diff options
| author | David Benjamin <davidben@chromium.org> | 2015-09-04 22:05:05 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2015-09-09 02:34:40 +0300 |
| commit | 443a1f65e2267f6a064cc672f934f48a9b0372d3 (patch) | |
| tree | 60da1e865c4766d7788dad5d568c010d9ec8823a /ssl/ssl_rsa.c | |
| parent | 06fa67c8d3b2e68df45b34b315dd26193f45645a (diff) | |
Toss file-related convenience bits of ssl/ into a corner.
Quite a lot of consumers of the SSL stack will never need to touch files from
the SSL stack, but enough do that we can't just ditch them. Toss that all into
their own file so a static linker can drop it.
Change-Id: Ia07de939889eb09e3ab16aebcc1b6869ca8b75a0
Reviewed-on: https://boringssl-review.googlesource.com/5820
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/ssl_rsa.c')
| -rw-r--r-- | ssl/ssl_rsa.c | 326 |
1 files changed, 2 insertions, 324 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index da69f8bf..fb6fdf60 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -54,18 +54,16 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include <stdio.h> +#include <openssl/ssl.h> -#include <openssl/bio.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/mem.h> -#include <openssl/obj.h> -#include <openssl/pem.h> #include <openssl/x509.h> #include "internal.h" + static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); @@ -81,49 +79,6 @@ int SSL_use_certificate(SSL *ssl, X509 *x) { return ssl_set_cert(ssl->cert, x); } -int SSL_use_certificate_file(SSL *ssl, const char *file, int type) { - int reason_code; - BIO *in; - int ret = 0; - X509 *x = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB); - goto end; - } - - if (type == SSL_FILETYPE_ASN1) { - reason_code = ERR_R_ASN1_LIB; - x = d2i_X509_bio(in, NULL); - } else if (type == SSL_FILETYPE_PEM) { - reason_code = ERR_R_PEM_LIB; - x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, - ssl->ctx->default_passwd_callback_userdata); - } else { - OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - - if (x == NULL) { - OPENSSL_PUT_ERROR(SSL, reason_code); - goto end; - } - - ret = SSL_use_certificate(ssl, x); - -end: - X509_free(x); - BIO_free(in); - - return ret; -} - int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *d, int len) { X509 *x; int ret; @@ -186,47 +141,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { return 1; } -int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) { - int reason_code, ret = 0; - BIO *in; - RSA *rsa = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB); - goto end; - } - - if (type == SSL_FILETYPE_ASN1) { - reason_code = ERR_R_ASN1_LIB; - rsa = d2i_RSAPrivateKey_bio(in, NULL); - } else if (type == SSL_FILETYPE_PEM) { - reason_code = ERR_R_PEM_LIB; - rsa = - PEM_read_bio_RSAPrivateKey(in, NULL, ssl->ctx->default_passwd_callback, - ssl->ctx->default_passwd_callback_userdata); - } else { - OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - - if (rsa == NULL) { - OPENSSL_PUT_ERROR(SSL, reason_code); - goto end; - } - ret = SSL_use_RSAPrivateKey(ssl, rsa); - RSA_free(rsa); - -end: - BIO_free(in); - return ret; -} - int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const uint8_t *der, size_t der_len) { RSA *rsa = RSA_private_key_from_bytes(der, der_len); if (rsa == NULL) { @@ -251,46 +165,6 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { return ret; } -int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) { - int reason_code, ret = 0; - BIO *in; - EVP_PKEY *pkey = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB); - goto end; - } - - if (type == SSL_FILETYPE_PEM) { - reason_code = ERR_R_PEM_LIB; - pkey = PEM_read_bio_PrivateKey(in, NULL, ssl->ctx->default_passwd_callback, - ssl->ctx->default_passwd_callback_userdata); - } else if (type == SSL_FILETYPE_ASN1) { - reason_code = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in, NULL); - } else { - OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - - if (pkey == NULL) { - OPENSSL_PUT_ERROR(SSL, reason_code); - goto end; - } - ret = SSL_use_PrivateKey(ssl, pkey); - EVP_PKEY_free(pkey); - -end: - BIO_free(in); - return ret; -} - int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const uint8_t *d, long len) { int ret; const uint8_t *p; @@ -353,48 +227,6 @@ static int ssl_set_cert(CERT *c, X509 *x) { return 1; } -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) { - int reason_code; - BIO *in; - int ret = 0; - X509 *x = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB); - goto end; - } - - if (type == SSL_FILETYPE_ASN1) { - reason_code = ERR_R_ASN1_LIB; - x = d2i_X509_bio(in, NULL); - } else if (type == SSL_FILETYPE_PEM) { - reason_code = ERR_R_PEM_LIB; - x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - } else { - OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - - if (x == NULL) { - OPENSSL_PUT_ERROR(SSL, reason_code); - goto end; - } - - ret = SSL_CTX_use_certificate(ctx, x); - -end: - X509_free(x); - BIO_free(in); - return ret; -} - int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const uint8_t *d) { X509 *x; int ret; @@ -433,46 +265,6 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) { return ret; } -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) { - int reason_code, ret = 0; - BIO *in; - RSA *rsa = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB); - goto end; - } - - if (type == SSL_FILETYPE_ASN1) { - reason_code = ERR_R_ASN1_LIB; - rsa = d2i_RSAPrivateKey_bio(in, NULL); - } else if (type == SSL_FILETYPE_PEM) { - reason_code = ERR_R_PEM_LIB; - rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - } else { - OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - - if (rsa == NULL) { - OPENSSL_PUT_ERROR(SSL, reason_code); - goto end; - } - ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); - RSA_free(rsa); - -end: - BIO_free(in); - return ret; -} - int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const uint8_t *der, size_t der_len) { RSA *rsa = RSA_private_key_from_bytes(der, der_len); @@ -495,46 +287,6 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { return ssl_set_pkey(ctx->cert, pkey); } -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { - int reason_code, ret = 0; - BIO *in; - EVP_PKEY *pkey = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB); - goto end; - } - - if (type == SSL_FILETYPE_PEM) { - reason_code = ERR_R_PEM_LIB; - pkey = PEM_read_bio_PrivateKey(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - } else if (type == SSL_FILETYPE_ASN1) { - reason_code = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in, NULL); - } else { - OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - - if (pkey == NULL) { - OPENSSL_PUT_ERROR(SSL, reason_code); - goto end; - } - ret = SSL_CTX_use_PrivateKey(ctx, pkey); - EVP_PKEY_free(pkey); - -end: - BIO_free(in); - return ret; -} - int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const uint8_t *d, long len) { int ret; @@ -553,80 +305,6 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const uint8_t *d, return ret; } - -/* Read a file that contains our certificate in "PEM" format, possibly followed - * by a sequence of CA certificates that should be sent to the peer in the - * Certificate message. */ -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) { - BIO *in; - int ret = 0; - X509 *x = NULL; - - ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB); - goto end; - } - - x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - if (x == NULL) { - OPENSSL_PUT_ERROR(SSL, ERR_R_PEM_LIB); - goto end; - } - - ret = SSL_CTX_use_certificate(ctx, x); - - if (ERR_peek_error() != 0) { - ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ - } - - if (ret) { - /* If we could set up our certificate, now proceed to the CA - * certificates. */ - X509 *ca; - int r; - uint32_t err; - - SSL_CTX_clear_chain_certs(ctx); - - while ((ca = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) != - NULL) { - r = SSL_CTX_add0_chain_cert(ctx, ca); - if (!r) { - X509_free(ca); - ret = 0; - goto end; - } - /* Note that we must not free r if it was successfully added to the chain - * (while we must free the main certificate, since its reference count is - * increased by SSL_CTX_use_certificate). */ - } - - /* When the while loop ends, it's usually just EOF. */ - err = ERR_peek_last_error(); - if (ERR_GET_LIB(err) == ERR_LIB_PEM && - ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { - ERR_clear_error(); - } else { - ret = 0; /* some real error */ - } - } - -end: - X509_free(x); - BIO_free(in); - return ret; -} - void SSL_set_private_key_method(SSL *ssl, const SSL_PRIVATE_KEY_METHOD *key_method) { ssl->cert->key_method = key_method; |