X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_rsa.c;h=8579c51fc6234863daaa2e1a13a3c966274a4777;hp=3a7b8d3c361cf07b51691e04e69f999adc446b1e;hb=15d21c2df4335f1cea72472b8e71a76d9004d38e;hpb=b7896b3cb86d80206af14a14d69b0717786f2729 diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 3a7b8d3c36..8579c51fc6 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -1,5 +1,5 @@ /* ssl/ssl_rsa.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -76,29 +76,20 @@ int SSL_use_certificate(ssl, x) SSL *ssl; X509 *x; { - CERT *c; - if (x == NULL) { SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) + if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) { - c=ssl_cert_new(); - if (c == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); - return(0); - } - if (ssl->cert != NULL) ssl_cert_free(ssl->cert); - ssl->cert=c; + SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); + return(0); } - c=ssl->cert; - - return(ssl_set_cert(c,x)); + return(ssl_set_cert(ssl->cert,x)); } +#ifndef NO_STDIO int SSL_use_certificate_file(ssl, file, type) SSL *ssl; char *file; @@ -109,11 +100,7 @@ int type; int ret=0; X509 *x=NULL; -#ifdef WIN16 - in=BIO_new(BIO_s_file_internal_w16()); -#else - in=BIO_new(BIO_s_file()); -#endif + in=BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); @@ -122,7 +109,6 @@ int type; if (BIO_read_filename(in,file) <= 0) { - SYSerr(SYS_F_FOPEN,errno); SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); goto end; } @@ -154,11 +140,12 @@ end: if (in != NULL) BIO_free(in); return(ret); } +#endif -int SSL_use_certificate_ASN1(ssl, len, d) +int SSL_use_certificate_ASN1(ssl, d,len) SSL *ssl; -int len; unsigned char *d; +int len; { X509 *x; int ret; @@ -180,7 +167,6 @@ int SSL_use_RSAPrivateKey(ssl, rsa) SSL *ssl; RSA *rsa; { - CERT *c; EVP_PKEY *pkey; int ret; @@ -189,19 +175,11 @@ RSA *rsa; SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); return(0); } - - if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) - { - c=ssl_cert_new(); - if (c == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - if (ssl->cert != NULL) ssl_cert_free(ssl->cert); - ssl->cert=c; + if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) + { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); + return(0); } - c=ssl->cert; if ((pkey=EVP_PKEY_new()) == NULL) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); @@ -211,7 +189,7 @@ RSA *rsa; CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); EVP_PKEY_assign_RSA(pkey,rsa); - ret=ssl_set_pkey(c,pkey); + ret=ssl_set_pkey(ssl->cert,pkey); EVP_PKEY_free(pkey); return(ret); } @@ -232,7 +210,22 @@ EVP_PKEY *pkey; if (c->pkeys[i].x509 != NULL) { - if (!X509_check_private_key(c->pkeys[i].x509,pkey)) + EVP_PKEY *pktmp; + pktmp = X509_get_pubkey(c->pkeys[i].x509); + EVP_PKEY_copy_parameters(pktmp,pkey); + EVP_PKEY_free(pktmp); + ERR_clear_error(); + +#ifndef NO_RSA + /* Don't check the public/private key, this is mostly + * for smart cards. */ + if ((pkey->type == EVP_PKEY_RSA) && + (RSA_flags(pkey->pkey.rsa) & + RSA_METHOD_FLAG_NO_CHECK)) + ok=1; + else +#endif + if (!X509_check_private_key(c->pkeys[i].x509,pkey)) { if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) { @@ -277,6 +270,7 @@ EVP_PKEY *pkey; } #ifndef NO_RSA +#ifndef NO_STDIO int SSL_use_RSAPrivateKey_file(ssl, file, type) SSL *ssl; char *file; @@ -286,11 +280,7 @@ int type; BIO *in; RSA *rsa=NULL; -#ifdef WIN16 - in=BIO_new(BIO_s_file_internal_w16()); -#else - in=BIO_new(BIO_s_file()); -#endif + in=BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); @@ -299,7 +289,6 @@ int type; if (BIO_read_filename(in,file) <= 0) { - SYSerr(SYS_F_FOPEN,errno); SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); goto end; } @@ -330,6 +319,7 @@ end: if (in != NULL) BIO_free(in); return(ret); } +#endif int SSL_use_RSAPrivateKey_ASN1(ssl,d,len) SSL *ssl; @@ -357,7 +347,6 @@ int SSL_use_PrivateKey(ssl, pkey) SSL *ssl; EVP_PKEY *pkey; { - CERT *c; int ret; if (pkey == NULL) @@ -365,24 +354,16 @@ EVP_PKEY *pkey; SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); return(0); } - - if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) - { - c=ssl_cert_new(); - if (c == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - if (ssl->cert != NULL) ssl_cert_free(ssl->cert); - ssl->cert=c; + if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) + { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); + return(0); } - c=ssl->cert; - - ret=ssl_set_pkey(c,pkey); + ret=ssl_set_pkey(ssl->cert,pkey); return(ret); } +#ifndef NO_STDIO int SSL_use_PrivateKey_file(ssl, file, type) SSL *ssl; char *file; @@ -392,11 +373,7 @@ int type; BIO *in; EVP_PKEY *pkey=NULL; -#ifdef WIN16 - in=BIO_new(BIO_s_file_internal_w16()); -#else - in=BIO_new(BIO_s_file()); -#endif + in=BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); @@ -405,7 +382,6 @@ int type; if (BIO_read_filename(in,file) <= 0) { - SYSerr(SYS_F_FOPEN,errno); SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); goto end; } @@ -431,6 +407,7 @@ end: if (in != NULL) BIO_free(in); return(ret); } +#endif int SSL_use_PrivateKey_ASN1(type,ssl,d,len) int type; @@ -458,27 +435,17 @@ int SSL_CTX_use_certificate(ctx, x) SSL_CTX *ctx; X509 *x; { - CERT *c; - if (x == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); return(0); } - - if (ctx->default_cert == NULL) + if (!ssl_cert_instantiate(&ctx->default_cert, NULL)) { - c=ssl_cert_new(); - if (c == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); - return(0); - } - ctx->default_cert=c; + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); + return(0); } - c=ctx->default_cert; - - return(ssl_set_cert(c,x)); + return(ssl_set_cert(ctx->default_cert,x)); } static int ssl_set_cert(c,x) @@ -491,18 +458,32 @@ X509 *x; pkey=X509_get_pubkey(x); if (pkey == NULL) { - SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_X509_LIB); + SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); return(0); } i=ssl_cert_type(x,pkey); if (i < 0) { - SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); + SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); + EVP_PKEY_free(pkey); return(0); } if (c->pkeys[i].privatekey != NULL) + { + EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); + ERR_clear_error(); + +#ifndef NO_RSA + /* Don't check the public/private key, this is mostly + * for smart cards. */ + if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && + (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & + RSA_METHOD_FLAG_NO_CHECK)) + ok=1; + else +#endif { if (!X509_check_private_key(x,c->pkeys[i].privatekey)) { @@ -527,10 +508,12 @@ X509 *x; } else ok=1; + } /* NO_RSA */ } else ok=1; + EVP_PKEY_free(pkey); if (bad) { EVP_PKEY_free(c->pkeys[i].privatekey); @@ -547,6 +530,7 @@ X509 *x; return(1); } +#ifndef NO_STDIO int SSL_CTX_use_certificate_file(ctx, file, type) SSL_CTX *ctx; char *file; @@ -557,11 +541,7 @@ int type; int ret=0; X509 *x=NULL; -#ifdef WIN16 - in=BIO_new(BIO_s_file_internal_w16()); -#else - in=BIO_new(BIO_s_file()); -#endif + in=BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); @@ -570,7 +550,6 @@ int type; if (BIO_read_filename(in,file) <= 0) { - SYSerr(SYS_F_FOPEN,errno); SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); goto end; } @@ -602,6 +581,7 @@ end: if (in != NULL) BIO_free(in); return(ret); } +#endif int SSL_CTX_use_certificate_ASN1(ctx, len, d) SSL_CTX *ctx; @@ -629,7 +609,6 @@ SSL_CTX *ctx; RSA *rsa; { int ret; - CERT *c; EVP_PKEY *pkey; if (rsa == NULL) @@ -637,18 +616,11 @@ RSA *rsa; SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if (ctx->default_cert == NULL) + if (!ssl_cert_instantiate(&ctx->default_cert, NULL)) { - c=ssl_cert_new(); - if (c == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - ctx->default_cert=c; + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); + return(0); } - c=ctx->default_cert; - if ((pkey=EVP_PKEY_new()) == NULL) { SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); @@ -658,11 +630,12 @@ RSA *rsa; CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); EVP_PKEY_assign_RSA(pkey,rsa); - ret=ssl_set_pkey(c,pkey); + ret=ssl_set_pkey(ctx->default_cert,pkey); EVP_PKEY_free(pkey); return(ret); } +#ifndef NO_STDIO int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type) SSL_CTX *ctx; char *file; @@ -672,11 +645,7 @@ int type; BIO *in; RSA *rsa=NULL; -#ifdef WIN16 - in=BIO_new(BIO_s_file_internal_w16()); -#else - in=BIO_new(BIO_s_file()); -#endif + in=BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); @@ -685,7 +654,6 @@ int type; if (BIO_read_filename(in,file) <= 0) { - SYSerr(SYS_F_FOPEN,errno); SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); goto end; } @@ -716,6 +684,7 @@ end: if (in != NULL) BIO_free(in); return(ret); } +#endif int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len) SSL_CTX *ctx; @@ -743,29 +712,20 @@ int SSL_CTX_use_PrivateKey(ctx, pkey) SSL_CTX *ctx; EVP_PKEY *pkey; { - CERT *c; - if (pkey == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); return(0); } - - if (ctx->default_cert == NULL) + if (!ssl_cert_instantiate(&ctx->default_cert, NULL)) { - c=ssl_cert_new(); - if (c == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - ctx->default_cert=c; + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); + return(0); } - c=ctx->default_cert; - - return(ssl_set_pkey(c,pkey)); + return(ssl_set_pkey(ctx->default_cert,pkey)); } +#ifndef NO_STDIO int SSL_CTX_use_PrivateKey_file(ctx, file, type) SSL_CTX *ctx; char *file; @@ -775,11 +735,7 @@ int type; BIO *in; EVP_PKEY *pkey=NULL; -#ifdef WIN16 - in=BIO_new(BIO_s_file_internal_w16()); -#else - in=BIO_new(BIO_s_file()); -#endif + in=BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); @@ -788,7 +744,6 @@ int type; if (BIO_read_filename(in,file) <= 0) { - SYSerr(SYS_F_FOPEN,errno); SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); goto end; } @@ -814,6 +769,7 @@ end: if (in != NULL) BIO_free(in); return(ret); } +#endif int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len) int type;