kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
752 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: d3bcf13165
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd3bcf13165'
${ noResults }
boringssl/ssl/ssl_rsa.c

708 lines
19 KiB
Raw Blame History 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <stdio.h>

  58. 

  59. #include <openssl/bio.h>

  60. #include <openssl/err.h>

  61. #include <openssl/evp.h>

  62. #include <openssl/mem.h>

  63. #include <openssl/obj.h>

  64. #include <openssl/pem.h>

  65. #include <openssl/x509.h>

  66. 

  67. #include "ssl_locl.h"

  68. 

  69. static int ssl_set_cert(CERT *c, X509 *x509);

  70. static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);

  71. 

  72. int SSL_use_certificate(SSL *ssl, X509 *x) {

  73.   if (x == NULL) {

  74.     OPENSSL_PUT_ERROR(SSL, SSL_use_certificate, ERR_R_PASSED_NULL_PARAMETER);

  75.     return 0;

  76.   }

  77.   if (!ssl_cert_inst(&ssl->cert)) {

  78.     OPENSSL_PUT_ERROR(SSL, SSL_use_certificate, ERR_R_MALLOC_FAILURE);

  79.     return 0;

  80.   }

  81.   return ssl_set_cert(ssl->cert, x);

  82. }

  83. 

  84. int SSL_use_certificate_file(SSL *ssl, const char *file, int type) {

  85.   int reason_code;

  86.   BIO *in;

  87.   int ret = 0;

  88.   X509 *x = NULL;

  89. 

  90.   in = BIO_new(BIO_s_file());

  91.   if (in == NULL) {

  92.     OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file, ERR_R_BUF_LIB);

  93.     goto end;

  94.   }

  95. 

  96.   if (BIO_read_filename(in, file) <= 0) {

  97.     OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file, ERR_R_SYS_LIB);

  98.     goto end;

  99.   }

  100. 

  101.   if (type == SSL_FILETYPE_ASN1) {

  102.     reason_code = ERR_R_ASN1_LIB;

  103.     x = d2i_X509_bio(in, NULL);

  104.   } else if (type == SSL_FILETYPE_PEM) {

  105.     reason_code = ERR_R_PEM_LIB;

  106.     x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback,

  107.                           ssl->ctx->default_passwd_callback_userdata);

  108.   } else {

  109.     OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file, SSL_R_BAD_SSL_FILETYPE);

  110.     goto end;

  111.   }

  112. 

  113.   if (x == NULL) {

  114.     OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file, reason_code);

  115.     goto end;

  116.   }

  117. 

  118.   ret = SSL_use_certificate(ssl, x);

  119. 

  120. end:

  121.   if (x != NULL) {

  122.     X509_free(x);

  123.   }

  124.   if (in != NULL) {

  125.     BIO_free(in);

  126.   }

  127. 

  128.   return ret;

  129. }

  130. 

  131. int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *d, int len) {

  132.   X509 *x;

  133.   int ret;

  134. 

  135.   x = d2i_X509(NULL, &d, (long)len);

  136.   if (x == NULL) {

  137.     OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_ASN1, ERR_R_ASN1_LIB);

  138.     return 0;

  139.   }

  140. 

  141.   ret = SSL_use_certificate(ssl, x);

  142.   X509_free(x);

  143.   return ret;

  144. }

  145. 

  146. int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) {

  147.   EVP_PKEY *pkey;

  148.   int ret;

  149. 

  150.   if (rsa == NULL) {

  151.     OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_PASSED_NULL_PARAMETER);

  152.     return 0;

  153.   }

  154. 

  155.   if (!ssl_cert_inst(&ssl->cert)) {

  156.     OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_MALLOC_FAILURE);

  157.     return 0;

  158.   }

  159. 

  160.   pkey = EVP_PKEY_new();

  161.   if (pkey == NULL) {

  162.     OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_EVP_LIB);

  163.     return 0;

  164.   }

  165. 

  166.   RSA_up_ref(rsa);

  167.   EVP_PKEY_assign_RSA(pkey, rsa);

  168. 

  169.   ret = ssl_set_pkey(ssl->cert, pkey);

  170.   EVP_PKEY_free(pkey);

  171. 

  172.   return ret;

  173. }

  174. 

  175. static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) {

  176.   int i;

  177. 

  178.   i = ssl_cert_type(pkey);

  179.   if (i < 0) {

  180.     OPENSSL_PUT_ERROR(SSL, ssl_set_pkey, SSL_R_UNKNOWN_CERTIFICATE_TYPE);

  181.     return 0;

  182.   }

  183. 

  184.   if (c->pkeys[i].x509 != NULL) {

  185.     EVP_PKEY *pktmp;

  186.     pktmp = X509_get_pubkey(c->pkeys[i].x509);

  187.     EVP_PKEY_copy_parameters(pktmp, pkey);

  188.     EVP_PKEY_free(pktmp);

  189.     ERR_clear_error();

  190. 

  191.     /* Sanity-check that the private key and the certificate match, unless the

  192.      * key is opaque (in case of, say, a smartcard). */

  193.     if (!EVP_PKEY_is_opaque(pkey) &&

  194.         !X509_check_private_key(c->pkeys[i].x509, pkey)) {

  195.       X509_free(c->pkeys[i].x509);

  196.       c->pkeys[i].x509 = NULL;

  197.       return 0;

  198.     }

  199.   }

  200. 

  201.   if (c->pkeys[i].privatekey != NULL) {

  202.     EVP_PKEY_free(c->pkeys[i].privatekey);

  203.   }

  204.   c->pkeys[i].privatekey = EVP_PKEY_dup(pkey);

  205.   c->key = &(c->pkeys[i]);

  206. 

  207.   return 1;

  208. }

  209. 

  210. int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) {

  211.   int reason_code, ret = 0;

  212.   BIO *in;

  213.   RSA *rsa = NULL;

  214. 

  215.   in = BIO_new(BIO_s_file());

  216.   if (in == NULL) {

  217.     OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file, ERR_R_BUF_LIB);

  218.     goto end;

  219.   }

  220. 

  221.   if (BIO_read_filename(in, file) <= 0) {

  222.     OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file, ERR_R_SYS_LIB);

  223.     goto end;

  224.   }

  225. 

  226.   if (type == SSL_FILETYPE_ASN1) {

  227.     reason_code = ERR_R_ASN1_LIB;

  228.     rsa = d2i_RSAPrivateKey_bio(in, NULL);

  229.   } else if (type == SSL_FILETYPE_PEM) {

  230.     reason_code = ERR_R_PEM_LIB;

  231.     rsa =

  232.         PEM_read_bio_RSAPrivateKey(in, NULL, ssl->ctx->default_passwd_callback,

  233.                                    ssl->ctx->default_passwd_callback_userdata);

  234.   } else {

  235.     OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file, SSL_R_BAD_SSL_FILETYPE);

  236.     goto end;

  237.   }

  238. 

  239.   if (rsa == NULL) {

  240.     OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file, reason_code);

  241.     goto end;

  242.   }

  243.   ret = SSL_use_RSAPrivateKey(ssl, rsa);

  244.   RSA_free(rsa);

  245. 

  246. end:

  247.   if (in != NULL) {

  248.     BIO_free(in);

  249.   }

  250.   return ret;

  251. }

  252. 

  253. int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, uint8_t *d, long len) {

  254.   int ret;

  255.   const uint8_t *p;

  256.   RSA *rsa;

  257. 

  258.   p = d;

  259.   rsa = d2i_RSAPrivateKey(NULL, &p, (long)len);

  260.   if (rsa == NULL) {

  261.     OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_ASN1, ERR_R_ASN1_LIB);

  262.     return 0;

  263.   }

  264. 

  265.   ret = SSL_use_RSAPrivateKey(ssl, rsa);

  266.   RSA_free(rsa);

  267.   return ret;

  268. }

  269. 

  270. int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) {

  271.   int ret;

  272. 

  273.   if (pkey == NULL) {

  274.     OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey, ERR_R_PASSED_NULL_PARAMETER);

  275.     return 0;

  276.   }

  277. 

  278.   if (!ssl_cert_inst(&ssl->cert)) {

  279.     OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey, ERR_R_MALLOC_FAILURE);

  280.     return 0;

  281.   }

  282. 

  283.   ret = ssl_set_pkey(ssl->cert, pkey);

  284.   return ret;

  285. }

  286. 

  287. int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) {

  288.   int reason_code, ret = 0;

  289.   BIO *in;

  290.   EVP_PKEY *pkey = NULL;

  291. 

  292.   in = BIO_new(BIO_s_file());

  293.   if (in == NULL) {

  294.     OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file, ERR_R_BUF_LIB);

  295.     goto end;

  296.   }

  297. 

  298.   if (BIO_read_filename(in, file) <= 0) {

  299.     OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file, ERR_R_SYS_LIB);

  300.     goto end;

  301.   }

  302. 

  303.   if (type == SSL_FILETYPE_PEM) {

  304.     reason_code = ERR_R_PEM_LIB;

  305.     pkey = PEM_read_bio_PrivateKey(in, NULL, ssl->ctx->default_passwd_callback,

  306.                                    ssl->ctx->default_passwd_callback_userdata);

  307.   } else if (type == SSL_FILETYPE_ASN1) {

  308.     reason_code = ERR_R_ASN1_LIB;

  309.     pkey = d2i_PrivateKey_bio(in, NULL);

  310.   } else {

  311.     OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file, SSL_R_BAD_SSL_FILETYPE);

  312.     goto end;

  313.   }

  314. 

  315.   if (pkey == NULL) {

  316.     OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file, reason_code);

  317.     goto end;

  318.   }

  319.   ret = SSL_use_PrivateKey(ssl, pkey);

  320.   EVP_PKEY_free(pkey);

  321. 

  322. end:

  323.   if (in != NULL) {

  324.     BIO_free(in);

  325.   }

  326.   return ret;

  327. }

  328. 

  329. int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const uint8_t *d, long len) {

  330.   int ret;

  331.   const uint8_t *p;

  332.   EVP_PKEY *pkey;

  333. 

  334.   p = d;

  335.   pkey = d2i_PrivateKey(type, NULL, &p, (long)len);

  336.   if (pkey == NULL) {

  337.     OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_ASN1, ERR_R_ASN1_LIB);

  338.     return 0;

  339.   }

  340. 

  341.   ret = SSL_use_PrivateKey(ssl, pkey);

  342.   EVP_PKEY_free(pkey);

  343.   return ret;

  344. }

  345. 

  346. int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) {

  347.   if (x == NULL) {

  348.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate,

  349.                       ERR_R_PASSED_NULL_PARAMETER);

  350.     return 0;

  351.   }

  352.   if (!ssl_cert_inst(&ctx->cert)) {

  353.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate, ERR_R_MALLOC_FAILURE);

  354.     return 0;

  355.   }

  356. 

  357.   return ssl_set_cert(ctx->cert, x);

  358. }

  359. 

  360. static int ssl_set_cert(CERT *c, X509 *x) {

  361.   EVP_PKEY *pkey;

  362.   int i;

  363. 

  364.   pkey = X509_get_pubkey(x);

  365.   if (pkey == NULL) {

  366.     OPENSSL_PUT_ERROR(SSL, ssl_set_cert, SSL_R_X509_LIB);

  367.     return 0;

  368.   }

  369. 

  370.   i = ssl_cert_type(pkey);

  371.   if (i < 0) {

  372.     OPENSSL_PUT_ERROR(SSL, ssl_set_cert, SSL_R_UNKNOWN_CERTIFICATE_TYPE);

  373.     EVP_PKEY_free(pkey);

  374.     return 0;

  375.   }

  376. 

  377.   if (c->pkeys[i].privatekey != NULL) {

  378.     EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);

  379.     ERR_clear_error();

  380. 

  381.     /* Sanity-check that the private key and the certificate match, unless the

  382.      * key is opaque (in case of, say, a smartcard). */

  383.     if (!EVP_PKEY_is_opaque(c->pkeys[i].privatekey) &&

  384.         !X509_check_private_key(x, c->pkeys[i].privatekey)) {

  385.       /* don't fail for a cert/key mismatch, just free current private key

  386.        * (when switching to a different cert & key, first this function should

  387.        * be used, then ssl_set_pkey */

  388.       EVP_PKEY_free(c->pkeys[i].privatekey);

  389.       c->pkeys[i].privatekey = NULL;

  390.       /* clear error queue */

  391.       ERR_clear_error();

  392.     }

  393.   }

  394. 

  395.   EVP_PKEY_free(pkey);

  396. 

  397.   if (c->pkeys[i].x509 != NULL) {

  398.     X509_free(c->pkeys[i].x509);

  399.   }

  400.   c->pkeys[i].x509 = X509_up_ref(x);

  401.   c->key = &(c->pkeys[i]);

  402. 

  403.   return 1;

  404. }

  405. 

  406. int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) {

  407.   int reason_code;

  408.   BIO *in;

  409.   int ret = 0;

  410.   X509 *x = NULL;

  411. 

  412.   in = BIO_new(BIO_s_file());

  413.   if (in == NULL) {

  414.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file, ERR_R_BUF_LIB);

  415.     goto end;

  416.   }

  417. 

  418.   if (BIO_read_filename(in, file) <= 0) {

  419.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file, ERR_R_SYS_LIB);

  420.     goto end;

  421.   }

  422. 

  423.   if (type == SSL_FILETYPE_ASN1) {

  424.     reason_code = ERR_R_ASN1_LIB;

  425.     x = d2i_X509_bio(in, NULL);

  426.   } else if (type == SSL_FILETYPE_PEM) {

  427.     reason_code = ERR_R_PEM_LIB;

  428.     x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,

  429.                           ctx->default_passwd_callback_userdata);

  430.   } else {

  431.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file,

  432.                       SSL_R_BAD_SSL_FILETYPE);

  433.     goto end;

  434.   }

  435. 

  436.   if (x == NULL) {

  437.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file, reason_code);

  438.     goto end;

  439.   }

  440. 

  441.   ret = SSL_CTX_use_certificate(ctx, x);

  442. 

  443. end:

  444.   if (x != NULL) {

  445.     X509_free(x);

  446.   }

  447.   if (in != NULL) {

  448.     BIO_free(in);

  449.   }

  450.   return ret;

  451. }

  452. 

  453. int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const uint8_t *d) {

  454.   X509 *x;

  455.   int ret;

  456. 

  457.   x = d2i_X509(NULL, &d, (long)len);

  458.   if (x == NULL) {

  459.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_ASN1, ERR_R_ASN1_LIB);

  460.     return 0;

  461.   }

  462. 

  463.   ret = SSL_CTX_use_certificate(ctx, x);

  464.   X509_free(x);

  465.   return ret;

  466. }

  467. 

  468. int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) {

  469.   int ret;

  470.   EVP_PKEY *pkey;

  471. 

  472.   if (rsa == NULL) {

  473.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey,

  474.                       ERR_R_PASSED_NULL_PARAMETER);

  475.     return 0;

  476.   }

  477. 

  478.   if (!ssl_cert_inst(&ctx->cert)) {

  479.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, ERR_R_MALLOC_FAILURE);

  480.     return 0;

  481.   }

  482. 

  483.   pkey = EVP_PKEY_new();

  484.   if (pkey == NULL) {

  485.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, ERR_R_EVP_LIB);

  486.     return 0;

  487.   }

  488. 

  489.   RSA_up_ref(rsa);

  490.   EVP_PKEY_assign_RSA(pkey, rsa);

  491. 

  492.   ret = ssl_set_pkey(ctx->cert, pkey);

  493.   EVP_PKEY_free(pkey);

  494.   return ret;

  495. }

  496. 

  497. int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) {

  498.   int reason_code, ret = 0;

  499.   BIO *in;

  500.   RSA *rsa = NULL;

  501. 

  502.   in = BIO_new(BIO_s_file());

  503.   if (in == NULL) {

  504.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file, ERR_R_BUF_LIB);

  505.     goto end;

  506.   }

  507. 

  508.   if (BIO_read_filename(in, file) <= 0) {

  509.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file, ERR_R_SYS_LIB);

  510.     goto end;

  511.   }

  512. 

  513.   if (type == SSL_FILETYPE_ASN1) {

  514.     reason_code = ERR_R_ASN1_LIB;

  515.     rsa = d2i_RSAPrivateKey_bio(in, NULL);

  516.   } else if (type == SSL_FILETYPE_PEM) {

  517.     reason_code = ERR_R_PEM_LIB;

  518.     rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ctx->default_passwd_callback,

  519.                                      ctx->default_passwd_callback_userdata);

  520.   } else {

  521.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file,

  522.                       SSL_R_BAD_SSL_FILETYPE);

  523.     goto end;

  524.   }

  525. 

  526.   if (rsa == NULL) {

  527.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file, reason_code);

  528.     goto end;

  529.   }

  530.   ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);

  531.   RSA_free(rsa);

  532. 

  533. end:

  534.   if (in != NULL) {

  535.     BIO_free(in);

  536.   }

  537.   return ret;

  538. }

  539. 

  540. int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const uint8_t *d, long len) {

  541.   int ret;

  542.   const uint8_t *p;

  543.   RSA *rsa;

  544. 

  545.   p = d;

  546.   rsa = d2i_RSAPrivateKey(NULL, &p, (long)len);

  547.   if (rsa == NULL) {

  548.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_ASN1, ERR_R_ASN1_LIB);

  549.     return 0;

  550.   }

  551. 

  552.   ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);

  553.   RSA_free(rsa);

  554.   return ret;

  555. }

  556. 

  557. int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) {

  558.   if (pkey == NULL) {

  559.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey, ERR_R_PASSED_NULL_PARAMETER);

  560.     return 0;

  561.   }

  562. 

  563.   if (!ssl_cert_inst(&ctx->cert)) {

  564.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey, ERR_R_MALLOC_FAILURE);

  565.     return 0;

  566.   }

  567. 

  568.   return ssl_set_pkey(ctx->cert, pkey);

  569. }

  570. 

  571. int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) {

  572.   int reason_code, ret = 0;

  573.   BIO *in;

  574.   EVP_PKEY *pkey = NULL;

  575. 

  576.   in = BIO_new(BIO_s_file());

  577.   if (in == NULL) {

  578.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file, ERR_R_BUF_LIB);

  579.     goto end;

  580.   }

  581. 

  582.   if (BIO_read_filename(in, file) <= 0) {

  583.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file, ERR_R_SYS_LIB);

  584.     goto end;

  585.   }

  586. 

  587.   if (type == SSL_FILETYPE_PEM) {

  588.     reason_code = ERR_R_PEM_LIB;

  589.     pkey = PEM_read_bio_PrivateKey(in, NULL, ctx->default_passwd_callback,

  590.                                    ctx->default_passwd_callback_userdata);

  591.   } else if (type == SSL_FILETYPE_ASN1) {

  592.     reason_code = ERR_R_ASN1_LIB;

  593.     pkey = d2i_PrivateKey_bio(in, NULL);

  594.   } else {

  595.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file, SSL_R_BAD_SSL_FILETYPE);

  596.     goto end;

  597.   }

  598. 

  599.   if (pkey == NULL) {

  600.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file, reason_code);

  601.     goto end;

  602.   }

  603.   ret = SSL_CTX_use_PrivateKey(ctx, pkey);

  604.   EVP_PKEY_free(pkey);

  605. 

  606. end:

  607.   if (in != NULL) {

  608.     BIO_free(in);

  609.   }

  610.   return ret;

  611. }

  612. 

  613. int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const uint8_t *d,

  614.                                 long len) {

  615.   int ret;

  616.   const uint8_t *p;

  617.   EVP_PKEY *pkey;

  618. 

  619.   p = d;

  620.   pkey = d2i_PrivateKey(type, NULL, &p, (long)len);

  621.   if (pkey == NULL) {

  622.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_ASN1, ERR_R_ASN1_LIB);

  623.     return 0;

  624.   }

  625. 

  626.   ret = SSL_CTX_use_PrivateKey(ctx, pkey);

  627.   EVP_PKEY_free(pkey);

  628.   return ret;

  629. }

  630. 

  631. 

  632. /* Read a file that contains our certificate in "PEM" format, possibly followed

  633.  * by a sequence of CA certificates that should be sent to the peer in the

  634.  * Certificate message. */

  635. int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) {

  636.   BIO *in;

  637.   int ret = 0;

  638.   X509 *x = NULL;

  639. 

  640.   ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */

  641. 

  642.   in = BIO_new(BIO_s_file());

  643.   if (in == NULL) {

  644.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_chain_file, ERR_R_BUF_LIB);

  645.     goto end;

  646.   }

  647. 

  648.   if (BIO_read_filename(in, file) <= 0) {

  649.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_chain_file, ERR_R_SYS_LIB);

  650.     goto end;

  651.   }

  652. 

  653.   x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,

  654.                             ctx->default_passwd_callback_userdata);

  655.   if (x == NULL) {

  656.     OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_chain_file, ERR_R_PEM_LIB);

  657.     goto end;

  658.   }

  659. 

  660.   ret = SSL_CTX_use_certificate(ctx, x);

  661. 

  662.   if (ERR_peek_error() != 0) {

  663.     ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */

  664.   }

  665. 

  666.   if (ret) {

  667.     /* If we could set up our certificate, now proceed to the CA

  668.      * certificates. */

  669.     X509 *ca;

  670.     int r;

  671.     unsigned long err;

  672. 

  673.     SSL_CTX_clear_chain_certs(ctx);

  674. 

  675.     while ((ca = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,

  676.                                    ctx->default_passwd_callback_userdata)) !=

  677.            NULL) {

  678.       r = SSL_CTX_add0_chain_cert(ctx, ca);

  679.       if (!r) {

  680.         X509_free(ca);

  681.         ret = 0;

  682.         goto end;

  683.       }

  684.       /* Note that we must not free r if it was successfully added to the chain

  685.        * (while we must free the main certificate, since its reference count is

  686.        * increased by SSL_CTX_use_certificate). */

  687.     }

  688. 

  689.     /* When the while loop ends, it's usually just EOF. */

  690.     err = ERR_peek_last_error();

  691.     if (ERR_GET_LIB(err) == ERR_LIB_PEM &&

  692.         ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {

  693.       ERR_clear_error();

  694.     } else {

  695.       ret = 0; /* some real error */

  696.     }

  697.   }

  698. 

  699. end:

  700.   if (x != NULL) {

  701.     X509_free(x);

  702.   }

  703.   if (in != NULL) {

  704.     BIO_free(in);

  705.   }

  706.   return ret;

  707. }