Symaptic: os/ossrv/ssl/libssl/src/ssl_rsa.c@bde4ae8d615e (annotated)

sl@0	1	/* ssl/ssl_rsa.c */
sl@0	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
sl@0	3	* All rights reserved.
sl@0	4	*
sl@0	5	* This package is an SSL implementation written
sl@0	6	* by Eric Young (eay@cryptsoft.com).
sl@0	7	* The implementation was written so as to conform with Netscapes SSL.
sl@0	8	*
sl@0	9	* This library is free for commercial and non-commercial use as long as
sl@0	10	* the following conditions are aheared to. The following conditions
sl@0	11	* apply to all code found in this distribution, be it the RC4, RSA,
sl@0	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
sl@0	13	* included with this distribution is covered by the same copyright terms
sl@0	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
sl@0	15	*
sl@0	16	* Copyright remains Eric Young's, and as such any Copyright notices in
sl@0	17	* the code are not to be removed.
sl@0	18	* If this package is used in a product, Eric Young should be given attribution
sl@0	19	* as the author of the parts of the library used.
sl@0	20	* This can be in the form of a textual message at program startup or
sl@0	21	* in documentation (online or textual) provided with the package.
sl@0	22	*
sl@0	23	* Redistribution and use in source and binary forms, with or without
sl@0	24	* modification, are permitted provided that the following conditions
sl@0	25	* are met:
sl@0	26	* 1. Redistributions of source code must retain the copyright
sl@0	27	* notice, this list of conditions and the following disclaimer.
sl@0	28	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	29	* notice, this list of conditions and the following disclaimer in the
sl@0	30	* documentation and/or other materials provided with the distribution.
sl@0	31	* 3. All advertising materials mentioning features or use of this software
sl@0	32	* must display the following acknowledgement:
sl@0	33	* "This product includes cryptographic software written by
sl@0	34	* Eric Young (eay@cryptsoft.com)"
sl@0	35	* The word 'cryptographic' can be left out if the rouines from the library
sl@0	36	* being used are not cryptographic related :-).
sl@0	37	* 4. If you include any Windows specific code (or a derivative thereof) from
sl@0	38	* the apps directory (application code) you must include an acknowledgement:
sl@0	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
sl@0	40	*
sl@0	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
sl@0	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
sl@0	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0	51	* SUCH DAMAGE.
sl@0	52	*
sl@0	53	* The licence and distribution terms for any publically available version or
sl@0	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
sl@0	55	* copied and put under another distribution licence
sl@0	56	* [including the GNU Public Licence.]
sl@0	57	*/
sl@0	58
sl@0	59	#include <stdio.h>
sl@0	60	#include "ssl_locl.h"
sl@0	61	#include <openssl/bio.h>
sl@0	62	#include <openssl/objects.h>
sl@0	63	#include <openssl/evp.h>
sl@0	64	#include <openssl/x509.h>
sl@0	65	#include <openssl/pem.h>
sl@0	66
sl@0	67	static int ssl_set_cert(CERT c, X509 x509);
sl@0	68	static int ssl_set_pkey(CERT c, EVP_PKEY pkey);
sl@0	69	EXPORT_C int SSL_use_certificate(SSL ssl, X509 x)
sl@0	70	{
sl@0	71	if (x == NULL)
sl@0	72	{
sl@0	73	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
sl@0	74	return(0);
sl@0	75	}
sl@0	76	if (!ssl_cert_inst(&ssl->cert))
sl@0	77	{
sl@0	78	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
sl@0	79	return(0);
sl@0	80	}
sl@0	81	return(ssl_set_cert(ssl->cert,x));
sl@0	82	}
sl@0	83
sl@0	84	#ifndef OPENSSL_NO_STDIO
sl@0	85	EXPORT_C int SSL_use_certificate_file(SSL ssl, const char file, int type)
sl@0	86	{
sl@0	87	int j;
sl@0	88	BIO *in;
sl@0	89	int ret=0;
sl@0	90	X509 *x=NULL;
sl@0	91
sl@0	92	in=BIO_new(BIO_s_file_internal());
sl@0	93	if (in == NULL)
sl@0	94	{
sl@0	95	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
sl@0	96	goto end;
sl@0	97	}
sl@0	98
sl@0	99	if (BIO_read_filename(in,file) <= 0)
sl@0	100	{
sl@0	101	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
sl@0	102	goto end;
sl@0	103	}
sl@0	104	if (type == SSL_FILETYPE_ASN1)
sl@0	105	{
sl@0	106	j=ERR_R_ASN1_LIB;
sl@0	107	x=d2i_X509_bio(in,NULL);
sl@0	108	}
sl@0	109	else if (type == SSL_FILETYPE_PEM)
sl@0	110	{
sl@0	111	j=ERR_R_PEM_LIB;
sl@0	112	x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
sl@0	113	}
sl@0	114	else
sl@0	115	{
sl@0	116	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
sl@0	117	goto end;
sl@0	118	}
sl@0	119
sl@0	120	if (x == NULL)
sl@0	121	{
sl@0	122	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
sl@0	123	goto end;
sl@0	124	}
sl@0	125
sl@0	126	ret=SSL_use_certificate(ssl,x);
sl@0	127	end:
sl@0	128	if (x != NULL) X509_free(x);
sl@0	129	if (in != NULL) BIO_free(in);
sl@0	130	return(ret);
sl@0	131	}
sl@0	132	#endif
sl@0	133
sl@0	134	EXPORT_C int SSL_use_certificate_ASN1(SSL ssl, const unsigned char d, int len)
sl@0	135	{
sl@0	136	X509 *x;
sl@0	137	int ret;
sl@0	138
sl@0	139	x=d2i_X509(NULL,&d,(long)len);
sl@0	140	if (x == NULL)
sl@0	141	{
sl@0	142	SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
sl@0	143	return(0);
sl@0	144	}
sl@0	145
sl@0	146	ret=SSL_use_certificate(ssl,x);
sl@0	147	X509_free(x);
sl@0	148	return(ret);
sl@0	149	}
sl@0	150
sl@0	151	#ifndef OPENSSL_NO_RSA
sl@0	152	EXPORT_C int SSL_use_RSAPrivateKey(SSL ssl, RSA rsa)
sl@0	153	{
sl@0	154	EVP_PKEY *pkey;
sl@0	155	int ret;
sl@0	156
sl@0	157	if (rsa == NULL)
sl@0	158	{
sl@0	159	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
sl@0	160	return(0);
sl@0	161	}
sl@0	162	if (!ssl_cert_inst(&ssl->cert))
sl@0	163	{
sl@0	164	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
sl@0	165	return(0);
sl@0	166	}
sl@0	167	if ((pkey=EVP_PKEY_new()) == NULL)
sl@0	168	{
sl@0	169	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
sl@0	170	return(0);
sl@0	171	}
sl@0	172
sl@0	173	RSA_up_ref(rsa);
sl@0	174	EVP_PKEY_assign_RSA(pkey,rsa);
sl@0	175
sl@0	176	ret=ssl_set_pkey(ssl->cert,pkey);
sl@0	177	EVP_PKEY_free(pkey);
sl@0	178	return(ret);
sl@0	179	}
sl@0	180	#endif
sl@0	181
sl@0	182	static int ssl_set_pkey(CERT c, EVP_PKEY pkey)
sl@0	183	{
sl@0	184	int i;
sl@0	185
sl@0	186	i=ssl_cert_type(NULL,pkey);
sl@0	187	if (i < 0)
sl@0	188	{
sl@0	189	SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
sl@0	190	return(0);
sl@0	191	}
sl@0	192
sl@0	193	if (c->pkeys[i].x509 != NULL)
sl@0	194	{
sl@0	195	EVP_PKEY *pktmp;
sl@0	196	pktmp = X509_get_pubkey(c->pkeys[i].x509);
sl@0	197	EVP_PKEY_copy_parameters(pktmp,pkey);
sl@0	198	EVP_PKEY_free(pktmp);
sl@0	199	ERR_clear_error();
sl@0	200
sl@0	201	#ifndef OPENSSL_NO_RSA
sl@0	202	/* Don't check the public/private key, this is mostly
sl@0	203	* for smart cards. */
sl@0	204	if ((pkey->type == EVP_PKEY_RSA) &&
sl@0	205	(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
sl@0	206	;
sl@0	207	else
sl@0	208	#endif
sl@0	209	if (!X509_check_private_key(c->pkeys[i].x509,pkey))
sl@0	210	{
sl@0	211	X509_free(c->pkeys[i].x509);
sl@0	212	c->pkeys[i].x509 = NULL;
sl@0	213	return 0;
sl@0	214	}
sl@0	215	}
sl@0	216
sl@0	217	if (c->pkeys[i].privatekey != NULL)
sl@0	218	EVP_PKEY_free(c->pkeys[i].privatekey);
sl@0	219	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
sl@0	220	c->pkeys[i].privatekey=pkey;
sl@0	221	c->key= &(c->pkeys[i]);
sl@0	222
sl@0	223	c->valid=0;
sl@0	224	return(1);
sl@0	225	}
sl@0	226
sl@0	227	#ifndef OPENSSL_NO_RSA
sl@0	228	#ifndef OPENSSL_NO_STDIO
sl@0	229	EXPORT_C int SSL_use_RSAPrivateKey_file(SSL ssl, const char file, int type)
sl@0	230	{
sl@0	231	int j,ret=0;
sl@0	232	BIO *in;
sl@0	233	RSA *rsa=NULL;
sl@0	234
sl@0	235	in=BIO_new(BIO_s_file_internal());
sl@0	236	if (in == NULL)
sl@0	237	{
sl@0	238	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
sl@0	239	goto end;
sl@0	240	}
sl@0	241
sl@0	242	if (BIO_read_filename(in,file) <= 0)
sl@0	243	{
sl@0	244	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
sl@0	245	goto end;
sl@0	246	}
sl@0	247	if (type == SSL_FILETYPE_ASN1)
sl@0	248	{
sl@0	249	j=ERR_R_ASN1_LIB;
sl@0	250	rsa=d2i_RSAPrivateKey_bio(in,NULL);
sl@0	251	}
sl@0	252	else if (type == SSL_FILETYPE_PEM)
sl@0	253	{
sl@0	254	j=ERR_R_PEM_LIB;
sl@0	255	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
sl@0	256	ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
sl@0	257	}
sl@0	258	else
sl@0	259	{
sl@0	260	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
sl@0	261	goto end;
sl@0	262	}
sl@0	263	if (rsa == NULL)
sl@0	264	{
sl@0	265	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
sl@0	266	goto end;
sl@0	267	}
sl@0	268	ret=SSL_use_RSAPrivateKey(ssl,rsa);
sl@0	269	RSA_free(rsa);
sl@0	270	end:
sl@0	271	if (in != NULL) BIO_free(in);
sl@0	272	return(ret);
sl@0	273	}
sl@0	274	#endif
sl@0	275
sl@0	276	EXPORT_C int SSL_use_RSAPrivateKey_ASN1(SSL ssl, unsigned char d, long len)
sl@0	277	{
sl@0	278	int ret;
sl@0	279	const unsigned char *p;
sl@0	280	RSA *rsa;
sl@0	281
sl@0	282	p=d;
sl@0	283	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
sl@0	284	{
sl@0	285	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
sl@0	286	return(0);
sl@0	287	}
sl@0	288
sl@0	289	ret=SSL_use_RSAPrivateKey(ssl,rsa);
sl@0	290	RSA_free(rsa);
sl@0	291	return(ret);
sl@0	292	}
sl@0	293	#endif /* !OPENSSL_NO_RSA */
sl@0	294
sl@0	295	EXPORT_C int SSL_use_PrivateKey(SSL ssl, EVP_PKEY pkey)
sl@0	296	{
sl@0	297	int ret;
sl@0	298
sl@0	299	if (pkey == NULL)
sl@0	300	{
sl@0	301	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
sl@0	302	return(0);
sl@0	303	}
sl@0	304	if (!ssl_cert_inst(&ssl->cert))
sl@0	305	{
sl@0	306	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
sl@0	307	return(0);
sl@0	308	}
sl@0	309	ret=ssl_set_pkey(ssl->cert,pkey);
sl@0	310	return(ret);
sl@0	311	}
sl@0	312
sl@0	313	#ifndef OPENSSL_NO_STDIO
sl@0	314	EXPORT_C int SSL_use_PrivateKey_file(SSL ssl, const char file, int type)
sl@0	315	{
sl@0	316	int j,ret=0;
sl@0	317	BIO *in;
sl@0	318	EVP_PKEY *pkey=NULL;
sl@0	319
sl@0	320	in=BIO_new(BIO_s_file_internal());
sl@0	321	if (in == NULL)
sl@0	322	{
sl@0	323	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
sl@0	324	goto end;
sl@0	325	}
sl@0	326
sl@0	327	if (BIO_read_filename(in,file) <= 0)
sl@0	328	{
sl@0	329	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
sl@0	330	goto end;
sl@0	331	}
sl@0	332	if (type == SSL_FILETYPE_PEM)
sl@0	333	{
sl@0	334	j=ERR_R_PEM_LIB;
sl@0	335	pkey=PEM_read_bio_PrivateKey(in,NULL,
sl@0	336	ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
sl@0	337	}
sl@0	338	else if (type == SSL_FILETYPE_ASN1)
sl@0	339	{
sl@0	340	j = ERR_R_ASN1_LIB;
sl@0	341	pkey = d2i_PrivateKey_bio(in,NULL);
sl@0	342	}
sl@0	343	else
sl@0	344	{
sl@0	345	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
sl@0	346	goto end;
sl@0	347	}
sl@0	348	if (pkey == NULL)
sl@0	349	{
sl@0	350	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
sl@0	351	goto end;
sl@0	352	}
sl@0	353	ret=SSL_use_PrivateKey(ssl,pkey);
sl@0	354	EVP_PKEY_free(pkey);
sl@0	355	end:
sl@0	356	if (in != NULL) BIO_free(in);
sl@0	357	return(ret);
sl@0	358	}
sl@0	359	#endif
sl@0	360
sl@0	361	EXPORT_C int SSL_use_PrivateKey_ASN1(int type, SSL ssl, const unsigned char d, long len)
sl@0	362	{
sl@0	363	int ret;
sl@0	364	const unsigned char *p;
sl@0	365	EVP_PKEY *pkey;
sl@0	366
sl@0	367	p=d;
sl@0	368	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
sl@0	369	{
sl@0	370	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
sl@0	371	return(0);
sl@0	372	}
sl@0	373
sl@0	374	ret=SSL_use_PrivateKey(ssl,pkey);
sl@0	375	EVP_PKEY_free(pkey);
sl@0	376	return(ret);
sl@0	377	}
sl@0	378
sl@0	379	EXPORT_C int SSL_CTX_use_certificate(SSL_CTX ctx, X509 x)
sl@0	380	{
sl@0	381	if (x == NULL)
sl@0	382	{
sl@0	383	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
sl@0	384	return(0);
sl@0	385	}
sl@0	386	if (!ssl_cert_inst(&ctx->cert))
sl@0	387	{
sl@0	388	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
sl@0	389	return(0);
sl@0	390	}
sl@0	391	return(ssl_set_cert(ctx->cert, x));
sl@0	392	}
sl@0	393
sl@0	394	static int ssl_set_cert(CERT c, X509 x)
sl@0	395	{
sl@0	396	EVP_PKEY *pkey;
sl@0	397	int i;
sl@0	398
sl@0	399	pkey=X509_get_pubkey(x);
sl@0	400	if (pkey == NULL)
sl@0	401	{
sl@0	402	SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
sl@0	403	return(0);
sl@0	404	}
sl@0	405
sl@0	406	i=ssl_cert_type(x,pkey);
sl@0	407	if (i < 0)
sl@0	408	{
sl@0	409	SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
sl@0	410	EVP_PKEY_free(pkey);
sl@0	411	return(0);
sl@0	412	}
sl@0	413
sl@0	414	if (c->pkeys[i].privatekey != NULL)
sl@0	415	{
sl@0	416	EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
sl@0	417	ERR_clear_error();
sl@0	418
sl@0	419	#ifndef OPENSSL_NO_RSA
sl@0	420	/* Don't check the public/private key, this is mostly
sl@0	421	* for smart cards. */
sl@0	422	if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
sl@0	423	(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
sl@0	424	RSA_METHOD_FLAG_NO_CHECK))
sl@0	425	;
sl@0	426	else
sl@0	427	#endif /* OPENSSL_NO_RSA */
sl@0	428	if (!X509_check_private_key(x,c->pkeys[i].privatekey))
sl@0	429	{
sl@0	430	/* don't fail for a cert/key mismatch, just free
sl@0	431	* current private key (when switching to a different
sl@0	432	* cert & key, first this function should be used,
sl@0	433	* then ssl_set_pkey */
sl@0	434	EVP_PKEY_free(c->pkeys[i].privatekey);
sl@0	435	c->pkeys[i].privatekey=NULL;
sl@0	436	/* clear error queue */
sl@0	437	ERR_clear_error();
sl@0	438	}
sl@0	439	}
sl@0	440
sl@0	441	EVP_PKEY_free(pkey);
sl@0	442
sl@0	443	if (c->pkeys[i].x509 != NULL)
sl@0	444	X509_free(c->pkeys[i].x509);
sl@0	445	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
sl@0	446	c->pkeys[i].x509=x;
sl@0	447	c->key= &(c->pkeys[i]);
sl@0	448
sl@0	449	c->valid=0;
sl@0	450	return(1);
sl@0	451	}
sl@0	452
sl@0	453	#ifndef OPENSSL_NO_STDIO
sl@0	454	EXPORT_C int SSL_CTX_use_certificate_file(SSL_CTX ctx, const char file, int type)
sl@0	455	{
sl@0	456	int j;
sl@0	457	BIO *in;
sl@0	458	int ret=0;
sl@0	459	X509 *x=NULL;
sl@0	460
sl@0	461	in=BIO_new(BIO_s_file_internal());
sl@0	462	if (in == NULL)
sl@0	463	{
sl@0	464	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
sl@0	465	goto end;
sl@0	466	}
sl@0	467
sl@0	468	if (BIO_read_filename(in,file) <= 0)
sl@0	469	{
sl@0	470	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
sl@0	471	goto end;
sl@0	472	}
sl@0	473	if (type == SSL_FILETYPE_ASN1)
sl@0	474	{
sl@0	475	j=ERR_R_ASN1_LIB;
sl@0	476	x=d2i_X509_bio(in,NULL);
sl@0	477	}
sl@0	478	else if (type == SSL_FILETYPE_PEM)
sl@0	479	{
sl@0	480	j=ERR_R_PEM_LIB;
sl@0	481	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
sl@0	482	}
sl@0	483	else
sl@0	484	{
sl@0	485	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
sl@0	486	goto end;
sl@0	487	}
sl@0	488
sl@0	489	if (x == NULL)
sl@0	490	{
sl@0	491	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
sl@0	492	goto end;
sl@0	493	}
sl@0	494
sl@0	495	ret=SSL_CTX_use_certificate(ctx,x);
sl@0	496	end:
sl@0	497	if (x != NULL) X509_free(x);
sl@0	498	if (in != NULL) BIO_free(in);
sl@0	499	return(ret);
sl@0	500	}
sl@0	501	#endif
sl@0	502
sl@0	503	EXPORT_C int SSL_CTX_use_certificate_ASN1(SSL_CTX ctx, int len, const unsigned char d)
sl@0	504	{
sl@0	505	X509 *x;
sl@0	506	int ret;
sl@0	507
sl@0	508	x=d2i_X509(NULL,&d,(long)len);
sl@0	509	if (x == NULL)
sl@0	510	{
sl@0	511	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
sl@0	512	return(0);
sl@0	513	}
sl@0	514
sl@0	515	ret=SSL_CTX_use_certificate(ctx,x);
sl@0	516	X509_free(x);
sl@0	517	return(ret);
sl@0	518	}
sl@0	519
sl@0	520	#ifndef OPENSSL_NO_RSA
sl@0	521	EXPORT_C int SSL_CTX_use_RSAPrivateKey(SSL_CTX ctx, RSA rsa)
sl@0	522	{
sl@0	523	int ret;
sl@0	524	EVP_PKEY *pkey;
sl@0	525
sl@0	526	if (rsa == NULL)
sl@0	527	{
sl@0	528	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
sl@0	529	return(0);
sl@0	530	}
sl@0	531	if (!ssl_cert_inst(&ctx->cert))
sl@0	532	{
sl@0	533	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
sl@0	534	return(0);
sl@0	535	}
sl@0	536	if ((pkey=EVP_PKEY_new()) == NULL)
sl@0	537	{
sl@0	538	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
sl@0	539	return(0);
sl@0	540	}
sl@0	541
sl@0	542	RSA_up_ref(rsa);
sl@0	543	EVP_PKEY_assign_RSA(pkey,rsa);
sl@0	544
sl@0	545	ret=ssl_set_pkey(ctx->cert, pkey);
sl@0	546	EVP_PKEY_free(pkey);
sl@0	547	return(ret);
sl@0	548	}
sl@0	549
sl@0	550	#ifndef OPENSSL_NO_STDIO
sl@0	551	EXPORT_C int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX ctx, const char file, int type)
sl@0	552	{
sl@0	553	int j,ret=0;
sl@0	554	BIO *in;
sl@0	555	RSA *rsa=NULL;
sl@0	556
sl@0	557	in=BIO_new(BIO_s_file_internal());
sl@0	558	if (in == NULL)
sl@0	559	{
sl@0	560	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
sl@0	561	goto end;
sl@0	562	}
sl@0	563
sl@0	564	if (BIO_read_filename(in,file) <= 0)
sl@0	565	{
sl@0	566	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
sl@0	567	goto end;
sl@0	568	}
sl@0	569	if (type == SSL_FILETYPE_ASN1)
sl@0	570	{
sl@0	571	j=ERR_R_ASN1_LIB;
sl@0	572	rsa=d2i_RSAPrivateKey_bio(in,NULL);
sl@0	573	}
sl@0	574	else if (type == SSL_FILETYPE_PEM)
sl@0	575	{
sl@0	576	j=ERR_R_PEM_LIB;
sl@0	577	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
sl@0	578	ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
sl@0	579	}
sl@0	580	else
sl@0	581	{
sl@0	582	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
sl@0	583	goto end;
sl@0	584	}
sl@0	585	if (rsa == NULL)
sl@0	586	{
sl@0	587	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
sl@0	588	goto end;
sl@0	589	}
sl@0	590	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
sl@0	591	RSA_free(rsa);
sl@0	592	end:
sl@0	593	if (in != NULL) BIO_free(in);
sl@0	594	return(ret);
sl@0	595	}
sl@0	596	#endif
sl@0	597
sl@0	598	EXPORT_C int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX ctx, const unsigned char d, long len)
sl@0	599	{
sl@0	600	int ret;
sl@0	601	const unsigned char *p;
sl@0	602	RSA *rsa;
sl@0	603
sl@0	604	p=d;
sl@0	605	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
sl@0	606	{
sl@0	607	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
sl@0	608	return(0);
sl@0	609	}
sl@0	610
sl@0	611	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
sl@0	612	RSA_free(rsa);
sl@0	613	return(ret);
sl@0	614	}
sl@0	615	#endif /* !OPENSSL_NO_RSA */
sl@0	616
sl@0	617	EXPORT_C int SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY pkey)
sl@0	618	{
sl@0	619	if (pkey == NULL)
sl@0	620	{
sl@0	621	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
sl@0	622	return(0);
sl@0	623	}
sl@0	624	if (!ssl_cert_inst(&ctx->cert))
sl@0	625	{
sl@0	626	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
sl@0	627	return(0);
sl@0	628	}
sl@0	629	return(ssl_set_pkey(ctx->cert,pkey));
sl@0	630	}
sl@0	631
sl@0	632	#ifndef OPENSSL_NO_STDIO
sl@0	633	EXPORT_C SSL_CTX_use_PrivateKey_file(SSL_CTX ctx, const char file, int type)
sl@0	634	{
sl@0	635	int j,ret=0;
sl@0	636	BIO *in;
sl@0	637	EVP_PKEY *pkey=NULL;
sl@0	638
sl@0	639	in=BIO_new(BIO_s_file_internal());
sl@0	640	if (in == NULL)
sl@0	641	{
sl@0	642	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
sl@0	643	goto end;
sl@0	644	}
sl@0	645
sl@0	646	if (BIO_read_filename(in,file) <= 0)
sl@0	647	{
sl@0	648	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
sl@0	649	goto end;
sl@0	650	}
sl@0	651	if (type == SSL_FILETYPE_PEM)
sl@0	652	{
sl@0	653	j=ERR_R_PEM_LIB;
sl@0	654	pkey=PEM_read_bio_PrivateKey(in,NULL,
sl@0	655	ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
sl@0	656	}
sl@0	657	else if (type == SSL_FILETYPE_ASN1)
sl@0	658	{
sl@0	659	j = ERR_R_ASN1_LIB;
sl@0	660	pkey = d2i_PrivateKey_bio(in,NULL);
sl@0	661	}
sl@0	662	else
sl@0	663	{
sl@0	664	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
sl@0	665	goto end;
sl@0	666	}
sl@0	667	if (pkey == NULL)
sl@0	668	{
sl@0	669	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
sl@0	670	goto end;
sl@0	671	}
sl@0	672	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
sl@0	673	EVP_PKEY_free(pkey);
sl@0	674	end:
sl@0	675	if (in != NULL) BIO_free(in);
sl@0	676	return(ret);
sl@0	677	}
sl@0	678	#endif
sl@0	679
sl@0	680	EXPORT_C int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX ctx, const unsigned char d,
sl@0	681	long len)
sl@0	682	{
sl@0	683	int ret;
sl@0	684	const unsigned char *p;
sl@0	685	EVP_PKEY *pkey;
sl@0	686
sl@0	687	p=d;
sl@0	688	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
sl@0	689	{
sl@0	690	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
sl@0	691	return(0);
sl@0	692	}
sl@0	693
sl@0	694	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
sl@0	695	EVP_PKEY_free(pkey);
sl@0	696	return(ret);
sl@0	697	}
sl@0	698
sl@0	699
sl@0	700	#ifndef OPENSSL_NO_STDIO
sl@0	701	/* Read a file that contains our certificate in "PEM" format,
sl@0	702	* possibly followed by a sequence of CA certificates that should be
sl@0	703	* sent to the peer in the Certificate message.
sl@0	704	*/
sl@0	705	EXPORT_C int SSL_CTX_use_certificate_chain_file(SSL_CTX ctx, const char file)
sl@0	706	{
sl@0	707	BIO *in;
sl@0	708	int ret=0;
sl@0	709	X509 *x=NULL;
sl@0	710
sl@0	711	in=BIO_new(BIO_s_file_internal());
sl@0	712	if (in == NULL)
sl@0	713	{
sl@0	714	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
sl@0	715	goto end;
sl@0	716	}
sl@0	717
sl@0	718	if (BIO_read_filename(in,file) <= 0)
sl@0	719	{
sl@0	720	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
sl@0	721	goto end;
sl@0	722	}
sl@0	723
sl@0	724	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
sl@0	725	if (x == NULL)
sl@0	726	{
sl@0	727	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
sl@0	728	goto end;
sl@0	729	}
sl@0	730
sl@0	731	ret=SSL_CTX_use_certificate(ctx,x);
sl@0	732	if (ERR_peek_error() != 0)
sl@0	733	ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
sl@0	734	if (ret)
sl@0	735	{
sl@0	736	/* If we could set up our certificate, now proceed to
sl@0	737	* the CA certificates.
sl@0	738	*/
sl@0	739	X509 *ca;
sl@0	740	int r;
sl@0	741	unsigned long err;
sl@0	742
sl@0	743	if (ctx->extra_certs != NULL)
sl@0	744	{
sl@0	745	sk_X509_pop_free(ctx->extra_certs, X509_free);
sl@0	746	ctx->extra_certs = NULL;
sl@0	747	}
sl@0	748
sl@0	749	while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
sl@0	750	!= NULL)
sl@0	751	{
sl@0	752	r = SSL_CTX_add_extra_chain_cert(ctx, ca);
sl@0	753	if (!r)
sl@0	754	{
sl@0	755	X509_free(ca);
sl@0	756	ret = 0;
sl@0	757	goto end;
sl@0	758	}
sl@0	759	/* Note that we must not free r if it was successfully
sl@0	760	* added to the chain (while we must free the main
sl@0	761	* certificate, since its reference count is increased
sl@0	762	* by SSL_CTX_use_certificate). */
sl@0	763	}
sl@0	764	/* When the while loop ends, it's usually just EOF. */
sl@0	765	err = ERR_peek_last_error();
sl@0	766	if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
sl@0	767	ERR_clear_error();
sl@0	768	else
sl@0	769	ret = 0; /* some real error */
sl@0	770	}
sl@0	771
sl@0	772	end:
sl@0	773	if (x != NULL) X509_free(x);
sl@0	774	if (in != NULL) BIO_free(in);
sl@0	775	return(ret);
sl@0	776	}
sl@0	777	#endif

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--