/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
return ret;
}
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
-{
- EVP_PKEY *pkey;
- int ret;
-
- if (rsa == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if ((pkey = EVP_PKEY_new()) == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
- return 0;
- }
-
- RSA_up_ref(rsa);
- if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
- RSA_free(rsa);
- EVP_PKEY_free(pkey);
- return 0;
- }
-
- ret = ssl_set_pkey(ssl->cert, pkey);
- EVP_PKEY_free(pkey);
- return ret;
-}
-#endif
-
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
size_t i;
return 0;
}
- if (c->pkeys[i].x509 != NULL) {
- EVP_PKEY *pktmp;
- pktmp = X509_get0_pubkey(c->pkeys[i].x509);
- if (pktmp == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- /*
- * The return code from EVP_PKEY_copy_parameters is deliberately
- * ignored. Some EVP_PKEY types cannot do this.
- */
- EVP_PKEY_copy_parameters(pktmp, pkey);
- ERR_clear_error();
-
- if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
- X509_free(c->pkeys[i].x509);
- c->pkeys[i].x509 = NULL;
- return 0;
- }
- }
+ if (c->pkeys[i].x509 != NULL
+ && !X509_check_private_key(c->pkeys[i].x509, pkey))
+ return 0;
EVP_PKEY_free(c->pkeys[i].privatekey);
EVP_PKEY_up_ref(pkey);
return 1;
}
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
-{
- int j, ret = 0;
- BIO *in;
- RSA *rsa = NULL;
-
- in = BIO_new(BIO_s_file());
- if (in == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in, file) <= 0) {
- ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1) {
- j = ERR_R_ASN1_LIB;
- rsa = d2i_RSAPrivateKey_bio(in, NULL);
- } else if (type == SSL_FILETYPE_PEM) {
- j = ERR_R_PEM_LIB;
- rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
- ssl->default_passwd_callback,
- ssl->default_passwd_callback_userdata);
- } else {
- ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (rsa == NULL) {
- ERR_raise(ERR_LIB_SSL, j);
- goto end;
- }
- ret = SSL_use_RSAPrivateKey(ssl, rsa);
- RSA_free(rsa);
- end:
- BIO_free(in);
- return ret;
-}
-
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
-{
- int ret;
- const unsigned char *p;
- RSA *rsa;
-
- p = d;
- if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
- return 0;
- }
-
- ret = SSL_use_RSAPrivateKey(ssl, rsa);
- RSA_free(rsa);
- return ret;
-}
-#endif /* !OPENSSL_NO_RSA */
-
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
int ret;
ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return 0;
}
-#ifndef OPENSSL_NO_EC
+
if (i == SSL_PKEY_ECC && !EVP_PKEY_can_sign(pkey)) {
ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
return 0;
}
-#endif
+
if (c->pkeys[i].privatekey != NULL) {
/*
* The return code from EVP_PKEY_copy_parameters is deliberately
return ret;
}
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
-{
- int ret;
- EVP_PKEY *pkey;
-
- if (rsa == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if ((pkey = EVP_PKEY_new()) == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
- return 0;
- }
-
- RSA_up_ref(rsa);
- if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
- RSA_free(rsa);
- EVP_PKEY_free(pkey);
- return 0;
- }
-
- ret = ssl_set_pkey(ctx->cert, pkey);
- EVP_PKEY_free(pkey);
- return ret;
-}
-
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-{
- int j, ret = 0;
- BIO *in;
- RSA *rsa = NULL;
-
- in = BIO_new(BIO_s_file());
- if (in == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in, file) <= 0) {
- ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1) {
- j = ERR_R_ASN1_LIB;
- rsa = d2i_RSAPrivateKey_bio(in, NULL);
- } else if (type == SSL_FILETYPE_PEM) {
- j = ERR_R_PEM_LIB;
- rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
- ctx->default_passwd_callback,
- ctx->default_passwd_callback_userdata);
- } else {
- ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (rsa == NULL) {
- ERR_raise(ERR_LIB_SSL, j);
- goto end;
- }
- ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
- RSA_free(rsa);
- end:
- BIO_free(in);
- return ret;
-}
-
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
- long len)
-{
- int ret;
- const unsigned char *p;
- RSA *rsa;
-
- p = d;
- if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
- return 0;
- }
-
- ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
- RSA_free(rsa);
- return ret;
-}
-#endif /* !OPENSSL_NO_RSA */
-
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
if (pkey == NULL) {
void *passwd_callback_userdata;
SSL_CTX *real_ctx = (ssl == NULL) ? ctx : ssl->ctx;
+ if (ctx == NULL && ssl == NULL)
+ return 0;
+
ERR_clear_error(); /* clear error stack for
* SSL_CTX_use_certificate() */