Reformat the rest of ssl/. Change-Id: I7dc264f7e29b3ba8be4c717583467edf71bf8dd9
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index bb91b7d..3d1bc62 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c
@@ -68,693 +68,640 @@ static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -int SSL_use_certificate(SSL *ssl, X509 *x) - { - if (x == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_certificate, ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_certificate, ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_cert(ssl->cert,x)); - } -#ifndef OPENSSL_NO_STDIO -int SSL_use_certificate_file(SSL *ssl, const char *file, int type) - { - int reason_code; - BIO *in; - int ret=0; - X509 *x=NULL; +int SSL_use_certificate(SSL *ssl, X509 *x) { + if (x == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_certificate, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ssl_cert_inst(&ssl->cert)) { + OPENSSL_PUT_ERROR(SSL, SSL_use_certificate, ERR_R_MALLOC_FAILURE); + return 0; + } + return ssl_set_cert(ssl->cert, x); +} - in=BIO_new(BIO_s_file()); - if (in == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file, ERR_R_BUF_LIB); - goto end; - } +int SSL_use_certificate_file(SSL *ssl, const char *file, int type) { + int reason_code; + BIO *in; + int ret = 0; + X509 *x = NULL; - if (BIO_read_filename(in,file) <= 0) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file, ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - reason_code =ERR_R_ASN1_LIB; - x=d2i_X509_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - reason_code=ERR_R_PEM_LIB; - x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else - { - OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file, SSL_R_BAD_SSL_FILETYPE); - goto end; - } + in = BIO_new(BIO_s_file()); + if (in == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file, ERR_R_BUF_LIB); + goto end; + } - if (x == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file,reason_code); - goto end; - } + if (BIO_read_filename(in, file) <= 0) { + OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file, ERR_R_SYS_LIB); + goto end; + } - ret=SSL_use_certificate(ssl,x); -end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } -#endif + if (type == SSL_FILETYPE_ASN1) { + reason_code = ERR_R_ASN1_LIB; + x = d2i_X509_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + reason_code = ERR_R_PEM_LIB; + x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, + ssl->ctx->default_passwd_callback_userdata); + } else { + OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file, SSL_R_BAD_SSL_FILETYPE); + goto end; + } -int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) - { - X509 *x; - int ret; + if (x == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_file, reason_code); + goto end; + } - x=d2i_X509(NULL,&d,(long)len); - if (x == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_ASN1, ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_use_certificate(ssl,x); - X509_free(x); - return(ret); - } - -int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) - { - EVP_PKEY *pkey; - int ret; - - if (rsa == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_MALLOC_FAILURE); - return(0); - } - if ((pkey=EVP_PKEY_new()) == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_EVP_LIB); - return(0); - } - - RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey,rsa); - - ret=ssl_set_pkey(ssl->cert,pkey); - EVP_PKEY_free(pkey); - return(ret); - } - -static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) - { - int i; - - i=ssl_cert_type(pkey); - if (i < 0) - { - OPENSSL_PUT_ERROR(SSL, ssl_set_pkey, SSL_R_UNKNOWN_CERTIFICATE_TYPE); - return(0); - } - - if (c->pkeys[i].x509 != NULL) - { - EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(c->pkeys[i].x509); - EVP_PKEY_copy_parameters(pktmp,pkey); - EVP_PKEY_free(pktmp); - ERR_clear_error(); - - /* Sanity-check that the private key and the certificate match, - * unless the key is opaque (in case of, say, a smartcard). */ - if (!EVP_PKEY_is_opaque(pkey) && - !X509_check_private_key(c->pkeys[i].x509,pkey)) - { - X509_free(c->pkeys[i].x509); - c->pkeys[i].x509 = NULL; - return 0; - } - } - - if (c->pkeys[i].privatekey != NULL) - EVP_PKEY_free(c->pkeys[i].privatekey); - c->pkeys[i].privatekey = EVP_PKEY_dup(pkey); - c->key = &(c->pkeys[i]); - - return(1); - } - -#ifndef OPENSSL_NO_STDIO -int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) - { - int reason_code,ret=0; - BIO *in; - RSA *rsa=NULL; - - in=BIO_new(BIO_s_file()); - if (in == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file, ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - reason_code=ERR_R_ASN1_LIB; - rsa=d2i_RSAPrivateKey_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - reason_code=ERR_R_PEM_LIB; - rsa=PEM_read_bio_RSAPrivateKey(in,NULL, - ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else - { - OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (rsa == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file,reason_code); - goto end; - } - ret=SSL_use_RSAPrivateKey(ssl,rsa); - RSA_free(rsa); -end: - if (in != NULL) BIO_free(in); - return(ret); - } -#endif - -int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) - { - int ret; - const unsigned char *p; - RSA *rsa; - - p=d; - if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_ASN1, ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_use_RSAPrivateKey(ssl,rsa); - RSA_free(rsa); - return(ret); - } - -int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) - { - int ret; - - if (pkey == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey, ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey, ERR_R_MALLOC_FAILURE); - return(0); - } - ret=ssl_set_pkey(ssl->cert,pkey); - return(ret); - } - -#ifndef OPENSSL_NO_STDIO -int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) - { - int reason_code,ret=0; - BIO *in; - EVP_PKEY *pkey=NULL; - - in=BIO_new(BIO_s_file()); - if (in == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file, ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_PEM) - { - reason_code=ERR_R_PEM_LIB; - pkey=PEM_read_bio_PrivateKey(in,NULL, - ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else if (type == SSL_FILETYPE_ASN1) - { - reason_code = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in,NULL); - } - else - { - OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (pkey == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file,reason_code); - goto end; - } - ret=SSL_use_PrivateKey(ssl,pkey); - EVP_PKEY_free(pkey); -end: - if (in != NULL) BIO_free(in); - return(ret); - } -#endif - -int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) - { - int ret; - const unsigned char *p; - EVP_PKEY *pkey; - - p=d; - if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_ASN1, ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_use_PrivateKey(ssl,pkey); - EVP_PKEY_free(pkey); - return(ret); - } - -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) - { - if (x == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate, ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate, ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_cert(ctx->cert, x)); - } - -static int ssl_set_cert(CERT *c, X509 *x) - { - EVP_PKEY *pkey; - int i; - - pkey=X509_get_pubkey(x); - if (pkey == NULL) - { - OPENSSL_PUT_ERROR(SSL, ssl_set_cert, SSL_R_X509_LIB); - return(0); - } - - i=ssl_cert_type(pkey); - if (i < 0) - { - OPENSSL_PUT_ERROR(SSL, ssl_set_cert, SSL_R_UNKNOWN_CERTIFICATE_TYPE); - EVP_PKEY_free(pkey); - return(0); - } - - if (c->pkeys[i].privatekey != NULL) - { - EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); - ERR_clear_error(); - - /* Sanity-check that the private key and the certificate match, - * unless the key is opaque (in case of, say, a smartcard). */ - if (!EVP_PKEY_is_opaque(c->pkeys[i].privatekey) && - !X509_check_private_key(x,c->pkeys[i].privatekey)) - { - /* don't fail for a cert/key mismatch, just free - * current private key (when switching to a different - * cert & key, first this function should be used, - * then ssl_set_pkey */ - EVP_PKEY_free(c->pkeys[i].privatekey); - c->pkeys[i].privatekey=NULL; - /* clear error queue */ - ERR_clear_error(); - } - } - - EVP_PKEY_free(pkey); - - if (c->pkeys[i].x509 != NULL) - X509_free(c->pkeys[i].x509); - c->pkeys[i].x509 = X509_up_ref(x); - c->key= &(c->pkeys[i]); - - return(1); - } - -#ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) - { - int reason_code; - BIO *in; - int ret=0; - X509 *x=NULL; - - in=BIO_new(BIO_s_file()); - if (in == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file, ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - reason_code=ERR_R_ASN1_LIB; - x=d2i_X509_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - reason_code=ERR_R_PEM_LIB; - x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - - if (x == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file,reason_code); - goto end; - } - - ret=SSL_CTX_use_certificate(ctx,x); -end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } -#endif - -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) - { - X509 *x; - int ret; - - x=d2i_X509(NULL,&d,(long)len); - if (x == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_ASN1, ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_CTX_use_certificate(ctx,x); - X509_free(x); - return(ret); - } - -int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) - { - int ret; - EVP_PKEY *pkey; - - if (rsa == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, ERR_R_MALLOC_FAILURE); - return(0); - } - if ((pkey=EVP_PKEY_new()) == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, ERR_R_EVP_LIB); - return(0); - } - - RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey,rsa); - - ret=ssl_set_pkey(ctx->cert, pkey); - EVP_PKEY_free(pkey); - return(ret); - } - -#ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) - { - int reason_code,ret=0; - BIO *in; - RSA *rsa=NULL; - - in=BIO_new(BIO_s_file()); - if (in == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file, ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - reason_code=ERR_R_ASN1_LIB; - rsa=d2i_RSAPrivateKey_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - reason_code=ERR_R_PEM_LIB; - rsa=PEM_read_bio_RSAPrivateKey(in,NULL, - ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (rsa == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file,reason_code); - goto end; - } - ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); - RSA_free(rsa); -end: - if (in != NULL) BIO_free(in); - return(ret); - } -#endif - -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) - { - int ret; - const unsigned char *p; - RSA *rsa; - - p=d; - if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_ASN1, ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); - RSA_free(rsa); - return(ret); - } - -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) - { - if (pkey == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey, ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey, ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_pkey(ctx->cert,pkey)); - } - -#ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) - { - int reason_code,ret=0; - BIO *in; - EVP_PKEY *pkey=NULL; - - in=BIO_new(BIO_s_file()); - if (in == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file, ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_PEM) - { - reason_code=ERR_R_PEM_LIB; - pkey=PEM_read_bio_PrivateKey(in,NULL, - ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else if (type == SSL_FILETYPE_ASN1) - { - reason_code = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in,NULL); - } - else - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (pkey == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file,reason_code); - goto end; - } - ret=SSL_CTX_use_PrivateKey(ctx,pkey); - EVP_PKEY_free(pkey); -end: - if (in != NULL) BIO_free(in); - return(ret); - } -#endif - -int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, - long len) - { - int ret; - const unsigned char *p; - EVP_PKEY *pkey; - - p=d; - if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_ASN1, ERR_R_ASN1_LIB); - return(0); - } - - ret=SSL_CTX_use_PrivateKey(ctx,pkey); - EVP_PKEY_free(pkey); - return(ret); - } - - -#ifndef OPENSSL_NO_STDIO -/* Read a file that contains our certificate in "PEM" format, - * possibly followed by a sequence of CA certificates that should be - * sent to the peer in the Certificate message. - */ -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) - { - BIO *in; - int ret=0; - X509 *x=NULL; - - ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ - - in = BIO_new(BIO_s_file()); - if (in == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_chain_file, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in,file) <= 0) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_chain_file, ERR_R_SYS_LIB); - goto end; - } - - x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - if (x == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_chain_file, ERR_R_PEM_LIB); - goto end; - } - - ret = SSL_CTX_use_certificate(ctx, x); - - if (ERR_peek_error() != 0) - ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ - if (ret) - { - /* If we could set up our certificate, now proceed to - * the CA certificates. - */ - X509 *ca; - int r; - unsigned long err; - - SSL_CTX_clear_chain_certs(ctx); - - while ((ca = PEM_read_bio_X509(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) - != NULL) - { - r = SSL_CTX_add0_chain_cert(ctx, ca); - if (!r) - { - X509_free(ca); - ret = 0; - goto end; - } - /* Note that we must not free r if it was successfully - * added to the chain (while we must free the main - * certificate, since its reference count is increased - * by SSL_CTX_use_certificate). */ - } - /* When the while loop ends, it's usually just EOF. */ - err = ERR_peek_last_error(); - if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) - ERR_clear_error(); - else - ret = 0; /* some real error */ - } + ret = SSL_use_certificate(ssl, x); end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } -#endif /* OPENSSL_NO_STDIO */ + if (x != NULL) { + X509_free(x); + } + if (in != NULL) { + BIO_free(in); + } + + return ret; +} + +int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *d, int len) { + X509 *x; + int ret; + + x = d2i_X509(NULL, &d, (long)len); + if (x == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_certificate_ASN1, ERR_R_ASN1_LIB); + return 0; + } + + ret = SSL_use_certificate(ssl, x); + X509_free(x); + return ret; +} + +int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) { + EVP_PKEY *pkey; + int ret; + + if (rsa == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (!ssl_cert_inst(&ssl->cert)) { + OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_MALLOC_FAILURE); + return 0; + } + + pkey = EVP_PKEY_new(); + if (pkey == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_EVP_LIB); + return 0; + } + + RSA_up_ref(rsa); + EVP_PKEY_assign_RSA(pkey, rsa); + + ret = ssl_set_pkey(ssl->cert, pkey); + EVP_PKEY_free(pkey); + + return ret; +} + +static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { + int i; + + i = ssl_cert_type(pkey); + if (i < 0) { + OPENSSL_PUT_ERROR(SSL, ssl_set_pkey, SSL_R_UNKNOWN_CERTIFICATE_TYPE); + return 0; + } + + if (c->pkeys[i].x509 != NULL) { + EVP_PKEY *pktmp; + pktmp = X509_get_pubkey(c->pkeys[i].x509); + EVP_PKEY_copy_parameters(pktmp, pkey); + EVP_PKEY_free(pktmp); + ERR_clear_error(); + + /* Sanity-check that the private key and the certificate match, unless the + * key is opaque (in case of, say, a smartcard). */ + if (!EVP_PKEY_is_opaque(pkey) && + !X509_check_private_key(c->pkeys[i].x509, pkey)) { + X509_free(c->pkeys[i].x509); + c->pkeys[i].x509 = NULL; + return 0; + } + } + + if (c->pkeys[i].privatekey != NULL) { + EVP_PKEY_free(c->pkeys[i].privatekey); + } + c->pkeys[i].privatekey = EVP_PKEY_dup(pkey); + c->key = &(c->pkeys[i]); + + return 1; +} + +int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) { + int reason_code, ret = 0; + BIO *in; + RSA *rsa = NULL; + + in = BIO_new(BIO_s_file()); + if (in == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file, ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in, file) <= 0) { + OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file, ERR_R_SYS_LIB); + goto end; + } + + if (type == SSL_FILETYPE_ASN1) { + reason_code = ERR_R_ASN1_LIB; + rsa = d2i_RSAPrivateKey_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + reason_code = ERR_R_PEM_LIB; + rsa = + PEM_read_bio_RSAPrivateKey(in, NULL, ssl->ctx->default_passwd_callback, + ssl->ctx->default_passwd_callback_userdata); + } else { + OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file, SSL_R_BAD_SSL_FILETYPE); + goto end; + } + + if (rsa == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_file, reason_code); + goto end; + } + ret = SSL_use_RSAPrivateKey(ssl, rsa); + RSA_free(rsa); + +end: + if (in != NULL) { + BIO_free(in); + } + return ret; +} + +int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, uint8_t *d, long len) { + int ret; + const uint8_t *p; + RSA *rsa; + + p = d; + rsa = d2i_RSAPrivateKey(NULL, &p, (long)len); + if (rsa == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey_ASN1, ERR_R_ASN1_LIB); + return 0; + } + + ret = SSL_use_RSAPrivateKey(ssl, rsa); + RSA_free(rsa); + return ret; +} + +int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { + int ret; + + if (pkey == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (!ssl_cert_inst(&ssl->cert)) { + OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey, ERR_R_MALLOC_FAILURE); + return 0; + } + + ret = ssl_set_pkey(ssl->cert, pkey); + return ret; +} + +int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) { + int reason_code, ret = 0; + BIO *in; + EVP_PKEY *pkey = NULL; + + in = BIO_new(BIO_s_file()); + if (in == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file, ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in, file) <= 0) { + OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file, ERR_R_SYS_LIB); + goto end; + } + + if (type == SSL_FILETYPE_PEM) { + reason_code = ERR_R_PEM_LIB; + pkey = PEM_read_bio_PrivateKey(in, NULL, ssl->ctx->default_passwd_callback, + ssl->ctx->default_passwd_callback_userdata); + } else if (type == SSL_FILETYPE_ASN1) { + reason_code = ERR_R_ASN1_LIB; + pkey = d2i_PrivateKey_bio(in, NULL); + } else { + OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file, SSL_R_BAD_SSL_FILETYPE); + goto end; + } + + if (pkey == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_file, reason_code); + goto end; + } + ret = SSL_use_PrivateKey(ssl, pkey); + EVP_PKEY_free(pkey); + +end: + if (in != NULL) { + BIO_free(in); + } + return ret; +} + +int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const uint8_t *d, long len) { + int ret; + const uint8_t *p; + EVP_PKEY *pkey; + + p = d; + pkey = d2i_PrivateKey(type, NULL, &p, (long)len); + if (pkey == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey_ASN1, ERR_R_ASN1_LIB); + return 0; + } + + ret = SSL_use_PrivateKey(ssl, pkey); + EVP_PKEY_free(pkey); + return ret; +} + +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { + if (x == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ssl_cert_inst(&ctx->cert)) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate, ERR_R_MALLOC_FAILURE); + return 0; + } + + return ssl_set_cert(ctx->cert, x); +} + +static int ssl_set_cert(CERT *c, X509 *x) { + EVP_PKEY *pkey; + int i; + + pkey = X509_get_pubkey(x); + if (pkey == NULL) { + OPENSSL_PUT_ERROR(SSL, ssl_set_cert, SSL_R_X509_LIB); + return 0; + } + + i = ssl_cert_type(pkey); + if (i < 0) { + OPENSSL_PUT_ERROR(SSL, ssl_set_cert, SSL_R_UNKNOWN_CERTIFICATE_TYPE); + EVP_PKEY_free(pkey); + return 0; + } + + if (c->pkeys[i].privatekey != NULL) { + EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); + ERR_clear_error(); + + /* Sanity-check that the private key and the certificate match, unless the + * key is opaque (in case of, say, a smartcard). */ + if (!EVP_PKEY_is_opaque(c->pkeys[i].privatekey) && + !X509_check_private_key(x, c->pkeys[i].privatekey)) { + /* don't fail for a cert/key mismatch, just free current private key + * (when switching to a different cert & key, first this function should + * be used, then ssl_set_pkey */ + EVP_PKEY_free(c->pkeys[i].privatekey); + c->pkeys[i].privatekey = NULL; + /* clear error queue */ + ERR_clear_error(); + } + } + + EVP_PKEY_free(pkey); + + if (c->pkeys[i].x509 != NULL) { + X509_free(c->pkeys[i].x509); + } + c->pkeys[i].x509 = X509_up_ref(x); + c->key = &(c->pkeys[i]); + + return 1; +} + +int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) { + int reason_code; + BIO *in; + int ret = 0; + X509 *x = NULL; + + in = BIO_new(BIO_s_file()); + if (in == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file, ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in, file) <= 0) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file, ERR_R_SYS_LIB); + goto end; + } + + if (type == SSL_FILETYPE_ASN1) { + reason_code = ERR_R_ASN1_LIB; + x = d2i_X509_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + reason_code = ERR_R_PEM_LIB; + x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata); + } else { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file, + SSL_R_BAD_SSL_FILETYPE); + goto end; + } + + if (x == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_file, reason_code); + goto end; + } + + ret = SSL_CTX_use_certificate(ctx, x); + +end: + if (x != NULL) { + X509_free(x); + } + if (in != NULL) { + BIO_free(in); + } + return ret; +} + +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const uint8_t *d) { + X509 *x; + int ret; + + x = d2i_X509(NULL, &d, (long)len); + if (x == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_ASN1, ERR_R_ASN1_LIB); + return 0; + } + + ret = SSL_CTX_use_certificate(ctx, x); + X509_free(x); + return ret; +} + +int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) { + int ret; + EVP_PKEY *pkey; + + if (rsa == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (!ssl_cert_inst(&ctx->cert)) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, ERR_R_MALLOC_FAILURE); + return 0; + } + + pkey = EVP_PKEY_new(); + if (pkey == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, ERR_R_EVP_LIB); + return 0; + } + + RSA_up_ref(rsa); + EVP_PKEY_assign_RSA(pkey, rsa); + + ret = ssl_set_pkey(ctx->cert, pkey); + EVP_PKEY_free(pkey); + return ret; +} + +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) { + int reason_code, ret = 0; + BIO *in; + RSA *rsa = NULL; + + in = BIO_new(BIO_s_file()); + if (in == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file, ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in, file) <= 0) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file, ERR_R_SYS_LIB); + goto end; + } + + if (type == SSL_FILETYPE_ASN1) { + reason_code = ERR_R_ASN1_LIB; + rsa = d2i_RSAPrivateKey_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + reason_code = ERR_R_PEM_LIB; + rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata); + } else { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file, + SSL_R_BAD_SSL_FILETYPE); + goto end; + } + + if (rsa == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_file, reason_code); + goto end; + } + ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); + RSA_free(rsa); + +end: + if (in != NULL) { + BIO_free(in); + } + return ret; +} + +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const uint8_t *d, long len) { + int ret; + const uint8_t *p; + RSA *rsa; + + p = d; + rsa = d2i_RSAPrivateKey(NULL, &p, (long)len); + if (rsa == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey_ASN1, ERR_R_ASN1_LIB); + return 0; + } + + ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); + RSA_free(rsa); + return ret; +} + +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { + if (pkey == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (!ssl_cert_inst(&ctx->cert)) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey, ERR_R_MALLOC_FAILURE); + return 0; + } + + return ssl_set_pkey(ctx->cert, pkey); +} + +int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { + int reason_code, ret = 0; + BIO *in; + EVP_PKEY *pkey = NULL; + + in = BIO_new(BIO_s_file()); + if (in == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file, ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in, file) <= 0) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file, ERR_R_SYS_LIB); + goto end; + } + + if (type == SSL_FILETYPE_PEM) { + reason_code = ERR_R_PEM_LIB; + pkey = PEM_read_bio_PrivateKey(in, NULL, ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata); + } else if (type == SSL_FILETYPE_ASN1) { + reason_code = ERR_R_ASN1_LIB; + pkey = d2i_PrivateKey_bio(in, NULL); + } else { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file, SSL_R_BAD_SSL_FILETYPE); + goto end; + } + + if (pkey == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_file, reason_code); + goto end; + } + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + EVP_PKEY_free(pkey); + +end: + if (in != NULL) { + BIO_free(in); + } + return ret; +} + +int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const uint8_t *d, + long len) { + int ret; + const uint8_t *p; + EVP_PKEY *pkey; + + p = d; + pkey = d2i_PrivateKey(type, NULL, &p, (long)len); + if (pkey == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey_ASN1, ERR_R_ASN1_LIB); + return 0; + } + + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + EVP_PKEY_free(pkey); + return ret; +} + + +/* Read a file that contains our certificate in "PEM" format, possibly followed + * by a sequence of CA certificates that should be sent to the peer in the + * Certificate message. */ +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) { + BIO *in; + int ret = 0; + X509 *x = NULL; + + ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ + + in = BIO_new(BIO_s_file()); + if (in == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_chain_file, ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in, file) <= 0) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_chain_file, ERR_R_SYS_LIB); + goto end; + } + + x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata); + if (x == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate_chain_file, ERR_R_PEM_LIB); + goto end; + } + + ret = SSL_CTX_use_certificate(ctx, x); + + if (ERR_peek_error() != 0) { + ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ + } + + if (ret) { + /* If we could set up our certificate, now proceed to the CA + * certificates. */ + X509 *ca; + int r; + unsigned long err; + + SSL_CTX_clear_chain_certs(ctx); + + while ((ca = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata)) != + NULL) { + r = SSL_CTX_add0_chain_cert(ctx, ca); + if (!r) { + X509_free(ca); + ret = 0; + goto end; + } + /* Note that we must not free r if it was successfully added to the chain + * (while we must free the main certificate, since its reference count is + * increased by SSL_CTX_use_certificate). */ + } + + /* When the while loop ends, it's usually just EOF. */ + err = ERR_peek_last_error(); + if (ERR_GET_LIB(err) == ERR_LIB_PEM && + ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { + ERR_clear_error(); + } else { + ret = 0; /* some real error */ + } + } + +end: + if (x != NULL) { + X509_free(x); + } + if (in != NULL) { + BIO_free(in); + } + return ret; +}