xref: /freebsd/crypto/openssl/ssl/ssl_rsa.c (revision 39ee7a7a6bdd1557b1c3532abf60d139798ac88b)
1 /* ssl/ssl_rsa.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #include <stdio.h>
60 #include "ssl_locl.h"
61 #include <openssl/bio.h>
62 #include <openssl/objects.h>
63 #include <openssl/evp.h>
64 #include <openssl/x509.h>
65 #include <openssl/pem.h>
66 
67 static int ssl_set_cert(CERT *c, X509 *x509);
68 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
69 int SSL_use_certificate(SSL *ssl, X509 *x)
70 {
71     if (x == NULL) {
72         SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
73         return (0);
74     }
75     if (!ssl_cert_inst(&ssl->cert)) {
76         SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
77         return (0);
78     }
79     return (ssl_set_cert(ssl->cert, x));
80 }
81 
82 #ifndef OPENSSL_NO_STDIO
83 int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
84 {
85     int j;
86     BIO *in;
87     int ret = 0;
88     X509 *x = NULL;
89 
90     in = BIO_new(BIO_s_file_internal());
91     if (in == NULL) {
92         SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
93         goto end;
94     }
95 
96     if (BIO_read_filename(in, file) <= 0) {
97         SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
98         goto end;
99     }
100     if (type == SSL_FILETYPE_ASN1) {
101         j = ERR_R_ASN1_LIB;
102         x = d2i_X509_bio(in, NULL);
103     } else if (type == SSL_FILETYPE_PEM) {
104         j = ERR_R_PEM_LIB;
105         x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback,
106                               ssl->ctx->default_passwd_callback_userdata);
107     } else {
108         SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
109         goto end;
110     }
111 
112     if (x == NULL) {
113         SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
114         goto end;
115     }
116 
117     ret = SSL_use_certificate(ssl, x);
118  end:
119     if (x != NULL)
120         X509_free(x);
121     if (in != NULL)
122         BIO_free(in);
123     return (ret);
124 }
125 #endif
126 
127 int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
128 {
129     X509 *x;
130     int ret;
131 
132     x = d2i_X509(NULL, &d, (long)len);
133     if (x == NULL) {
134         SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
135         return (0);
136     }
137 
138     ret = SSL_use_certificate(ssl, x);
139     X509_free(x);
140     return (ret);
141 }
142 
143 #ifndef OPENSSL_NO_RSA
144 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
145 {
146     EVP_PKEY *pkey;
147     int ret;
148 
149     if (rsa == NULL) {
150         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
151         return (0);
152     }
153     if (!ssl_cert_inst(&ssl->cert)) {
154         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
155         return (0);
156     }
157     if ((pkey = EVP_PKEY_new()) == NULL) {
158         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
159         return (0);
160     }
161 
162     RSA_up_ref(rsa);
163     EVP_PKEY_assign_RSA(pkey, rsa);
164 
165     ret = ssl_set_pkey(ssl->cert, pkey);
166     EVP_PKEY_free(pkey);
167     return (ret);
168 }
169 #endif
170 
171 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
172 {
173     int i;
174 
175     i = ssl_cert_type(NULL, pkey);
176     if (i < 0) {
177         SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
178         return (0);
179     }
180 
181     if (c->pkeys[i].x509 != NULL) {
182         EVP_PKEY *pktmp;
183         pktmp = X509_get_pubkey(c->pkeys[i].x509);
184         EVP_PKEY_copy_parameters(pktmp, pkey);
185         EVP_PKEY_free(pktmp);
186         ERR_clear_error();
187 
188 #ifndef OPENSSL_NO_RSA
189         /*
190          * Don't check the public/private key, this is mostly for smart
191          * cards.
192          */
193         if ((pkey->type == EVP_PKEY_RSA) &&
194             (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ;
195         else
196 #endif
197         if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
198             X509_free(c->pkeys[i].x509);
199             c->pkeys[i].x509 = NULL;
200             return 0;
201         }
202     }
203 
204     if (c->pkeys[i].privatekey != NULL)
205         EVP_PKEY_free(c->pkeys[i].privatekey);
206     CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
207     c->pkeys[i].privatekey = pkey;
208     c->key = &(c->pkeys[i]);
209 
210     c->valid = 0;
211     return (1);
212 }
213 
214 #ifndef OPENSSL_NO_RSA
215 # ifndef OPENSSL_NO_STDIO
216 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
217 {
218     int j, ret = 0;
219     BIO *in;
220     RSA *rsa = NULL;
221 
222     in = BIO_new(BIO_s_file_internal());
223     if (in == NULL) {
224         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
225         goto end;
226     }
227 
228     if (BIO_read_filename(in, file) <= 0) {
229         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
230         goto end;
231     }
232     if (type == SSL_FILETYPE_ASN1) {
233         j = ERR_R_ASN1_LIB;
234         rsa = d2i_RSAPrivateKey_bio(in, NULL);
235     } else if (type == SSL_FILETYPE_PEM) {
236         j = ERR_R_PEM_LIB;
237         rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
238                                          ssl->ctx->default_passwd_callback,
239                                          ssl->
240                                          ctx->default_passwd_callback_userdata);
241     } else {
242         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
243         goto end;
244     }
245     if (rsa == NULL) {
246         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
247         goto end;
248     }
249     ret = SSL_use_RSAPrivateKey(ssl, rsa);
250     RSA_free(rsa);
251  end:
252     if (in != NULL)
253         BIO_free(in);
254     return (ret);
255 }
256 # endif
257 
258 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
259 {
260     int ret;
261     const unsigned char *p;
262     RSA *rsa;
263 
264     p = d;
265     if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
266         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
267         return (0);
268     }
269 
270     ret = SSL_use_RSAPrivateKey(ssl, rsa);
271     RSA_free(rsa);
272     return (ret);
273 }
274 #endif                          /* !OPENSSL_NO_RSA */
275 
276 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
277 {
278     int ret;
279 
280     if (pkey == NULL) {
281         SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
282         return (0);
283     }
284     if (!ssl_cert_inst(&ssl->cert)) {
285         SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
286         return (0);
287     }
288     ret = ssl_set_pkey(ssl->cert, pkey);
289     return (ret);
290 }
291 
292 #ifndef OPENSSL_NO_STDIO
293 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
294 {
295     int j, ret = 0;
296     BIO *in;
297     EVP_PKEY *pkey = NULL;
298 
299     in = BIO_new(BIO_s_file_internal());
300     if (in == NULL) {
301         SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
302         goto end;
303     }
304 
305     if (BIO_read_filename(in, file) <= 0) {
306         SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
307         goto end;
308     }
309     if (type == SSL_FILETYPE_PEM) {
310         j = ERR_R_PEM_LIB;
311         pkey = PEM_read_bio_PrivateKey(in, NULL,
312                                        ssl->ctx->default_passwd_callback,
313                                        ssl->
314                                        ctx->default_passwd_callback_userdata);
315     } else if (type == SSL_FILETYPE_ASN1) {
316         j = ERR_R_ASN1_LIB;
317         pkey = d2i_PrivateKey_bio(in, NULL);
318     } else {
319         SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
320         goto end;
321     }
322     if (pkey == NULL) {
323         SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
324         goto end;
325     }
326     ret = SSL_use_PrivateKey(ssl, pkey);
327     EVP_PKEY_free(pkey);
328  end:
329     if (in != NULL)
330         BIO_free(in);
331     return (ret);
332 }
333 #endif
334 
335 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
336                             long len)
337 {
338     int ret;
339     const unsigned char *p;
340     EVP_PKEY *pkey;
341 
342     p = d;
343     if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
344         SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
345         return (0);
346     }
347 
348     ret = SSL_use_PrivateKey(ssl, pkey);
349     EVP_PKEY_free(pkey);
350     return (ret);
351 }
352 
353 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
354 {
355     if (x == NULL) {
356         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
357         return (0);
358     }
359     if (!ssl_cert_inst(&ctx->cert)) {
360         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
361         return (0);
362     }
363     return (ssl_set_cert(ctx->cert, x));
364 }
365 
366 static int ssl_set_cert(CERT *c, X509 *x)
367 {
368     EVP_PKEY *pkey;
369     int i;
370 
371     pkey = X509_get_pubkey(x);
372     if (pkey == NULL) {
373         SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
374         return (0);
375     }
376 
377     i = ssl_cert_type(x, pkey);
378     if (i < 0) {
379         SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
380         EVP_PKEY_free(pkey);
381         return (0);
382     }
383 
384     if (c->pkeys[i].privatekey != NULL) {
385         EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
386         ERR_clear_error();
387 
388 #ifndef OPENSSL_NO_RSA
389         /*
390          * Don't check the public/private key, this is mostly for smart
391          * cards.
392          */
393         if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
394             (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
395              RSA_METHOD_FLAG_NO_CHECK)) ;
396         else
397 #endif                          /* OPENSSL_NO_RSA */
398         if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
399             /*
400              * don't fail for a cert/key mismatch, just free current private
401              * key (when switching to a different cert & key, first this
402              * function should be used, then ssl_set_pkey
403              */
404             EVP_PKEY_free(c->pkeys[i].privatekey);
405             c->pkeys[i].privatekey = NULL;
406             /* clear error queue */
407             ERR_clear_error();
408         }
409     }
410 
411     EVP_PKEY_free(pkey);
412 
413     if (c->pkeys[i].x509 != NULL)
414         X509_free(c->pkeys[i].x509);
415     CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
416     c->pkeys[i].x509 = x;
417     c->key = &(c->pkeys[i]);
418 
419     c->valid = 0;
420     return (1);
421 }
422 
423 #ifndef OPENSSL_NO_STDIO
424 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
425 {
426     int j;
427     BIO *in;
428     int ret = 0;
429     X509 *x = NULL;
430 
431     in = BIO_new(BIO_s_file_internal());
432     if (in == NULL) {
433         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
434         goto end;
435     }
436 
437     if (BIO_read_filename(in, file) <= 0) {
438         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
439         goto end;
440     }
441     if (type == SSL_FILETYPE_ASN1) {
442         j = ERR_R_ASN1_LIB;
443         x = d2i_X509_bio(in, NULL);
444     } else if (type == SSL_FILETYPE_PEM) {
445         j = ERR_R_PEM_LIB;
446         x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
447                               ctx->default_passwd_callback_userdata);
448     } else {
449         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
450         goto end;
451     }
452 
453     if (x == NULL) {
454         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
455         goto end;
456     }
457 
458     ret = SSL_CTX_use_certificate(ctx, x);
459  end:
460     if (x != NULL)
461         X509_free(x);
462     if (in != NULL)
463         BIO_free(in);
464     return (ret);
465 }
466 #endif
467 
468 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
469                                  const unsigned char *d)
470 {
471     X509 *x;
472     int ret;
473 
474     x = d2i_X509(NULL, &d, (long)len);
475     if (x == NULL) {
476         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
477         return (0);
478     }
479 
480     ret = SSL_CTX_use_certificate(ctx, x);
481     X509_free(x);
482     return (ret);
483 }
484 
485 #ifndef OPENSSL_NO_RSA
486 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
487 {
488     int ret;
489     EVP_PKEY *pkey;
490 
491     if (rsa == NULL) {
492         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
493         return (0);
494     }
495     if (!ssl_cert_inst(&ctx->cert)) {
496         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
497         return (0);
498     }
499     if ((pkey = EVP_PKEY_new()) == NULL) {
500         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
501         return (0);
502     }
503 
504     RSA_up_ref(rsa);
505     EVP_PKEY_assign_RSA(pkey, rsa);
506 
507     ret = ssl_set_pkey(ctx->cert, pkey);
508     EVP_PKEY_free(pkey);
509     return (ret);
510 }
511 
512 # ifndef OPENSSL_NO_STDIO
513 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
514 {
515     int j, ret = 0;
516     BIO *in;
517     RSA *rsa = NULL;
518 
519     in = BIO_new(BIO_s_file_internal());
520     if (in == NULL) {
521         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
522         goto end;
523     }
524 
525     if (BIO_read_filename(in, file) <= 0) {
526         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
527         goto end;
528     }
529     if (type == SSL_FILETYPE_ASN1) {
530         j = ERR_R_ASN1_LIB;
531         rsa = d2i_RSAPrivateKey_bio(in, NULL);
532     } else if (type == SSL_FILETYPE_PEM) {
533         j = ERR_R_PEM_LIB;
534         rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
535                                          ctx->default_passwd_callback,
536                                          ctx->default_passwd_callback_userdata);
537     } else {
538         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
539         goto end;
540     }
541     if (rsa == NULL) {
542         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
543         goto end;
544     }
545     ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
546     RSA_free(rsa);
547  end:
548     if (in != NULL)
549         BIO_free(in);
550     return (ret);
551 }
552 # endif
553 
554 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
555                                    long len)
556 {
557     int ret;
558     const unsigned char *p;
559     RSA *rsa;
560 
561     p = d;
562     if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
563         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
564         return (0);
565     }
566 
567     ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
568     RSA_free(rsa);
569     return (ret);
570 }
571 #endif                          /* !OPENSSL_NO_RSA */
572 
573 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
574 {
575     if (pkey == NULL) {
576         SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
577         return (0);
578     }
579     if (!ssl_cert_inst(&ctx->cert)) {
580         SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
581         return (0);
582     }
583     return (ssl_set_pkey(ctx->cert, pkey));
584 }
585 
586 #ifndef OPENSSL_NO_STDIO
587 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
588 {
589     int j, ret = 0;
590     BIO *in;
591     EVP_PKEY *pkey = NULL;
592 
593     in = BIO_new(BIO_s_file_internal());
594     if (in == NULL) {
595         SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
596         goto end;
597     }
598 
599     if (BIO_read_filename(in, file) <= 0) {
600         SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
601         goto end;
602     }
603     if (type == SSL_FILETYPE_PEM) {
604         j = ERR_R_PEM_LIB;
605         pkey = PEM_read_bio_PrivateKey(in, NULL,
606                                        ctx->default_passwd_callback,
607                                        ctx->default_passwd_callback_userdata);
608     } else if (type == SSL_FILETYPE_ASN1) {
609         j = ERR_R_ASN1_LIB;
610         pkey = d2i_PrivateKey_bio(in, NULL);
611     } else {
612         SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
613         goto end;
614     }
615     if (pkey == NULL) {
616         SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
617         goto end;
618     }
619     ret = SSL_CTX_use_PrivateKey(ctx, pkey);
620     EVP_PKEY_free(pkey);
621  end:
622     if (in != NULL)
623         BIO_free(in);
624     return (ret);
625 }
626 #endif
627 
628 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
629                                 const unsigned char *d, long len)
630 {
631     int ret;
632     const unsigned char *p;
633     EVP_PKEY *pkey;
634 
635     p = d;
636     if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
637         SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
638         return (0);
639     }
640 
641     ret = SSL_CTX_use_PrivateKey(ctx, pkey);
642     EVP_PKEY_free(pkey);
643     return (ret);
644 }
645 
646 #ifndef OPENSSL_NO_STDIO
647 /*
648  * Read a file that contains our certificate in "PEM" format, possibly
649  * followed by a sequence of CA certificates that should be sent to the peer
650  * in the Certificate message.
651  */
652 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
653 {
654     BIO *in;
655     int ret = 0;
656     X509 *x = NULL;
657 
658     ERR_clear_error();          /* clear error stack for
659                                  * SSL_CTX_use_certificate() */
660 
661     in = BIO_new(BIO_s_file_internal());
662     if (in == NULL) {
663         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
664         goto end;
665     }
666 
667     if (BIO_read_filename(in, file) <= 0) {
668         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
669         goto end;
670     }
671 
672     x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
673                               ctx->default_passwd_callback_userdata);
674     if (x == NULL) {
675         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
676         goto end;
677     }
678 
679     ret = SSL_CTX_use_certificate(ctx, x);
680 
681     if (ERR_peek_error() != 0)
682         ret = 0;                /* Key/certificate mismatch doesn't imply
683                                  * ret==0 ... */
684     if (ret) {
685         /*
686          * If we could set up our certificate, now proceed to the CA
687          * certificates.
688          */
689         X509 *ca;
690         int r;
691         unsigned long err;
692 
693         if (ctx->extra_certs != NULL) {
694             sk_X509_pop_free(ctx->extra_certs, X509_free);
695             ctx->extra_certs = NULL;
696         }
697 
698         while ((ca = PEM_read_bio_X509(in, NULL,
699                                        ctx->default_passwd_callback,
700                                        ctx->default_passwd_callback_userdata))
701                != NULL) {
702             r = SSL_CTX_add_extra_chain_cert(ctx, ca);
703             if (!r) {
704                 X509_free(ca);
705                 ret = 0;
706                 goto end;
707             }
708             /*
709              * Note that we must not free r if it was successfully added to
710              * the chain (while we must free the main certificate, since its
711              * reference count is increased by SSL_CTX_use_certificate).
712              */
713         }
714         /* When the while loop ends, it's usually just EOF. */
715         err = ERR_peek_last_error();
716         if (ERR_GET_LIB(err) == ERR_LIB_PEM
717             && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
718             ERR_clear_error();
719         else
720             ret = 0;            /* some real error */
721     }
722 
723  end:
724     if (x != NULL)
725         X509_free(x);
726     if (in != NULL)
727         BIO_free(in);
728     return (ret);
729 }
730 #endif
731