1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57 #include <openssl/ssl.h> 58 59 #include <limits.h> 60 61 #include <openssl/err.h> 62 #include <openssl/evp.h> 63 #include <openssl/mem.h> 64 #include <openssl/x509.h> 65 66 #include "internal.h" 67 68 69 static int ssl_set_cert(CERT *c, X509 *x509); 70 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); 71 72 static int is_key_type_supported(int key_type) { 73 return key_type == EVP_PKEY_RSA || key_type == EVP_PKEY_EC; 74 } 75 76 int SSL_use_certificate(SSL *ssl, X509 *x) { 77 if (x == NULL) { 78 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER); 79 return 0; 80 } 81 return ssl_set_cert(ssl->cert, x); 82 } 83 84 int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *der, size_t der_len) { 85 if (der_len > LONG_MAX) { 86 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); 87 return 0; 88 } 89 90 const uint8_t *p = der; 91 X509 *x509 = d2i_X509(NULL, &p, (long)der_len); 92 if (x509 == NULL || p != der + der_len) { 93 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB); 94 X509_free(x509); 95 return 0; 96 } 97 98 int ret = SSL_use_certificate(ssl, x509); 99 X509_free(x509); 100 return ret; 101 } 102 103 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) { 104 EVP_PKEY *pkey; 105 int ret; 106 107 if (rsa == NULL) { 108 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER); 109 return 0; 110 } 111 112 pkey = EVP_PKEY_new(); 113 if (pkey == NULL) { 114 OPENSSL_PUT_ERROR(SSL, ERR_R_EVP_LIB); 115 return 0; 116 } 117 118 RSA_up_ref(rsa); 119 EVP_PKEY_assign_RSA(pkey, rsa); 120 121 ret = ssl_set_pkey(ssl->cert, pkey); 122 EVP_PKEY_free(pkey); 123 124 return ret; 125 } 126 127 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { 128 if (!is_key_type_supported(pkey->type)) { 129 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE); 130 return 0; 131 } 132 133 if (c->x509 != NULL) { 134 /* Sanity-check that the private key and the certificate match, unless the 135 * key is opaque (in case of, say, a smartcard). */ 136 if (!EVP_PKEY_is_opaque(pkey) && 137 !X509_check_private_key(c->x509, pkey)) { 138 X509_free(c->x509); 139 c->x509 = NULL; 140 return 0; 141 } 142 } 143 144 EVP_PKEY_free(c->privatekey); 145 c->privatekey = EVP_PKEY_up_ref(pkey); 146 147 return 1; 148 } 149 150 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const uint8_t *der, size_t der_len) { 151 RSA *rsa = RSA_private_key_from_bytes(der, der_len); 152 if (rsa == NULL) { 153 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB); 154 return 0; 155 } 156 157 int ret = SSL_use_RSAPrivateKey(ssl, rsa); 158 RSA_free(rsa); 159 return ret; 160 } 161 162 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { 163 int ret; 164 165 if (pkey == NULL) { 166 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER); 167 return 0; 168 } 169 170 ret = ssl_set_pkey(ssl->cert, pkey); 171 return ret; 172 } 173 174 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const uint8_t *der, 175 size_t der_len) { 176 if (der_len > LONG_MAX) { 177 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); 178 return 0; 179 } 180 181 const uint8_t *p = der; 182 EVP_PKEY *pkey = d2i_PrivateKey(type, NULL, &p, (long)der_len); 183 if (pkey == NULL || p != der + der_len) { 184 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB); 185 EVP_PKEY_free(pkey); 186 return 0; 187 } 188 189 int ret = SSL_use_PrivateKey(ssl, pkey); 190 EVP_PKEY_free(pkey); 191 return ret; 192 } 193 194 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { 195 if (x == NULL) { 196 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER); 197 return 0; 198 } 199 200 return ssl_set_cert(ctx->cert, x); 201 } 202 203 static int ssl_set_cert(CERT *c, X509 *x) { 204 EVP_PKEY *pkey = X509_get_pubkey(x); 205 if (pkey == NULL) { 206 OPENSSL_PUT_ERROR(SSL, SSL_R_X509_LIB); 207 return 0; 208 } 209 210 if (!is_key_type_supported(pkey->type)) { 211 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE); 212 EVP_PKEY_free(pkey); 213 return 0; 214 } 215 216 if (c->privatekey != NULL) { 217 /* Sanity-check that the private key and the certificate match, unless the 218 * key is opaque (in case of, say, a smartcard). */ 219 if (!EVP_PKEY_is_opaque(c->privatekey) && 220 !X509_check_private_key(x, c->privatekey)) { 221 /* don't fail for a cert/key mismatch, just free current private key 222 * (when switching to a different cert & key, first this function should 223 * be used, then ssl_set_pkey */ 224 EVP_PKEY_free(c->privatekey); 225 c->privatekey = NULL; 226 /* clear error queue */ 227 ERR_clear_error(); 228 } 229 } 230 231 EVP_PKEY_free(pkey); 232 233 X509_free(c->x509); 234 c->x509 = X509_up_ref(x); 235 236 return 1; 237 } 238 239 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, size_t der_len, 240 const uint8_t *der) { 241 if (der_len > LONG_MAX) { 242 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); 243 return 0; 244 } 245 246 const uint8_t *p = der; 247 X509 *x509 = d2i_X509(NULL, &p, (long)der_len); 248 if (x509 == NULL || p != der + der_len) { 249 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB); 250 X509_free(x509); 251 return 0; 252 } 253 254 int ret = SSL_CTX_use_certificate(ctx, x509); 255 X509_free(x509); 256 return ret; 257 } 258 259 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) { 260 int ret; 261 EVP_PKEY *pkey; 262 263 if (rsa == NULL) { 264 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER); 265 return 0; 266 } 267 268 pkey = EVP_PKEY_new(); 269 if (pkey == NULL) { 270 OPENSSL_PUT_ERROR(SSL, ERR_R_EVP_LIB); 271 return 0; 272 } 273 274 RSA_up_ref(rsa); 275 EVP_PKEY_assign_RSA(pkey, rsa); 276 277 ret = ssl_set_pkey(ctx->cert, pkey); 278 EVP_PKEY_free(pkey); 279 return ret; 280 } 281 282 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const uint8_t *der, 283 size_t der_len) { 284 RSA *rsa = RSA_private_key_from_bytes(der, der_len); 285 if (rsa == NULL) { 286 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB); 287 return 0; 288 } 289 290 int ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); 291 RSA_free(rsa); 292 return ret; 293 } 294 295 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { 296 if (pkey == NULL) { 297 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER); 298 return 0; 299 } 300 301 return ssl_set_pkey(ctx->cert, pkey); 302 } 303 304 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const uint8_t *der, 305 size_t der_len) { 306 if (der_len > LONG_MAX) { 307 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); 308 return 0; 309 } 310 311 const uint8_t *p = der; 312 EVP_PKEY *pkey = d2i_PrivateKey(type, NULL, &p, (long)der_len); 313 if (pkey == NULL || p != der + der_len) { 314 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB); 315 EVP_PKEY_free(pkey); 316 return 0; 317 } 318 319 int ret = SSL_CTX_use_PrivateKey(ctx, pkey); 320 EVP_PKEY_free(pkey); 321 return ret; 322 } 323 324 void SSL_set_private_key_method(SSL *ssl, 325 const SSL_PRIVATE_KEY_METHOD *key_method) { 326 ssl->cert->key_method = key_method; 327 } 328 329 int SSL_set_private_key_digest_prefs(SSL *ssl, const int *digest_nids, 330 size_t num_digests) { 331 OPENSSL_free(ssl->cert->digest_nids); 332 333 ssl->cert->num_digest_nids = 0; 334 ssl->cert->digest_nids = BUF_memdup(digest_nids, num_digests*sizeof(int)); 335 if (ssl->cert->digest_nids == NULL) { 336 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); 337 return 0; 338 } 339 340 ssl->cert->num_digest_nids = num_digests; 341 return 1; 342 } 343 344 int ssl_has_private_key(SSL *ssl) { 345 return ssl->cert->privatekey != NULL || ssl->cert->key_method != NULL; 346 } 347 348 int ssl_private_key_type(SSL *ssl) { 349 if (ssl->cert->key_method != NULL) { 350 return ssl->cert->key_method->type(ssl); 351 } 352 return EVP_PKEY_id(ssl->cert->privatekey); 353 } 354 355 size_t ssl_private_key_max_signature_len(SSL *ssl) { 356 if (ssl->cert->key_method != NULL) { 357 return ssl->cert->key_method->max_signature_len(ssl); 358 } 359 return EVP_PKEY_size(ssl->cert->privatekey); 360 } 361 362 enum ssl_private_key_result_t ssl_private_key_sign( 363 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, const EVP_MD *md, 364 const uint8_t *in, size_t in_len) { 365 if (ssl->cert->key_method != NULL) { 366 return ssl->cert->key_method->sign(ssl, out, out_len, max_out, md, in, 367 in_len); 368 } 369 370 enum ssl_private_key_result_t ret = ssl_private_key_failure; 371 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(ssl->cert->privatekey, NULL); 372 if (ctx == NULL) { 373 goto end; 374 } 375 376 size_t len = max_out; 377 if (!EVP_PKEY_sign_init(ctx) || 378 !EVP_PKEY_CTX_set_signature_md(ctx, md) || 379 !EVP_PKEY_sign(ctx, out, &len, in, in_len)) { 380 goto end; 381 } 382 *out_len = len; 383 ret = ssl_private_key_success; 384 385 end: 386 EVP_PKEY_CTX_free(ctx); 387 return ret; 388 } 389 390 enum ssl_private_key_result_t ssl_private_key_sign_complete( 391 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out) { 392 /* Only custom keys may be asynchronous. */ 393 return ssl->cert->key_method->sign_complete(ssl, out, out_len, max_out); 394 } 395 396 enum ssl_private_key_result_t ssl_private_key_decrypt( 397 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, 398 const uint8_t *in, size_t in_len) { 399 if (ssl->cert->key_method != NULL) { 400 return ssl->cert->key_method->decrypt(ssl, out, out_len, max_out, in, 401 in_len); 402 } 403 404 RSA *rsa = EVP_PKEY_get0_RSA(ssl->cert->privatekey); 405 if (rsa == NULL) { 406 /* Decrypt operations are only supported for RSA keys. */ 407 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 408 return ssl_private_key_failure; 409 } 410 411 /* Decrypt with no padding. PKCS#1 padding will be removed as part 412 * of the timing-sensitive code by the caller. */ 413 if (!RSA_decrypt(rsa, out_len, out, max_out, in, in_len, RSA_NO_PADDING)) { 414 return ssl_private_key_failure; 415 } 416 return ssl_private_key_success; 417 } 418 419 enum ssl_private_key_result_t ssl_private_key_decrypt_complete( 420 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out) { 421 /* Only custom keys may be asynchronous. */ 422 return ssl->cert->key_method->decrypt_complete(ssl, out, out_len, max_out); 423 } 424
