR_R_PEM_LIB;
344
        cert = PEM_read_bio_X509(in, &x, ctx->default_passwd_callback,
345
            ctx->default_passwd_callback_userdata);
346
    } else {
347
        ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
348
        goto end;
349
    }
350
    if (cert == NULL) {
351
        ERR_raise(ERR_LIB_SSL, j);
352
        goto end;
353
    }
354

355
    ret = SSL_CTX_use_certificate(ctx, x);
356
end:
357
    X509_free(x);
358
    BIO_free(in);
359
    return ret;
360
}
361

362
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
363
{
364
    X509 *x;
365
    int ret;
366

367
    x = X509_new_ex(ctx->libctx, ctx->propq);
368
    if (x == NULL) {
369
        ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
370
        return 0;
371
    }
372

373
    if (d2i_X509(&x, &d, (long)len) == NULL) {
374
        X509_free(x);
375
        ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
376
        return 0;
377
    }
378

379
    ret = SSL_CTX_use_certificate(ctx, x);
380
    X509_free(x);
381
    return ret;
382
}
383

384
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
385
{
386
    if (pkey == NULL) {
387
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
388
        return 0;
389
    }
390
    return ssl_set_pkey(ctx->cert, pkey, ctx);
391
}
392

393
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
394
{
395
    int j, ret = 0;
396
    BIO *in = NULL;
397
    EVP_PKEY *pkey = NULL;
398

399
    if (file == NULL) {
400
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
401
        goto end;
402
    }
403

404
    in = BIO_new(BIO_s_file());
405
    if (in == NULL) {
406
        ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
407
        goto end;
408
    }
409

410
    if (BIO_read_filename(in, file) <= 0) {
411
        ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
412
        goto end;
413
    }
414
    if (type == SSL_FILETYPE_PEM) {
415
        j = ERR_R_PEM_LIB;
416
        pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
417
            ctx->default_passwd_callback,
418
            ctx->default_passwd_callback_userdata,
419
            ctx->libctx, ctx->propq);
420
    } else if (type == SSL_FILETYPE_ASN1) {
421
        j = ERR_R_ASN1_LIB;
422
        pkey = d2i_PrivateKey_ex_bio(in, NULL, ctx->libctx, ctx->propq);
423
    } else {
424
        ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
425
        goto end;
426
    }
427
    if (pkey == NULL) {
428
        ERR_raise(ERR_LIB_SSL, j);
429
        goto end;
430
    }
431
    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
432
    EVP_PKEY_free(pkey);
433
end:
434
    BIO_free(in);
435
    return ret;
436
}
437

438
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
439
    const unsigned char *d, long len)
440
{
441
    int ret;
442
    const unsigned char *p;
443
    EVP_PKEY *pkey;
444

445
    p = d;
446
    if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ctx->libctx,
447
             ctx->propq))
448
        == NULL) {
449
        ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
450
        return 0;
451
    }
452

453
    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
454
    EVP_PKEY_free(pkey);
455
    return ret;
456
}
457

458
/*
459
 * Read a file that contains our certificate in "PEM" format, possibly
460
 * followed by a sequence of CA certificates that should be sent to the peer
461
 * in the Certificate message.
462
 */
463
static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
464
{
465
    BIO *in = NULL;
466
    int ret = 0;
467
    X509 *x = NULL;
468
    pem_password_cb *passwd_callback;
469
    void *passwd_callback_userdata;
470
    SSL_CTX *real_ctx = (ssl == NULL) ? ctx : ssl->ctx;
471

472
    if (ctx == NULL && ssl == NULL)
473
        return 0;
474

475
    ERR_clear_error(); /* clear error stack for
476
                        * SSL_CTX_use_certificate() */
477

478
    if (ctx != NULL) {
479
        passwd_callback = ctx->default_passwd_callback;
480
        passwd_callback_userdata = ctx->default_passwd_callback_userdata;
481
    } else {
482
        SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
483

484
        if (sc == NULL)
485
            return 0;
486

487
        passwd_callback = sc->default_passwd_callback;
488
        passwd_callback_userdata = sc->default_passwd_callback_userdata;
489
    }
490

491
    if (file == NULL) {
492
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
493
        goto end;
494
    }
495

496
    in = BIO_new(BIO_s_file());
497
    if (in == NULL) {
498
        ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
499
        goto end;
500
    }
501

502
    if (BIO_read_filename(in, file) <= 0) {
503
        ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
504
        goto end;
505
    }
506

507
    x = X509_new_ex(real_ctx->libctx, real_ctx->propq);
508
    if (x == NULL) {
509
        ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
510
        goto end;
511
    }
512
    if (PEM_read_bio_X509_AUX(in, &x, passwd_callback,
513
            passwd_callback_userdata)
514
        == NULL) {
515
        ERR_raise(ERR_LIB_SSL, ERR_R_PEM_LIB);
516
        goto end;
517
    }
518

519
    if (ctx)
520
        ret = SSL_CTX_use_certificate(ctx, x);
521
    else
522
        ret = SSL_use_certificate(ssl, x);
523

524
    if (ERR_peek_error() != 0)
525
        ret = 0; /* Key/certificate mismatch doesn't imply
526
                  * ret==0 ... */
527
    if (ret) {
528
        /*
529
         * If we could set up our certificate, now proceed to the CA
530
         * certificates.
531
         */
532
        X509 *ca;
533
        int r;
534
        unsigned long err;
535

536
        if (ctx)
537
            r = SSL_CTX_clear_chain_certs(ctx);
538
        else
539
            r = SSL_clear_chain_certs(ssl);
540

541
        if (r == 0) {
542
            ret = 0;
543
            goto end;
544
        }
545

546
        while (1) {
547
            ca = X509_new_ex(real_ctx->libctx, real_ctx->propq);
548
            if (ca == NULL) {
549
                ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
550
                goto end;
551
            }
552
            if (PEM_read_bio_X509(in, &ca, passwd_callback,
553
                    passwd_callback_userdata)
554
                != NULL) {
555
                if (ctx)
556
                    r = SSL_CTX_add0_chain_cert(ctx, ca);
557
                else
558
                    r = SSL_add0_chain_cert(ssl, ca);
559
                /*
560
                 * Note that we must not free ca if it was successfully added to
561
                 * the chain (while we must free the main certificate, since its
562
                 * reference count is increased by SSL_CTX_use_certificate).
563
                 */
564
                if (!r) {
565
                    X509_free(ca);
566
                    ret = 0;
567
                    goto end;
568
                }
569
            } else {
570
                X509_free(ca);
571
                break;
572
            }
573
        }
574
        /* When the while loop ends, it's usually just EOF. */
575
        err = ERR_peek_last_error();
576
        if (ERR_GET_LIB(err) == ERR_LIB_PEM
577
            && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
578
            ERR_clear_error();
579
        else
580
            ret = 0; /* some real error */
581
    }
582

583
end:
584
    X509_free(x);
585
    BIO_free(in);
586
    return ret;
587
}
588

589
int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
590
{
591
    return use_certificate_chain_file(ctx, NULL, file);
592
}
593

594
int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
595
{
596
    return use_certificate_chain_file(NULL, ssl, file);
597
}
598

599
static int serverinfo_find_extension(const unsigned char *serverinfo,
600
    size_t serverinfo_length,
601
    unsigned int extension_type,
602
    const unsigned char **extension_data,
603
    size_t *extension_length)
604
{
605
    PACKET pkt, data;
606

607
    *extension_data = NULL;
608
    *extension_length = 0;
609
    if (serverinfo == NULL || serverinfo_length == 0)
610
        return -1;
611

612
    if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
613
        return -1;
614

615
    for (;;) {
616
        unsigned int type = 0;
617
        unsigned long context = 0;
618

619
        /* end of serverinfo */
620
        if (PACKET_remaining(&pkt) == 0)
621
            return 0; /* Extension not found */
622

623
        if (!PACKET_get_net_4(&pkt, &context)
624
            || !PACKET_get_net_2(&pkt, &type)
625
            || !PACKET_get_length_prefixed_2(&pkt, &data))
626
            return -1;
627

628
        if (type == extension_type) {
629
            *extension_data = PACKET_data(&data);
630
            *extension_length = PACKET_remaining(&data);
631
            return 1; /* Success */
632
        }
633
    }
634
    /* Unreachable */
635
}
636

637
static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
638
    unsigned int context,
639
    const unsigned char *in,
640
    size_t inlen, X509 *x, size_t chainidx,
641
    int *al, void *arg)
642
{
643

644
    if (inlen != 0) {
645
        *al = SSL_AD_DECODE_ERROR;
646
        return 0;
647
    }
648

649
    return 1;
650
}
651

652
static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
653
    const unsigned char *in,
654
    size_t inlen, int *al, void *arg)
655
{
656
    return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al,
657
        arg);
658
}
659

660
static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
661
    unsigned int context,
662
    const unsigned char **out,
663
    size_t *outlen, X509 *x, size_t chainidx,
664
    int *al, void *arg)
665
{
666
    const unsigned char *serverinfo = NULL;
667
    size_t serverinfo_length = 0;
668
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
669

670
    if (sc == NULL) {
671
        *al = SSL_AD_INTERNAL_ERROR;
672
        return -1;
673
    }
674

675
    /* We only support extensions for the first Certificate */
676
    if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
677
        return 0;
678

679
    /* Is there serverinfo data for the chosen server cert? */
680
    if ((ssl_get_server_cert_serverinfo(sc, &serverinfo,
681
            &serverinfo_length))
682
        != 0) {
683
        /* Find the relevant extension from the serverinfo */
684
        int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
685
            ext_type, out, outlen);
686
        if (retval == -1) {
687
            *al = SSL_AD_INTERNAL_ERROR;
688
            return -1; /* Error */
689
        }
690
        if (retval == 0)
691
            return 0; /* No extension found, don't send extension */
692
        return 1; /* Send extension */
693
    }
694
    return 0; /* No serverinfo data found, don't send
695
               * extension */
696
}
697

698
static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
699
    const unsigned char **out, size_t *outlen,
700
    int *al, void *arg)
701
{
702
    return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al,
703
        arg);
704
}
705

706
/*
707
 * With a NULL context, this function just checks that the serverinfo data
708
 * parses correctly.  With a non-NULL context, it registers callbacks for
709
 * the included extensions.
710
 */
711
static int serverinfo_process_buffer(unsigned int version,
712
    const unsigned char *serverinfo,
713
    size_t serverinfo_length, SSL_CTX *ctx)
714
{
715
    PACKET pkt;
716

717
    if (serverinfo == NULL || serverinfo_length == 0)
718
        return 0;
719

720
    if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2)
721
        return 0;
722

723
    if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
724
        return 0;
725

726
    while (PACKET_remaining(&pkt)) {
727
        unsigned long context = 0;
728
        unsigned int ext_type = 0;
729
        PACKET data;
730

731
        if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context))
732
            || !PACKET_get_net_2(&pkt, &ext_type)
733
            || !PACKET_get_length_prefixed_2(&pkt, &data))
734
            return 0;
735

736
        if (ctx == NULL)
737
            continue;
738

739
        /*
740
         * The old style custom extensions API could be set separately for
741
         * server/client, i.e. you could set one custom extension for a client,
742
         * and *for the same extension in the same SSL_CTX* you could set a
743
         * custom extension for the server as well. It seems quite weird to be
744
         * setting a custom extension for both client and server in a single
745
         * SSL_CTX - but theoretically possible. This isn't possible in the
746
         * new API. Therefore, if we have V1 serverinfo we use the old API. We
747
         * also use the old API even if we have V2 serverinfo but the context
748
         * looks like an old style <= TLSv1.2 extension.
749
         */
750
        if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) {
751
            if (!SSL_CTX_add_server_custom_ext(ctx, ext_type,
752
                    serverinfo_srv_add_cb,
753
                    NULL, NULL,
754
                    serverinfo_srv_parse_cb,
755
                    NULL))
756
                return 0;
757
        } else {
758
            if (!SSL_CTX_add_custom_ext(ctx, ext_type, context,
759
                    serverinfoex_srv_add_cb,
760
                    NULL, NULL,
761
                    serverinfoex_srv_parse_cb,
762
                    NULL))
763
                return 0;
764
        }
765
    }
766

767
    return 1;
768
}
769

770
static size_t extension_contextoff(unsigned int version)
771
{
772
    return version == SSL_SERVERINFOV1 ? 4 : 0;
773
}
774

775
static size_t extension_append_length(unsigned int version, size_t extension_length)
776
{
777
    return extension_length + extension_contextoff(version);
778
}
779

780
static void extension_append(unsigned int version,
781
    const unsigned char *extension,
782
    const size_t extension_length,
783
    unsigned char *serverinfo)
784
{
785
    const size_t contextoff = extension_contextoff(version);
786

787
    if (contextoff > 0) {
788
        /* We know this only uses the last 2 bytes */
789
        serverinfo[0] = 0;
790
        serverinfo[1] = 0;
791
        serverinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
792
        serverinfo[3] = SYNTHV1CONTEXT & 0xff;
793
    }
794

795
    memcpy(serverinfo + contextoff, extension, extension_length);
796
}
797

798
int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
799
    const unsigned char *serverinfo,
800
    size_t serverinfo_length)
801
{
802
    unsigned char *new_serverinfo = NULL;
803

804
    if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
805
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
806
        return 0;
807
    }
808
    if (version == SSL_SERVERINFOV1) {
809
        /*
810
         * Convert serverinfo version v1 to v2 and call yourself recursively
811
         * over the converted serverinfo.
812
         */
813
        const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1,
814
            serverinfo_length);
815
        unsigned char *sinfo;
816
        int ret;
817

818
        sinfo = OPENSSL_malloc(sinfo_length);
819
        if (sinfo == NULL)
820
            return 0;
821

822
        extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo);
823

824
        ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo,
825
            sinfo_length);
826

827
        OPENSSL_free(sinfo);
828
        return ret;
829
    }
830
    if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
831
            NULL)) {
832
        ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
833
        return 0;
834
    }
835
    if (ctx->cert->key == NULL) {
836
        ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
837
        return 0;
838
    }
839
    new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
840
        serverinfo_length);
841
    if (new_serverinfo == NULL)
842
        return 0;
843
    ctx->cert->key->serverinfo = new_serverinfo;
844
    memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
845
    ctx->cert->key->serverinfo_length = serverinfo_length;
846

847
    /*
848
     * Now that the serverinfo is validated and stored, go ahead and
849
     * register callbacks.
850
     */
851
    if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
852
            ctx)) {
853
        ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
854
        return 0;
855
    }
856
    return 1;
857
}
858

859
int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
860
    size_t serverinfo_length)
861
{
862
    return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo,
863
        serverinfo_length);
864
}
865

866
int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
867
{
868
    unsigned char *serverinfo = NULL;
869
    unsigned char *tmp;
870
    size_t serverinfo_length = 0;
871
    unsigned char *extension = 0;
872
    long extension_length = 0;
873
    char *name = NULL;
874
    char *header = NULL;
875
    unsigned int name_len;
876
    int ret = 0;
877
    BIO *bin = NULL;
878
    size_t num_extensions = 0;
879

880
    if (ctx == NULL || file == NULL) {
881
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
882
        goto end;
883
    }
884

885
    bin = BIO_new(BIO_s_file());
886
    if (bin == NULL) {
887
        ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
888
        goto end;
889
    }
890
    if (BIO_read_filename(bin, file) <= 0) {
891
        ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
892
        goto end;
893
    }
894

895
    for (num_extensions = 0;; num_extensions++) {
896
        unsigned int version;
897
        size_t append_length;
898

899
        if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
900
            == 0) {
901
            /*
902
             * There must be at least one extension in this file
903
             */
904
            if (num_extensions == 0) {
905
                ERR_raise(ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS);
906
                goto end;
907
            } else /* End of file, we're done */
908
                break;
909
        }
910
        /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
911
        name_len = strlen(name);
912
        if (name_len < sizeof(NAME_PREFIX1) - 1) {
913
            ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
914
            goto end;
915
        }
916
        if (HAS_PREFIX(name, NAME_PREFIX1)) {
917
            version = SSL_SERVERINFOV1;
918
        } else {
919
            if (name_len < sizeof(NAME_PREFIX2) - 1) {
920
                ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
921
                goto end;
922
            }
923
            if (!HAS_PREFIX(name, NAME_PREFIX2)) {
924
                ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX);
925
                goto end;
926
            }
927
            version = SSL_SERVERINFOV2;
928
        }
929
        /*
930
         * Check that the decoded PEM data is plausible (valid length field)
931
         */
932
        if (version == SSL_SERVERINFOV1) {
933
            /* 4 byte header: 2 bytes type, 2 bytes len */
934
            if (extension_length < 4
935
                || (extension[2] << 8) + extension[3]
936
                    != extension_length - 4) {
937
                ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
938
                goto end;
939
            }
940
        } else {
941
            /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
942
            if (extension_length < 8
943
                || (extension[6] << 8) + extension[7]
944
                    != extension_length - 8) {
945
                ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
946
                goto end;
947
            }
948
        }
949
        /* Append the decoded extension to the serverinfo buffer */
950
        append_length = extension_append_length(version, extension_length);
951
        tmp = OPENSSL_realloc(serverinfo, serverinfo_length + append_length);
952
        if (tmp == NULL)
953
            goto end;
954
        serverinfo = tmp;
955
        extension_append(version, extension, extension_length,
956
            serverinfo + serverinfo_length);
957
        serverinfo_length += append_length;
958

959
        OPENSSL_free(name);
960
        name = NULL;
961
        OPENSSL_free(header);
962
        header = NULL;
963
        OPENSSL_free(extension);
964
        extension = NULL;
965
    }
966

967
    ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo,
968
        serverinfo_length);
969
end:
970
    /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
971
    OPENSSL_free(name);
972
    OPENSSL_free(header);
973
    OPENSSL_free(extension);
974
    OPENSSL_free(serverinfo);
975
    BIO_free(bin);
976
    return ret;
977
}
978

979
static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
980
    STACK_OF(X509) *chain, int override)
981
{
982
    int ret = 0;
983
    size_t i;
984
    int j;
985
    int rv;
986
    CERT *c;
987
    STACK_OF(X509) *dup_chain = NULL;
988
    EVP_PKEY *pubkey = NULL;
989
    SSL_CONNECTION *sc = NULL;
990

991
    if (ctx == NULL && (sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL)
992
        return 0;
993

994
    c = sc != NULL ? sc->cert : ctx->cert;
995
    /* Do all security checks before anything else */
996
    rv = ssl_security_cert(sc, ctx, x509, 0, 1);
997
    if (rv != 1) {
998
        ERR_raise(ERR_LIB_SSL, rv);
999
        goto out;
1000
    }
1001
    for (j = 0; j < sk_X509_num(chain); j++) {
1002
        rv = ssl_security_cert(sc, ctx, sk_X509_value(chain, j), 0, 0);
1003
        if (rv != 1) {
1004
            ERR_raise(ERR_LIB_SSL, rv);
1005
            goto out;
1006
        }
1007
    }
1008

1009
    pubkey = X509_get_pubkey(x509); /* bumps reference */
1010
    if (pubkey == NULL)
1011
        goto out;
1012
    if (privatekey == NULL) {
1013
        privatekey = pubkey;
1014
    } else {
1015
        /* For RSA, which has no parameters, missing returns 0 */
1016
        if (EVP_PKEY_missing_parameters(privatekey)) {
1017
            if (EVP_PKEY_missing_parameters(pubkey)) {
1018
                /* nobody has parameters? - error */
1019
                ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
1020
                goto out;
1021
            } else {
1022
                /* copy to privatekey from pubkey */
1023
                if (!EVP_PKEY_copy_parameters(privatekey, pubkey)) {
1024
                    ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
1025
                    goto out;
1026
                }
1027
            }
1028
        } else if (EVP_PKEY_missing_parameters(pubkey)) {
1029
            /* copy to pubkey from privatekey */
1030
            if (!EVP_PKEY_copy_parameters(pubkey, privatekey)) {
1031
                ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
1032
                goto out;
1033
            }
1034
        } /* else both have parameters */
1035

1036
        /* check that key <-> cert match */
1037
        if (EVP_PKEY_eq(pubkey, privatekey) != 1) {
1038
            ERR_raise(ERR_LIB_SSL, SSL_R_PRIVATE_KEY_MISMATCH);
1039
            goto out;
1040
        }
1041
    }
1042
    if (ssl_cert_lookup_by_pkey(pubkey, &i, ctx) == NULL) {
1043
        ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1044
        goto out;
1045
    }
1046

1047
    if (!override && (c->pkeys[i].x509 != NULL || c->pkeys[i].privatekey != NULL || c->pkeys[i].chain != NULL)) {
1048
        /* No override, and something already there */
1049
        ERR_raise(ERR_LIB_SSL, SSL_R_NOT_REPLACING_CERTIFICATE);
1050
        goto out;
1051
    }
1052

1053
    if (chain != NULL) {
1054
        dup_chain = X509_chain_up_ref(chain);
1055
        if (dup_chain == NULL) {
1056
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1057
            goto out;
1058
        }
1059
    }
1060

1061
    if (!X509_up_ref(x509)) {
1062
        OSSL_STACK_OF_X509_free(dup_chain);
1063
        goto out;
1064
    }
1065

1066
    if (!EVP_PKEY_up_ref(privatekey)) {
1067
        OSSL_STACK_OF_X509_free(dup_chain);
1068
        X509_free(x509);
1069
        goto out;
1070
    }
1071

1072
    OSSL_STACK_OF_X509_free(c->pkeys[i].chain);
1073
    c->pkeys[i].chain = dup_chain;
1074

1075
    X509_free(c->pkeys[i].x509);
1076
    c->pkeys[i].x509 = x509;
1077

1078
    EVP_PKEY_free(c->pkeys[i].privatekey);
1079
    c->pkeys[i].privatekey = privatekey;
1080

1081
    c->key = &(c->pkeys[i]);
1082

1083
    ret = 1;
1084
out:
1085
    EVP_PKEY_free(pubkey);
1086
    return ret;
1087
}
1088

1089
int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
1090
    STACK_OF(X509) *chain, int override)
1091
{
1092
    return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override);
1093
}
1094

1095
int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
1096
    STACK_OF(X509) *chain, int override)
1097
{
1098
    return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override);
1099
}
1100

1101