174664626SKris Kennaway /* ssl/ssl_rsa.c */ 274664626SKris Kennaway /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 374664626SKris Kennaway * All rights reserved. 474664626SKris Kennaway * 574664626SKris Kennaway * This package is an SSL implementation written 674664626SKris Kennaway * by Eric Young (eay@cryptsoft.com). 774664626SKris Kennaway * The implementation was written so as to conform with Netscapes SSL. 874664626SKris Kennaway * 974664626SKris Kennaway * This library is free for commercial and non-commercial use as long as 1074664626SKris Kennaway * the following conditions are aheared to. The following conditions 1174664626SKris Kennaway * apply to all code found in this distribution, be it the RC4, RSA, 1274664626SKris Kennaway * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1374664626SKris Kennaway * included with this distribution is covered by the same copyright terms 1474664626SKris Kennaway * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1574664626SKris Kennaway * 1674664626SKris Kennaway * Copyright remains Eric Young's, and as such any Copyright notices in 1774664626SKris Kennaway * the code are not to be removed. 1874664626SKris Kennaway * If this package is used in a product, Eric Young should be given attribution 1974664626SKris Kennaway * as the author of the parts of the library used. 2074664626SKris Kennaway * This can be in the form of a textual message at program startup or 2174664626SKris Kennaway * in documentation (online or textual) provided with the package. 2274664626SKris Kennaway * 2374664626SKris Kennaway * Redistribution and use in source and binary forms, with or without 2474664626SKris Kennaway * modification, are permitted provided that the following conditions 2574664626SKris Kennaway * are met: 2674664626SKris Kennaway * 1. Redistributions of source code must retain the copyright 2774664626SKris Kennaway * notice, this list of conditions and the following disclaimer. 2874664626SKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright 2974664626SKris Kennaway * notice, this list of conditions and the following disclaimer in the 3074664626SKris Kennaway * documentation and/or other materials provided with the distribution. 3174664626SKris Kennaway * 3. All advertising materials mentioning features or use of this software 3274664626SKris Kennaway * must display the following acknowledgement: 3374664626SKris Kennaway * "This product includes cryptographic software written by 3474664626SKris Kennaway * Eric Young (eay@cryptsoft.com)" 3574664626SKris Kennaway * The word 'cryptographic' can be left out if the rouines from the library 3674664626SKris Kennaway * being used are not cryptographic related :-). 3774664626SKris Kennaway * 4. If you include any Windows specific code (or a derivative thereof) from 3874664626SKris Kennaway * the apps directory (application code) you must include an acknowledgement: 3974664626SKris Kennaway * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4074664626SKris Kennaway * 4174664626SKris Kennaway * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4274664626SKris Kennaway * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4374664626SKris Kennaway * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4474664626SKris Kennaway * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4574664626SKris Kennaway * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4674664626SKris Kennaway * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4774664626SKris Kennaway * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4874664626SKris Kennaway * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4974664626SKris Kennaway * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5074664626SKris Kennaway * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5174664626SKris Kennaway * SUCH DAMAGE. 5274664626SKris Kennaway * 5374664626SKris Kennaway * The licence and distribution terms for any publically available version or 5474664626SKris Kennaway * derivative of this code cannot be changed. i.e. this code cannot simply be 5574664626SKris Kennaway * copied and put under another distribution licence 5674664626SKris Kennaway * [including the GNU Public Licence.] 5774664626SKris Kennaway */ 5874664626SKris Kennaway 5974664626SKris Kennaway #include <stdio.h> 605c87c606SMark Murray #include "ssl_locl.h" 6174664626SKris Kennaway #include <openssl/bio.h> 6274664626SKris Kennaway #include <openssl/objects.h> 6374664626SKris Kennaway #include <openssl/evp.h> 6474664626SKris Kennaway #include <openssl/x509.h> 6574664626SKris Kennaway #include <openssl/pem.h> 6674664626SKris Kennaway 6774664626SKris Kennaway static int ssl_set_cert(CERT *c, X509 *x509); 6874664626SKris Kennaway static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); 6974664626SKris Kennaway int SSL_use_certificate(SSL *ssl, X509 *x) 7074664626SKris Kennaway { 7174664626SKris Kennaway if (x == NULL) 7274664626SKris Kennaway { 7374664626SKris Kennaway SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); 7474664626SKris Kennaway return(0); 7574664626SKris Kennaway } 7674664626SKris Kennaway if (!ssl_cert_inst(&ssl->cert)) 7774664626SKris Kennaway { 7874664626SKris Kennaway SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); 7974664626SKris Kennaway return(0); 8074664626SKris Kennaway } 8174664626SKris Kennaway return(ssl_set_cert(ssl->cert,x)); 8274664626SKris Kennaway } 8374664626SKris Kennaway 845c87c606SMark Murray #ifndef OPENSSL_NO_STDIO 8574664626SKris Kennaway int SSL_use_certificate_file(SSL *ssl, const char *file, int type) 8674664626SKris Kennaway { 8774664626SKris Kennaway int j; 8874664626SKris Kennaway BIO *in; 8974664626SKris Kennaway int ret=0; 9074664626SKris Kennaway X509 *x=NULL; 9174664626SKris Kennaway 9274664626SKris Kennaway in=BIO_new(BIO_s_file_internal()); 9374664626SKris Kennaway if (in == NULL) 9474664626SKris Kennaway { 9574664626SKris Kennaway SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); 9674664626SKris Kennaway goto end; 9774664626SKris Kennaway } 9874664626SKris Kennaway 9974664626SKris Kennaway if (BIO_read_filename(in,file) <= 0) 10074664626SKris Kennaway { 10174664626SKris Kennaway SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); 10274664626SKris Kennaway goto end; 10374664626SKris Kennaway } 10474664626SKris Kennaway if (type == SSL_FILETYPE_ASN1) 10574664626SKris Kennaway { 10674664626SKris Kennaway j=ERR_R_ASN1_LIB; 10774664626SKris Kennaway x=d2i_X509_bio(in,NULL); 10874664626SKris Kennaway } 10974664626SKris Kennaway else if (type == SSL_FILETYPE_PEM) 11074664626SKris Kennaway { 11174664626SKris Kennaway j=ERR_R_PEM_LIB; 11274664626SKris Kennaway x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); 11374664626SKris Kennaway } 11474664626SKris Kennaway else 11574664626SKris Kennaway { 11674664626SKris Kennaway SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); 11774664626SKris Kennaway goto end; 11874664626SKris Kennaway } 11974664626SKris Kennaway 12074664626SKris Kennaway if (x == NULL) 12174664626SKris Kennaway { 12274664626SKris Kennaway SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); 12374664626SKris Kennaway goto end; 12474664626SKris Kennaway } 12574664626SKris Kennaway 12674664626SKris Kennaway ret=SSL_use_certificate(ssl,x); 12774664626SKris Kennaway end: 12874664626SKris Kennaway if (x != NULL) X509_free(x); 12974664626SKris Kennaway if (in != NULL) BIO_free(in); 13074664626SKris Kennaway return(ret); 13174664626SKris Kennaway } 13274664626SKris Kennaway #endif 13374664626SKris Kennaway 1343b4e3dcbSSimon L. B. Nielsen int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) 13574664626SKris Kennaway { 13674664626SKris Kennaway X509 *x; 13774664626SKris Kennaway int ret; 13874664626SKris Kennaway 13974664626SKris Kennaway x=d2i_X509(NULL,&d,(long)len); 14074664626SKris Kennaway if (x == NULL) 14174664626SKris Kennaway { 14274664626SKris Kennaway SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); 14374664626SKris Kennaway return(0); 14474664626SKris Kennaway } 14574664626SKris Kennaway 14674664626SKris Kennaway ret=SSL_use_certificate(ssl,x); 14774664626SKris Kennaway X509_free(x); 14874664626SKris Kennaway return(ret); 14974664626SKris Kennaway } 15074664626SKris Kennaway 1515c87c606SMark Murray #ifndef OPENSSL_NO_RSA 15274664626SKris Kennaway int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) 15374664626SKris Kennaway { 15474664626SKris Kennaway EVP_PKEY *pkey; 15574664626SKris Kennaway int ret; 15674664626SKris Kennaway 15774664626SKris Kennaway if (rsa == NULL) 15874664626SKris Kennaway { 15974664626SKris Kennaway SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 16074664626SKris Kennaway return(0); 16174664626SKris Kennaway } 16274664626SKris Kennaway if (!ssl_cert_inst(&ssl->cert)) 16374664626SKris Kennaway { 16474664626SKris Kennaway SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); 16574664626SKris Kennaway return(0); 16674664626SKris Kennaway } 16774664626SKris Kennaway if ((pkey=EVP_PKEY_new()) == NULL) 16874664626SKris Kennaway { 16974664626SKris Kennaway SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); 17074664626SKris Kennaway return(0); 17174664626SKris Kennaway } 17274664626SKris Kennaway 1735c87c606SMark Murray RSA_up_ref(rsa); 17474664626SKris Kennaway EVP_PKEY_assign_RSA(pkey,rsa); 17574664626SKris Kennaway 17674664626SKris Kennaway ret=ssl_set_pkey(ssl->cert,pkey); 17774664626SKris Kennaway EVP_PKEY_free(pkey); 17874664626SKris Kennaway return(ret); 17974664626SKris Kennaway } 18074664626SKris Kennaway #endif 18174664626SKris Kennaway 18274664626SKris Kennaway static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) 18374664626SKris Kennaway { 1843b4e3dcbSSimon L. B. Nielsen int i; 18574664626SKris Kennaway 18674664626SKris Kennaway i=ssl_cert_type(NULL,pkey); 18774664626SKris Kennaway if (i < 0) 18874664626SKris Kennaway { 18974664626SKris Kennaway SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); 19074664626SKris Kennaway return(0); 19174664626SKris Kennaway } 19274664626SKris Kennaway 19374664626SKris Kennaway if (c->pkeys[i].x509 != NULL) 19474664626SKris Kennaway { 19574664626SKris Kennaway EVP_PKEY *pktmp; 19674664626SKris Kennaway pktmp = X509_get_pubkey(c->pkeys[i].x509); 19774664626SKris Kennaway EVP_PKEY_copy_parameters(pktmp,pkey); 19874664626SKris Kennaway EVP_PKEY_free(pktmp); 19974664626SKris Kennaway ERR_clear_error(); 20074664626SKris Kennaway 2015c87c606SMark Murray #ifndef OPENSSL_NO_RSA 20274664626SKris Kennaway /* Don't check the public/private key, this is mostly 20374664626SKris Kennaway * for smart cards. */ 20474664626SKris Kennaway if ((pkey->type == EVP_PKEY_RSA) && 2053b4e3dcbSSimon L. B. Nielsen (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) 2063b4e3dcbSSimon L. B. Nielsen ; 20774664626SKris Kennaway else 20874664626SKris Kennaway #endif 20974664626SKris Kennaway if (!X509_check_private_key(c->pkeys[i].x509,pkey)) 21074664626SKris Kennaway { 21174664626SKris Kennaway X509_free(c->pkeys[i].x509); 21274664626SKris Kennaway c->pkeys[i].x509 = NULL; 2133b4e3dcbSSimon L. B. Nielsen return 0; 2143b4e3dcbSSimon L. B. Nielsen } 21574664626SKris Kennaway } 21674664626SKris Kennaway 21774664626SKris Kennaway if (c->pkeys[i].privatekey != NULL) 21874664626SKris Kennaway EVP_PKEY_free(c->pkeys[i].privatekey); 21974664626SKris Kennaway CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 22074664626SKris Kennaway c->pkeys[i].privatekey=pkey; 22174664626SKris Kennaway c->key= &(c->pkeys[i]); 22274664626SKris Kennaway 22374664626SKris Kennaway c->valid=0; 22474664626SKris Kennaway return(1); 22574664626SKris Kennaway } 22674664626SKris Kennaway 2275c87c606SMark Murray #ifndef OPENSSL_NO_RSA 2285c87c606SMark Murray #ifndef OPENSSL_NO_STDIO 22974664626SKris Kennaway int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) 23074664626SKris Kennaway { 23174664626SKris Kennaway int j,ret=0; 23274664626SKris Kennaway BIO *in; 23374664626SKris Kennaway RSA *rsa=NULL; 23474664626SKris Kennaway 23574664626SKris Kennaway in=BIO_new(BIO_s_file_internal()); 23674664626SKris Kennaway if (in == NULL) 23774664626SKris Kennaway { 23874664626SKris Kennaway SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); 23974664626SKris Kennaway goto end; 24074664626SKris Kennaway } 24174664626SKris Kennaway 24274664626SKris Kennaway if (BIO_read_filename(in,file) <= 0) 24374664626SKris Kennaway { 24474664626SKris Kennaway SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); 24574664626SKris Kennaway goto end; 24674664626SKris Kennaway } 24774664626SKris Kennaway if (type == SSL_FILETYPE_ASN1) 24874664626SKris Kennaway { 24974664626SKris Kennaway j=ERR_R_ASN1_LIB; 25074664626SKris Kennaway rsa=d2i_RSAPrivateKey_bio(in,NULL); 25174664626SKris Kennaway } 25274664626SKris Kennaway else if (type == SSL_FILETYPE_PEM) 25374664626SKris Kennaway { 25474664626SKris Kennaway j=ERR_R_PEM_LIB; 25574664626SKris Kennaway rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 25674664626SKris Kennaway ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); 25774664626SKris Kennaway } 25874664626SKris Kennaway else 25974664626SKris Kennaway { 26074664626SKris Kennaway SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 26174664626SKris Kennaway goto end; 26274664626SKris Kennaway } 26374664626SKris Kennaway if (rsa == NULL) 26474664626SKris Kennaway { 26574664626SKris Kennaway SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); 26674664626SKris Kennaway goto end; 26774664626SKris Kennaway } 26874664626SKris Kennaway ret=SSL_use_RSAPrivateKey(ssl,rsa); 26974664626SKris Kennaway RSA_free(rsa); 27074664626SKris Kennaway end: 27174664626SKris Kennaway if (in != NULL) BIO_free(in); 27274664626SKris Kennaway return(ret); 27374664626SKris Kennaway } 27474664626SKris Kennaway #endif 27574664626SKris Kennaway 27674664626SKris Kennaway int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) 27774664626SKris Kennaway { 27874664626SKris Kennaway int ret; 2795c87c606SMark Murray const unsigned char *p; 28074664626SKris Kennaway RSA *rsa; 28174664626SKris Kennaway 28274664626SKris Kennaway p=d; 28374664626SKris Kennaway if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) 28474664626SKris Kennaway { 28574664626SKris Kennaway SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 28674664626SKris Kennaway return(0); 28774664626SKris Kennaway } 28874664626SKris Kennaway 28974664626SKris Kennaway ret=SSL_use_RSAPrivateKey(ssl,rsa); 29074664626SKris Kennaway RSA_free(rsa); 29174664626SKris Kennaway return(ret); 29274664626SKris Kennaway } 2935c87c606SMark Murray #endif /* !OPENSSL_NO_RSA */ 29474664626SKris Kennaway 29574664626SKris Kennaway int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) 29674664626SKris Kennaway { 29774664626SKris Kennaway int ret; 29874664626SKris Kennaway 29974664626SKris Kennaway if (pkey == NULL) 30074664626SKris Kennaway { 30174664626SKris Kennaway SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 30274664626SKris Kennaway return(0); 30374664626SKris Kennaway } 30474664626SKris Kennaway if (!ssl_cert_inst(&ssl->cert)) 30574664626SKris Kennaway { 30674664626SKris Kennaway SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); 30774664626SKris Kennaway return(0); 30874664626SKris Kennaway } 30974664626SKris Kennaway ret=ssl_set_pkey(ssl->cert,pkey); 31074664626SKris Kennaway return(ret); 31174664626SKris Kennaway } 31274664626SKris Kennaway 3135c87c606SMark Murray #ifndef OPENSSL_NO_STDIO 31474664626SKris Kennaway int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) 31574664626SKris Kennaway { 31674664626SKris Kennaway int j,ret=0; 31774664626SKris Kennaway BIO *in; 31874664626SKris Kennaway EVP_PKEY *pkey=NULL; 31974664626SKris Kennaway 32074664626SKris Kennaway in=BIO_new(BIO_s_file_internal()); 32174664626SKris Kennaway if (in == NULL) 32274664626SKris Kennaway { 32374664626SKris Kennaway SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); 32474664626SKris Kennaway goto end; 32574664626SKris Kennaway } 32674664626SKris Kennaway 32774664626SKris Kennaway if (BIO_read_filename(in,file) <= 0) 32874664626SKris Kennaway { 32974664626SKris Kennaway SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); 33074664626SKris Kennaway goto end; 33174664626SKris Kennaway } 33274664626SKris Kennaway if (type == SSL_FILETYPE_PEM) 33374664626SKris Kennaway { 33474664626SKris Kennaway j=ERR_R_PEM_LIB; 33574664626SKris Kennaway pkey=PEM_read_bio_PrivateKey(in,NULL, 33674664626SKris Kennaway ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); 33774664626SKris Kennaway } 3383b4e3dcbSSimon L. B. Nielsen else if (type == SSL_FILETYPE_ASN1) 3393b4e3dcbSSimon L. B. Nielsen { 3403b4e3dcbSSimon L. B. Nielsen j = ERR_R_ASN1_LIB; 3413b4e3dcbSSimon L. B. Nielsen pkey = d2i_PrivateKey_bio(in,NULL); 3423b4e3dcbSSimon L. B. Nielsen } 34374664626SKris Kennaway else 34474664626SKris Kennaway { 34574664626SKris Kennaway SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 34674664626SKris Kennaway goto end; 34774664626SKris Kennaway } 34874664626SKris Kennaway if (pkey == NULL) 34974664626SKris Kennaway { 35074664626SKris Kennaway SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); 35174664626SKris Kennaway goto end; 35274664626SKris Kennaway } 35374664626SKris Kennaway ret=SSL_use_PrivateKey(ssl,pkey); 35474664626SKris Kennaway EVP_PKEY_free(pkey); 35574664626SKris Kennaway end: 35674664626SKris Kennaway if (in != NULL) BIO_free(in); 35774664626SKris Kennaway return(ret); 35874664626SKris Kennaway } 35974664626SKris Kennaway #endif 36074664626SKris Kennaway 3613b4e3dcbSSimon L. B. Nielsen int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) 36274664626SKris Kennaway { 36374664626SKris Kennaway int ret; 3643b4e3dcbSSimon L. B. Nielsen const unsigned char *p; 36574664626SKris Kennaway EVP_PKEY *pkey; 36674664626SKris Kennaway 36774664626SKris Kennaway p=d; 36874664626SKris Kennaway if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) 36974664626SKris Kennaway { 37074664626SKris Kennaway SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 37174664626SKris Kennaway return(0); 37274664626SKris Kennaway } 37374664626SKris Kennaway 37474664626SKris Kennaway ret=SSL_use_PrivateKey(ssl,pkey); 37574664626SKris Kennaway EVP_PKEY_free(pkey); 37674664626SKris Kennaway return(ret); 37774664626SKris Kennaway } 37874664626SKris Kennaway 37974664626SKris Kennaway int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) 38074664626SKris Kennaway { 38174664626SKris Kennaway if (x == NULL) 38274664626SKris Kennaway { 38374664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); 38474664626SKris Kennaway return(0); 38574664626SKris Kennaway } 38674664626SKris Kennaway if (!ssl_cert_inst(&ctx->cert)) 38774664626SKris Kennaway { 38874664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); 38974664626SKris Kennaway return(0); 39074664626SKris Kennaway } 39174664626SKris Kennaway return(ssl_set_cert(ctx->cert, x)); 39274664626SKris Kennaway } 39374664626SKris Kennaway 39474664626SKris Kennaway static int ssl_set_cert(CERT *c, X509 *x) 39574664626SKris Kennaway { 39674664626SKris Kennaway EVP_PKEY *pkey; 3973b4e3dcbSSimon L. B. Nielsen int i; 39874664626SKris Kennaway 39974664626SKris Kennaway pkey=X509_get_pubkey(x); 40074664626SKris Kennaway if (pkey == NULL) 40174664626SKris Kennaway { 40274664626SKris Kennaway SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); 40374664626SKris Kennaway return(0); 40474664626SKris Kennaway } 40574664626SKris Kennaway 40674664626SKris Kennaway i=ssl_cert_type(x,pkey); 40774664626SKris Kennaway if (i < 0) 40874664626SKris Kennaway { 40974664626SKris Kennaway SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); 41074664626SKris Kennaway EVP_PKEY_free(pkey); 41174664626SKris Kennaway return(0); 41274664626SKris Kennaway } 41374664626SKris Kennaway 41474664626SKris Kennaway if (c->pkeys[i].privatekey != NULL) 41574664626SKris Kennaway { 41674664626SKris Kennaway EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); 41774664626SKris Kennaway ERR_clear_error(); 41874664626SKris Kennaway 4195c87c606SMark Murray #ifndef OPENSSL_NO_RSA 42074664626SKris Kennaway /* Don't check the public/private key, this is mostly 42174664626SKris Kennaway * for smart cards. */ 42274664626SKris Kennaway if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && 42374664626SKris Kennaway (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & 42474664626SKris Kennaway RSA_METHOD_FLAG_NO_CHECK)) 4253b4e3dcbSSimon L. B. Nielsen ; 42674664626SKris Kennaway else 4273b4e3dcbSSimon L. B. Nielsen #endif /* OPENSSL_NO_RSA */ 42874664626SKris Kennaway if (!X509_check_private_key(x,c->pkeys[i].privatekey)) 42974664626SKris Kennaway { 4303b4e3dcbSSimon L. B. Nielsen /* don't fail for a cert/key mismatch, just free 4313b4e3dcbSSimon L. B. Nielsen * current private key (when switching to a different 4323b4e3dcbSSimon L. B. Nielsen * cert & key, first this function should be used, 4333b4e3dcbSSimon L. B. Nielsen * then ssl_set_pkey */ 43474664626SKris Kennaway EVP_PKEY_free(c->pkeys[i].privatekey); 43574664626SKris Kennaway c->pkeys[i].privatekey=NULL; 4363b4e3dcbSSimon L. B. Nielsen /* clear error queue */ 4373b4e3dcbSSimon L. B. Nielsen ERR_clear_error(); 43874664626SKris Kennaway } 4393b4e3dcbSSimon L. B. Nielsen } 4403b4e3dcbSSimon L. B. Nielsen 4413b4e3dcbSSimon L. B. Nielsen EVP_PKEY_free(pkey); 44274664626SKris Kennaway 44374664626SKris Kennaway if (c->pkeys[i].x509 != NULL) 44474664626SKris Kennaway X509_free(c->pkeys[i].x509); 44574664626SKris Kennaway CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 44674664626SKris Kennaway c->pkeys[i].x509=x; 44774664626SKris Kennaway c->key= &(c->pkeys[i]); 44874664626SKris Kennaway 44974664626SKris Kennaway c->valid=0; 45074664626SKris Kennaway return(1); 45174664626SKris Kennaway } 45274664626SKris Kennaway 4535c87c606SMark Murray #ifndef OPENSSL_NO_STDIO 45474664626SKris Kennaway int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) 45574664626SKris Kennaway { 45674664626SKris Kennaway int j; 45774664626SKris Kennaway BIO *in; 45874664626SKris Kennaway int ret=0; 45974664626SKris Kennaway X509 *x=NULL; 46074664626SKris Kennaway 46174664626SKris Kennaway in=BIO_new(BIO_s_file_internal()); 46274664626SKris Kennaway if (in == NULL) 46374664626SKris Kennaway { 46474664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); 46574664626SKris Kennaway goto end; 46674664626SKris Kennaway } 46774664626SKris Kennaway 46874664626SKris Kennaway if (BIO_read_filename(in,file) <= 0) 46974664626SKris Kennaway { 47074664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); 47174664626SKris Kennaway goto end; 47274664626SKris Kennaway } 47374664626SKris Kennaway if (type == SSL_FILETYPE_ASN1) 47474664626SKris Kennaway { 47574664626SKris Kennaway j=ERR_R_ASN1_LIB; 47674664626SKris Kennaway x=d2i_X509_bio(in,NULL); 47774664626SKris Kennaway } 47874664626SKris Kennaway else if (type == SSL_FILETYPE_PEM) 47974664626SKris Kennaway { 48074664626SKris Kennaway j=ERR_R_PEM_LIB; 48174664626SKris Kennaway x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 48274664626SKris Kennaway } 48374664626SKris Kennaway else 48474664626SKris Kennaway { 48574664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); 48674664626SKris Kennaway goto end; 48774664626SKris Kennaway } 48874664626SKris Kennaway 48974664626SKris Kennaway if (x == NULL) 49074664626SKris Kennaway { 49174664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); 49274664626SKris Kennaway goto end; 49374664626SKris Kennaway } 49474664626SKris Kennaway 49574664626SKris Kennaway ret=SSL_CTX_use_certificate(ctx,x); 49674664626SKris Kennaway end: 49774664626SKris Kennaway if (x != NULL) X509_free(x); 49874664626SKris Kennaway if (in != NULL) BIO_free(in); 49974664626SKris Kennaway return(ret); 50074664626SKris Kennaway } 50174664626SKris Kennaway #endif 50274664626SKris Kennaway 5033b4e3dcbSSimon L. B. Nielsen int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) 50474664626SKris Kennaway { 50574664626SKris Kennaway X509 *x; 50674664626SKris Kennaway int ret; 50774664626SKris Kennaway 50874664626SKris Kennaway x=d2i_X509(NULL,&d,(long)len); 50974664626SKris Kennaway if (x == NULL) 51074664626SKris Kennaway { 51174664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); 51274664626SKris Kennaway return(0); 51374664626SKris Kennaway } 51474664626SKris Kennaway 51574664626SKris Kennaway ret=SSL_CTX_use_certificate(ctx,x); 51674664626SKris Kennaway X509_free(x); 51774664626SKris Kennaway return(ret); 51874664626SKris Kennaway } 51974664626SKris Kennaway 5205c87c606SMark Murray #ifndef OPENSSL_NO_RSA 52174664626SKris Kennaway int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) 52274664626SKris Kennaway { 52374664626SKris Kennaway int ret; 52474664626SKris Kennaway EVP_PKEY *pkey; 52574664626SKris Kennaway 52674664626SKris Kennaway if (rsa == NULL) 52774664626SKris Kennaway { 52874664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 52974664626SKris Kennaway return(0); 53074664626SKris Kennaway } 53174664626SKris Kennaway if (!ssl_cert_inst(&ctx->cert)) 53274664626SKris Kennaway { 53374664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); 53474664626SKris Kennaway return(0); 53574664626SKris Kennaway } 53674664626SKris Kennaway if ((pkey=EVP_PKEY_new()) == NULL) 53774664626SKris Kennaway { 53874664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); 53974664626SKris Kennaway return(0); 54074664626SKris Kennaway } 54174664626SKris Kennaway 5425c87c606SMark Murray RSA_up_ref(rsa); 54374664626SKris Kennaway EVP_PKEY_assign_RSA(pkey,rsa); 54474664626SKris Kennaway 54574664626SKris Kennaway ret=ssl_set_pkey(ctx->cert, pkey); 54674664626SKris Kennaway EVP_PKEY_free(pkey); 54774664626SKris Kennaway return(ret); 54874664626SKris Kennaway } 54974664626SKris Kennaway 5505c87c606SMark Murray #ifndef OPENSSL_NO_STDIO 55174664626SKris Kennaway int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) 55274664626SKris Kennaway { 55374664626SKris Kennaway int j,ret=0; 55474664626SKris Kennaway BIO *in; 55574664626SKris Kennaway RSA *rsa=NULL; 55674664626SKris Kennaway 55774664626SKris Kennaway in=BIO_new(BIO_s_file_internal()); 55874664626SKris Kennaway if (in == NULL) 55974664626SKris Kennaway { 56074664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); 56174664626SKris Kennaway goto end; 56274664626SKris Kennaway } 56374664626SKris Kennaway 56474664626SKris Kennaway if (BIO_read_filename(in,file) <= 0) 56574664626SKris Kennaway { 56674664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); 56774664626SKris Kennaway goto end; 56874664626SKris Kennaway } 56974664626SKris Kennaway if (type == SSL_FILETYPE_ASN1) 57074664626SKris Kennaway { 57174664626SKris Kennaway j=ERR_R_ASN1_LIB; 57274664626SKris Kennaway rsa=d2i_RSAPrivateKey_bio(in,NULL); 57374664626SKris Kennaway } 57474664626SKris Kennaway else if (type == SSL_FILETYPE_PEM) 57574664626SKris Kennaway { 57674664626SKris Kennaway j=ERR_R_PEM_LIB; 57774664626SKris Kennaway rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 57874664626SKris Kennaway ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 57974664626SKris Kennaway } 58074664626SKris Kennaway else 58174664626SKris Kennaway { 58274664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 58374664626SKris Kennaway goto end; 58474664626SKris Kennaway } 58574664626SKris Kennaway if (rsa == NULL) 58674664626SKris Kennaway { 58774664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); 58874664626SKris Kennaway goto end; 58974664626SKris Kennaway } 59074664626SKris Kennaway ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); 59174664626SKris Kennaway RSA_free(rsa); 59274664626SKris Kennaway end: 59374664626SKris Kennaway if (in != NULL) BIO_free(in); 59474664626SKris Kennaway return(ret); 59574664626SKris Kennaway } 59674664626SKris Kennaway #endif 59774664626SKris Kennaway 5983b4e3dcbSSimon L. B. Nielsen int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) 59974664626SKris Kennaway { 60074664626SKris Kennaway int ret; 6015c87c606SMark Murray const unsigned char *p; 60274664626SKris Kennaway RSA *rsa; 60374664626SKris Kennaway 60474664626SKris Kennaway p=d; 60574664626SKris Kennaway if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) 60674664626SKris Kennaway { 60774664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 60874664626SKris Kennaway return(0); 60974664626SKris Kennaway } 61074664626SKris Kennaway 61174664626SKris Kennaway ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); 61274664626SKris Kennaway RSA_free(rsa); 61374664626SKris Kennaway return(ret); 61474664626SKris Kennaway } 6155c87c606SMark Murray #endif /* !OPENSSL_NO_RSA */ 61674664626SKris Kennaway 61774664626SKris Kennaway int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 61874664626SKris Kennaway { 61974664626SKris Kennaway if (pkey == NULL) 62074664626SKris Kennaway { 62174664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 62274664626SKris Kennaway return(0); 62374664626SKris Kennaway } 62474664626SKris Kennaway if (!ssl_cert_inst(&ctx->cert)) 62574664626SKris Kennaway { 62674664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); 62774664626SKris Kennaway return(0); 62874664626SKris Kennaway } 62974664626SKris Kennaway return(ssl_set_pkey(ctx->cert,pkey)); 63074664626SKris Kennaway } 63174664626SKris Kennaway 6325c87c606SMark Murray #ifndef OPENSSL_NO_STDIO 63374664626SKris Kennaway int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) 63474664626SKris Kennaway { 63574664626SKris Kennaway int j,ret=0; 63674664626SKris Kennaway BIO *in; 63774664626SKris Kennaway EVP_PKEY *pkey=NULL; 63874664626SKris Kennaway 63974664626SKris Kennaway in=BIO_new(BIO_s_file_internal()); 64074664626SKris Kennaway if (in == NULL) 64174664626SKris Kennaway { 64274664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); 64374664626SKris Kennaway goto end; 64474664626SKris Kennaway } 64574664626SKris Kennaway 64674664626SKris Kennaway if (BIO_read_filename(in,file) <= 0) 64774664626SKris Kennaway { 64874664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); 64974664626SKris Kennaway goto end; 65074664626SKris Kennaway } 65174664626SKris Kennaway if (type == SSL_FILETYPE_PEM) 65274664626SKris Kennaway { 65374664626SKris Kennaway j=ERR_R_PEM_LIB; 65474664626SKris Kennaway pkey=PEM_read_bio_PrivateKey(in,NULL, 65574664626SKris Kennaway ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 65674664626SKris Kennaway } 6573b4e3dcbSSimon L. B. Nielsen else if (type == SSL_FILETYPE_ASN1) 6583b4e3dcbSSimon L. B. Nielsen { 6593b4e3dcbSSimon L. B. Nielsen j = ERR_R_ASN1_LIB; 6603b4e3dcbSSimon L. B. Nielsen pkey = d2i_PrivateKey_bio(in,NULL); 6613b4e3dcbSSimon L. B. Nielsen } 66274664626SKris Kennaway else 66374664626SKris Kennaway { 66474664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 66574664626SKris Kennaway goto end; 66674664626SKris Kennaway } 66774664626SKris Kennaway if (pkey == NULL) 66874664626SKris Kennaway { 66974664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); 67074664626SKris Kennaway goto end; 67174664626SKris Kennaway } 67274664626SKris Kennaway ret=SSL_CTX_use_PrivateKey(ctx,pkey); 67374664626SKris Kennaway EVP_PKEY_free(pkey); 67474664626SKris Kennaway end: 67574664626SKris Kennaway if (in != NULL) BIO_free(in); 67674664626SKris Kennaway return(ret); 67774664626SKris Kennaway } 67874664626SKris Kennaway #endif 67974664626SKris Kennaway 6803b4e3dcbSSimon L. B. Nielsen int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, 68174664626SKris Kennaway long len) 68274664626SKris Kennaway { 68374664626SKris Kennaway int ret; 6843b4e3dcbSSimon L. B. Nielsen const unsigned char *p; 68574664626SKris Kennaway EVP_PKEY *pkey; 68674664626SKris Kennaway 68774664626SKris Kennaway p=d; 68874664626SKris Kennaway if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) 68974664626SKris Kennaway { 69074664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 69174664626SKris Kennaway return(0); 69274664626SKris Kennaway } 69374664626SKris Kennaway 69474664626SKris Kennaway ret=SSL_CTX_use_PrivateKey(ctx,pkey); 69574664626SKris Kennaway EVP_PKEY_free(pkey); 69674664626SKris Kennaway return(ret); 69774664626SKris Kennaway } 69874664626SKris Kennaway 69974664626SKris Kennaway 7005c87c606SMark Murray #ifndef OPENSSL_NO_STDIO 70174664626SKris Kennaway /* Read a file that contains our certificate in "PEM" format, 70274664626SKris Kennaway * possibly followed by a sequence of CA certificates that should be 70374664626SKris Kennaway * sent to the peer in the Certificate message. 70474664626SKris Kennaway */ 70574664626SKris Kennaway int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) 70674664626SKris Kennaway { 70774664626SKris Kennaway BIO *in; 70874664626SKris Kennaway int ret=0; 70974664626SKris Kennaway X509 *x=NULL; 71074664626SKris Kennaway 711db522d3aSSimon L. B. Nielsen ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ 712db522d3aSSimon L. B. Nielsen 71374664626SKris Kennaway in=BIO_new(BIO_s_file_internal()); 71474664626SKris Kennaway if (in == NULL) 71574664626SKris Kennaway { 71674664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); 71774664626SKris Kennaway goto end; 71874664626SKris Kennaway } 71974664626SKris Kennaway 72074664626SKris Kennaway if (BIO_read_filename(in,file) <= 0) 72174664626SKris Kennaway { 72274664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); 72374664626SKris Kennaway goto end; 72474664626SKris Kennaway } 72574664626SKris Kennaway 72674664626SKris Kennaway x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 72774664626SKris Kennaway if (x == NULL) 72874664626SKris Kennaway { 72974664626SKris Kennaway SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); 73074664626SKris Kennaway goto end; 73174664626SKris Kennaway } 73274664626SKris Kennaway 73374664626SKris Kennaway ret=SSL_CTX_use_certificate(ctx,x); 73474664626SKris Kennaway if (ERR_peek_error() != 0) 73574664626SKris Kennaway ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ 73674664626SKris Kennaway if (ret) 73774664626SKris Kennaway { 73874664626SKris Kennaway /* If we could set up our certificate, now proceed to 73974664626SKris Kennaway * the CA certificates. 74074664626SKris Kennaway */ 74174664626SKris Kennaway X509 *ca; 74274664626SKris Kennaway int r; 74374664626SKris Kennaway unsigned long err; 74474664626SKris Kennaway 74574664626SKris Kennaway if (ctx->extra_certs != NULL) 74674664626SKris Kennaway { 74774664626SKris Kennaway sk_X509_pop_free(ctx->extra_certs, X509_free); 74874664626SKris Kennaway ctx->extra_certs = NULL; 74974664626SKris Kennaway } 75074664626SKris Kennaway 75174664626SKris Kennaway while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata)) 75274664626SKris Kennaway != NULL) 75374664626SKris Kennaway { 75474664626SKris Kennaway r = SSL_CTX_add_extra_chain_cert(ctx, ca); 75574664626SKris Kennaway if (!r) 75674664626SKris Kennaway { 75774664626SKris Kennaway X509_free(ca); 75874664626SKris Kennaway ret = 0; 75974664626SKris Kennaway goto end; 76074664626SKris Kennaway } 76174664626SKris Kennaway /* Note that we must not free r if it was successfully 76274664626SKris Kennaway * added to the chain (while we must free the main 76374664626SKris Kennaway * certificate, since its reference count is increased 76474664626SKris Kennaway * by SSL_CTX_use_certificate). */ 76574664626SKris Kennaway } 76674664626SKris Kennaway /* When the while loop ends, it's usually just EOF. */ 7675c87c606SMark Murray err = ERR_peek_last_error(); 76874664626SKris Kennaway if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) 7693b4e3dcbSSimon L. B. Nielsen ERR_clear_error(); 77074664626SKris Kennaway else 77174664626SKris Kennaway ret = 0; /* some real error */ 77274664626SKris Kennaway } 77374664626SKris Kennaway 77474664626SKris Kennaway end: 77574664626SKris Kennaway if (x != NULL) X509_free(x); 77674664626SKris Kennaway if (in != NULL) BIO_free(in); 77774664626SKris Kennaway return(ret); 77874664626SKris Kennaway } 77974664626SKris Kennaway #endif 780