// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. #include "ssl_lib.h" #include "ssl_pkey.h" #include "ssl_cert.h" #include "ssl_methods.h" #include "ssl_dbg.h" #include "ssl_port.h" /* * EVP_PKEY_new - create a private key object * * @param none * * @return private key object point or NULL if failed */ EVP_PKEY* EVP_PKEY_new(void) { int ret; EVP_PKEY *pkey; pkey = ssl_zalloc(sizeof(EVP_PKEY)); if (!pkey) SSL_RET(failed1, "ssl_malloc\n"); pkey->method = EVP_PKEY_method(); ret = EVP_PKEY_METHOD_CALL(new, pkey); if (ret) SSL_RET(failed2, "EVP_PKEY_METHOD_CALL\n"); return pkey; failed2: ssl_free(pkey); failed1: return NULL; } /* * EVP_PKEY_free - free a private key object * * @param pkey - private key object point * * @return none */ void EVP_PKEY_free(EVP_PKEY *pkey) { EVP_PKEY_METHOD_CALL(free, pkey); ssl_free(pkey); } /* * d2i_PrivateKey - load a character key context into system context. If '*a' is pointed to the * private key, then load key into it. Or create a new private key object * * @param type - private key type * @param a - a point pointed to a private key point * @param pp - a point pointed to the key context memory point * @param length - key bytes * * @return private key object point or NULL if failed */ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) { int m = 0; int ret; EVP_PKEY *pkey; SSL_ASSERT(pp); SSL_ASSERT(*pp); SSL_ASSERT(length); if (a && *a) { pkey = *a; } else { pkey = EVP_PKEY_new();; if (!pkey) SSL_RET(failed1, "EVP_PKEY_new\n"); m = 1; } ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length); if (ret) SSL_RET(failed2, "EVP_PKEY_METHOD_CALL\n"); if (a) *a = pkey; return pkey; failed2: if (m) EVP_PKEY_free(pkey); failed1: return NULL; } /* * SSL_CTX_use_certificate - set the SSL context private key * * @param ctx - SSL context point * @param x - private key point * * @return * 1 : OK * 0 : failed */ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { SSL_ASSERT(ctx); SSL_ASSERT(pkey); if (ctx->cert->pkey) EVP_PKEY_free(ctx->cert->pkey); ctx->cert->pkey = pkey; return 1; } /* * SSL_CTX_use_certificate - set the SSL private key * * @param ctx - SSL point * @param x - private key point * * @return * 1 : OK * 0 : failed */ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { int ret; int ssl_ret; SSL_ASSERT(ctx); SSL_ASSERT(pkey); if (!ssl->ca_reload) ssl->ca_reload = 1; else EVP_PKEY_free(ssl->cert->pkey); ssl->cert->pkey = pkey; ssl_ret = SSL_METHOD_CALL(reload_crt, ssl); if (ssl_ret) ret = 0; else ret = 1; return ret; } /* * SSL_CTX_use_PrivateKey_ASN1 - load private key into the SSL context * * @param type - private key type * @param ctx - SSL context point * @param d - private key context point * @param len - private key context bytes * * @return * 1 : OK * 0 : failed */ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, long len) { int ret; EVP_PKEY *pkey; pkey = d2i_PrivateKey(0, &ctx->cert->pkey, &d, len); if (!pkey) SSL_RET(failed1, "d2i_PrivateKey\n"); ret = SSL_CTX_use_PrivateKey(ctx, pkey); if (!ret) SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); return 1; failed2: EVP_PKEY_free(pkey); failed1: return 0; } /* * SSL_use_PrivateKey_ASN1 - load private key into the SSL * * @param type - private key type * @param ctx - SSL context point * @param d - private key context point * @param len - private key context bytes * * @return * 1 : OK * 0 : failed */ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) { int ret; int reload; EVP_PKEY *pkey; CERT *cert; CERT *old_cert; if (!ssl->crt_reload) { cert = ssl_cert_new(); if (!cert) SSL_RET(failed1, "ssl_cert_new\n"); old_cert = ssl->cert ; ssl->cert = cert; ssl->crt_reload = 1; reload = 1; } else { reload = 0; } pkey = d2i_PrivateKey(0, &ssl->cert->pkey, &d, len); if (!pkey) SSL_RET(failed2, "d2i_PrivateKey\n"); ret = SSL_use_PrivateKey(ssl, pkey); if (!ret) SSL_RET(failed3, "SSL_use_PrivateKey\n"); return 1; failed3: EVP_PKEY_free(pkey); failed2: if (reload) { ssl->cert = old_cert; ssl_cert_free(cert); ssl->crt_reload = 0; } failed1: return 0; } /* * SSL_CTX_use_certificate_file - load the private key file into SSL context * * @param ctx - SSL context point * @param file - private key file name * @param type - private key encoding type * * @return * 1 : OK * 0 : failed */ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { return 0; } /* * SSL_use_PrivateKey_file - load the private key file into SSL * * @param ctx - SSL point * @param file - private key file name * @param type - private key encoding type * * @return * 1 : OK * 0 : failed */ int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { return 0; } /* * SSL_CTX_use_certificate_ASN1 - load the RSA ASN1 private key into SSL context * * @param ctx - SSL context point * @param d - data point * @param len - RSA private key length * * @return * 1 : OK * 0 : failed */ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) { return SSL_CTX_use_PrivateKey_ASN1(0, ctx, d, len); }