[thirdparty/openssl.git] / ssl / ssl_rsa.c

/* ssl/ssl_rsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include "ssl_locl.h"
#include <openssl/bio.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>

static int ssl_set_cert(CERT *c, X509 *x509);
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
int SSL_use_certificate(SSL *ssl, X509 *x)
{
    if (x == NULL) {
        SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
        return (0);
    }
    if (!ssl_cert_inst(&ssl->cert)) {
        SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
        return (0);
    }
    return (ssl_set_cert(ssl->cert, x));
}

#ifndef OPENSSL_NO_STDIO
int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
{
    int j;
    BIO *in;
    int ret = 0;
    X509 *x = NULL;

    in = BIO_new(BIO_s_file_internal());
    if (in == NULL) {
        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
        goto end;
    }

    if (BIO_read_filename(in, file) <= 0) {
        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
        goto end;
    }
    if (type == SSL_FILETYPE_ASN1) {
        j = ERR_R_ASN1_LIB;
        x = d2i_X509_bio(in, NULL);
    } else if (type == SSL_FILETYPE_PEM) {
        j = ERR_R_PEM_LIB;
        x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback,
                              ssl->ctx->default_passwd_callback_userdata);
    } else {
        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
        goto end;
    }

    if (x == NULL) {
        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
        goto end;
    }

    ret = SSL_use_certificate(ssl, x);
 end:
    if (x != NULL)
        X509_free(x);
    if (in != NULL)
        BIO_free(in);
    return (ret);
}
#endif

int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
{
    X509 *x;
    int ret;

    x = d2i_X509(NULL, &d, (long)len);
    if (x == NULL) {
        SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
        return (0);
    }

    ret = SSL_use_certificate(ssl, x);
    X509_free(x);
    return (ret);
}

#ifndef OPENSSL_NO_RSA
int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
{
    EVP_PKEY *pkey;
    int ret;

    if (rsa == NULL) {
        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
        return (0);
    }
    if (!ssl_cert_inst(&ssl->cert)) {
        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
        return (0);
    }
    if ((pkey = EVP_PKEY_new()) == NULL) {
        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
        return (0);
    }

    RSA_up_ref(rsa);
    EVP_PKEY_assign_RSA(pkey, rsa);

    ret = ssl_set_pkey(ssl->cert, pkey);
    EVP_PKEY_free(pkey);
    return (ret);
}
#endif

static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
    int i;

    i = ssl_cert_type(NULL, pkey);
    if (i < 0) {
        SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
        return (0);
    }

    if (c->pkeys[i].x509 != NULL) {
        EVP_PKEY *pktmp;
        pktmp = X509_get_pubkey(c->pkeys[i].x509);
        EVP_PKEY_copy_parameters(pktmp, pkey);
        EVP_PKEY_free(pktmp);
        ERR_clear_error();

#ifndef OPENSSL_NO_RSA
        /*
         * Don't check the public/private key, this is mostly for smart
         * cards.
         */
        if ((pkey->type == EVP_PKEY_RSA) &&
            (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ;
        else
#endif
        if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
            X509_free(c->pkeys[i].x509);
            c->pkeys[i].x509 = NULL;
            return 0;
        }
    }

    if (c->pkeys[i].privatekey != NULL)
        EVP_PKEY_free(c->pkeys[i].privatekey);
    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
    c->pkeys[i].privatekey = pkey;
    c->key = &(c->pkeys[i]);

    c->valid = 0;
    return (1);
}

#ifndef OPENSSL_NO_RSA
# ifndef OPENSSL_NO_STDIO
int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
{
    int j, ret = 0;
    BIO *in;
    RSA *rsa = NULL;

    in = BIO_new(BIO_s_file_internal());
    if (in == NULL) {
        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
        goto end;
    }

    if (BIO_read_filename(in, file) <= 0) {
        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
        goto end;
    }
    if (type == SSL_FILETYPE_ASN1) {
        j = ERR_R_ASN1_LIB;
        rsa = d2i_RSAPrivateKey_bio(in, NULL);
    } else if (type == SSL_FILETYPE_PEM) {
        j = ERR_R_PEM_LIB;
        rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
                                         ssl->ctx->default_passwd_callback,
                                         ssl->
                                         ctx->default_passwd_callback_userdata);
    } else {
        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
        goto end;
    }
    if (rsa == NULL) {
        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
        goto end;
    }
    ret = SSL_use_RSAPrivateKey(ssl, rsa);
    RSA_free(rsa);
 end:
    if (in != NULL)
        BIO_free(in);
    return (ret);
}
# endif

int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
{
    int ret;
    const unsigned char *p;
    RSA *rsa;

    p = d;
    if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
        return (0);
    }

    ret = SSL_use_RSAPrivateKey(ssl, rsa);
    RSA_free(rsa);
    return (ret);
}
#endif                          /* !OPENSSL_NO_RSA */

int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
    int ret;

    if (pkey == NULL) {
        SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
        return (0);
    }
    if (!ssl_cert_inst(&ssl->cert)) {
        SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
        return (0);
    }
    ret = ssl_set_pkey(ssl->cert, pkey);
    return (ret);
}

#ifndef OPENSSL_NO_STDIO
int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
{
    int j, ret = 0;
    BIO *in;
    EVP_PKEY *pkey = NULL;

    in = BIO_new(BIO_s_file_internal());
    if (in == NULL) {
        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
        goto end;
    }

    if (BIO_read_filename(in, file) <= 0) {
        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
        goto end;
    }
    if (type == SSL_FILETYPE_PEM) {
        j = ERR_R_PEM_LIB;
        pkey = PEM_read_bio_PrivateKey(in, NULL,
                                       ssl->ctx->default_passwd_callback,
                                       ssl->
                                       ctx->default_passwd_callback_userdata);
    } else if (type == SSL_FILETYPE_ASN1) {
        j = ERR_R_ASN1_LIB;
        pkey = d2i_PrivateKey_bio(in, NULL);
    } else {
        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
        goto end;
    }
    if (pkey == NULL) {
        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
        goto end;
    }
    ret = SSL_use_PrivateKey(ssl, pkey);
    EVP_PKEY_free(pkey);
 end:
    if (in != NULL)
        BIO_free(in);
    return (ret);
}
#endif

int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
                            long len)
{
    int ret;
    const unsigned char *p;
    EVP_PKEY *pkey;

    p = d;
    if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
        return (0);
    }

    ret = SSL_use_PrivateKey(ssl, pkey);
    EVP_PKEY_free(pkey);
    return (ret);
}

int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
{
    if (x == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
        return (0);
    }
    if (!ssl_cert_inst(&ctx->cert)) {
        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
        return (0);
    }
    return (ssl_set_cert(ctx->cert, x));
}

static int ssl_set_cert(CERT *c, X509 *x)
{
    EVP_PKEY *pkey;
    int i;

    pkey = X509_get_pubkey(x);
    if (pkey == NULL) {
        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
        return (0);
    }

    i = ssl_cert_type(x, pkey);
    if (i < 0) {
        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
        EVP_PKEY_free(pkey);
        return (0);
    }

    if (c->pkeys[i].privatekey != NULL) {
        EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
        ERR_clear_error();

#ifndef OPENSSL_NO_RSA
        /*
         * Don't check the public/private key, this is mostly for smart
         * cards.
         */
        if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
            (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
             RSA_METHOD_FLAG_NO_CHECK)) ;
        else
#endif                          /* OPENSSL_NO_RSA */
        if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
            /*
             * don't fail for a cert/key mismatch, just free current private
             * key (when switching to a different cert & key, first this
             * function should be used, then ssl_set_pkey
             */
            EVP_PKEY_free(c->pkeys[i].privatekey);
            c->pkeys[i].privatekey = NULL;
            /* clear error queue */
            ERR_clear_error();
        }
    }

    EVP_PKEY_free(pkey);

    if (c->pkeys[i].x509 != NULL)
        X509_free(c->pkeys[i].x509);
    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
    c->pkeys[i].x509 = x;
    c->key = &(c->pkeys[i]);

    c->valid = 0;
    return (1);
}

#ifndef OPENSSL_NO_STDIO
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
{
    int j;
    BIO *in;
    int ret = 0;
    X509 *x = NULL;

    in = BIO_new(BIO_s_file_internal());
    if (in == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
        goto end;
    }

    if (BIO_read_filename(in, file) <= 0) {
        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
        goto end;
    }
    if (type == SSL_FILETYPE_ASN1) {
        j = ERR_R_ASN1_LIB;
        x = d2i_X509_bio(in, NULL);
    } else if (type == SSL_FILETYPE_PEM) {
        j = ERR_R_PEM_LIB;
        x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
                              ctx->default_passwd_callback_userdata);
    } else {
        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
        goto end;
    }

    if (x == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
        goto end;
    }

    ret = SSL_CTX_use_certificate(ctx, x);
 end:
    if (x != NULL)
        X509_free(x);
    if (in != NULL)
        BIO_free(in);
    return (ret);
}
#endif

int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
                                 const unsigned char *d)
{
    X509 *x;
    int ret;

    x = d2i_X509(NULL, &d, (long)len);
    if (x == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
        return (0);
    }

    ret = SSL_CTX_use_certificate(ctx, x);
    X509_free(x);
    return (ret);
}

#ifndef OPENSSL_NO_RSA
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
{
    int ret;
    EVP_PKEY *pkey;

    if (rsa == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
        return (0);
    }
    if (!ssl_cert_inst(&ctx->cert)) {
        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
        return (0);
    }
    if ((pkey = EVP_PKEY_new()) == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
        return (0);
    }

    RSA_up_ref(rsa);
    EVP_PKEY_assign_RSA(pkey, rsa);

    ret = ssl_set_pkey(ctx->cert, pkey);
    EVP_PKEY_free(pkey);
    return (ret);
}

# ifndef OPENSSL_NO_STDIO
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
    int j, ret = 0;
    BIO *in;
    RSA *rsa = NULL;

    in = BIO_new(BIO_s_file_internal());
    if (in == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
        goto end;
    }

    if (BIO_read_filename(in, file) <= 0) {
        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
        goto end;
    }
    if (type == SSL_FILETYPE_ASN1) {
        j = ERR_R_ASN1_LIB;
        rsa = d2i_RSAPrivateKey_bio(in, NULL);
    } else if (type == SSL_FILETYPE_PEM) {
        j = ERR_R_PEM_LIB;
        rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
                                         ctx->default_passwd_callback,
                                         ctx->default_passwd_callback_userdata);
    } else {
        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
        goto end;
    }
    if (rsa == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
        goto end;
    }
    ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
    RSA_free(rsa);
 end:
    if (in != NULL)
        BIO_free(in);
    return (ret);
}
# endif

int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
                                   long len)
{
    int ret;
    const unsigned char *p;
    RSA *rsa;

    p = d;
    if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
        return (0);
    }

    ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
    RSA_free(rsa);
    return (ret);
}
#endif                          /* !OPENSSL_NO_RSA */

int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
    if (pkey == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
        return (0);
    }
    if (!ssl_cert_inst(&ctx->cert)) {
        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
        return (0);
    }
    return (ssl_set_pkey(ctx->cert, pkey));
}

#ifndef OPENSSL_NO_STDIO
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
    int j, ret = 0;
    BIO *in;
    EVP_PKEY *pkey = NULL;

    in = BIO_new(BIO_s_file_internal());
    if (in == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
        goto end;
    }

    if (BIO_read_filename(in, file) <= 0) {
        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
        goto end;
    }
    if (type == SSL_FILETYPE_PEM) {
        j = ERR_R_PEM_LIB;
        pkey = PEM_read_bio_PrivateKey(in, NULL,
                                       ctx->default_passwd_callback,
                                       ctx->default_passwd_callback_userdata);
    } else if (type == SSL_FILETYPE_ASN1) {
        j = ERR_R_ASN1_LIB;
        pkey = d2i_PrivateKey_bio(in, NULL);
    } else {
        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
        goto end;
    }
    if (pkey == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
        goto end;
    }
    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
    EVP_PKEY_free(pkey);
 end:
    if (in != NULL)
        BIO_free(in);
    return (ret);
}
#endif

int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
                                const unsigned char *d, long len)
{
    int ret;
    const unsigned char *p;
    EVP_PKEY *pkey;

    p = d;
    if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
        return (0);
    }

    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
    EVP_PKEY_free(pkey);
    return (ret);
}

#ifndef OPENSSL_NO_STDIO
/*
 * Read a file that contains our certificate in "PEM" format, possibly
 * followed by a sequence of CA certificates that should be sent to the peer
 * in the Certificate message.
 */
int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
{
    BIO *in;
    int ret = 0;
    X509 *x = NULL;

    ERR_clear_error();          /* clear error stack for
                                 * SSL_CTX_use_certificate() */

    in = BIO_new(BIO_s_file_internal());
    if (in == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
        goto end;
    }

    if (BIO_read_filename(in, file) <= 0) {
        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
        goto end;
    }

    x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
                              ctx->default_passwd_callback_userdata);
    if (x == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
        goto end;
    }

    ret = SSL_CTX_use_certificate(ctx, x);
    if (ERR_peek_error() != 0)
        ret = 0;                /* Key/certificate mismatch doesn't imply
                                 * ret==0 ... */
    if (ret) {
        /*
         * If we could set up our certificate, now proceed to the CA
         * certificates.
         */
        X509 *ca;
        int r;
        unsigned long err;

        if (ctx->extra_certs != NULL) {
            sk_X509_pop_free(ctx->extra_certs, X509_free);
            ctx->extra_certs = NULL;
        }

        while ((ca =
                PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
                                  ctx->default_passwd_callback_userdata))
               != NULL) {
            r = SSL_CTX_add_extra_chain_cert(ctx, ca);
            if (!r) {
                X509_free(ca);
                ret = 0;
                goto end;
            }
            /*
             * Note that we must not free r if it was successfully added to
             * the chain (while we must free the main certificate, since its
             * reference count is increased by SSL_CTX_use_certificate).
             */
        }
        /* When the while loop ends, it's usually just EOF. */
        err = ERR_peek_last_error();
        if (ERR_GET_LIB(err) == ERR_LIB_PEM
            && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
            ERR_clear_error();
        else
            ret = 0;            /* some real error */
    }

 end:
    if (x != NULL)
        X509_free(x);
    if (in != NULL)
        BIO_free(in);
    return (ret);
}
#endif
Commit	Line	Data
d02b48c6	1	/* ssl/ssl_rsa.c */
58964a49	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
40720ce3	8	*
d02b48c6 RE	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
40720ce3	15	*
d02b48c6 RE	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
40720ce3	22	*
d02b48c6 RE	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
40720ce3	37	* 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6 RE	38	* the apps directory (application code) you must include an acknowledgement:
d02b48c6 RE	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40720ce3	40	*
d02b48c6 RE	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
40720ce3	52	*
d02b48c6 RE	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
7b63c0fa	60	#include "ssl_locl.h"
ec577822 BM	61	#include <openssl/bio.h>
	62	#include <openssl/objects.h>
	63	#include <openssl/evp.h>
	64	#include <openssl/x509.h>
	65	#include <openssl/pem.h>
d02b48c6	66
d02b48c6 RE	67	static int ssl_set_cert(CERT c, X509 x509);
d02b48c6 RE	68	static int ssl_set_pkey(CERT c, EVP_PKEY pkey);
6b691a5c	69	int SSL_use_certificate(SSL ssl, X509 x)
40720ce3 MC	70	{
	71	if (x == NULL) {
	72	SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
	73	return (0);
	74	}
	75	if (!ssl_cert_inst(&ssl->cert)) {
	76	SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
	77	return (0);
	78	}
	79	return (ssl_set_cert(ssl->cert, x));
	80	}
d02b48c6	81
bc36ee62	82	#ifndef OPENSSL_NO_STDIO
303c0028	83	int SSL_use_certificate_file(SSL ssl, const char file, int type)
40720ce3 MC	84	{
	85	int j;
	86	BIO *in;
	87	int ret = 0;
	88	X509 *x = NULL;
	89
	90	in = BIO_new(BIO_s_file_internal());
	91	if (in == NULL) {
	92	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
	93	goto end;
	94	}
	95
	96	if (BIO_read_filename(in, file) <= 0) {
	97	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
	98	goto end;
	99	}
	100	if (type == SSL_FILETYPE_ASN1) {
	101	j = ERR_R_ASN1_LIB;
	102	x = d2i_X509_bio(in, NULL);
	103	} else if (type == SSL_FILETYPE_PEM) {
	104	j = ERR_R_PEM_LIB;
	105	x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback,
	106	ssl->ctx->default_passwd_callback_userdata);
	107	} else {
	108	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
	109	goto end;
	110	}
	111
	112	if (x == NULL) {
	113	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
	114	goto end;
	115	}
	116
	117	ret = SSL_use_certificate(ssl, x);
	118	end:
	119	if (x != NULL)
	120	X509_free(x);
	121	if (in != NULL)
	122	BIO_free(in);
	123	return (ret);
	124	}
58964a49	125	#endif
d02b48c6	126
875a644a	127	int SSL_use_certificate_ASN1(SSL ssl, const unsigned char d, int len)
40720ce3 MC	128	{
	129	X509 *x;
	130	int ret;
	131
	132	x = d2i_X509(NULL, &d, (long)len);
	133	if (x == NULL) {
	134	SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
	135	return (0);
	136	}
	137
	138	ret = SSL_use_certificate(ssl, x);
	139	X509_free(x);
	140	return (ret);
	141	}
d02b48c6	142
bc36ee62	143	#ifndef OPENSSL_NO_RSA
6b691a5c	144	int SSL_use_RSAPrivateKey(SSL ssl, RSA rsa)
40720ce3 MC	145	{
	146	EVP_PKEY *pkey;
	147	int ret;
	148
	149	if (rsa == NULL) {
	150	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
	151	return (0);
	152	}
	153	if (!ssl_cert_inst(&ssl->cert)) {
	154	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
	155	return (0);
	156	}
	157	if ((pkey = EVP_PKEY_new()) == NULL) {
	158	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
	159	return (0);
	160	}
	161
	162	RSA_up_ref(rsa);
	163	EVP_PKEY_assign_RSA(pkey, rsa);
	164
	165	ret = ssl_set_pkey(ssl->cert, pkey);
	166	EVP_PKEY_free(pkey);
	167	return (ret);
	168	}
d02b48c6 RE	169	#endif
d02b48c6 RE	170
6b691a5c	171	static int ssl_set_pkey(CERT c, EVP_PKEY pkey)
40720ce3 MC	172	{
	173	int i;
	174
	175	i = ssl_cert_type(NULL, pkey);
	176	if (i < 0) {
	177	SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
	178	return (0);
	179	}
	180
	181	if (c->pkeys[i].x509 != NULL) {
	182	EVP_PKEY *pktmp;
	183	pktmp = X509_get_pubkey(c->pkeys[i].x509);
	184	EVP_PKEY_copy_parameters(pktmp, pkey);
	185	EVP_PKEY_free(pktmp);
	186	ERR_clear_error();
dfeab068	187
bc36ee62	188	#ifndef OPENSSL_NO_RSA
40720ce3 MC	189	/*
	190	* Don't check the public/private key, this is mostly for smart
	191	* cards.
	192	*/
	193	if ((pkey->type == EVP_PKEY_RSA) &&
	194	(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ;
	195	else
58964a49	196	#endif
40720ce3 MC	197	if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
	198	X509_free(c->pkeys[i].x509);
	199	c->pkeys[i].x509 = NULL;
	200	return 0;
	201	}
	202	}
	203
	204	if (c->pkeys[i].privatekey != NULL)
	205	EVP_PKEY_free(c->pkeys[i].privatekey);
	206	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
	207	c->pkeys[i].privatekey = pkey;
	208	c->key = &(c->pkeys[i]);
	209
	210	c->valid = 0;
	211	return (1);
	212	}
d02b48c6	213
bc36ee62	214	#ifndef OPENSSL_NO_RSA
40720ce3	215	# ifndef OPENSSL_NO_STDIO
303c0028	216	int SSL_use_RSAPrivateKey_file(SSL ssl, const char file, int type)
40720ce3 MC	217	{
	218	int j, ret = 0;
	219	BIO *in;
	220	RSA *rsa = NULL;
	221
	222	in = BIO_new(BIO_s_file_internal());
	223	if (in == NULL) {
	224	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
	225	goto end;
	226	}
	227
	228	if (BIO_read_filename(in, file) <= 0) {
	229	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
	230	goto end;
	231	}
	232	if (type == SSL_FILETYPE_ASN1) {
	233	j = ERR_R_ASN1_LIB;
	234	rsa = d2i_RSAPrivateKey_bio(in, NULL);
	235	} else if (type == SSL_FILETYPE_PEM) {
	236	j = ERR_R_PEM_LIB;
	237	rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
	238	ssl->ctx->default_passwd_callback,
	239	ssl->
	240	ctx->default_passwd_callback_userdata);
	241	} else {
	242	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
	243	goto end;
	244	}
	245	if (rsa == NULL) {
	246	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
	247	goto end;
	248	}
	249	ret = SSL_use_RSAPrivateKey(ssl, rsa);
	250	RSA_free(rsa);
	251	end:
	252	if (in != NULL)
	253	BIO_free(in);
	254	return (ret);
	255	}
	256	# endif
d02b48c6	257
6b691a5c	258	int SSL_use_RSAPrivateKey_ASN1(SSL ssl, unsigned char d, long len)
40720ce3 MC	259	{
	260	int ret;
	261	const unsigned char *p;
	262	RSA *rsa;
	263
	264	p = d;
	265	if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
	266	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
	267	return (0);
	268	}
	269
	270	ret = SSL_use_RSAPrivateKey(ssl, rsa);
	271	RSA_free(rsa);
	272	return (ret);
	273	}
	274	#endif /* !OPENSSL_NO_RSA */
d02b48c6	275
6b691a5c	276	int SSL_use_PrivateKey(SSL ssl, EVP_PKEY pkey)
40720ce3 MC	277	{
	278	int ret;
	279
	280	if (pkey == NULL) {
	281	SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
	282	return (0);
	283	}
	284	if (!ssl_cert_inst(&ssl->cert)) {
	285	SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
	286	return (0);
	287	}
	288	ret = ssl_set_pkey(ssl->cert, pkey);
	289	return (ret);
	290	}
d02b48c6	291
bc36ee62	292	#ifndef OPENSSL_NO_STDIO
303c0028	293	int SSL_use_PrivateKey_file(SSL ssl, const char file, int type)
40720ce3 MC	294	{
	295	int j, ret = 0;
	296	BIO *in;
	297	EVP_PKEY *pkey = NULL;
	298
	299	in = BIO_new(BIO_s_file_internal());
	300	if (in == NULL) {
	301	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
	302	goto end;
	303	}
	304
	305	if (BIO_read_filename(in, file) <= 0) {
	306	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
	307	goto end;
	308	}
	309	if (type == SSL_FILETYPE_PEM) {
	310	j = ERR_R_PEM_LIB;
	311	pkey = PEM_read_bio_PrivateKey(in, NULL,
	312	ssl->ctx->default_passwd_callback,
	313	ssl->
	314	ctx->default_passwd_callback_userdata);
	315	} else if (type == SSL_FILETYPE_ASN1) {
	316	j = ERR_R_ASN1_LIB;
	317	pkey = d2i_PrivateKey_bio(in, NULL);
	318	} else {
	319	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
	320	goto end;
	321	}
	322	if (pkey == NULL) {
	323	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
	324	goto end;
	325	}
	326	ret = SSL_use_PrivateKey(ssl, pkey);
	327	EVP_PKEY_free(pkey);
	328	end:
	329	if (in != NULL)
	330	BIO_free(in);
	331	return (ret);
	332	}
58964a49	333	#endif
d02b48c6	334
40720ce3 MC	335	int SSL_use_PrivateKey_ASN1(int type, SSL ssl, const unsigned char d,
	336	long len)
	337	{
	338	int ret;
	339	const unsigned char *p;
	340	EVP_PKEY *pkey;
d02b48c6	341
40720ce3 MC	342	p = d;
	343	if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
	344	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
	345	return (0);
	346	}
d02b48c6	347
40720ce3 MC	348	ret = SSL_use_PrivateKey(ssl, pkey);
	349	EVP_PKEY_free(pkey);
	350	return (ret);
	351	}
d02b48c6	352
6b691a5c	353	int SSL_CTX_use_certificate(SSL_CTX ctx, X509 x)
40720ce3 MC	354	{
	355	if (x == NULL) {
	356	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
	357	return (0);
	358	}
	359	if (!ssl_cert_inst(&ctx->cert)) {
	360	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
	361	return (0);
	362	}
	363	return (ssl_set_cert(ctx->cert, x));
	364	}
d02b48c6	365
6b691a5c	366	static int ssl_set_cert(CERT c, X509 x)
40720ce3 MC	367	{
	368	EVP_PKEY *pkey;
	369	int i;
	370
	371	pkey = X509_get_pubkey(x);
	372	if (pkey == NULL) {
	373	SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
	374	return (0);
	375	}
	376
	377	i = ssl_cert_type(x, pkey);
	378	if (i < 0) {
	379	SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
	380	EVP_PKEY_free(pkey);
	381	return (0);
	382	}
	383
	384	if (c->pkeys[i].privatekey != NULL) {
	385	EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
	386	ERR_clear_error();
dfeab068	387
bc36ee62	388	#ifndef OPENSSL_NO_RSA
40720ce3 MC	389	/*
	390	* Don't check the public/private key, this is mostly for smart
	391	* cards.
	392	*/
	393	if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
	394	(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
	395	RSA_METHOD_FLAG_NO_CHECK)) ;
	396	else
	397	#endif /* OPENSSL_NO_RSA */
	398	if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
	399	/*
	400	* don't fail for a cert/key mismatch, just free current private
	401	* key (when switching to a different cert & key, first this
	402	* function should be used, then ssl_set_pkey
	403	*/
	404	EVP_PKEY_free(c->pkeys[i].privatekey);
	405	c->pkeys[i].privatekey = NULL;
	406	/* clear error queue */
	407	ERR_clear_error();
	408	}
	409	}
	410
	411	EVP_PKEY_free(pkey);
	412
	413	if (c->pkeys[i].x509 != NULL)
	414	X509_free(c->pkeys[i].x509);
	415	CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
	416	c->pkeys[i].x509 = x;
	417	c->key = &(c->pkeys[i]);
	418
	419	c->valid = 0;
	420	return (1);
	421	}
d02b48c6	422
bc36ee62	423	#ifndef OPENSSL_NO_STDIO
303c0028	424	int SSL_CTX_use_certificate_file(SSL_CTX ctx, const char file, int type)
40720ce3 MC	425	{
	426	int j;
	427	BIO *in;
	428	int ret = 0;
	429	X509 *x = NULL;
	430
	431	in = BIO_new(BIO_s_file_internal());
	432	if (in == NULL) {
	433	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
	434	goto end;
	435	}
	436
	437	if (BIO_read_filename(in, file) <= 0) {
	438	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
	439	goto end;
	440	}
	441	if (type == SSL_FILETYPE_ASN1) {
	442	j = ERR_R_ASN1_LIB;
	443	x = d2i_X509_bio(in, NULL);
	444	} else if (type == SSL_FILETYPE_PEM) {
	445	j = ERR_R_PEM_LIB;
	446	x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
	447	ctx->default_passwd_callback_userdata);
	448	} else {
	449	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
	450	goto end;
	451	}
	452
	453	if (x == NULL) {
	454	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
	455	goto end;
	456	}
	457
	458	ret = SSL_CTX_use_certificate(ctx, x);
	459	end:
	460	if (x != NULL)
	461	X509_free(x);
	462	if (in != NULL)
	463	BIO_free(in);
	464	return (ret);
	465	}
58964a49	466	#endif
d02b48c6	467
40720ce3 MC	468	int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
	469	const unsigned char *d)
	470	{
	471	X509 *x;
	472	int ret;
d02b48c6	473
40720ce3 MC	474	x = d2i_X509(NULL, &d, (long)len);
	475	if (x == NULL) {
	476	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
	477	return (0);
	478	}
d02b48c6	479
40720ce3 MC	480	ret = SSL_CTX_use_certificate(ctx, x);
	481	X509_free(x);
	482	return (ret);
	483	}
d02b48c6	484
bc36ee62	485	#ifndef OPENSSL_NO_RSA
6b691a5c	486	int SSL_CTX_use_RSAPrivateKey(SSL_CTX ctx, RSA rsa)
40720ce3 MC	487	{
	488	int ret;
	489	EVP_PKEY *pkey;
	490
	491	if (rsa == NULL) {
	492	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
	493	return (0);
	494	}
	495	if (!ssl_cert_inst(&ctx->cert)) {
	496	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
	497	return (0);
	498	}
	499	if ((pkey = EVP_PKEY_new()) == NULL) {
	500	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
	501	return (0);
	502	}
	503
	504	RSA_up_ref(rsa);
	505	EVP_PKEY_assign_RSA(pkey, rsa);
	506
	507	ret = ssl_set_pkey(ctx->cert, pkey);
	508	EVP_PKEY_free(pkey);
	509	return (ret);
	510	}
	511
	512	# ifndef OPENSSL_NO_STDIO
303c0028	513	int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX ctx, const char file, int type)
40720ce3 MC	514	{
	515	int j, ret = 0;
	516	BIO *in;
	517	RSA *rsa = NULL;
	518
	519	in = BIO_new(BIO_s_file_internal());
	520	if (in == NULL) {
	521	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
	522	goto end;
	523	}
	524
	525	if (BIO_read_filename(in, file) <= 0) {
	526	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
	527	goto end;
	528	}
	529	if (type == SSL_FILETYPE_ASN1) {
	530	j = ERR_R_ASN1_LIB;
	531	rsa = d2i_RSAPrivateKey_bio(in, NULL);
	532	} else if (type == SSL_FILETYPE_PEM) {
	533	j = ERR_R_PEM_LIB;
	534	rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
	535	ctx->default_passwd_callback,
	536	ctx->default_passwd_callback_userdata);
	537	} else {
	538	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
	539	goto end;
	540	}
	541	if (rsa == NULL) {
	542	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
	543	goto end;
	544	}
	545	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
	546	RSA_free(rsa);
	547	end:
	548	if (in != NULL)
	549	BIO_free(in);
	550	return (ret);
	551	}
	552	# endif
	553
	554	int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX ctx, const unsigned char d,
	555	long len)
	556	{
	557	int ret;
	558	const unsigned char *p;
	559	RSA *rsa;
	560
	561	p = d;
	562	if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
	563	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
	564	return (0);
	565	}
	566
	567	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
	568	RSA_free(rsa);
	569	return (ret);
	570	}
	571	#endif /* !OPENSSL_NO_RSA */
d02b48c6	572
6b691a5c	573	int SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY pkey)
40720ce3 MC	574	{
	575	if (pkey == NULL) {
	576	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
	577	return (0);
	578	}
	579	if (!ssl_cert_inst(&ctx->cert)) {
	580	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
	581	return (0);
	582	}
	583	return (ssl_set_pkey(ctx->cert, pkey));
	584	}
d02b48c6	585
bc36ee62	586	#ifndef OPENSSL_NO_STDIO
303c0028	587	int SSL_CTX_use_PrivateKey_file(SSL_CTX ctx, const char file, int type)
40720ce3 MC	588	{
	589	int j, ret = 0;
	590	BIO *in;
	591	EVP_PKEY *pkey = NULL;
	592
	593	in = BIO_new(BIO_s_file_internal());
	594	if (in == NULL) {
	595	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
	596	goto end;
	597	}
	598
	599	if (BIO_read_filename(in, file) <= 0) {
	600	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
	601	goto end;
	602	}
	603	if (type == SSL_FILETYPE_PEM) {
	604	j = ERR_R_PEM_LIB;
	605	pkey = PEM_read_bio_PrivateKey(in, NULL,
	606	ctx->default_passwd_callback,
	607	ctx->default_passwd_callback_userdata);
	608	} else if (type == SSL_FILETYPE_ASN1) {
	609	j = ERR_R_ASN1_LIB;
	610	pkey = d2i_PrivateKey_bio(in, NULL);
	611	} else {
	612	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
	613	goto end;
	614	}
	615	if (pkey == NULL) {
	616	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
	617	goto end;
	618	}
	619	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
	620	EVP_PKEY_free(pkey);
	621	end:
	622	if (in != NULL)
	623	BIO_free(in);
	624	return (ret);
	625	}
58964a49	626	#endif
d02b48c6	627
40720ce3 MC	628	int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
	629	const unsigned char *d, long len)
	630	{
	631	int ret;
	632	const unsigned char *p;
	633	EVP_PKEY *pkey;
d02b48c6	634
40720ce3 MC	635	p = d;
	636	if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
	637	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
	638	return (0);
	639	}
d02b48c6	640
40720ce3 MC	641	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
	642	EVP_PKEY_free(pkey);
	643	return (ret);
	644	}
d02b48c6	645
bc36ee62	646	#ifndef OPENSSL_NO_STDIO
40720ce3 MC	647	/*
	648	* Read a file that contains our certificate in "PEM" format, possibly
	649	* followed by a sequence of CA certificates that should be sent to the peer
	650	* in the Certificate message.
b3ca645f BM	651	*/
b3ca645f BM	652	int SSL_CTX_use_certificate_chain_file(SSL_CTX ctx, const char file)
40720ce3 MC	653	{
	654	BIO *in;
	655	int ret = 0;
	656	X509 *x = NULL;
	657
	658	ERR_clear_error(); /* clear error stack for
	659	* SSL_CTX_use_certificate() */
	660
	661	in = BIO_new(BIO_s_file_internal());
	662	if (in == NULL) {
	663	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
	664	goto end;
	665	}
	666
	667	if (BIO_read_filename(in, file) <= 0) {
	668	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
	669	goto end;
	670	}
	671
	672	x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
	673	ctx->default_passwd_callback_userdata);
	674	if (x == NULL) {
	675	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
	676	goto end;
	677	}
	678
	679	ret = SSL_CTX_use_certificate(ctx, x);
	680	if (ERR_peek_error() != 0)
	681	ret = 0; /* Key/certificate mismatch doesn't imply
	682	* ret==0 ... */
	683	if (ret) {
	684	/*
	685	* If we could set up our certificate, now proceed to the CA
	686	* certificates.
	687	*/
	688	X509 *ca;
	689	int r;
	690	unsigned long err;
	691
	692	if (ctx->extra_certs != NULL) {
	693	sk_X509_pop_free(ctx->extra_certs, X509_free);
	694	ctx->extra_certs = NULL;
	695	}
	696
	697	while ((ca =
	698	PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
	699	ctx->default_passwd_callback_userdata))
	700	!= NULL) {
	701	r = SSL_CTX_add_extra_chain_cert(ctx, ca);
	702	if (!r) {
	703	X509_free(ca);
	704	ret = 0;
	705	goto end;
	706	}
	707	/*
	708	* Note that we must not free r if it was successfully added to
	709	* the chain (while we must free the main certificate, since its
	710	* reference count is increased by SSL_CTX_use_certificate).
	711	*/
	712	}
	713	/* When the while loop ends, it's usually just EOF. */
	714	err = ERR_peek_last_error();
	715	if (ERR_GET_LIB(err) == ERR_LIB_PEM
	716	&& ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
717	ERR_clear_error();
718	else
719	ret = 0; /* some real error */
720	}
721
722	end:
723	if (x != NULL)
724	X509_free(x);
725	if (in != NULL)
726	BIO_free(in);
727	return (ret);
728	}
b3ca645f	729	#endif