1 /* $OpenBSD: ssl_rsa.c,v 1.28 2017/02/07 02:08:38 beck Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 61 #include "ssl_locl.h" 62 63 #include <openssl/bio.h> 64 #include <openssl/evp.h> 65 #include <openssl/objects.h> 66 #include <openssl/pem.h> 67 #include <openssl/x509.h> 68 69 static int ssl_set_cert(CERT *c, X509 *x509); 70 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); 71 static int ssl_ctx_use_certificate_chain_bio(SSL_CTX *, BIO *); 72 73 int 74 SSL_use_certificate(SSL *ssl, X509 *x) 75 { 76 if (x == NULL) { 77 SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); 78 return (0); 79 } 80 if (!ssl_cert_inst(&ssl->cert)) { 81 SSLerror(ssl, ERR_R_MALLOC_FAILURE); 82 return (0); 83 } 84 return (ssl_set_cert(ssl->cert, x)); 85 } 86 87 int 88 SSL_use_certificate_file(SSL *ssl, const char *file, int type) 89 { 90 int j; 91 BIO *in; 92 int ret = 0; 93 X509 *x = NULL; 94 95 in = BIO_new(BIO_s_file_internal()); 96 if (in == NULL) { 97 SSLerror(ssl, ERR_R_BUF_LIB); 98 goto end; 99 } 100 101 if (BIO_read_filename(in, file) <= 0) { 102 SSLerror(ssl, ERR_R_SYS_LIB); 103 goto end; 104 } 105 if (type == SSL_FILETYPE_ASN1) { 106 j = ERR_R_ASN1_LIB; 107 x = d2i_X509_bio(in, NULL); 108 } else if (type == SSL_FILETYPE_PEM) { 109 j = ERR_R_PEM_LIB; 110 x = PEM_read_bio_X509(in, NULL, 111 ssl->ctx->default_passwd_callback, 112 ssl->ctx->default_passwd_callback_userdata); 113 } else { 114 SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE); 115 goto end; 116 } 117 118 if (x == NULL) { 119 SSLerror(ssl, j); 120 goto end; 121 } 122 123 ret = SSL_use_certificate(ssl, x); 124 end: 125 X509_free(x); 126 BIO_free(in); 127 return (ret); 128 } 129 130 int 131 SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) 132 { 133 X509 *x; 134 int ret; 135 136 x = d2i_X509(NULL, &d,(long)len); 137 if (x == NULL) { 138 SSLerror(ssl, ERR_R_ASN1_LIB); 139 return (0); 140 } 141 142 ret = SSL_use_certificate(ssl, x); 143 X509_free(x); 144 return (ret); 145 } 146 147 int 148 SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) 149 { 150 EVP_PKEY *pkey; 151 int ret; 152 153 if (rsa == NULL) { 154 SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); 155 return (0); 156 } 157 if (!ssl_cert_inst(&ssl->cert)) { 158 SSLerror(ssl, ERR_R_MALLOC_FAILURE); 159 return (0); 160 } 161 if ((pkey = EVP_PKEY_new()) == NULL) { 162 SSLerror(ssl, ERR_R_EVP_LIB); 163 return (0); 164 } 165 166 RSA_up_ref(rsa); 167 EVP_PKEY_assign_RSA(pkey, rsa); 168 169 ret = ssl_set_pkey(ssl->cert, pkey); 170 EVP_PKEY_free(pkey); 171 return (ret); 172 } 173 174 static int 175 ssl_set_pkey(CERT *c, EVP_PKEY *pkey) 176 { 177 int i; 178 179 i = ssl_cert_type(NULL, pkey); 180 if (i < 0) { 181 SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); 182 return (0); 183 } 184 185 if (c->pkeys[i].x509 != NULL) { 186 EVP_PKEY *pktmp; 187 pktmp = X509_get_pubkey(c->pkeys[i].x509); 188 EVP_PKEY_copy_parameters(pktmp, pkey); 189 EVP_PKEY_free(pktmp); 190 ERR_clear_error(); 191 192 /* 193 * Don't check the public/private key, this is mostly 194 * for smart cards. 195 */ 196 if ((pkey->type == EVP_PKEY_RSA) && 197 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) 198 ; 199 else 200 if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { 201 X509_free(c->pkeys[i].x509); 202 c->pkeys[i].x509 = NULL; 203 return 0; 204 } 205 } 206 207 EVP_PKEY_free(c->pkeys[i].privatekey); 208 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); 209 c->pkeys[i].privatekey = pkey; 210 c->key = &(c->pkeys[i]); 211 212 c->valid = 0; 213 return (1); 214 } 215 216 int 217 SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) 218 { 219 int j, ret = 0; 220 BIO *in; 221 RSA *rsa = NULL; 222 223 in = BIO_new(BIO_s_file_internal()); 224 if (in == NULL) { 225 SSLerror(ssl, ERR_R_BUF_LIB); 226 goto end; 227 } 228 229 if (BIO_read_filename(in, file) <= 0) { 230 SSLerror(ssl, ERR_R_SYS_LIB); 231 goto end; 232 } 233 if (type == SSL_FILETYPE_ASN1) { 234 j = ERR_R_ASN1_LIB; 235 rsa = d2i_RSAPrivateKey_bio(in, NULL); 236 } else if (type == SSL_FILETYPE_PEM) { 237 j = ERR_R_PEM_LIB; 238 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 239 ssl->ctx->default_passwd_callback, 240 ssl->ctx->default_passwd_callback_userdata); 241 } else { 242 SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE); 243 goto end; 244 } 245 if (rsa == NULL) { 246 SSLerror(ssl, j); 247 goto end; 248 } 249 ret = SSL_use_RSAPrivateKey(ssl, rsa); 250 RSA_free(rsa); 251 end: 252 BIO_free(in); 253 return (ret); 254 } 255 256 int 257 SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) 258 { 259 int ret; 260 const unsigned char *p; 261 RSA *rsa; 262 263 p = d; 264 if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { 265 SSLerror(ssl, ERR_R_ASN1_LIB); 266 return (0); 267 } 268 269 ret = SSL_use_RSAPrivateKey(ssl, rsa); 270 RSA_free(rsa); 271 return (ret); 272 } 273 274 int 275 SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) 276 { 277 int ret; 278 279 if (pkey == NULL) { 280 SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); 281 return (0); 282 } 283 if (!ssl_cert_inst(&ssl->cert)) { 284 SSLerror(ssl, ERR_R_MALLOC_FAILURE); 285 return (0); 286 } 287 ret = ssl_set_pkey(ssl->cert, pkey); 288 return (ret); 289 } 290 291 int 292 SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) 293 { 294 int j, ret = 0; 295 BIO *in; 296 EVP_PKEY *pkey = NULL; 297 298 in = BIO_new(BIO_s_file_internal()); 299 if (in == NULL) { 300 SSLerror(ssl, ERR_R_BUF_LIB); 301 goto end; 302 } 303 304 if (BIO_read_filename(in, file) <= 0) { 305 SSLerror(ssl, ERR_R_SYS_LIB); 306 goto end; 307 } 308 if (type == SSL_FILETYPE_PEM) { 309 j = ERR_R_PEM_LIB; 310 pkey = PEM_read_bio_PrivateKey(in, NULL, 311 ssl->ctx->default_passwd_callback, 312 ssl->ctx->default_passwd_callback_userdata); 313 } else if (type == SSL_FILETYPE_ASN1) { 314 j = ERR_R_ASN1_LIB; 315 pkey = d2i_PrivateKey_bio(in, NULL); 316 } else { 317 SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE); 318 goto end; 319 } 320 if (pkey == NULL) { 321 SSLerror(ssl, j); 322 goto end; 323 } 324 ret = SSL_use_PrivateKey(ssl, pkey); 325 EVP_PKEY_free(pkey); 326 end: 327 BIO_free(in); 328 return (ret); 329 } 330 331 int 332 SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) 333 { 334 int ret; 335 const unsigned char *p; 336 EVP_PKEY *pkey; 337 338 p = d; 339 if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { 340 SSLerror(ssl, ERR_R_ASN1_LIB); 341 return (0); 342 } 343 344 ret = SSL_use_PrivateKey(ssl, pkey); 345 EVP_PKEY_free(pkey); 346 return (ret); 347 } 348 349 int 350 SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) 351 { 352 if (x == NULL) { 353 SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); 354 return (0); 355 } 356 if (!ssl_cert_inst(&ctx->internal->cert)) { 357 SSLerrorx(ERR_R_MALLOC_FAILURE); 358 return (0); 359 } 360 return (ssl_set_cert(ctx->internal->cert, x)); 361 } 362 363 static int 364 ssl_set_cert(CERT *c, X509 *x) 365 { 366 EVP_PKEY *pkey; 367 int i; 368 369 pkey = X509_get_pubkey(x); 370 if (pkey == NULL) { 371 SSLerrorx(SSL_R_X509_LIB); 372 return (0); 373 } 374 375 i = ssl_cert_type(x, pkey); 376 if (i < 0) { 377 SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); 378 EVP_PKEY_free(pkey); 379 return (0); 380 } 381 382 if (c->pkeys[i].privatekey != NULL) { 383 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); 384 ERR_clear_error(); 385 386 /* 387 * Don't check the public/private key, this is mostly 388 * for smart cards. 389 */ 390 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && 391 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & 392 RSA_METHOD_FLAG_NO_CHECK)) 393 ; 394 else 395 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { 396 /* 397 * don't fail for a cert/key mismatch, just free 398 * current private key (when switching to a different 399 * cert & key, first this function should be used, 400 * then ssl_set_pkey 401 */ 402 EVP_PKEY_free(c->pkeys[i].privatekey); 403 c->pkeys[i].privatekey = NULL; 404 /* clear error queue */ 405 ERR_clear_error(); 406 } 407 } 408 409 EVP_PKEY_free(pkey); 410 411 X509_free(c->pkeys[i].x509); 412 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 413 c->pkeys[i].x509 = x; 414 c->key = &(c->pkeys[i]); 415 416 c->valid = 0; 417 return (1); 418 } 419 420 int 421 SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) 422 { 423 int j; 424 BIO *in; 425 int ret = 0; 426 X509 *x = NULL; 427 428 in = BIO_new(BIO_s_file_internal()); 429 if (in == NULL) { 430 SSLerrorx(ERR_R_BUF_LIB); 431 goto end; 432 } 433 434 if (BIO_read_filename(in, file) <= 0) { 435 SSLerrorx(ERR_R_SYS_LIB); 436 goto end; 437 } 438 if (type == SSL_FILETYPE_ASN1) { 439 j = ERR_R_ASN1_LIB; 440 x = d2i_X509_bio(in, NULL); 441 } else if (type == SSL_FILETYPE_PEM) { 442 j = ERR_R_PEM_LIB; 443 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, 444 ctx->default_passwd_callback_userdata); 445 } else { 446 SSLerrorx(SSL_R_BAD_SSL_FILETYPE); 447 goto end; 448 } 449 450 if (x == NULL) { 451 SSLerrorx(j); 452 goto end; 453 } 454 455 ret = SSL_CTX_use_certificate(ctx, x); 456 end: 457 X509_free(x); 458 BIO_free(in); 459 return (ret); 460 } 461 462 int 463 SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) 464 { 465 X509 *x; 466 int ret; 467 468 x = d2i_X509(NULL, &d,(long)len); 469 if (x == NULL) { 470 SSLerrorx(ERR_R_ASN1_LIB); 471 return (0); 472 } 473 474 ret = SSL_CTX_use_certificate(ctx, x); 475 X509_free(x); 476 return (ret); 477 } 478 479 int 480 SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) 481 { 482 int ret; 483 EVP_PKEY *pkey; 484 485 if (rsa == NULL) { 486 SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); 487 return (0); 488 } 489 if (!ssl_cert_inst(&ctx->internal->cert)) { 490 SSLerrorx(ERR_R_MALLOC_FAILURE); 491 return (0); 492 } 493 if ((pkey = EVP_PKEY_new()) == NULL) { 494 SSLerrorx(ERR_R_EVP_LIB); 495 return (0); 496 } 497 498 RSA_up_ref(rsa); 499 EVP_PKEY_assign_RSA(pkey, rsa); 500 501 ret = ssl_set_pkey(ctx->internal->cert, pkey); 502 EVP_PKEY_free(pkey); 503 return (ret); 504 } 505 506 int 507 SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) 508 { 509 int j, ret = 0; 510 BIO *in; 511 RSA *rsa = NULL; 512 513 in = BIO_new(BIO_s_file_internal()); 514 if (in == NULL) { 515 SSLerrorx(ERR_R_BUF_LIB); 516 goto end; 517 } 518 519 if (BIO_read_filename(in, file) <= 0) { 520 SSLerrorx(ERR_R_SYS_LIB); 521 goto end; 522 } 523 if (type == SSL_FILETYPE_ASN1) { 524 j = ERR_R_ASN1_LIB; 525 rsa = d2i_RSAPrivateKey_bio(in, NULL); 526 } else if (type == SSL_FILETYPE_PEM) { 527 j = ERR_R_PEM_LIB; 528 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 529 ctx->default_passwd_callback, 530 ctx->default_passwd_callback_userdata); 531 } else { 532 SSLerrorx(SSL_R_BAD_SSL_FILETYPE); 533 goto end; 534 } 535 if (rsa == NULL) { 536 SSLerrorx(j); 537 goto end; 538 } 539 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); 540 RSA_free(rsa); 541 end: 542 BIO_free(in); 543 return (ret); 544 } 545 546 int 547 SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) 548 { 549 int ret; 550 const unsigned char *p; 551 RSA *rsa; 552 553 p = d; 554 if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { 555 SSLerrorx(ERR_R_ASN1_LIB); 556 return (0); 557 } 558 559 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); 560 RSA_free(rsa); 561 return (ret); 562 } 563 564 int 565 SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 566 { 567 if (pkey == NULL) { 568 SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); 569 return (0); 570 } 571 if (!ssl_cert_inst(&ctx->internal->cert)) { 572 SSLerrorx(ERR_R_MALLOC_FAILURE); 573 return (0); 574 } 575 return (ssl_set_pkey(ctx->internal->cert, pkey)); 576 } 577 578 int 579 SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) 580 { 581 int j, ret = 0; 582 BIO *in; 583 EVP_PKEY *pkey = NULL; 584 585 in = BIO_new(BIO_s_file_internal()); 586 if (in == NULL) { 587 SSLerrorx(ERR_R_BUF_LIB); 588 goto end; 589 } 590 591 if (BIO_read_filename(in, file) <= 0) { 592 SSLerrorx(ERR_R_SYS_LIB); 593 goto end; 594 } 595 if (type == SSL_FILETYPE_PEM) { 596 j = ERR_R_PEM_LIB; 597 pkey = PEM_read_bio_PrivateKey(in, NULL, 598 ctx->default_passwd_callback, 599 ctx->default_passwd_callback_userdata); 600 } else if (type == SSL_FILETYPE_ASN1) { 601 j = ERR_R_ASN1_LIB; 602 pkey = d2i_PrivateKey_bio(in, NULL); 603 } else { 604 SSLerrorx(SSL_R_BAD_SSL_FILETYPE); 605 goto end; 606 } 607 if (pkey == NULL) { 608 SSLerrorx(j); 609 goto end; 610 } 611 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 612 EVP_PKEY_free(pkey); 613 end: 614 BIO_free(in); 615 return (ret); 616 } 617 618 int 619 SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, 620 long len) 621 { 622 int ret; 623 const unsigned char *p; 624 EVP_PKEY *pkey; 625 626 p = d; 627 if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { 628 SSLerrorx(ERR_R_ASN1_LIB); 629 return (0); 630 } 631 632 ret = SSL_CTX_use_PrivateKey(ctx, pkey); 633 EVP_PKEY_free(pkey); 634 return (ret); 635 } 636 637 638 /* 639 * Read a bio that contains our certificate in "PEM" format, 640 * possibly followed by a sequence of CA certificates that should be 641 * sent to the peer in the Certificate message. 642 */ 643 static int 644 ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) 645 { 646 int ret = 0; 647 X509 *x = NULL; 648 649 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ 650 651 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, 652 ctx->default_passwd_callback_userdata); 653 if (x == NULL) { 654 SSLerrorx(ERR_R_PEM_LIB); 655 goto end; 656 } 657 658 ret = SSL_CTX_use_certificate(ctx, x); 659 660 if (ERR_peek_error() != 0) 661 ret = 0; 662 /* Key/certificate mismatch doesn't imply ret==0 ... */ 663 if (ret) { 664 /* 665 * If we could set up our certificate, now proceed to 666 * the CA certificates. 667 */ 668 X509 *ca; 669 int r; 670 unsigned long err; 671 672 sk_X509_pop_free(ctx->extra_certs, X509_free); 673 ctx->extra_certs = NULL; 674 675 while ((ca = PEM_read_bio_X509(in, NULL, 676 ctx->default_passwd_callback, 677 ctx->default_passwd_callback_userdata)) != NULL) { 678 r = SSL_CTX_add_extra_chain_cert(ctx, ca); 679 if (!r) { 680 X509_free(ca); 681 ret = 0; 682 goto end; 683 } 684 /* 685 * Note that we must not free r if it was successfully 686 * added to the chain (while we must free the main 687 * certificate, since its reference count is increased 688 * by SSL_CTX_use_certificate). 689 */ 690 } 691 692 /* When the while loop ends, it's usually just EOF. */ 693 err = ERR_peek_last_error(); 694 if (ERR_GET_LIB(err) == ERR_LIB_PEM && 695 ERR_GET_REASON(err) == PEM_R_NO_START_LINE) 696 ERR_clear_error(); 697 else 698 ret = 0; /* some real error */ 699 } 700 701 end: 702 X509_free(x); 703 return (ret); 704 } 705 706 int 707 SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) 708 { 709 BIO *in; 710 int ret = 0; 711 712 in = BIO_new(BIO_s_file_internal()); 713 if (in == NULL) { 714 SSLerrorx(ERR_R_BUF_LIB); 715 goto end; 716 } 717 718 if (BIO_read_filename(in, file) <= 0) { 719 SSLerrorx(ERR_R_SYS_LIB); 720 goto end; 721 } 722 723 ret = ssl_ctx_use_certificate_chain_bio(ctx, in); 724 725 end: 726 BIO_free(in); 727 return (ret); 728 } 729 730 int 731 SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) 732 { 733 BIO *in; 734 int ret = 0; 735 736 in = BIO_new_mem_buf(buf, len); 737 if (in == NULL) { 738 SSLerrorx(ERR_R_BUF_LIB); 739 goto end; 740 } 741 742 ret = ssl_ctx_use_certificate_chain_bio(ctx, in); 743 744 end: 745 BIO_free(in); 746 return (ret); 747 } 748