]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* ssl/ssl_rsa.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
8 | * | |
9 | * This library is free for commercial and non-commercial use as long as | |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 | * | |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
22 | * | |
23 | * Redistribution and use in source and binary forms, with or without | |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 | * the apps directory (application code) you must include an acknowledgement: | |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
52 | * | |
53 | * The licence and distribution terms for any publically available version or | |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
60 | #include "bio.h" | |
61 | #include "objects.h" | |
62 | #include "evp.h" | |
63 | #include "x509.h" | |
64 | #include "pem.h" | |
65 | #include "ssl_locl.h" | |
66 | ||
67 | #ifndef NOPROTO | |
68 | static int ssl_set_cert(CERT *c, X509 *x509); | |
69 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); | |
70 | #else | |
71 | static int ssl_set_cert(); | |
72 | static int ssl_set_pkey(); | |
73 | #endif | |
74 | ||
6b691a5c | 75 | int SSL_use_certificate(SSL *ssl, X509 *x) |
d02b48c6 | 76 | { |
d02b48c6 RE |
77 | if (x == NULL) |
78 | { | |
79 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | |
80 | return(0); | |
81 | } | |
15d21c2d | 82 | if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) |
d02b48c6 | 83 | { |
15d21c2d RE |
84 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); |
85 | return(0); | |
d02b48c6 | 86 | } |
15d21c2d | 87 | return(ssl_set_cert(ssl->cert,x)); |
d02b48c6 RE |
88 | } |
89 | ||
58964a49 | 90 | #ifndef NO_STDIO |
6b691a5c | 91 | int SSL_use_certificate_file(SSL *ssl, char *file, int type) |
d02b48c6 RE |
92 | { |
93 | int j; | |
94 | BIO *in; | |
95 | int ret=0; | |
96 | X509 *x=NULL; | |
97 | ||
58964a49 | 98 | in=BIO_new(BIO_s_file_internal()); |
d02b48c6 RE |
99 | if (in == NULL) |
100 | { | |
101 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | |
102 | goto end; | |
103 | } | |
104 | ||
105 | if (BIO_read_filename(in,file) <= 0) | |
106 | { | |
d02b48c6 RE |
107 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); |
108 | goto end; | |
109 | } | |
110 | if (type == SSL_FILETYPE_ASN1) | |
111 | { | |
112 | j=ERR_R_ASN1_LIB; | |
113 | x=d2i_X509_bio(in,NULL); | |
114 | } | |
115 | else if (type == SSL_FILETYPE_PEM) | |
116 | { | |
117 | j=ERR_R_PEM_LIB; | |
118 | x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback); | |
119 | } | |
120 | else | |
121 | { | |
122 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | |
123 | goto end; | |
124 | } | |
125 | ||
126 | if (x == NULL) | |
127 | { | |
128 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); | |
129 | goto end; | |
130 | } | |
131 | ||
132 | ret=SSL_use_certificate(ssl,x); | |
133 | end: | |
134 | if (x != NULL) X509_free(x); | |
135 | if (in != NULL) BIO_free(in); | |
136 | return(ret); | |
137 | } | |
58964a49 | 138 | #endif |
d02b48c6 | 139 | |
6b691a5c | 140 | int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len) |
d02b48c6 RE |
141 | { |
142 | X509 *x; | |
143 | int ret; | |
144 | ||
145 | x=d2i_X509(NULL,&d,(long)len); | |
146 | if (x == NULL) | |
147 | { | |
148 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | |
149 | return(0); | |
150 | } | |
151 | ||
152 | ret=SSL_use_certificate(ssl,x); | |
153 | X509_free(x); | |
154 | return(ret); | |
155 | } | |
156 | ||
157 | #ifndef NO_RSA | |
6b691a5c | 158 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) |
d02b48c6 | 159 | { |
d02b48c6 RE |
160 | EVP_PKEY *pkey; |
161 | int ret; | |
162 | ||
163 | if (rsa == NULL) | |
164 | { | |
165 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | |
166 | return(0); | |
167 | } | |
15d21c2d RE |
168 | if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) |
169 | { | |
170 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | |
171 | return(0); | |
d02b48c6 | 172 | } |
d02b48c6 RE |
173 | if ((pkey=EVP_PKEY_new()) == NULL) |
174 | { | |
175 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | |
176 | return(0); | |
177 | } | |
178 | ||
179 | CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); | |
180 | EVP_PKEY_assign_RSA(pkey,rsa); | |
181 | ||
15d21c2d | 182 | ret=ssl_set_pkey(ssl->cert,pkey); |
d02b48c6 RE |
183 | EVP_PKEY_free(pkey); |
184 | return(ret); | |
185 | } | |
186 | #endif | |
187 | ||
6b691a5c | 188 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) |
d02b48c6 RE |
189 | { |
190 | int i,ok=0,bad=0; | |
191 | ||
192 | i=ssl_cert_type(NULL,pkey); | |
193 | if (i < 0) | |
194 | { | |
195 | SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | |
196 | return(0); | |
197 | } | |
198 | ||
199 | if (c->pkeys[i].x509 != NULL) | |
200 | { | |
a8236c8c DSH |
201 | EVP_PKEY *pktmp; |
202 | pktmp = X509_get_pubkey(c->pkeys[i].x509); | |
203 | EVP_PKEY_copy_parameters(pktmp,pkey); | |
204 | EVP_PKEY_free(pktmp); | |
dfeab068 RE |
205 | ERR_clear_error(); |
206 | ||
58964a49 RE |
207 | #ifndef NO_RSA |
208 | /* Don't check the public/private key, this is mostly | |
209 | * for smart cards. */ | |
210 | if ((pkey->type == EVP_PKEY_RSA) && | |
211 | (RSA_flags(pkey->pkey.rsa) & | |
212 | RSA_METHOD_FLAG_NO_CHECK)) | |
213 | ok=1; | |
214 | else | |
215 | #endif | |
216 | if (!X509_check_private_key(c->pkeys[i].x509,pkey)) | |
d02b48c6 RE |
217 | { |
218 | if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) | |
219 | { | |
220 | i=(i == SSL_PKEY_DH_RSA)? | |
221 | SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; | |
222 | ||
223 | if (c->pkeys[i].x509 == NULL) | |
224 | ok=1; | |
225 | else | |
226 | { | |
227 | if (!X509_check_private_key( | |
228 | c->pkeys[i].x509,pkey)) | |
229 | bad=1; | |
230 | else | |
231 | ok=1; | |
232 | } | |
233 | } | |
234 | else | |
235 | bad=1; | |
236 | } | |
237 | else | |
238 | ok=1; | |
239 | } | |
240 | else | |
241 | ok=1; | |
242 | ||
243 | if (bad) | |
244 | { | |
245 | X509_free(c->pkeys[i].x509); | |
246 | c->pkeys[i].x509=NULL; | |
247 | return(0); | |
248 | } | |
249 | ||
250 | if (c->pkeys[i].privatekey != NULL) | |
251 | EVP_PKEY_free(c->pkeys[i].privatekey); | |
252 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | |
253 | c->pkeys[i].privatekey=pkey; | |
254 | c->key= &(c->pkeys[i]); | |
255 | ||
256 | c->valid=0; | |
257 | return(1); | |
258 | } | |
259 | ||
260 | #ifndef NO_RSA | |
58964a49 | 261 | #ifndef NO_STDIO |
6b691a5c | 262 | int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type) |
d02b48c6 RE |
263 | { |
264 | int j,ret=0; | |
265 | BIO *in; | |
266 | RSA *rsa=NULL; | |
267 | ||
58964a49 | 268 | in=BIO_new(BIO_s_file_internal()); |
d02b48c6 RE |
269 | if (in == NULL) |
270 | { | |
271 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | |
272 | goto end; | |
273 | } | |
274 | ||
275 | if (BIO_read_filename(in,file) <= 0) | |
276 | { | |
d02b48c6 RE |
277 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); |
278 | goto end; | |
279 | } | |
280 | if (type == SSL_FILETYPE_ASN1) | |
281 | { | |
282 | j=ERR_R_ASN1_LIB; | |
283 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | |
284 | } | |
285 | else if (type == SSL_FILETYPE_PEM) | |
286 | { | |
287 | j=ERR_R_PEM_LIB; | |
288 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | |
289 | ssl->ctx->default_passwd_callback); | |
290 | } | |
291 | else | |
292 | { | |
293 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | |
294 | goto end; | |
295 | } | |
296 | if (rsa == NULL) | |
297 | { | |
298 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); | |
299 | goto end; | |
300 | } | |
301 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | |
302 | RSA_free(rsa); | |
303 | end: | |
304 | if (in != NULL) BIO_free(in); | |
305 | return(ret); | |
306 | } | |
58964a49 | 307 | #endif |
d02b48c6 | 308 | |
6b691a5c | 309 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) |
d02b48c6 RE |
310 | { |
311 | int ret; | |
312 | unsigned char *p; | |
313 | RSA *rsa; | |
314 | ||
315 | p=d; | |
316 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | |
317 | { | |
318 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | |
319 | return(0); | |
320 | } | |
321 | ||
322 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | |
323 | RSA_free(rsa); | |
324 | return(ret); | |
325 | } | |
326 | #endif /* !NO_RSA */ | |
327 | ||
6b691a5c | 328 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) |
d02b48c6 | 329 | { |
d02b48c6 RE |
330 | int ret; |
331 | ||
332 | if (pkey == NULL) | |
333 | { | |
334 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | |
335 | return(0); | |
336 | } | |
15d21c2d RE |
337 | if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) |
338 | { | |
339 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | |
340 | return(0); | |
d02b48c6 | 341 | } |
15d21c2d | 342 | ret=ssl_set_pkey(ssl->cert,pkey); |
d02b48c6 RE |
343 | return(ret); |
344 | } | |
345 | ||
58964a49 | 346 | #ifndef NO_STDIO |
6b691a5c | 347 | int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type) |
d02b48c6 RE |
348 | { |
349 | int j,ret=0; | |
350 | BIO *in; | |
351 | EVP_PKEY *pkey=NULL; | |
352 | ||
58964a49 | 353 | in=BIO_new(BIO_s_file_internal()); |
d02b48c6 RE |
354 | if (in == NULL) |
355 | { | |
356 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | |
357 | goto end; | |
358 | } | |
359 | ||
360 | if (BIO_read_filename(in,file) <= 0) | |
361 | { | |
d02b48c6 RE |
362 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); |
363 | goto end; | |
364 | } | |
365 | if (type == SSL_FILETYPE_PEM) | |
366 | { | |
367 | j=ERR_R_PEM_LIB; | |
368 | pkey=PEM_read_bio_PrivateKey(in,NULL, | |
369 | ssl->ctx->default_passwd_callback); | |
370 | } | |
371 | else | |
372 | { | |
373 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | |
374 | goto end; | |
375 | } | |
376 | if (pkey == NULL) | |
377 | { | |
378 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); | |
379 | goto end; | |
380 | } | |
381 | ret=SSL_use_PrivateKey(ssl,pkey); | |
382 | EVP_PKEY_free(pkey); | |
383 | end: | |
384 | if (in != NULL) BIO_free(in); | |
385 | return(ret); | |
386 | } | |
58964a49 | 387 | #endif |
d02b48c6 | 388 | |
6b691a5c | 389 | int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len) |
d02b48c6 RE |
390 | { |
391 | int ret; | |
392 | unsigned char *p; | |
393 | EVP_PKEY *pkey; | |
394 | ||
395 | p=d; | |
396 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | |
397 | { | |
398 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | |
399 | return(0); | |
400 | } | |
401 | ||
402 | ret=SSL_use_PrivateKey(ssl,pkey); | |
403 | EVP_PKEY_free(pkey); | |
404 | return(ret); | |
405 | } | |
406 | ||
6b691a5c | 407 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) |
d02b48c6 | 408 | { |
d02b48c6 RE |
409 | if (x == NULL) |
410 | { | |
411 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | |
412 | return(0); | |
413 | } | |
15d21c2d | 414 | if (!ssl_cert_instantiate(&ctx->default_cert, NULL)) |
d02b48c6 | 415 | { |
15d21c2d RE |
416 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); |
417 | return(0); | |
d02b48c6 | 418 | } |
15d21c2d | 419 | return(ssl_set_cert(ctx->default_cert,x)); |
d02b48c6 RE |
420 | } |
421 | ||
6b691a5c | 422 | static int ssl_set_cert(CERT *c, X509 *x) |
d02b48c6 RE |
423 | { |
424 | EVP_PKEY *pkey; | |
425 | int i,ok=0,bad=0; | |
426 | ||
427 | pkey=X509_get_pubkey(x); | |
428 | if (pkey == NULL) | |
429 | { | |
58964a49 | 430 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); |
d02b48c6 RE |
431 | return(0); |
432 | } | |
433 | ||
434 | i=ssl_cert_type(x,pkey); | |
435 | if (i < 0) | |
436 | { | |
58964a49 | 437 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
a8236c8c | 438 | EVP_PKEY_free(pkey); |
d02b48c6 RE |
439 | return(0); |
440 | } | |
441 | ||
442 | if (c->pkeys[i].privatekey != NULL) | |
dfeab068 RE |
443 | { |
444 | EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); | |
445 | ERR_clear_error(); | |
446 | ||
447 | #ifndef NO_RSA | |
448 | /* Don't check the public/private key, this is mostly | |
449 | * for smart cards. */ | |
450 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && | |
451 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & | |
452 | RSA_METHOD_FLAG_NO_CHECK)) | |
453 | ok=1; | |
454 | else | |
455 | #endif | |
d02b48c6 RE |
456 | { |
457 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) | |
458 | { | |
459 | if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) | |
460 | { | |
461 | i=(i == SSL_PKEY_DH_RSA)? | |
462 | SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; | |
463 | ||
464 | if (c->pkeys[i].privatekey == NULL) | |
465 | ok=1; | |
466 | else | |
467 | { | |
468 | if (!X509_check_private_key(x, | |
469 | c->pkeys[i].privatekey)) | |
470 | bad=1; | |
471 | else | |
472 | ok=1; | |
473 | } | |
474 | } | |
475 | else | |
476 | bad=1; | |
477 | } | |
478 | else | |
479 | ok=1; | |
dfeab068 | 480 | } /* NO_RSA */ |
d02b48c6 RE |
481 | } |
482 | else | |
483 | ok=1; | |
484 | ||
a8236c8c | 485 | EVP_PKEY_free(pkey); |
d02b48c6 RE |
486 | if (bad) |
487 | { | |
488 | EVP_PKEY_free(c->pkeys[i].privatekey); | |
489 | c->pkeys[i].privatekey=NULL; | |
490 | } | |
491 | ||
492 | if (c->pkeys[i].x509 != NULL) | |
493 | X509_free(c->pkeys[i].x509); | |
494 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | |
495 | c->pkeys[i].x509=x; | |
496 | c->key= &(c->pkeys[i]); | |
497 | ||
498 | c->valid=0; | |
499 | return(1); | |
500 | } | |
501 | ||
58964a49 | 502 | #ifndef NO_STDIO |
6b691a5c | 503 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type) |
d02b48c6 RE |
504 | { |
505 | int j; | |
506 | BIO *in; | |
507 | int ret=0; | |
508 | X509 *x=NULL; | |
509 | ||
58964a49 | 510 | in=BIO_new(BIO_s_file_internal()); |
d02b48c6 RE |
511 | if (in == NULL) |
512 | { | |
513 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | |
514 | goto end; | |
515 | } | |
516 | ||
517 | if (BIO_read_filename(in,file) <= 0) | |
518 | { | |
d02b48c6 RE |
519 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); |
520 | goto end; | |
521 | } | |
522 | if (type == SSL_FILETYPE_ASN1) | |
523 | { | |
524 | j=ERR_R_ASN1_LIB; | |
525 | x=d2i_X509_bio(in,NULL); | |
526 | } | |
527 | else if (type == SSL_FILETYPE_PEM) | |
528 | { | |
529 | j=ERR_R_PEM_LIB; | |
530 | x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback); | |
531 | } | |
532 | else | |
533 | { | |
534 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | |
535 | goto end; | |
536 | } | |
537 | ||
538 | if (x == NULL) | |
539 | { | |
540 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); | |
541 | goto end; | |
542 | } | |
543 | ||
544 | ret=SSL_CTX_use_certificate(ctx,x); | |
545 | end: | |
546 | if (x != NULL) X509_free(x); | |
547 | if (in != NULL) BIO_free(in); | |
548 | return(ret); | |
549 | } | |
58964a49 | 550 | #endif |
d02b48c6 | 551 | |
6b691a5c | 552 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d) |
d02b48c6 RE |
553 | { |
554 | X509 *x; | |
555 | int ret; | |
556 | ||
557 | x=d2i_X509(NULL,&d,(long)len); | |
558 | if (x == NULL) | |
559 | { | |
560 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | |
561 | return(0); | |
562 | } | |
563 | ||
564 | ret=SSL_CTX_use_certificate(ctx,x); | |
565 | X509_free(x); | |
566 | return(ret); | |
567 | } | |
568 | ||
569 | #ifndef NO_RSA | |
6b691a5c | 570 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) |
d02b48c6 RE |
571 | { |
572 | int ret; | |
d02b48c6 RE |
573 | EVP_PKEY *pkey; |
574 | ||
575 | if (rsa == NULL) | |
576 | { | |
577 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | |
578 | return(0); | |
579 | } | |
15d21c2d | 580 | if (!ssl_cert_instantiate(&ctx->default_cert, NULL)) |
d02b48c6 | 581 | { |
15d21c2d RE |
582 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); |
583 | return(0); | |
d02b48c6 | 584 | } |
d02b48c6 RE |
585 | if ((pkey=EVP_PKEY_new()) == NULL) |
586 | { | |
587 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | |
588 | return(0); | |
589 | } | |
590 | ||
591 | CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); | |
592 | EVP_PKEY_assign_RSA(pkey,rsa); | |
593 | ||
15d21c2d | 594 | ret=ssl_set_pkey(ctx->default_cert,pkey); |
d02b48c6 RE |
595 | EVP_PKEY_free(pkey); |
596 | return(ret); | |
597 | } | |
598 | ||
58964a49 | 599 | #ifndef NO_STDIO |
6b691a5c | 600 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type) |
d02b48c6 RE |
601 | { |
602 | int j,ret=0; | |
603 | BIO *in; | |
604 | RSA *rsa=NULL; | |
605 | ||
58964a49 | 606 | in=BIO_new(BIO_s_file_internal()); |
d02b48c6 RE |
607 | if (in == NULL) |
608 | { | |
609 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | |
610 | goto end; | |
611 | } | |
612 | ||
613 | if (BIO_read_filename(in,file) <= 0) | |
614 | { | |
d02b48c6 RE |
615 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); |
616 | goto end; | |
617 | } | |
618 | if (type == SSL_FILETYPE_ASN1) | |
619 | { | |
620 | j=ERR_R_ASN1_LIB; | |
621 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | |
622 | } | |
623 | else if (type == SSL_FILETYPE_PEM) | |
624 | { | |
625 | j=ERR_R_PEM_LIB; | |
626 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | |
627 | ctx->default_passwd_callback); | |
628 | } | |
629 | else | |
630 | { | |
631 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | |
632 | goto end; | |
633 | } | |
634 | if (rsa == NULL) | |
635 | { | |
636 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); | |
637 | goto end; | |
638 | } | |
639 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | |
640 | RSA_free(rsa); | |
641 | end: | |
642 | if (in != NULL) BIO_free(in); | |
643 | return(ret); | |
644 | } | |
58964a49 | 645 | #endif |
d02b48c6 | 646 | |
6b691a5c | 647 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len) |
d02b48c6 RE |
648 | { |
649 | int ret; | |
650 | unsigned char *p; | |
651 | RSA *rsa; | |
652 | ||
653 | p=d; | |
654 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | |
655 | { | |
656 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | |
657 | return(0); | |
658 | } | |
659 | ||
660 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | |
661 | RSA_free(rsa); | |
662 | return(ret); | |
663 | } | |
664 | #endif /* !NO_RSA */ | |
665 | ||
6b691a5c | 666 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) |
d02b48c6 | 667 | { |
d02b48c6 RE |
668 | if (pkey == NULL) |
669 | { | |
670 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | |
671 | return(0); | |
672 | } | |
15d21c2d | 673 | if (!ssl_cert_instantiate(&ctx->default_cert, NULL)) |
d02b48c6 | 674 | { |
15d21c2d RE |
675 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); |
676 | return(0); | |
d02b48c6 | 677 | } |
15d21c2d | 678 | return(ssl_set_pkey(ctx->default_cert,pkey)); |
d02b48c6 RE |
679 | } |
680 | ||
58964a49 | 681 | #ifndef NO_STDIO |
6b691a5c | 682 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type) |
d02b48c6 RE |
683 | { |
684 | int j,ret=0; | |
685 | BIO *in; | |
686 | EVP_PKEY *pkey=NULL; | |
687 | ||
58964a49 | 688 | in=BIO_new(BIO_s_file_internal()); |
d02b48c6 RE |
689 | if (in == NULL) |
690 | { | |
691 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | |
692 | goto end; | |
693 | } | |
694 | ||
695 | if (BIO_read_filename(in,file) <= 0) | |
696 | { | |
d02b48c6 RE |
697 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); |
698 | goto end; | |
699 | } | |
700 | if (type == SSL_FILETYPE_PEM) | |
701 | { | |
702 | j=ERR_R_PEM_LIB; | |
703 | pkey=PEM_read_bio_PrivateKey(in,NULL, | |
704 | ctx->default_passwd_callback); | |
705 | } | |
706 | else | |
707 | { | |
708 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | |
709 | goto end; | |
710 | } | |
711 | if (pkey == NULL) | |
712 | { | |
713 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); | |
714 | goto end; | |
715 | } | |
716 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | |
717 | EVP_PKEY_free(pkey); | |
718 | end: | |
719 | if (in != NULL) BIO_free(in); | |
720 | return(ret); | |
721 | } | |
58964a49 | 722 | #endif |
d02b48c6 | 723 | |
6b691a5c UM |
724 | int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, |
725 | long len) | |
d02b48c6 RE |
726 | { |
727 | int ret; | |
728 | unsigned char *p; | |
729 | EVP_PKEY *pkey; | |
730 | ||
731 | p=d; | |
732 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | |
733 | { | |
734 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | |
735 | return(0); | |
736 | } | |
737 | ||
738 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | |
739 | EVP_PKEY_free(pkey); | |
740 | return(ret); | |
741 | } | |
742 | ||
743 |