1 /* ssl/ssl_rsa.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include "ssl_locl.h" 61 #include <openssl/bio.h> 62 #include <openssl/objects.h> 63 #include <openssl/evp.h> 64 #include <openssl/x509.h> 65 #include <openssl/pem.h> 66 67 static int ssl_set_cert(CERT *c, X509 *x509); 68 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); 69 int SSL_use_certificate(SSL *ssl, X509 *x) 70 { 71 if (x == NULL) { 72 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); 73 return (0); 74 } 75 if (!ssl_cert_inst(&ssl->cert)) { 76 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); 77 return (0); 78 } 79 return (ssl_set_cert(ssl->cert, x)); 80 } 81 82 #ifndef OPENSSL_NO_STDIO 83 int SSL_use_certificate_file(SSL *ssl, const char *file, int type) 84 { 85 int j; 86 BIO *in; 87 int ret = 0; 88 X509 *x = NULL; 89 90 in = BIO_new(BIO_s_file_internal()); 91 if (in == NULL) { 92 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); 93 goto end; 94 } 95 96 if (BIO_read_filename(in, file) <= 0) { 97 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); 98 goto end; 99 } 100 if (type == SSL_FILETYPE_ASN1) { 101 j = ERR_R_ASN1_LIB; 102 x = d2i_X509_bio(in, NULL); 103 } else if (type == SSL_FILETYPE_PEM) { 104 j = ERR_R_PEM_LIB; 105 x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, 106 ssl->ctx->default_passwd_callback_userdata); 107 } else { 108 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); 109 goto end; 110 } 111 112 if (x == NULL) { 113 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); 114 goto end; 115 } 116 117 ret = SSL_use_certificate(ssl, x); 118 end: 119 if (x != NULL) 120 X509_free(x); 121 if (in != NULL) 122 BIO_free(in); 123 return (ret); 124 } 125 #endif 126 127 int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) 128 { 129 X509 *x; 130 int ret; 131 132 x = d2i_X509(NULL, &d, (long)len); 133 if (x == NULL) { 134 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); 135 return (0); 136 } 137 138 ret = SSL_use_certificate(ssl, x); 139 X509_free(x); 140 return (ret); 141 } 142 143 #ifndef OPENSSL_NO_RSA 144 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) 145 { 146 EVP_PKEY *pkey; 147 int ret; 148 149 if (rsa == NULL) { 150 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); 151 return (0); 152 } 153 if (!ssl_cert_inst(&ssl->cert)) { 154 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); 155 return (0); 156 } 157 if ((pkey = EVP_PKEY_new()) == NULL) { 158 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); 159 return (0); 160 } 161 162 RSA_up_ref(rsa); 163 EVP_PKEY_assign_RSA(pkey, rsa); 164 165 ret = ssl_set_pkey(ssl->cert, pkey); 166 EVP_PKEY_free(pkey); 167 return (ret); 168 } 169 #endif 170 171 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) 172 { 173 int i; 174 175 i = ssl_cert_type(NULL, pkey); 176 if (i < 0) { 177 SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); 178 return (0); 179 } 180 181 if (c->pkeys[i].x509 != NULL) { 182 EVP_PKEY *pktmp; 183 pktmp = X509_get_pubkey(c->pkeys[i].x509); 184 EVP_PKEY_copy_parameters(pktmp, pkey); 185 EVP_PKEY_free(pktmp); 186 ERR_clear_error(); 187 188 #ifndef OPENSSL_NO_RSA 189 /* 190 * Don't check the public/private key, this is mostly for smart 191 * cards. 192 */ 193 if ((pkey->type == EVP_PKEY_RSA) && 194 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ; 195 else 196 #endif 197 if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { 198 X509_free(c->pkeys[i].x509); 199 c->pkeys[i].x509 = NULL; 200 return 0; 201 } 202 } 203 204 if (c->pkeys[i].privatekey != NULL) 205 EVP_PKEY_free(c->pkeys[i].privatekey); 206 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); 207 c->pkeys[i].privatekey = pkey; 208 c->key = &(c->pkeys[i]); 209 210 c->valid = 0; 211 return (1); 212 } 213 214 #ifndef OPENSSL_NO_RSA 215 # ifndef OPENSSL_NO_STDIO 216 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) 217 { 218 int j, ret = 0; 219 BIO *in; 220 RSA *rsa = NULL; 221 222 in = BIO_new(BIO_s_file_internal()); 223 if (in == NULL) { 224 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); 225 goto end; 226 } 227 228 if (BIO_read_filename(in, file) <= 0) { 229 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); 230 goto end; 231 } 232 if (type == SSL_FILETYPE_ASN1) { 233 j = ERR_R_ASN1_LIB; 234 rsa = d2i_RSAPrivateKey_bio(in, NULL); 235 } else if (type == SSL_FILETYPE_PEM) { 236 j = ERR_R_PEM_LIB; 237 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 238 ssl->ctx->default_passwd_callback, 239 ssl-> 240 ctx->default_passwd_callback_userdata); 241 } else { 242 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 243 goto end; 244 } 245 if (rsa == NULL) { 246 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); 247 goto end; 248 } 249 ret = SSL_use_RSAPrivateKey(ssl, rsa); 250 RSA_free(rsa); 251 end: 252 if (in != NULL) 253 BIO_free(in); 254 return (ret); 255 } 256 # endif 257 258 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) 259 { 260 int ret; 261 const unsigned char *p; 262 RSA *rsa; 263 264 p = d; 265 if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { 266 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); 267 return (0); 268 } 269 270 ret = SSL_use_RSAPrivateKey(ssl, rsa); 271 RSA_free(rsa); 272 return (ret); 273 } 274 #endif /* !OPENSSL_NO_RSA */ 275 276 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) 277 { 278 int ret; 279 280 if (pkey == NULL) { 281 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); 282 return (0); 283 } 284 if (!ssl_cert_inst(&ssl->cert)) { 285 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); 286 return (0); 287 } 288 ret = ssl_set_pkey(ssl->cert, pkey); 289 return (ret); 290 } 291 292 #ifndef OPENSSL_NO_STDIO 293 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) 294 { 295 int j, ret = 0; 296 BIO *in; 297 EVP_PKEY *pkey = NULL; 298 299 in = BIO_new(BIO_s_file_internal()); 300 if (in == NULL) { 301 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); 302 goto end; 303 } 304 305 if (BIO_read_filename(in, file) <= 0) { 306 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); 307 goto end; 308 } 309 if (type == SSL_FILETYPE_PEM) { 310 j = ERR_R_PEM_LIB; 311 pkey = PEM_read_bio_PrivateKey(in, NULL, 312 ssl->ctx->default_passwd_callback, 313 ssl-> 314 ctx->default_passwd_callback_userdata); 315 } else if (type == SSL_FILETYPE_ASN1) { 316 j = ERR_R_ASN1_LIB; 317 pkey = d2i_PrivateKey_bio(in, NULL); 318 } else { 319 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 320 goto end; 321 } 322 if (pkey == NULL) { 323 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j); 324 goto end; 325 } 326 ret = SSL_use_PrivateKey(ssl, pkey); 327 EVP_PKEY_free(pkey); 328 end: 329 if (in != NULL) 330 BIO_free(in); 331 return (ret); 332 } 333 #endif 334 335 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, 336 long len) 337 { 338 int ret; 339 const unsigned char *p; 340 EVP_PKEY *pkey; 341 342 p = d; 343 if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) { 344 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); 345 return (0); 346 } 347 348 ret = SSL_use_PrivateKey(ssl, pkey); 349 EVP_PKEY_free(pkey); 350 return (ret); 351 } 352 353 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) 354 { 355 if (x == NULL) { 356 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); 357 return (0); 358 } 359 if (!ssl_cert_inst(&ctx->cert)) { 360 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); 361 return (0); 362 } 363 return (ssl_set_cert(ctx->cert, x)); 364 } 365 366 static int ssl_set_cert(CERT *c, X509 *x) 367 { 368 EVP_PKEY *pkey; 369 int i; 370 371 pkey = X509_get_pubkey(x); 372 if (pkey == NULL) { 373 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); 374 return (0); 375 } 376 377 i = ssl_cert_type(x, pkey); 378 if (i < 0) { 379 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); 380 EVP_PKEY_free(pkey); 381 return (0); 382 } 383 384 if (c->pkeys[i].privatekey != NULL) { 385 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); 386 ERR_clear_error(); 387 388 #ifndef OPENSSL_NO_RSA 389 /* 390 * Don't check the public/private key, this is mostly for smart 391 * cards. 392 */ 393 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && 394 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & 395 RSA_METHOD_FLAG_NO_CHECK)) ; 396 else 397 #endif /* OPENSSL_NO_RSA */ 398 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { 399 /* 400 * don't fail for a cert/key mismatch, just free current private 401 * key (when switching to a different cert & key, first this 402 * function should be used, then ssl_set_pkey 403 */ 404 EVP_PKEY_free(c->pkeys[i].privatekey); 405 c->pkeys[i].privatekey = NULL; 406 /* clear error queue */ 407 ERR_clear_error(); 408 } 409 } 410 411 EVP_PKEY_free(pkey); 412 413 if (c->pkeys[i].x509 != NULL) 414 X509_free(c->pkeys[i].x509); 415 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 416 c->pkeys[i].x509 = x; 417 c->key = &(c->pkeys[i]); 418 419 c->valid = 0; 420 return (1); 421 } 422 423 #ifndef OPENSSL_NO_STDIO 424 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) 425 { 426 int j; 427 BIO *in; 428 int ret = 0; 429 X509 *x = NULL; 430 431 in = BIO_new(BIO_s_file_internal()); 432 if (in == NULL) { 433 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); 434 goto end; 435 } 436 437 if (BIO_read_filename(in, file) <= 0) { 438 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); 439 goto end; 440 } 441 if (type == SSL_FILETYPE_ASN1) { 442 j = ERR_R_ASN1_LIB; 443 x = d2i_X509_bio(in, NULL); 444 } else if (type == SSL_FILETYPE_PEM) { 445 j = ERR_R_PEM_LIB; 446 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, 447 ctx->default_passwd_callback_userdata); 448 } else { 449 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); 450 goto end; 451 } 452 453 if (x == NULL) { 454 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); 455 goto end; 456 } 457 458 ret = SSL_CTX_use_certificate(ctx, x); 459 end: 460 if (x != NULL) 461 X509_free(x); 462 if (in != NULL) 463 BIO_free(in); 464 return (ret); 465 } 466 #endif 467 468 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, 469 const unsigned char *d) 470 { 471 X509 *x; 472 int ret; 473 474 x = d2i_X509(NULL, &d, (long)len); 475 if (x == NULL) { 476 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); 477 return (0); 478 } 479 480 ret = SSL_CTX_use_certificate(ctx, x); 481 X509_free(x); 482 return (ret); 483 } 484 485 #ifndef OPENSSL_NO_RSA 486 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) 487 { 488 int ret; 489 EVP_PKEY *pkey; 490 491 if (rsa == NULL) { 492 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); 493 return (0); 494 } 495 if (!ssl_cert_inst(&ctx->cert)) { 496 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); 497 return (0); 498 } 499 if ((pkey = EVP_PKEY_new()) == NULL) { 500 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); 501 return (0); 502 } 503 504 RSA_up_ref(rsa); 505 EVP_PKEY_assign_RSA(pkey, rsa); 506 507 ret = ssl_set_pkey(ctx->cert, pkey); 508 EVP_PKEY_free(pkey); 509 return (ret); 510 } 511 512 # ifndef OPENSSL_NO_STDIO 513 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) 514 { 515 int j, ret = 0; 516 BIO *in; 517 RSA *rsa = NULL; 518 519 in = BIO_new(BIO_s_file_internal()); 520 if (in == NULL) { 521 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); 522 goto end; 523 } 524 525 if (BIO_read_filename(in, file) <= 0) { 526 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); 527 goto end; 528 } 529 if (type == SSL_FILETYPE_ASN1) { 530 j = ERR_R_ASN1_LIB; 531 rsa = d2i_RSAPrivateKey_bio(in, NULL); 532 } else if (type == SSL_FILETYPE_PEM) { 533 j = ERR_R_PEM_LIB; 534 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 535 ctx->default_passwd_callback, 536 ctx->default_passwd_callback_userdata); 537 } else { 538 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 539 goto end; 540 } 541 if (rsa == NULL) { 542 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j); 543 goto end; 544 } 545 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); 546 RSA_free(rsa); 547 end: 548 if (in != NULL) 549 BIO_free(in); 550 return (ret); 551 } 552 # endif 553 554 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, 555 long len) 556 { 557 int ret; 558 const unsigned char *p; 559 RSA *rsa; 560 561 p = d; 562 if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { 563 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); 564 return (0); 565 } 566 567 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); 568 RSA_free(rsa); 569 return (ret); 570 } 571 #endif /* !OPENSSL_NO_RSA */ 572 573 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 574 { 575 if (pkey == NULL) { 576 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); 577 return (0); 578 } 579 if (!ssl_cert_inst(&ctx->cert)) { 580 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); 581 return (0); 582 } 583 return (ssl_set_pkey(ctx->cert, pkey)); 584 } 585 586 #ifndef OPENSSL_NO_STDIO 587 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) 588 { 589 int j, ret = 0; 590 BIO *in; 591 EVP_PKEY *pkey = NULL; 592 593 in = BIO_new(BIO_s_file_internal()); 594 if (in == NULL) { 595 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); 596 goto end; 597 } 598 599 if (BIO_read_filename(in, file) <= 0) { 600 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); 601 goto end; 602 } 603 if (type == SSL_FILETYPE_PEM) { 604 j = ERR_R_PEM_LIB; 605 pkey = PEM_read_bio_PrivateKey(in, NULL, 606 ctx->default_passwd_callback, 607 ctx->default_passwd_callback_userdata); 608 } else if (type == SSL_FILETYPE_ASN1) { 609 j = ERR_R_ASN1_LIB; 610 pkey = d2i_PrivateKey_bio(in, NULL); 611 } else { 612 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 613 goto end; 614 } 615 if (pkey == NULL) { 616 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); 617 goto end; 618 } 619 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 620 EVP_PKEY_free(pkey); 621 end: 622 if (in != NULL) 623 BIO_free(in); 624 return (ret); 625 } 626 #endif 627 628 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, 629 const unsigned char *d, long len) 630 { 631 int ret; 632 const unsigned char *p; 633 EVP_PKEY *pkey; 634 635 p = d; 636 if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) { 637 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); 638 return (0); 639 } 640 641 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 642 EVP_PKEY_free(pkey); 643 return (ret); 644 } 645 646 #ifndef OPENSSL_NO_STDIO 647 /* 648 * Read a file that contains our certificate in "PEM" format, possibly 649 * followed by a sequence of CA certificates that should be sent to the peer 650 * in the Certificate message. 651 */ 652 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) 653 { 654 BIO *in; 655 int ret = 0; 656 X509 *x = NULL; 657 658 ERR_clear_error(); /* clear error stack for 659 * SSL_CTX_use_certificate() */ 660 661 in = BIO_new(BIO_s_file_internal()); 662 if (in == NULL) { 663 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); 664 goto end; 665 } 666 667 if (BIO_read_filename(in, file) <= 0) { 668 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); 669 goto end; 670 } 671 672 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, 673 ctx->default_passwd_callback_userdata); 674 if (x == NULL) { 675 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); 676 goto end; 677 } 678 679 ret = SSL_CTX_use_certificate(ctx, x); 680 681 if (ERR_peek_error() != 0) 682 ret = 0; /* Key/certificate mismatch doesn't imply 683 * ret==0 ... */ 684 if (ret) { 685 /* 686 * If we could set up our certificate, now proceed to the CA 687 * certificates. 688 */ 689 X509 *ca; 690 int r; 691 unsigned long err; 692 693 if (ctx->extra_certs != NULL) { 694 sk_X509_pop_free(ctx->extra_certs, X509_free); 695 ctx->extra_certs = NULL; 696 } 697 698 while ((ca = PEM_read_bio_X509(in, NULL, 699 ctx->default_passwd_callback, 700 ctx->default_passwd_callback_userdata)) 701 != NULL) { 702 r = SSL_CTX_add_extra_chain_cert(ctx, ca); 703 if (!r) { 704 X509_free(ca); 705 ret = 0; 706 goto end; 707 } 708 /* 709 * Note that we must not free r if it was successfully added to 710 * the chain (while we must free the main certificate, since its 711 * reference count is increased by SSL_CTX_use_certificate). 712 */ 713 } 714 /* When the while loop ends, it's usually just EOF. */ 715 err = ERR_peek_last_error(); 716 if (ERR_GET_LIB(err) == ERR_LIB_PEM 717 && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) 718 ERR_clear_error(); 719 else 720 ret = 0; /* some real error */ 721 } 722 723 end: 724 if (x != NULL) 725 X509_free(x); 726 if (in != NULL) 727 BIO_free(in); 728 return (ret); 729 } 730 #endif 731