1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libssl/src/ssl_rsa.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,777 @@
1.4 +/* ssl/ssl_rsa.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +
1.62 +#include <stdio.h>
1.63 +#include "ssl_locl.h"
1.64 +#include <openssl/bio.h>
1.65 +#include <openssl/objects.h>
1.66 +#include <openssl/evp.h>
1.67 +#include <openssl/x509.h>
1.68 +#include <openssl/pem.h>
1.69 +
1.70 +static int ssl_set_cert(CERT *c, X509 *x509);
1.71 +static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
1.72 +EXPORT_C int SSL_use_certificate(SSL *ssl, X509 *x)
1.73 + {
1.74 + if (x == NULL)
1.75 + {
1.76 + SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
1.77 + return(0);
1.78 + }
1.79 + if (!ssl_cert_inst(&ssl->cert))
1.80 + {
1.81 + SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1.82 + return(0);
1.83 + }
1.84 + return(ssl_set_cert(ssl->cert,x));
1.85 + }
1.86 +
1.87 +#ifndef OPENSSL_NO_STDIO
1.88 +EXPORT_C int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
1.89 + {
1.90 + int j;
1.91 + BIO *in;
1.92 + int ret=0;
1.93 + X509 *x=NULL;
1.94 +
1.95 + in=BIO_new(BIO_s_file_internal());
1.96 + if (in == NULL)
1.97 + {
1.98 + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
1.99 + goto end;
1.100 + }
1.101 +
1.102 + if (BIO_read_filename(in,file) <= 0)
1.103 + {
1.104 + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
1.105 + goto end;
1.106 + }
1.107 + if (type == SSL_FILETYPE_ASN1)
1.108 + {
1.109 + j=ERR_R_ASN1_LIB;
1.110 + x=d2i_X509_bio(in,NULL);
1.111 + }
1.112 + else if (type == SSL_FILETYPE_PEM)
1.113 + {
1.114 + j=ERR_R_PEM_LIB;
1.115 + x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
1.116 + }
1.117 + else
1.118 + {
1.119 + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
1.120 + goto end;
1.121 + }
1.122 +
1.123 + if (x == NULL)
1.124 + {
1.125 + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
1.126 + goto end;
1.127 + }
1.128 +
1.129 + ret=SSL_use_certificate(ssl,x);
1.130 +end:
1.131 + if (x != NULL) X509_free(x);
1.132 + if (in != NULL) BIO_free(in);
1.133 + return(ret);
1.134 + }
1.135 +#endif
1.136 +
1.137 +EXPORT_C int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
1.138 + {
1.139 + X509 *x;
1.140 + int ret;
1.141 +
1.142 + x=d2i_X509(NULL,&d,(long)len);
1.143 + if (x == NULL)
1.144 + {
1.145 + SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
1.146 + return(0);
1.147 + }
1.148 +
1.149 + ret=SSL_use_certificate(ssl,x);
1.150 + X509_free(x);
1.151 + return(ret);
1.152 + }
1.153 +
1.154 +#ifndef OPENSSL_NO_RSA
1.155 +EXPORT_C int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
1.156 + {
1.157 + EVP_PKEY *pkey;
1.158 + int ret;
1.159 +
1.160 + if (rsa == NULL)
1.161 + {
1.162 + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
1.163 + return(0);
1.164 + }
1.165 + if (!ssl_cert_inst(&ssl->cert))
1.166 + {
1.167 + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
1.168 + return(0);
1.169 + }
1.170 + if ((pkey=EVP_PKEY_new()) == NULL)
1.171 + {
1.172 + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
1.173 + return(0);
1.174 + }
1.175 +
1.176 + RSA_up_ref(rsa);
1.177 + EVP_PKEY_assign_RSA(pkey,rsa);
1.178 +
1.179 + ret=ssl_set_pkey(ssl->cert,pkey);
1.180 + EVP_PKEY_free(pkey);
1.181 + return(ret);
1.182 + }
1.183 +#endif
1.184 +
1.185 +static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
1.186 + {
1.187 + int i;
1.188 +
1.189 + i=ssl_cert_type(NULL,pkey);
1.190 + if (i < 0)
1.191 + {
1.192 + SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1.193 + return(0);
1.194 + }
1.195 +
1.196 + if (c->pkeys[i].x509 != NULL)
1.197 + {
1.198 + EVP_PKEY *pktmp;
1.199 + pktmp = X509_get_pubkey(c->pkeys[i].x509);
1.200 + EVP_PKEY_copy_parameters(pktmp,pkey);
1.201 + EVP_PKEY_free(pktmp);
1.202 + ERR_clear_error();
1.203 +
1.204 +#ifndef OPENSSL_NO_RSA
1.205 + /* Don't check the public/private key, this is mostly
1.206 + * for smart cards. */
1.207 + if ((pkey->type == EVP_PKEY_RSA) &&
1.208 + (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
1.209 + ;
1.210 + else
1.211 +#endif
1.212 + if (!X509_check_private_key(c->pkeys[i].x509,pkey))
1.213 + {
1.214 + X509_free(c->pkeys[i].x509);
1.215 + c->pkeys[i].x509 = NULL;
1.216 + return 0;
1.217 + }
1.218 + }
1.219 +
1.220 + if (c->pkeys[i].privatekey != NULL)
1.221 + EVP_PKEY_free(c->pkeys[i].privatekey);
1.222 + CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
1.223 + c->pkeys[i].privatekey=pkey;
1.224 + c->key= &(c->pkeys[i]);
1.225 +
1.226 + c->valid=0;
1.227 + return(1);
1.228 + }
1.229 +
1.230 +#ifndef OPENSSL_NO_RSA
1.231 +#ifndef OPENSSL_NO_STDIO
1.232 +EXPORT_C int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
1.233 + {
1.234 + int j,ret=0;
1.235 + BIO *in;
1.236 + RSA *rsa=NULL;
1.237 +
1.238 + in=BIO_new(BIO_s_file_internal());
1.239 + if (in == NULL)
1.240 + {
1.241 + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
1.242 + goto end;
1.243 + }
1.244 +
1.245 + if (BIO_read_filename(in,file) <= 0)
1.246 + {
1.247 + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
1.248 + goto end;
1.249 + }
1.250 + if (type == SSL_FILETYPE_ASN1)
1.251 + {
1.252 + j=ERR_R_ASN1_LIB;
1.253 + rsa=d2i_RSAPrivateKey_bio(in,NULL);
1.254 + }
1.255 + else if (type == SSL_FILETYPE_PEM)
1.256 + {
1.257 + j=ERR_R_PEM_LIB;
1.258 + rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
1.259 + ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
1.260 + }
1.261 + else
1.262 + {
1.263 + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
1.264 + goto end;
1.265 + }
1.266 + if (rsa == NULL)
1.267 + {
1.268 + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
1.269 + goto end;
1.270 + }
1.271 + ret=SSL_use_RSAPrivateKey(ssl,rsa);
1.272 + RSA_free(rsa);
1.273 +end:
1.274 + if (in != NULL) BIO_free(in);
1.275 + return(ret);
1.276 + }
1.277 +#endif
1.278 +
1.279 +EXPORT_C int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
1.280 + {
1.281 + int ret;
1.282 + const unsigned char *p;
1.283 + RSA *rsa;
1.284 +
1.285 + p=d;
1.286 + if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
1.287 + {
1.288 + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
1.289 + return(0);
1.290 + }
1.291 +
1.292 + ret=SSL_use_RSAPrivateKey(ssl,rsa);
1.293 + RSA_free(rsa);
1.294 + return(ret);
1.295 + }
1.296 +#endif /* !OPENSSL_NO_RSA */
1.297 +
1.298 +EXPORT_C int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
1.299 + {
1.300 + int ret;
1.301 +
1.302 + if (pkey == NULL)
1.303 + {
1.304 + SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
1.305 + return(0);
1.306 + }
1.307 + if (!ssl_cert_inst(&ssl->cert))
1.308 + {
1.309 + SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
1.310 + return(0);
1.311 + }
1.312 + ret=ssl_set_pkey(ssl->cert,pkey);
1.313 + return(ret);
1.314 + }
1.315 +
1.316 +#ifndef OPENSSL_NO_STDIO
1.317 +EXPORT_C int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
1.318 + {
1.319 + int j,ret=0;
1.320 + BIO *in;
1.321 + EVP_PKEY *pkey=NULL;
1.322 +
1.323 + in=BIO_new(BIO_s_file_internal());
1.324 + if (in == NULL)
1.325 + {
1.326 + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
1.327 + goto end;
1.328 + }
1.329 +
1.330 + if (BIO_read_filename(in,file) <= 0)
1.331 + {
1.332 + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
1.333 + goto end;
1.334 + }
1.335 + if (type == SSL_FILETYPE_PEM)
1.336 + {
1.337 + j=ERR_R_PEM_LIB;
1.338 + pkey=PEM_read_bio_PrivateKey(in,NULL,
1.339 + ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
1.340 + }
1.341 + else if (type == SSL_FILETYPE_ASN1)
1.342 + {
1.343 + j = ERR_R_ASN1_LIB;
1.344 + pkey = d2i_PrivateKey_bio(in,NULL);
1.345 + }
1.346 + else
1.347 + {
1.348 + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
1.349 + goto end;
1.350 + }
1.351 + if (pkey == NULL)
1.352 + {
1.353 + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
1.354 + goto end;
1.355 + }
1.356 + ret=SSL_use_PrivateKey(ssl,pkey);
1.357 + EVP_PKEY_free(pkey);
1.358 +end:
1.359 + if (in != NULL) BIO_free(in);
1.360 + return(ret);
1.361 + }
1.362 +#endif
1.363 +
1.364 +EXPORT_C int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
1.365 + {
1.366 + int ret;
1.367 + const unsigned char *p;
1.368 + EVP_PKEY *pkey;
1.369 +
1.370 + p=d;
1.371 + if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
1.372 + {
1.373 + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
1.374 + return(0);
1.375 + }
1.376 +
1.377 + ret=SSL_use_PrivateKey(ssl,pkey);
1.378 + EVP_PKEY_free(pkey);
1.379 + return(ret);
1.380 + }
1.381 +
1.382 +EXPORT_C int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
1.383 + {
1.384 + if (x == NULL)
1.385 + {
1.386 + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
1.387 + return(0);
1.388 + }
1.389 + if (!ssl_cert_inst(&ctx->cert))
1.390 + {
1.391 + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1.392 + return(0);
1.393 + }
1.394 + return(ssl_set_cert(ctx->cert, x));
1.395 + }
1.396 +
1.397 +static int ssl_set_cert(CERT *c, X509 *x)
1.398 + {
1.399 + EVP_PKEY *pkey;
1.400 + int i;
1.401 +
1.402 + pkey=X509_get_pubkey(x);
1.403 + if (pkey == NULL)
1.404 + {
1.405 + SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
1.406 + return(0);
1.407 + }
1.408 +
1.409 + i=ssl_cert_type(x,pkey);
1.410 + if (i < 0)
1.411 + {
1.412 + SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1.413 + EVP_PKEY_free(pkey);
1.414 + return(0);
1.415 + }
1.416 +
1.417 + if (c->pkeys[i].privatekey != NULL)
1.418 + {
1.419 + EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
1.420 + ERR_clear_error();
1.421 +
1.422 +#ifndef OPENSSL_NO_RSA
1.423 + /* Don't check the public/private key, this is mostly
1.424 + * for smart cards. */
1.425 + if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
1.426 + (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
1.427 + RSA_METHOD_FLAG_NO_CHECK))
1.428 + ;
1.429 + else
1.430 +#endif /* OPENSSL_NO_RSA */
1.431 + if (!X509_check_private_key(x,c->pkeys[i].privatekey))
1.432 + {
1.433 + /* don't fail for a cert/key mismatch, just free
1.434 + * current private key (when switching to a different
1.435 + * cert & key, first this function should be used,
1.436 + * then ssl_set_pkey */
1.437 + EVP_PKEY_free(c->pkeys[i].privatekey);
1.438 + c->pkeys[i].privatekey=NULL;
1.439 + /* clear error queue */
1.440 + ERR_clear_error();
1.441 + }
1.442 + }
1.443 +
1.444 + EVP_PKEY_free(pkey);
1.445 +
1.446 + if (c->pkeys[i].x509 != NULL)
1.447 + X509_free(c->pkeys[i].x509);
1.448 + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1.449 + c->pkeys[i].x509=x;
1.450 + c->key= &(c->pkeys[i]);
1.451 +
1.452 + c->valid=0;
1.453 + return(1);
1.454 + }
1.455 +
1.456 +#ifndef OPENSSL_NO_STDIO
1.457 +EXPORT_C int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
1.458 + {
1.459 + int j;
1.460 + BIO *in;
1.461 + int ret=0;
1.462 + X509 *x=NULL;
1.463 +
1.464 + in=BIO_new(BIO_s_file_internal());
1.465 + if (in == NULL)
1.466 + {
1.467 + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
1.468 + goto end;
1.469 + }
1.470 +
1.471 + if (BIO_read_filename(in,file) <= 0)
1.472 + {
1.473 + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
1.474 + goto end;
1.475 + }
1.476 + if (type == SSL_FILETYPE_ASN1)
1.477 + {
1.478 + j=ERR_R_ASN1_LIB;
1.479 + x=d2i_X509_bio(in,NULL);
1.480 + }
1.481 + else if (type == SSL_FILETYPE_PEM)
1.482 + {
1.483 + j=ERR_R_PEM_LIB;
1.484 + x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
1.485 + }
1.486 + else
1.487 + {
1.488 + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
1.489 + goto end;
1.490 + }
1.491 +
1.492 + if (x == NULL)
1.493 + {
1.494 + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
1.495 + goto end;
1.496 + }
1.497 +
1.498 + ret=SSL_CTX_use_certificate(ctx,x);
1.499 +end:
1.500 + if (x != NULL) X509_free(x);
1.501 + if (in != NULL) BIO_free(in);
1.502 + return(ret);
1.503 + }
1.504 +#endif
1.505 +
1.506 +EXPORT_C int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
1.507 + {
1.508 + X509 *x;
1.509 + int ret;
1.510 +
1.511 + x=d2i_X509(NULL,&d,(long)len);
1.512 + if (x == NULL)
1.513 + {
1.514 + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
1.515 + return(0);
1.516 + }
1.517 +
1.518 + ret=SSL_CTX_use_certificate(ctx,x);
1.519 + X509_free(x);
1.520 + return(ret);
1.521 + }
1.522 +
1.523 +#ifndef OPENSSL_NO_RSA
1.524 +EXPORT_C int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
1.525 + {
1.526 + int ret;
1.527 + EVP_PKEY *pkey;
1.528 +
1.529 + if (rsa == NULL)
1.530 + {
1.531 + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
1.532 + return(0);
1.533 + }
1.534 + if (!ssl_cert_inst(&ctx->cert))
1.535 + {
1.536 + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
1.537 + return(0);
1.538 + }
1.539 + if ((pkey=EVP_PKEY_new()) == NULL)
1.540 + {
1.541 + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
1.542 + return(0);
1.543 + }
1.544 +
1.545 + RSA_up_ref(rsa);
1.546 + EVP_PKEY_assign_RSA(pkey,rsa);
1.547 +
1.548 + ret=ssl_set_pkey(ctx->cert, pkey);
1.549 + EVP_PKEY_free(pkey);
1.550 + return(ret);
1.551 + }
1.552 +
1.553 +#ifndef OPENSSL_NO_STDIO
1.554 +EXPORT_C int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
1.555 + {
1.556 + int j,ret=0;
1.557 + BIO *in;
1.558 + RSA *rsa=NULL;
1.559 +
1.560 + in=BIO_new(BIO_s_file_internal());
1.561 + if (in == NULL)
1.562 + {
1.563 + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
1.564 + goto end;
1.565 + }
1.566 +
1.567 + if (BIO_read_filename(in,file) <= 0)
1.568 + {
1.569 + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
1.570 + goto end;
1.571 + }
1.572 + if (type == SSL_FILETYPE_ASN1)
1.573 + {
1.574 + j=ERR_R_ASN1_LIB;
1.575 + rsa=d2i_RSAPrivateKey_bio(in,NULL);
1.576 + }
1.577 + else if (type == SSL_FILETYPE_PEM)
1.578 + {
1.579 + j=ERR_R_PEM_LIB;
1.580 + rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
1.581 + ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
1.582 + }
1.583 + else
1.584 + {
1.585 + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
1.586 + goto end;
1.587 + }
1.588 + if (rsa == NULL)
1.589 + {
1.590 + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
1.591 + goto end;
1.592 + }
1.593 + ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
1.594 + RSA_free(rsa);
1.595 +end:
1.596 + if (in != NULL) BIO_free(in);
1.597 + return(ret);
1.598 + }
1.599 +#endif
1.600 +
1.601 +EXPORT_C int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
1.602 + {
1.603 + int ret;
1.604 + const unsigned char *p;
1.605 + RSA *rsa;
1.606 +
1.607 + p=d;
1.608 + if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
1.609 + {
1.610 + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
1.611 + return(0);
1.612 + }
1.613 +
1.614 + ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
1.615 + RSA_free(rsa);
1.616 + return(ret);
1.617 + }
1.618 +#endif /* !OPENSSL_NO_RSA */
1.619 +
1.620 +EXPORT_C int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
1.621 + {
1.622 + if (pkey == NULL)
1.623 + {
1.624 + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
1.625 + return(0);
1.626 + }
1.627 + if (!ssl_cert_inst(&ctx->cert))
1.628 + {
1.629 + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
1.630 + return(0);
1.631 + }
1.632 + return(ssl_set_pkey(ctx->cert,pkey));
1.633 + }
1.634 +
1.635 +#ifndef OPENSSL_NO_STDIO
1.636 +EXPORT_C SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
1.637 + {
1.638 + int j,ret=0;
1.639 + BIO *in;
1.640 + EVP_PKEY *pkey=NULL;
1.641 +
1.642 + in=BIO_new(BIO_s_file_internal());
1.643 + if (in == NULL)
1.644 + {
1.645 + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
1.646 + goto end;
1.647 + }
1.648 +
1.649 + if (BIO_read_filename(in,file) <= 0)
1.650 + {
1.651 + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
1.652 + goto end;
1.653 + }
1.654 + if (type == SSL_FILETYPE_PEM)
1.655 + {
1.656 + j=ERR_R_PEM_LIB;
1.657 + pkey=PEM_read_bio_PrivateKey(in,NULL,
1.658 + ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
1.659 + }
1.660 + else if (type == SSL_FILETYPE_ASN1)
1.661 + {
1.662 + j = ERR_R_ASN1_LIB;
1.663 + pkey = d2i_PrivateKey_bio(in,NULL);
1.664 + }
1.665 + else
1.666 + {
1.667 + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
1.668 + goto end;
1.669 + }
1.670 + if (pkey == NULL)
1.671 + {
1.672 + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
1.673 + goto end;
1.674 + }
1.675 + ret=SSL_CTX_use_PrivateKey(ctx,pkey);
1.676 + EVP_PKEY_free(pkey);
1.677 +end:
1.678 + if (in != NULL) BIO_free(in);
1.679 + return(ret);
1.680 + }
1.681 +#endif
1.682 +
1.683 +EXPORT_C int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
1.684 + long len)
1.685 + {
1.686 + int ret;
1.687 + const unsigned char *p;
1.688 + EVP_PKEY *pkey;
1.689 +
1.690 + p=d;
1.691 + if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
1.692 + {
1.693 + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
1.694 + return(0);
1.695 + }
1.696 +
1.697 + ret=SSL_CTX_use_PrivateKey(ctx,pkey);
1.698 + EVP_PKEY_free(pkey);
1.699 + return(ret);
1.700 + }
1.701 +
1.702 +
1.703 +#ifndef OPENSSL_NO_STDIO
1.704 +/* Read a file that contains our certificate in "PEM" format,
1.705 + * possibly followed by a sequence of CA certificates that should be
1.706 + * sent to the peer in the Certificate message.
1.707 + */
1.708 +EXPORT_C int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
1.709 + {
1.710 + BIO *in;
1.711 + int ret=0;
1.712 + X509 *x=NULL;
1.713 +
1.714 + in=BIO_new(BIO_s_file_internal());
1.715 + if (in == NULL)
1.716 + {
1.717 + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
1.718 + goto end;
1.719 + }
1.720 +
1.721 + if (BIO_read_filename(in,file) <= 0)
1.722 + {
1.723 + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
1.724 + goto end;
1.725 + }
1.726 +
1.727 + x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
1.728 + if (x == NULL)
1.729 + {
1.730 + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
1.731 + goto end;
1.732 + }
1.733 +
1.734 + ret=SSL_CTX_use_certificate(ctx,x);
1.735 + if (ERR_peek_error() != 0)
1.736 + ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
1.737 + if (ret)
1.738 + {
1.739 + /* If we could set up our certificate, now proceed to
1.740 + * the CA certificates.
1.741 + */
1.742 + X509 *ca;
1.743 + int r;
1.744 + unsigned long err;
1.745 +
1.746 + if (ctx->extra_certs != NULL)
1.747 + {
1.748 + sk_X509_pop_free(ctx->extra_certs, X509_free);
1.749 + ctx->extra_certs = NULL;
1.750 + }
1.751 +
1.752 + while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
1.753 + != NULL)
1.754 + {
1.755 + r = SSL_CTX_add_extra_chain_cert(ctx, ca);
1.756 + if (!r)
1.757 + {
1.758 + X509_free(ca);
1.759 + ret = 0;
1.760 + goto end;
1.761 + }
1.762 + /* Note that we must not free r if it was successfully
1.763 + * added to the chain (while we must free the main
1.764 + * certificate, since its reference count is increased
1.765 + * by SSL_CTX_use_certificate). */
1.766 + }
1.767 + /* When the while loop ends, it's usually just EOF. */
1.768 + err = ERR_peek_last_error();
1.769 + if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
1.770 + ERR_clear_error();
1.771 + else
1.772 + ret = 0; /* some real error */
1.773 + }
1.774 +
1.775 +end:
1.776 + if (x != NULL) X509_free(x);
1.777 + if (in != NULL) BIO_free(in);
1.778 + return(ret);
1.779 + }
1.780 +#endif