1*b077aed3SPierre Pronchery /* 2*b077aed3SPierre Pronchery * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. 3*b077aed3SPierre Pronchery * 4*b077aed3SPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use 5*b077aed3SPierre Pronchery * this file except in compliance with the License. You can obtain a copy 6*b077aed3SPierre Pronchery * in the file LICENSE in the source distribution or at 7*b077aed3SPierre Pronchery * https://www.openssl.org/source/license.html 8*b077aed3SPierre Pronchery */ 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Pronchery /* We need to use the deprecated RSA low level calls */ 11*b077aed3SPierre Pronchery #define OPENSSL_SUPPRESS_DEPRECATED 12*b077aed3SPierre Pronchery 13*b077aed3SPierre Pronchery #include <openssl/err.h> 14*b077aed3SPierre Pronchery #include <openssl/rsa.h> 15*b077aed3SPierre Pronchery #include <openssl/ssl.h> 16*b077aed3SPierre Pronchery 17*b077aed3SPierre Pronchery int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) 18*b077aed3SPierre Pronchery { 19*b077aed3SPierre Pronchery EVP_PKEY *pkey; 20*b077aed3SPierre Pronchery int ret; 21*b077aed3SPierre Pronchery 22*b077aed3SPierre Pronchery if (rsa == NULL) { 23*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 24*b077aed3SPierre Pronchery return 0; 25*b077aed3SPierre Pronchery } 26*b077aed3SPierre Pronchery if ((pkey = EVP_PKEY_new()) == NULL) { 27*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); 28*b077aed3SPierre Pronchery return 0; 29*b077aed3SPierre Pronchery } 30*b077aed3SPierre Pronchery 31*b077aed3SPierre Pronchery RSA_up_ref(rsa); 32*b077aed3SPierre Pronchery if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { 33*b077aed3SPierre Pronchery RSA_free(rsa); 34*b077aed3SPierre Pronchery EVP_PKEY_free(pkey); 35*b077aed3SPierre Pronchery return 0; 36*b077aed3SPierre Pronchery } 37*b077aed3SPierre Pronchery 38*b077aed3SPierre Pronchery ret = SSL_use_PrivateKey(ssl, pkey); 39*b077aed3SPierre Pronchery EVP_PKEY_free(pkey); 40*b077aed3SPierre Pronchery return ret; 41*b077aed3SPierre Pronchery } 42*b077aed3SPierre Pronchery 43*b077aed3SPierre Pronchery int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) 44*b077aed3SPierre Pronchery { 45*b077aed3SPierre Pronchery int j, ret = 0; 46*b077aed3SPierre Pronchery BIO *in; 47*b077aed3SPierre Pronchery RSA *rsa = NULL; 48*b077aed3SPierre Pronchery 49*b077aed3SPierre Pronchery in = BIO_new(BIO_s_file()); 50*b077aed3SPierre Pronchery if (in == NULL) { 51*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 52*b077aed3SPierre Pronchery goto end; 53*b077aed3SPierre Pronchery } 54*b077aed3SPierre Pronchery 55*b077aed3SPierre Pronchery if (BIO_read_filename(in, file) <= 0) { 56*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); 57*b077aed3SPierre Pronchery goto end; 58*b077aed3SPierre Pronchery } 59*b077aed3SPierre Pronchery if (type == SSL_FILETYPE_ASN1) { 60*b077aed3SPierre Pronchery j = ERR_R_ASN1_LIB; 61*b077aed3SPierre Pronchery rsa = d2i_RSAPrivateKey_bio(in, NULL); 62*b077aed3SPierre Pronchery } else if (type == SSL_FILETYPE_PEM) { 63*b077aed3SPierre Pronchery j = ERR_R_PEM_LIB; 64*b077aed3SPierre Pronchery rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 65*b077aed3SPierre Pronchery SSL_get_default_passwd_cb(ssl), 66*b077aed3SPierre Pronchery SSL_get_default_passwd_cb_userdata(ssl)); 67*b077aed3SPierre Pronchery } else { 68*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); 69*b077aed3SPierre Pronchery goto end; 70*b077aed3SPierre Pronchery } 71*b077aed3SPierre Pronchery if (rsa == NULL) { 72*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, j); 73*b077aed3SPierre Pronchery goto end; 74*b077aed3SPierre Pronchery } 75*b077aed3SPierre Pronchery ret = SSL_use_RSAPrivateKey(ssl, rsa); 76*b077aed3SPierre Pronchery RSA_free(rsa); 77*b077aed3SPierre Pronchery end: 78*b077aed3SPierre Pronchery BIO_free(in); 79*b077aed3SPierre Pronchery return ret; 80*b077aed3SPierre Pronchery } 81*b077aed3SPierre Pronchery 82*b077aed3SPierre Pronchery int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len) 83*b077aed3SPierre Pronchery { 84*b077aed3SPierre Pronchery int ret; 85*b077aed3SPierre Pronchery const unsigned char *p; 86*b077aed3SPierre Pronchery RSA *rsa; 87*b077aed3SPierre Pronchery 88*b077aed3SPierre Pronchery p = d; 89*b077aed3SPierre Pronchery if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { 90*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 91*b077aed3SPierre Pronchery return 0; 92*b077aed3SPierre Pronchery } 93*b077aed3SPierre Pronchery 94*b077aed3SPierre Pronchery ret = SSL_use_RSAPrivateKey(ssl, rsa); 95*b077aed3SPierre Pronchery RSA_free(rsa); 96*b077aed3SPierre Pronchery return ret; 97*b077aed3SPierre Pronchery } 98*b077aed3SPierre Pronchery 99*b077aed3SPierre Pronchery int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) 100*b077aed3SPierre Pronchery { 101*b077aed3SPierre Pronchery int ret; 102*b077aed3SPierre Pronchery EVP_PKEY *pkey; 103*b077aed3SPierre Pronchery 104*b077aed3SPierre Pronchery if (rsa == NULL) { 105*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 106*b077aed3SPierre Pronchery return 0; 107*b077aed3SPierre Pronchery } 108*b077aed3SPierre Pronchery if ((pkey = EVP_PKEY_new()) == NULL) { 109*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); 110*b077aed3SPierre Pronchery return 0; 111*b077aed3SPierre Pronchery } 112*b077aed3SPierre Pronchery 113*b077aed3SPierre Pronchery RSA_up_ref(rsa); 114*b077aed3SPierre Pronchery if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { 115*b077aed3SPierre Pronchery RSA_free(rsa); 116*b077aed3SPierre Pronchery EVP_PKEY_free(pkey); 117*b077aed3SPierre Pronchery return 0; 118*b077aed3SPierre Pronchery } 119*b077aed3SPierre Pronchery 120*b077aed3SPierre Pronchery ret = SSL_CTX_use_PrivateKey(ctx, pkey); 121*b077aed3SPierre Pronchery EVP_PKEY_free(pkey); 122*b077aed3SPierre Pronchery return ret; 123*b077aed3SPierre Pronchery } 124*b077aed3SPierre Pronchery 125*b077aed3SPierre Pronchery int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) 126*b077aed3SPierre Pronchery { 127*b077aed3SPierre Pronchery int j, ret = 0; 128*b077aed3SPierre Pronchery BIO *in; 129*b077aed3SPierre Pronchery RSA *rsa = NULL; 130*b077aed3SPierre Pronchery 131*b077aed3SPierre Pronchery in = BIO_new(BIO_s_file()); 132*b077aed3SPierre Pronchery if (in == NULL) { 133*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 134*b077aed3SPierre Pronchery goto end; 135*b077aed3SPierre Pronchery } 136*b077aed3SPierre Pronchery 137*b077aed3SPierre Pronchery if (BIO_read_filename(in, file) <= 0) { 138*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); 139*b077aed3SPierre Pronchery goto end; 140*b077aed3SPierre Pronchery } 141*b077aed3SPierre Pronchery if (type == SSL_FILETYPE_ASN1) { 142*b077aed3SPierre Pronchery j = ERR_R_ASN1_LIB; 143*b077aed3SPierre Pronchery rsa = d2i_RSAPrivateKey_bio(in, NULL); 144*b077aed3SPierre Pronchery } else if (type == SSL_FILETYPE_PEM) { 145*b077aed3SPierre Pronchery j = ERR_R_PEM_LIB; 146*b077aed3SPierre Pronchery rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 147*b077aed3SPierre Pronchery SSL_CTX_get_default_passwd_cb(ctx), 148*b077aed3SPierre Pronchery SSL_CTX_get_default_passwd_cb_userdata(ctx)); 149*b077aed3SPierre Pronchery } else { 150*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); 151*b077aed3SPierre Pronchery goto end; 152*b077aed3SPierre Pronchery } 153*b077aed3SPierre Pronchery if (rsa == NULL) { 154*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, j); 155*b077aed3SPierre Pronchery goto end; 156*b077aed3SPierre Pronchery } 157*b077aed3SPierre Pronchery ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); 158*b077aed3SPierre Pronchery RSA_free(rsa); 159*b077aed3SPierre Pronchery end: 160*b077aed3SPierre Pronchery BIO_free(in); 161*b077aed3SPierre Pronchery return ret; 162*b077aed3SPierre Pronchery } 163*b077aed3SPierre Pronchery 164*b077aed3SPierre Pronchery int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, 165*b077aed3SPierre Pronchery long len) 166*b077aed3SPierre Pronchery { 167*b077aed3SPierre Pronchery int ret; 168*b077aed3SPierre Pronchery const unsigned char *p; 169*b077aed3SPierre Pronchery RSA *rsa; 170*b077aed3SPierre Pronchery 171*b077aed3SPierre Pronchery p = d; 172*b077aed3SPierre Pronchery if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { 173*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); 174*b077aed3SPierre Pronchery return 0; 175*b077aed3SPierre Pronchery } 176*b077aed3SPierre Pronchery 177*b077aed3SPierre Pronchery ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); 178*b077aed3SPierre Pronchery RSA_free(rsa); 179*b077aed3SPierre Pronchery return ret; 180*b077aed3SPierre Pronchery } 181