1 /* ssl/ssl_rsa.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include <openssl/bio.h> 61 #include <openssl/objects.h> 62 #include <openssl/evp.h> 63 #include <openssl/x509.h> 64 #include <openssl/pem.h> 65 #include "ssl_locl.h" 66 67 static int ssl_set_cert(CERT *c, X509 *x509); 68 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); 69 int SSL_use_certificate(SSL *ssl, X509 *x) 70 { 71 if (x == NULL) 72 { 73 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); 74 return(0); 75 } 76 if (!ssl_cert_inst(&ssl->cert)) 77 { 78 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); 79 return(0); 80 } 81 return(ssl_set_cert(ssl->cert,x)); 82 } 83 84 #ifndef NO_STDIO 85 int SSL_use_certificate_file(SSL *ssl, const char *file, int type) 86 { 87 int j; 88 BIO *in; 89 int ret=0; 90 X509 *x=NULL; 91 92 in=BIO_new(BIO_s_file_internal()); 93 if (in == NULL) 94 { 95 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); 96 goto end; 97 } 98 99 if (BIO_read_filename(in,file) <= 0) 100 { 101 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); 102 goto end; 103 } 104 if (type == SSL_FILETYPE_ASN1) 105 { 106 j=ERR_R_ASN1_LIB; 107 x=d2i_X509_bio(in,NULL); 108 } 109 else if (type == SSL_FILETYPE_PEM) 110 { 111 j=ERR_R_PEM_LIB; 112 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); 113 } 114 else 115 { 116 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); 117 goto end; 118 } 119 120 if (x == NULL) 121 { 122 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); 123 goto end; 124 } 125 126 ret=SSL_use_certificate(ssl,x); 127 end: 128 if (x != NULL) X509_free(x); 129 if (in != NULL) BIO_free(in); 130 return(ret); 131 } 132 #endif 133 134 int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len) 135 { 136 X509 *x; 137 int ret; 138 139 x=d2i_X509(NULL,&d,(long)len); 140 if (x == NULL) 141 { 142 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); 143 return(0); 144 } 145 146 ret=SSL_use_certificate(ssl,x); 147 X509_free(x); 148 return(ret); 149 } 150 151 #ifndef NO_RSA 152 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) 153 { 154 EVP_PKEY *pkey; 155 int ret; 156 157 if (rsa == NULL) 158 { 159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 160 return(0); 161 } 162 if (!ssl_cert_inst(&ssl->cert)) 163 { 164 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); 165 return(0); 166 } 167 if ((pkey=EVP_PKEY_new()) == NULL) 168 { 169 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); 170 return(0); 171 } 172 173 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); 174 EVP_PKEY_assign_RSA(pkey,rsa); 175 176 ret=ssl_set_pkey(ssl->cert,pkey); 177 EVP_PKEY_free(pkey); 178 return(ret); 179 } 180 #endif 181 182 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) 183 { 184 int i,ok=0,bad=0; 185 186 i=ssl_cert_type(NULL,pkey); 187 if (i < 0) 188 { 189 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); 190 return(0); 191 } 192 193 if (c->pkeys[i].x509 != NULL) 194 { 195 EVP_PKEY *pktmp; 196 pktmp = X509_get_pubkey(c->pkeys[i].x509); 197 EVP_PKEY_copy_parameters(pktmp,pkey); 198 EVP_PKEY_free(pktmp); 199 ERR_clear_error(); 200 201 #ifndef NO_RSA 202 /* Don't check the public/private key, this is mostly 203 * for smart cards. */ 204 if ((pkey->type == EVP_PKEY_RSA) && 205 (RSA_flags(pkey->pkey.rsa) & 206 RSA_METHOD_FLAG_NO_CHECK)) 207 ok=1; 208 else 209 #endif 210 if (!X509_check_private_key(c->pkeys[i].x509,pkey)) 211 { 212 if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) 213 { 214 i=(i == SSL_PKEY_DH_RSA)? 215 SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; 216 217 if (c->pkeys[i].x509 == NULL) 218 ok=1; 219 else 220 { 221 if (!X509_check_private_key( 222 c->pkeys[i].x509,pkey)) 223 bad=1; 224 else 225 ok=1; 226 } 227 } 228 else 229 bad=1; 230 } 231 else 232 ok=1; 233 } 234 else 235 ok=1; 236 237 if (bad) 238 { 239 X509_free(c->pkeys[i].x509); 240 c->pkeys[i].x509=NULL; 241 return(0); 242 } 243 244 if (c->pkeys[i].privatekey != NULL) 245 EVP_PKEY_free(c->pkeys[i].privatekey); 246 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 247 c->pkeys[i].privatekey=pkey; 248 c->key= &(c->pkeys[i]); 249 250 c->valid=0; 251 return(1); 252 } 253 254 #ifndef NO_RSA 255 #ifndef NO_STDIO 256 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) 257 { 258 int j,ret=0; 259 BIO *in; 260 RSA *rsa=NULL; 261 262 in=BIO_new(BIO_s_file_internal()); 263 if (in == NULL) 264 { 265 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); 266 goto end; 267 } 268 269 if (BIO_read_filename(in,file) <= 0) 270 { 271 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); 272 goto end; 273 } 274 if (type == SSL_FILETYPE_ASN1) 275 { 276 j=ERR_R_ASN1_LIB; 277 rsa=d2i_RSAPrivateKey_bio(in,NULL); 278 } 279 else if (type == SSL_FILETYPE_PEM) 280 { 281 j=ERR_R_PEM_LIB; 282 rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 283 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); 284 } 285 else 286 { 287 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 288 goto end; 289 } 290 if (rsa == NULL) 291 { 292 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); 293 goto end; 294 } 295 ret=SSL_use_RSAPrivateKey(ssl,rsa); 296 RSA_free(rsa); 297 end: 298 if (in != NULL) BIO_free(in); 299 return(ret); 300 } 301 #endif 302 303 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) 304 { 305 int ret; 306 unsigned char *p; 307 RSA *rsa; 308 309 p=d; 310 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) 311 { 312 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 313 return(0); 314 } 315 316 ret=SSL_use_RSAPrivateKey(ssl,rsa); 317 RSA_free(rsa); 318 return(ret); 319 } 320 #endif /* !NO_RSA */ 321 322 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) 323 { 324 int ret; 325 326 if (pkey == NULL) 327 { 328 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 329 return(0); 330 } 331 if (!ssl_cert_inst(&ssl->cert)) 332 { 333 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); 334 return(0); 335 } 336 ret=ssl_set_pkey(ssl->cert,pkey); 337 return(ret); 338 } 339 340 #ifndef NO_STDIO 341 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) 342 { 343 int j,ret=0; 344 BIO *in; 345 EVP_PKEY *pkey=NULL; 346 347 in=BIO_new(BIO_s_file_internal()); 348 if (in == NULL) 349 { 350 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); 351 goto end; 352 } 353 354 if (BIO_read_filename(in,file) <= 0) 355 { 356 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); 357 goto end; 358 } 359 if (type == SSL_FILETYPE_PEM) 360 { 361 j=ERR_R_PEM_LIB; 362 pkey=PEM_read_bio_PrivateKey(in,NULL, 363 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); 364 } 365 else 366 { 367 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 368 goto end; 369 } 370 if (pkey == NULL) 371 { 372 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); 373 goto end; 374 } 375 ret=SSL_use_PrivateKey(ssl,pkey); 376 EVP_PKEY_free(pkey); 377 end: 378 if (in != NULL) BIO_free(in); 379 return(ret); 380 } 381 #endif 382 383 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len) 384 { 385 int ret; 386 unsigned char *p; 387 EVP_PKEY *pkey; 388 389 p=d; 390 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) 391 { 392 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 393 return(0); 394 } 395 396 ret=SSL_use_PrivateKey(ssl,pkey); 397 EVP_PKEY_free(pkey); 398 return(ret); 399 } 400 401 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) 402 { 403 if (x == NULL) 404 { 405 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); 406 return(0); 407 } 408 if (!ssl_cert_inst(&ctx->cert)) 409 { 410 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); 411 return(0); 412 } 413 return(ssl_set_cert(ctx->cert, x)); 414 } 415 416 static int ssl_set_cert(CERT *c, X509 *x) 417 { 418 EVP_PKEY *pkey; 419 int i,ok=0,bad=0; 420 421 pkey=X509_get_pubkey(x); 422 if (pkey == NULL) 423 { 424 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); 425 return(0); 426 } 427 428 i=ssl_cert_type(x,pkey); 429 if (i < 0) 430 { 431 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); 432 EVP_PKEY_free(pkey); 433 return(0); 434 } 435 436 if (c->pkeys[i].privatekey != NULL) 437 { 438 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); 439 ERR_clear_error(); 440 441 #ifndef NO_RSA 442 /* Don't check the public/private key, this is mostly 443 * for smart cards. */ 444 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && 445 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & 446 RSA_METHOD_FLAG_NO_CHECK)) 447 ok=1; 448 else 449 #endif 450 { 451 if (!X509_check_private_key(x,c->pkeys[i].privatekey)) 452 { 453 if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) 454 { 455 i=(i == SSL_PKEY_DH_RSA)? 456 SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; 457 458 if (c->pkeys[i].privatekey == NULL) 459 ok=1; 460 else 461 { 462 if (!X509_check_private_key(x, 463 c->pkeys[i].privatekey)) 464 bad=1; 465 else 466 ok=1; 467 } 468 } 469 else 470 bad=1; 471 } 472 else 473 ok=1; 474 } /* NO_RSA */ 475 } 476 else 477 ok=1; 478 479 EVP_PKEY_free(pkey); 480 if (bad) 481 { 482 EVP_PKEY_free(c->pkeys[i].privatekey); 483 c->pkeys[i].privatekey=NULL; 484 } 485 486 if (c->pkeys[i].x509 != NULL) 487 X509_free(c->pkeys[i].x509); 488 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 489 c->pkeys[i].x509=x; 490 c->key= &(c->pkeys[i]); 491 492 c->valid=0; 493 return(1); 494 } 495 496 #ifndef NO_STDIO 497 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) 498 { 499 int j; 500 BIO *in; 501 int ret=0; 502 X509 *x=NULL; 503 504 in=BIO_new(BIO_s_file_internal()); 505 if (in == NULL) 506 { 507 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); 508 goto end; 509 } 510 511 if (BIO_read_filename(in,file) <= 0) 512 { 513 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); 514 goto end; 515 } 516 if (type == SSL_FILETYPE_ASN1) 517 { 518 j=ERR_R_ASN1_LIB; 519 x=d2i_X509_bio(in,NULL); 520 } 521 else if (type == SSL_FILETYPE_PEM) 522 { 523 j=ERR_R_PEM_LIB; 524 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 525 } 526 else 527 { 528 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); 529 goto end; 530 } 531 532 if (x == NULL) 533 { 534 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); 535 goto end; 536 } 537 538 ret=SSL_CTX_use_certificate(ctx,x); 539 end: 540 if (x != NULL) X509_free(x); 541 if (in != NULL) BIO_free(in); 542 return(ret); 543 } 544 #endif 545 546 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d) 547 { 548 X509 *x; 549 int ret; 550 551 x=d2i_X509(NULL,&d,(long)len); 552 if (x == NULL) 553 { 554 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); 555 return(0); 556 } 557 558 ret=SSL_CTX_use_certificate(ctx,x); 559 X509_free(x); 560 return(ret); 561 } 562 563 #ifndef NO_RSA 564 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) 565 { 566 int ret; 567 EVP_PKEY *pkey; 568 569 if (rsa == NULL) 570 { 571 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 572 return(0); 573 } 574 if (!ssl_cert_inst(&ctx->cert)) 575 { 576 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); 577 return(0); 578 } 579 if ((pkey=EVP_PKEY_new()) == NULL) 580 { 581 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); 582 return(0); 583 } 584 585 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); 586 EVP_PKEY_assign_RSA(pkey,rsa); 587 588 ret=ssl_set_pkey(ctx->cert, pkey); 589 EVP_PKEY_free(pkey); 590 return(ret); 591 } 592 593 #ifndef NO_STDIO 594 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) 595 { 596 int j,ret=0; 597 BIO *in; 598 RSA *rsa=NULL; 599 600 in=BIO_new(BIO_s_file_internal()); 601 if (in == NULL) 602 { 603 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); 604 goto end; 605 } 606 607 if (BIO_read_filename(in,file) <= 0) 608 { 609 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); 610 goto end; 611 } 612 if (type == SSL_FILETYPE_ASN1) 613 { 614 j=ERR_R_ASN1_LIB; 615 rsa=d2i_RSAPrivateKey_bio(in,NULL); 616 } 617 else if (type == SSL_FILETYPE_PEM) 618 { 619 j=ERR_R_PEM_LIB; 620 rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 621 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 622 } 623 else 624 { 625 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 626 goto end; 627 } 628 if (rsa == NULL) 629 { 630 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); 631 goto end; 632 } 633 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); 634 RSA_free(rsa); 635 end: 636 if (in != NULL) BIO_free(in); 637 return(ret); 638 } 639 #endif 640 641 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len) 642 { 643 int ret; 644 unsigned char *p; 645 RSA *rsa; 646 647 p=d; 648 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) 649 { 650 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 651 return(0); 652 } 653 654 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); 655 RSA_free(rsa); 656 return(ret); 657 } 658 #endif /* !NO_RSA */ 659 660 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 661 { 662 if (pkey == NULL) 663 { 664 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 665 return(0); 666 } 667 if (!ssl_cert_inst(&ctx->cert)) 668 { 669 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); 670 return(0); 671 } 672 return(ssl_set_pkey(ctx->cert,pkey)); 673 } 674 675 #ifndef NO_STDIO 676 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) 677 { 678 int j,ret=0; 679 BIO *in; 680 EVP_PKEY *pkey=NULL; 681 682 in=BIO_new(BIO_s_file_internal()); 683 if (in == NULL) 684 { 685 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); 686 goto end; 687 } 688 689 if (BIO_read_filename(in,file) <= 0) 690 { 691 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); 692 goto end; 693 } 694 if (type == SSL_FILETYPE_PEM) 695 { 696 j=ERR_R_PEM_LIB; 697 pkey=PEM_read_bio_PrivateKey(in,NULL, 698 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 699 } 700 else 701 { 702 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); 703 goto end; 704 } 705 if (pkey == NULL) 706 { 707 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); 708 goto end; 709 } 710 ret=SSL_CTX_use_PrivateKey(ctx,pkey); 711 EVP_PKEY_free(pkey); 712 end: 713 if (in != NULL) BIO_free(in); 714 return(ret); 715 } 716 #endif 717 718 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, 719 long len) 720 { 721 int ret; 722 unsigned char *p; 723 EVP_PKEY *pkey; 724 725 p=d; 726 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) 727 { 728 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 729 return(0); 730 } 731 732 ret=SSL_CTX_use_PrivateKey(ctx,pkey); 733 EVP_PKEY_free(pkey); 734 return(ret); 735 } 736 737 738 #ifndef NO_STDIO 739 /* Read a file that contains our certificate in "PEM" format, 740 * possibly followed by a sequence of CA certificates that should be 741 * sent to the peer in the Certificate message. 742 */ 743 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) 744 { 745 BIO *in; 746 int ret=0; 747 X509 *x=NULL; 748 749 in=BIO_new(BIO_s_file_internal()); 750 if (in == NULL) 751 { 752 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); 753 goto end; 754 } 755 756 if (BIO_read_filename(in,file) <= 0) 757 { 758 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); 759 goto end; 760 } 761 762 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 763 if (x == NULL) 764 { 765 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); 766 goto end; 767 } 768 769 ret=SSL_CTX_use_certificate(ctx,x); 770 if (ERR_peek_error() != 0) 771 ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ 772 if (ret) 773 { 774 /* If we could set up our certificate, now proceed to 775 * the CA certificates. 776 */ 777 X509 *ca; 778 int r; 779 unsigned long err; 780 781 if (ctx->extra_certs != NULL) 782 { 783 sk_X509_pop_free(ctx->extra_certs, X509_free); 784 ctx->extra_certs = NULL; 785 } 786 787 while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata)) 788 != NULL) 789 { 790 r = SSL_CTX_add_extra_chain_cert(ctx, ca); 791 if (!r) 792 { 793 X509_free(ca); 794 ret = 0; 795 goto end; 796 } 797 /* Note that we must not free r if it was successfully 798 * added to the chain (while we must free the main 799 * certificate, since its reference count is increased 800 * by SSL_CTX_use_certificate). */ 801 } 802 /* When the while loop ends, it's usually just EOF. */ 803 err = ERR_peek_error(); 804 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) 805 (void) ERR_get_error(); 806 else 807 ret = 0; /* some real error */ 808 } 809 810 end: 811 if (x != NULL) X509_free(x); 812 if (in != NULL) BIO_free(in); 813 return(ret); 814 } 815 #endif 816