ssl_rsa.c revision 296465
1/* ssl/ssl_rsa.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#include "ssl_locl.h" 61#include <openssl/bio.h> 62#include <openssl/objects.h> 63#include <openssl/evp.h> 64#include <openssl/x509.h> 65#include <openssl/pem.h> 66 67static int ssl_set_cert(CERT *c, X509 *x509); 68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); 69int SSL_use_certificate(SSL *ssl, X509 *x) 70{ 71 if (x == NULL) { 72 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); 73 return (0); 74 } 75 if (!ssl_cert_inst(&ssl->cert)) { 76 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); 77 return (0); 78 } 79 return (ssl_set_cert(ssl->cert, x)); 80} 81 82#ifndef OPENSSL_NO_STDIO 83int SSL_use_certificate_file(SSL *ssl, const char *file, int type) 84{ 85 int j; 86 BIO *in; 87 int ret = 0; 88 X509 *x = NULL; 89 90 in = BIO_new(BIO_s_file_internal()); 91 if (in == NULL) { 92 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); 93 goto end; 94 } 95 96 if (BIO_read_filename(in, file) <= 0) { 97 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); 98 goto end; 99 } 100 if (type == SSL_FILETYPE_ASN1) { 101 j = ERR_R_ASN1_LIB; 102 x = d2i_X509_bio(in, NULL); 103 } else if (type == SSL_FILETYPE_PEM) { 104 j = ERR_R_PEM_LIB; 105 x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, 106 ssl->ctx->default_passwd_callback_userdata); 107 } else { 108 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); 109 goto end; 110 } 111 112 if (x == NULL) { 113 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); 114 goto end; 115 } 116 117 ret = SSL_use_certificate(ssl, x); 118 end: 119 if (x != NULL) 120 X509_free(x); 121 if (in != NULL) 122 BIO_free(in); 123 return (ret); 124} 125#endif 126 127int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) 128{ 129 X509 *x; 130 int ret; 131 132 x = d2i_X509(NULL, &d, (long)len); 133 if (x == NULL) { 134 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); 135 return (0); 136 } 137 138 ret = SSL_use_certificate(ssl, x); 139 X509_free(x); 140 return (ret); 141} 142 143#ifndef OPENSSL_NO_RSA 144int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) 145{ 146 EVP_PKEY *pkey; 147 int ret; 148 149 if (rsa == NULL) { 150 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); 151 return (0); 152 } 153 if (!ssl_cert_inst(&ssl->cert)) { 154 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); 155 return (0); 156 } 157 if ((pkey = EVP_PKEY_new()) == NULL) { 158 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); 159 return (0); 160 } 161 162 RSA_up_ref(rsa); 163 EVP_PKEY_assign_RSA(pkey, rsa); 164 165 ret = ssl_set_pkey(ssl->cert, pkey); 166 EVP_PKEY_free(pkey); 167 return (ret); 168} 169#endif 170 171static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) 172{ 173 int i; 174 175 i = ssl_cert_type(NULL, pkey); 176 if (i < 0) { 177 SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); 178 return (0); 179 } 180 181 if (c->pkeys[i].x509 != NULL) { 182 EVP_PKEY *pktmp; 183 pktmp = X509_get_pubkey(c->pkeys[i].x509); 184 EVP_PKEY_copy_parameters(pktmp, pkey); 185 EVP_PKEY_free(pktmp); 186 ERR_clear_error(); 187 188#ifndef OPENSSL_NO_RSA 189 /* 190 * Don't check the public/private key, this is mostly for smart 191 * cards. 192 */ 193 if ((pkey->type == EVP_PKEY_RSA) && 194 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ; 195 else 196#endif 197 if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { 198 X509_free(c->pkeys[i].x509); 199 c->pkeys[i].x509 = NULL; 200 return 0; 201 } 202 } 203 204 if (c->pkeys[i].privatekey != NULL) 205 EVP_PKEY_free(c->pkeys[i].privatekey); 206 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); 207 c->pkeys[i].privatekey = pkey; 208 c->key = &(c->pkeys[i]); 209 210 c->valid = 0; 211 return (1); 212} 213 214#ifndef OPENSSL_NO_RSA 215# ifndef OPENSSL_NO_STDIO 216int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) 217{ 218 int j, ret = 0; 219 BIO *in; 220 RSA *rsa = NULL; 221 222 in = BIO_new(BIO_s_file_internal()); 223 if (in == NULL) { 224 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); 225 goto end; 226 } 227 228 if (BIO_read_filename(in, file) <= 0) { 229 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); 230 goto end; 231 } 232 if (type == SSL_FILETYPE_ASN1) { 233 j = ERR_R_ASN1_LIB; 234 rsa = d2i_RSAPrivateKey_bio(in, NULL); 235 } else if (type == SSL_FILETYPE_PEM) { 236 j = ERR_R_PEM_LIB; 237 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 238 ssl->ctx->default_passwd_callback, 239 ssl-> 240 ctx->default_passwd_callback_userdata); 241 } else { 242 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 243 goto end; 244 } 245 if (rsa == NULL) { 246 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); 247 goto end; 248 } 249 ret = SSL_use_RSAPrivateKey(ssl, rsa); 250 RSA_free(rsa); 251 end: 252 if (in != NULL) 253 BIO_free(in); 254 return (ret); 255} 256# endif 257 258int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) 259{ 260 int ret; 261 const unsigned char *p; 262 RSA *rsa; 263 264 p = d; 265 if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { 266 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); 267 return (0); 268 } 269 270 ret = SSL_use_RSAPrivateKey(ssl, rsa); 271 RSA_free(rsa); 272 return (ret); 273} 274#endif /* !OPENSSL_NO_RSA */ 275 276int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) 277{ 278 int ret; 279 280 if (pkey == NULL) { 281 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); 282 return (0); 283 } 284 if (!ssl_cert_inst(&ssl->cert)) { 285 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); 286 return (0); 287 } 288 ret = ssl_set_pkey(ssl->cert, pkey); 289 return (ret); 290} 291 292#ifndef OPENSSL_NO_STDIO 293int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) 294{ 295 int j, ret = 0; 296 BIO *in; 297 EVP_PKEY *pkey = NULL; 298 299 in = BIO_new(BIO_s_file_internal()); 300 if (in == NULL) { 301 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); 302 goto end; 303 } 304 305 if (BIO_read_filename(in, file) <= 0) { 306 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); 307 goto end; 308 } 309 if (type == SSL_FILETYPE_PEM) { 310 j = ERR_R_PEM_LIB; 311 pkey = PEM_read_bio_PrivateKey(in, NULL, 312 ssl->ctx->default_passwd_callback, 313 ssl-> 314 ctx->default_passwd_callback_userdata); 315 } else if (type == SSL_FILETYPE_ASN1) { 316 j = ERR_R_ASN1_LIB; 317 pkey = d2i_PrivateKey_bio(in, NULL); 318 } else { 319 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 320 goto end; 321 } 322 if (pkey == NULL) { 323 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j); 324 goto end; 325 } 326 ret = SSL_use_PrivateKey(ssl, pkey); 327 EVP_PKEY_free(pkey); 328 end: 329 if (in != NULL) 330 BIO_free(in); 331 return (ret); 332} 333#endif 334 335int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, 336 long len) 337{ 338 int ret; 339 const unsigned char *p; 340 EVP_PKEY *pkey; 341 342 p = d; 343 if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) { 344 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); 345 return (0); 346 } 347 348 ret = SSL_use_PrivateKey(ssl, pkey); 349 EVP_PKEY_free(pkey); 350 return (ret); 351} 352 353int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) 354{ 355 if (x == NULL) { 356 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); 357 return (0); 358 } 359 if (!ssl_cert_inst(&ctx->cert)) { 360 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); 361 return (0); 362 } 363 return (ssl_set_cert(ctx->cert, x)); 364} 365 366static int ssl_set_cert(CERT *c, X509 *x) 367{ 368 EVP_PKEY *pkey; 369 int i; 370 371 pkey = X509_get_pubkey(x); 372 if (pkey == NULL) { 373 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); 374 return (0); 375 } 376 377 i = ssl_cert_type(x, pkey); 378 if (i < 0) { 379 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); 380 EVP_PKEY_free(pkey); 381 return (0); 382 } 383 384 if (c->pkeys[i].privatekey != NULL) { 385 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); 386 ERR_clear_error(); 387 388#ifndef OPENSSL_NO_RSA 389 /* 390 * Don't check the public/private key, this is mostly for smart 391 * cards. 392 */ 393 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && 394 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & 395 RSA_METHOD_FLAG_NO_CHECK)) ; 396 else 397#endif /* OPENSSL_NO_RSA */ 398 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { 399 /* 400 * don't fail for a cert/key mismatch, just free current private 401 * key (when switching to a different cert & key, first this 402 * function should be used, then ssl_set_pkey 403 */ 404 EVP_PKEY_free(c->pkeys[i].privatekey); 405 c->pkeys[i].privatekey = NULL; 406 /* clear error queue */ 407 ERR_clear_error(); 408 } 409 } 410 411 EVP_PKEY_free(pkey); 412 413 if (c->pkeys[i].x509 != NULL) 414 X509_free(c->pkeys[i].x509); 415 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 416 c->pkeys[i].x509 = x; 417 c->key = &(c->pkeys[i]); 418 419 c->valid = 0; 420 return (1); 421} 422 423#ifndef OPENSSL_NO_STDIO 424int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) 425{ 426 int j; 427 BIO *in; 428 int ret = 0; 429 X509 *x = NULL; 430 431 in = BIO_new(BIO_s_file_internal()); 432 if (in == NULL) { 433 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); 434 goto end; 435 } 436 437 if (BIO_read_filename(in, file) <= 0) { 438 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); 439 goto end; 440 } 441 if (type == SSL_FILETYPE_ASN1) { 442 j = ERR_R_ASN1_LIB; 443 x = d2i_X509_bio(in, NULL); 444 } else if (type == SSL_FILETYPE_PEM) { 445 j = ERR_R_PEM_LIB; 446 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, 447 ctx->default_passwd_callback_userdata); 448 } else { 449 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); 450 goto end; 451 } 452 453 if (x == NULL) { 454 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); 455 goto end; 456 } 457 458 ret = SSL_CTX_use_certificate(ctx, x); 459 end: 460 if (x != NULL) 461 X509_free(x); 462 if (in != NULL) 463 BIO_free(in); 464 return (ret); 465} 466#endif 467 468int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, 469 const unsigned char *d) 470{ 471 X509 *x; 472 int ret; 473 474 x = d2i_X509(NULL, &d, (long)len); 475 if (x == NULL) { 476 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); 477 return (0); 478 } 479 480 ret = SSL_CTX_use_certificate(ctx, x); 481 X509_free(x); 482 return (ret); 483} 484 485#ifndef OPENSSL_NO_RSA 486int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) 487{ 488 int ret; 489 EVP_PKEY *pkey; 490 491 if (rsa == NULL) { 492 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); 493 return (0); 494 } 495 if (!ssl_cert_inst(&ctx->cert)) { 496 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); 497 return (0); 498 } 499 if ((pkey = EVP_PKEY_new()) == NULL) { 500 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); 501 return (0); 502 } 503 504 RSA_up_ref(rsa); 505 EVP_PKEY_assign_RSA(pkey, rsa); 506 507 ret = ssl_set_pkey(ctx->cert, pkey); 508 EVP_PKEY_free(pkey); 509 return (ret); 510} 511 512# ifndef OPENSSL_NO_STDIO 513int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) 514{ 515 int j, ret = 0; 516 BIO *in; 517 RSA *rsa = NULL; 518 519 in = BIO_new(BIO_s_file_internal()); 520 if (in == NULL) { 521 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); 522 goto end; 523 } 524 525 if (BIO_read_filename(in, file) <= 0) { 526 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); 527 goto end; 528 } 529 if (type == SSL_FILETYPE_ASN1) { 530 j = ERR_R_ASN1_LIB; 531 rsa = d2i_RSAPrivateKey_bio(in, NULL); 532 } else if (type == SSL_FILETYPE_PEM) { 533 j = ERR_R_PEM_LIB; 534 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 535 ctx->default_passwd_callback, 536 ctx->default_passwd_callback_userdata); 537 } else { 538 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 539 goto end; 540 } 541 if (rsa == NULL) { 542 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j); 543 goto end; 544 } 545 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); 546 RSA_free(rsa); 547 end: 548 if (in != NULL) 549 BIO_free(in); 550 return (ret); 551} 552# endif 553 554int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, 555 long len) 556{ 557 int ret; 558 const unsigned char *p; 559 RSA *rsa; 560 561 p = d; 562 if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { 563 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); 564 return (0); 565 } 566 567 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); 568 RSA_free(rsa); 569 return (ret); 570} 571#endif /* !OPENSSL_NO_RSA */ 572 573int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 574{ 575 if (pkey == NULL) { 576 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); 577 return (0); 578 } 579 if (!ssl_cert_inst(&ctx->cert)) { 580 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); 581 return (0); 582 } 583 return (ssl_set_pkey(ctx->cert, pkey)); 584} 585 586#ifndef OPENSSL_NO_STDIO 587int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) 588{ 589 int j, ret = 0; 590 BIO *in; 591 EVP_PKEY *pkey = NULL; 592 593 in = BIO_new(BIO_s_file_internal()); 594 if (in == NULL) { 595 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); 596 goto end; 597 } 598 599 if (BIO_read_filename(in, file) <= 0) { 600 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); 601 goto end; 602 } 603 if (type == SSL_FILETYPE_PEM) { 604 j = ERR_R_PEM_LIB; 605 pkey = PEM_read_bio_PrivateKey(in, NULL, 606 ctx->default_passwd_callback, 607 ctx->default_passwd_callback_userdata); 608 } else if (type == SSL_FILETYPE_ASN1) { 609 j = ERR_R_ASN1_LIB; 610 pkey = d2i_PrivateKey_bio(in, NULL); 611 } else { 612 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 613 goto end; 614 } 615 if (pkey == NULL) { 616 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); 617 goto end; 618 } 619 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 620 EVP_PKEY_free(pkey); 621 end: 622 if (in != NULL) 623 BIO_free(in); 624 return (ret); 625} 626#endif 627 628int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, 629 const unsigned char *d, long len) 630{ 631 int ret; 632 const unsigned char *p; 633 EVP_PKEY *pkey; 634 635 p = d; 636 if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) { 637 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); 638 return (0); 639 } 640 641 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 642 EVP_PKEY_free(pkey); 643 return (ret); 644} 645 646#ifndef OPENSSL_NO_STDIO 647/* 648 * Read a file that contains our certificate in "PEM" format, possibly 649 * followed by a sequence of CA certificates that should be sent to the peer 650 * in the Certificate message. 651 */ 652int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) 653{ 654 BIO *in; 655 int ret = 0; 656 X509 *x = NULL; 657 658 ERR_clear_error(); /* clear error stack for 659 * SSL_CTX_use_certificate() */ 660 661 in = BIO_new(BIO_s_file_internal()); 662 if (in == NULL) { 663 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); 664 goto end; 665 } 666 667 if (BIO_read_filename(in, file) <= 0) { 668 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); 669 goto end; 670 } 671 672 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, 673 ctx->default_passwd_callback_userdata); 674 if (x == NULL) { 675 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); 676 goto end; 677 } 678 679 ret = SSL_CTX_use_certificate(ctx, x); 680 if (ERR_peek_error() != 0) 681 ret = 0; /* Key/certificate mismatch doesn't imply 682 * ret==0 ... */ 683 if (ret) { 684 /* 685 * If we could set up our certificate, now proceed to the CA 686 * certificates. 687 */ 688 X509 *ca; 689 int r; 690 unsigned long err; 691 692 if (ctx->extra_certs != NULL) { 693 sk_X509_pop_free(ctx->extra_certs, X509_free); 694 ctx->extra_certs = NULL; 695 } 696 697 while ((ca = 698 PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, 699 ctx->default_passwd_callback_userdata)) 700 != NULL) { 701 r = SSL_CTX_add_extra_chain_cert(ctx, ca); 702 if (!r) { 703 X509_free(ca); 704 ret = 0; 705 goto end; 706 } 707 /* 708 * Note that we must not free r if it was successfully added to 709 * the chain (while we must free the main certificate, since its 710 * reference count is increased by SSL_CTX_use_certificate). 711 */ 712 } 713 /* When the while loop ends, it's usually just EOF. */ 714 err = ERR_peek_last_error(); 715 if (ERR_GET_LIB(err) == ERR_LIB_PEM 716 && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) 717 ERR_clear_error(); 718 else 719 ret = 0; /* some real error */ 720 } 721 722 end: 723 if (x != NULL) 724 X509_free(x); 725 if (in != NULL) 726 BIO_free(in); 727 return (ret); 728} 729#endif 730