1 /* ssl/ssl_rsa.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include "ssl_locl.h" 61 #include <openssl/bio.h> 62 #include <openssl/objects.h> 63 #include <openssl/evp.h> 64 #include <openssl/x509.h> 65 #include <openssl/pem.h> 66 67 static int ssl_set_cert(CERT *c, X509 *x509); 68 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); 69 int SSL_use_certificate(SSL *ssl, X509 *x) 70 { 71 if (x == NULL) 72 { 73 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); 74 return(0); 75 } 76 if (!ssl_cert_inst(&ssl->cert)) 77 { 78 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); 79 return(0); 80 } 81 return(ssl_set_cert(ssl->cert,x)); 82 } 83 84 #ifndef OPENSSL_NO_STDIO 85 int SSL_use_certificate_file(SSL *ssl, const char *file, int type) 86 { 87 int j; 88 BIO *in; 89 int ret=0; 90 X509 *x=NULL; 91 92 in=BIO_new(BIO_s_file_internal()); 93 if (in == NULL) 94 { 95 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); 96 goto end; 97 } 98 99 if (BIO_read_filename(in,file) <= 0) 100 { 101 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); 102 goto end; 103 } 104 if (type == SSL_FILETYPE_ASN1) 105 { 106 j=ERR_R_ASN1_LIB; 107 x=d2i_X509_bio(in,NULL); 108 } 109 else if (type == SSL_FILETYPE_PEM) 110 { 111 j=ERR_R_PEM_LIB; 112 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); 113 } 114 else 115 { 116 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); 117 goto end; 118 } 119 120 if (x == NULL) 121 { 122 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); 123 goto end; 124 } 125 126 ret=SSL_use_certificate(ssl,x); 127 end: 128 if (x != NULL) X509_free(x); 129 if (in != NULL) BIO_free(in); 130 return(ret); 131 } 132 #endif 133 134 int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len) 135 { 136 X509 *x; 137 int ret; 138 139 x=d2i_X509(NULL,&d,(long)len); 140 if (x == NULL) 141 { 142 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); 143 return(0); 144 } 145 146 ret=SSL_use_certificate(ssl,x); 147 X509_free(x); 148 return(ret); 149 } 150 151 #ifndef OPENSSL_NO_RSA 152 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) 153 { 154 EVP_PKEY *pkey; 155 int ret; 156 157 if (rsa == NULL) 158 { 159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 160 return(0); 161 } 162 if (!ssl_cert_inst(&ssl->cert)) 163 { 164 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); 165 return(0); 166 } 167 if ((pkey=EVP_PKEY_new()) == NULL) 168 { 169 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); 170 return(0); 171 } 172 173 RSA_up_ref(rsa); 174 EVP_PKEY_assign_RSA(pkey,rsa); 175 176 ret=ssl_set_pkey(ssl->cert,pkey); 177 EVP_PKEY_free(pkey); 178 return(ret); 179 } 180 #endif 181 182 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) 183 { 184 int i,ok=0,bad=0; 185 186 i=ssl_cert_type(NULL,pkey); 187 if (i < 0) 188 { 189 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); 190 return(0); 191 } 192 193 if (c->pkeys[i].x509 != NULL) 194 { 195 EVP_PKEY *pktmp; 196 pktmp = X509_get_pubkey(c->pkeys[i].x509); 197 EVP_PKEY_copy_parameters(pktmp,pkey); 198 EVP_PKEY_free(pktmp); 199 ERR_clear_error(); 200 201 #ifndef OPENSSL_NO_RSA 202 /* Don't check the public/private key, this is mostly 203 * for smart cards. */ 204 if ((pkey->type == EVP_PKEY_RSA) && 205 (RSA_flags(pkey->pkey.rsa) & 206 RSA_METHOD_FLAG_NO_CHECK)) 207 ok=1; 208 else 209 #endif 210 if (!X509_check_private_key(c->pkeys[i].x509,pkey)) 211 { 212 if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) 213 { 214 i=(i == SSL_PKEY_DH_RSA)? 215 SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; 216 217 if (c->pkeys[i].x509 == NULL) 218 ok=1; 219 else 220 { 221 if (!X509_check_private_key( 222 c->pkeys[i].x509,pkey)) 223 bad=1; 224 else 225 ok=1; 226 } 227 } 228 else 229 bad=1; 230 } 231 else 232 ok=1; 233 } 234 else 235 ok=1; 236 237 if (bad) 238 { 239 X509_free(c->pkeys[i].x509); 240 c->pkeys[i].x509=NULL; 241 return(0); 242 } 243 244 ERR_clear_error(); /* make sure no error from X509_check_private_key() 245 * is left if we have chosen to ignore it */ 246 if (c->pkeys[i].privatekey != NULL) 247 EVP_PKEY_free(c->pkeys[i].privatekey); 248 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 249 c->pkeys[i].privatekey=pkey; 250 c->key= &(c->pkeys[i]); 251 252 c->valid=0; 253 return(1); 254 } 255 256 #ifndef OPENSSL_NO_RSA 257 #ifndef OPENSSL_NO_STDIO 258 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) 259 { 260 int j,ret=0; 261 BIO *in; 262 RSA *rsa=NULL; 263 264 in=BIO_new(BIO_s_file_internal()); 265 if (in == NULL) 266 { 267 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); 268 goto end; 269 } 270 271 if (BIO_read_filename(in,file) <= 0) 272 { 273 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); 274 goto end; 275 } 276 if (type == SSL_FILETYPE_ASN1) 277 { 278 j=ERR_R_ASN1_LIB; 279 rsa=d2i_RSAPrivateKey_bio(in,NULL); 280 } 281 else if (type == SSL_FILETYPE_PEM) 282 { 283 j=ERR_R_PEM_LIB; 284 rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 285 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); 286 } 287 else 288 { 289 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 290 goto end; 291 } 292 if (rsa == NULL) 293 { 294 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); 295 goto end; 296 } 297 ret=SSL_use_RSAPrivateKey(ssl,rsa); 298 RSA_free(rsa); 299 end: 300 if (in != NULL) BIO_free(in); 301 return(ret); 302 } 303 #endif 304 305 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) 306 { 307 int ret; 308 const unsigned char *p; 309 RSA *rsa; 310 311 p=d; 312 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) 313 { 314 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 315 return(0); 316 } 317 318 ret=SSL_use_RSAPrivateKey(ssl,rsa); 319 RSA_free(rsa); 320 return(ret); 321 } 322 #endif /* !OPENSSL_NO_RSA */ 323 324 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) 325 { 326 int ret; 327 328 if (pkey == NULL) 329 { 330 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 331 return(0); 332 } 333 if (!ssl_cert_inst(&ssl->cert)) 334 { 335 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); 336 return(0); 337 } 338 ret=ssl_set_pkey(ssl->cert,pkey); 339 return(ret); 340 } 341 342 #ifndef OPENSSL_NO_STDIO 343 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) 344 { 345 int j,ret=0; 346 BIO *in; 347 EVP_PKEY *pkey=NULL; 348 349 in=BIO_new(BIO_s_file_internal()); 350 if (in == NULL) 351 { 352 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); 353 goto end; 354 } 355 356 if (BIO_read_filename(in,file) <= 0) 357 { 358 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); 359 goto end; 360 } 361 if (type == SSL_FILETYPE_PEM) 362 { 363 j=ERR_R_PEM_LIB; 364 pkey=PEM_read_bio_PrivateKey(in,NULL, 365 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); 366 } 367 else 368 { 369 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 370 goto end; 371 } 372 if (pkey == NULL) 373 { 374 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); 375 goto end; 376 } 377 ret=SSL_use_PrivateKey(ssl,pkey); 378 EVP_PKEY_free(pkey); 379 end: 380 if (in != NULL) BIO_free(in); 381 return(ret); 382 } 383 #endif 384 385 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len) 386 { 387 int ret; 388 unsigned char *p; 389 EVP_PKEY *pkey; 390 391 p=d; 392 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) 393 { 394 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 395 return(0); 396 } 397 398 ret=SSL_use_PrivateKey(ssl,pkey); 399 EVP_PKEY_free(pkey); 400 return(ret); 401 } 402 403 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) 404 { 405 if (x == NULL) 406 { 407 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); 408 return(0); 409 } 410 if (!ssl_cert_inst(&ctx->cert)) 411 { 412 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); 413 return(0); 414 } 415 return(ssl_set_cert(ctx->cert, x)); 416 } 417 418 static int ssl_set_cert(CERT *c, X509 *x) 419 { 420 EVP_PKEY *pkey; 421 int i,ok=0,bad=0; 422 423 pkey=X509_get_pubkey(x); 424 if (pkey == NULL) 425 { 426 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); 427 return(0); 428 } 429 430 i=ssl_cert_type(x,pkey); 431 if (i < 0) 432 { 433 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); 434 EVP_PKEY_free(pkey); 435 return(0); 436 } 437 438 if (c->pkeys[i].privatekey != NULL) 439 { 440 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); 441 ERR_clear_error(); 442 443 #ifndef OPENSSL_NO_RSA 444 /* Don't check the public/private key, this is mostly 445 * for smart cards. */ 446 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && 447 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & 448 RSA_METHOD_FLAG_NO_CHECK)) 449 ok=1; 450 else 451 #endif 452 { 453 if (!X509_check_private_key(x,c->pkeys[i].privatekey)) 454 { 455 if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) 456 { 457 i=(i == SSL_PKEY_DH_RSA)? 458 SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; 459 460 if (c->pkeys[i].privatekey == NULL) 461 ok=1; 462 else 463 { 464 if (!X509_check_private_key(x, 465 c->pkeys[i].privatekey)) 466 bad=1; 467 else 468 ok=1; 469 } 470 } 471 else 472 bad=1; 473 } 474 else 475 ok=1; 476 } /* OPENSSL_NO_RSA */ 477 } 478 else 479 ok=1; 480 481 EVP_PKEY_free(pkey); 482 if (bad) 483 { 484 EVP_PKEY_free(c->pkeys[i].privatekey); 485 c->pkeys[i].privatekey=NULL; 486 } 487 488 if (c->pkeys[i].x509 != NULL) 489 X509_free(c->pkeys[i].x509); 490 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 491 c->pkeys[i].x509=x; 492 c->key= &(c->pkeys[i]); 493 494 c->valid=0; 495 return(1); 496 } 497 498 #ifndef OPENSSL_NO_STDIO 499 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) 500 { 501 int j; 502 BIO *in; 503 int ret=0; 504 X509 *x=NULL; 505 506 in=BIO_new(BIO_s_file_internal()); 507 if (in == NULL) 508 { 509 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); 510 goto end; 511 } 512 513 if (BIO_read_filename(in,file) <= 0) 514 { 515 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); 516 goto end; 517 } 518 if (type == SSL_FILETYPE_ASN1) 519 { 520 j=ERR_R_ASN1_LIB; 521 x=d2i_X509_bio(in,NULL); 522 } 523 else if (type == SSL_FILETYPE_PEM) 524 { 525 j=ERR_R_PEM_LIB; 526 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 527 } 528 else 529 { 530 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); 531 goto end; 532 } 533 534 if (x == NULL) 535 { 536 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); 537 goto end; 538 } 539 540 ret=SSL_CTX_use_certificate(ctx,x); 541 end: 542 if (x != NULL) X509_free(x); 543 if (in != NULL) BIO_free(in); 544 return(ret); 545 } 546 #endif 547 548 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d) 549 { 550 X509 *x; 551 int ret; 552 553 x=d2i_X509(NULL,&d,(long)len); 554 if (x == NULL) 555 { 556 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); 557 return(0); 558 } 559 560 ret=SSL_CTX_use_certificate(ctx,x); 561 X509_free(x); 562 return(ret); 563 } 564 565 #ifndef OPENSSL_NO_RSA 566 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) 567 { 568 int ret; 569 EVP_PKEY *pkey; 570 571 if (rsa == NULL) 572 { 573 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 574 return(0); 575 } 576 if (!ssl_cert_inst(&ctx->cert)) 577 { 578 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); 579 return(0); 580 } 581 if ((pkey=EVP_PKEY_new()) == NULL) 582 { 583 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); 584 return(0); 585 } 586 587 RSA_up_ref(rsa); 588 EVP_PKEY_assign_RSA(pkey,rsa); 589 590 ret=ssl_set_pkey(ctx->cert, pkey); 591 EVP_PKEY_free(pkey); 592 return(ret); 593 } 594 595 #ifndef OPENSSL_NO_STDIO 596 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) 597 { 598 int j,ret=0; 599 BIO *in; 600 RSA *rsa=NULL; 601 602 in=BIO_new(BIO_s_file_internal()); 603 if (in == NULL) 604 { 605 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); 606 goto end; 607 } 608 609 if (BIO_read_filename(in,file) <= 0) 610 { 611 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); 612 goto end; 613 } 614 if (type == SSL_FILETYPE_ASN1) 615 { 616 j=ERR_R_ASN1_LIB; 617 rsa=d2i_RSAPrivateKey_bio(in,NULL); 618 } 619 else if (type == SSL_FILETYPE_PEM) 620 { 621 j=ERR_R_PEM_LIB; 622 rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 623 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 624 } 625 else 626 { 627 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 628 goto end; 629 } 630 if (rsa == NULL) 631 { 632 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); 633 goto end; 634 } 635 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); 636 RSA_free(rsa); 637 end: 638 if (in != NULL) BIO_free(in); 639 return(ret); 640 } 641 #endif 642 643 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len) 644 { 645 int ret; 646 const unsigned char *p; 647 RSA *rsa; 648 649 p=d; 650 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) 651 { 652 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 653 return(0); 654 } 655 656 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); 657 RSA_free(rsa); 658 return(ret); 659 } 660 #endif /* !OPENSSL_NO_RSA */ 661 662 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 663 { 664 if (pkey == NULL) 665 { 666 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 667 return(0); 668 } 669 if (!ssl_cert_inst(&ctx->cert)) 670 { 671 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); 672 return(0); 673 } 674 return(ssl_set_pkey(ctx->cert,pkey)); 675 } 676 677 #ifndef OPENSSL_NO_STDIO 678 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) 679 { 680 int j,ret=0; 681 BIO *in; 682 EVP_PKEY *pkey=NULL; 683 684 in=BIO_new(BIO_s_file_internal()); 685 if (in == NULL) 686 { 687 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); 688 goto end; 689 } 690 691 if (BIO_read_filename(in,file) <= 0) 692 { 693 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); 694 goto end; 695 } 696 if (type == SSL_FILETYPE_PEM) 697 { 698 j=ERR_R_PEM_LIB; 699 pkey=PEM_read_bio_PrivateKey(in,NULL, 700 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 701 } 702 else 703 { 704 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 705 goto end; 706 } 707 if (pkey == NULL) 708 { 709 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); 710 goto end; 711 } 712 ret=SSL_CTX_use_PrivateKey(ctx,pkey); 713 EVP_PKEY_free(pkey); 714 end: 715 if (in != NULL) BIO_free(in); 716 return(ret); 717 } 718 #endif 719 720 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, 721 long len) 722 { 723 int ret; 724 unsigned char *p; 725 EVP_PKEY *pkey; 726 727 p=d; 728 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) 729 { 730 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 731 return(0); 732 } 733 734 ret=SSL_CTX_use_PrivateKey(ctx,pkey); 735 EVP_PKEY_free(pkey); 736 return(ret); 737 } 738 739 740 #ifndef OPENSSL_NO_STDIO 741 /* Read a file that contains our certificate in "PEM" format, 742 * possibly followed by a sequence of CA certificates that should be 743 * sent to the peer in the Certificate message. 744 */ 745 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) 746 { 747 BIO *in; 748 int ret=0; 749 X509 *x=NULL; 750 751 in=BIO_new(BIO_s_file_internal()); 752 if (in == NULL) 753 { 754 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); 755 goto end; 756 } 757 758 if (BIO_read_filename(in,file) <= 0) 759 { 760 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); 761 goto end; 762 } 763 764 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 765 if (x == NULL) 766 { 767 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); 768 goto end; 769 } 770 771 ret=SSL_CTX_use_certificate(ctx,x); 772 if (ERR_peek_error() != 0) 773 ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ 774 if (ret) 775 { 776 /* If we could set up our certificate, now proceed to 777 * the CA certificates. 778 */ 779 X509 *ca; 780 int r; 781 unsigned long err; 782 783 if (ctx->extra_certs != NULL) 784 { 785 sk_X509_pop_free(ctx->extra_certs, X509_free); 786 ctx->extra_certs = NULL; 787 } 788 789 while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata)) 790 != NULL) 791 { 792 r = SSL_CTX_add_extra_chain_cert(ctx, ca); 793 if (!r) 794 { 795 X509_free(ca); 796 ret = 0; 797 goto end; 798 } 799 /* Note that we must not free r if it was successfully 800 * added to the chain (while we must free the main 801 * certificate, since its reference count is increased 802 * by SSL_CTX_use_certificate). */ 803 } 804 /* When the while loop ends, it's usually just EOF. */ 805 err = ERR_peek_last_error(); 806 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) 807 (void)ERR_get_error(); 808 else 809 ret = 0; /* some real error */ 810 } 811 812 end: 813 if (x != NULL) X509_free(x); 814 if (in != NULL) BIO_free(in); 815 return(ret); 816 } 817 #endif 818