2016-09-21 22:28:08 -04:00
|
|
|
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2016-09-20 04:58:46 -04:00
|
|
|
#include "ssl_pkey.h"
|
2016-09-21 22:28:08 -04:00
|
|
|
#include "ssl_methods.h"
|
2016-09-20 04:58:46 -04:00
|
|
|
#include "ssl_dbg.h"
|
2016-09-21 22:28:08 -04:00
|
|
|
#include "ssl_port.h"
|
2020-06-05 08:20:04 -04:00
|
|
|
#include "openssl/bio.h"
|
2016-09-21 22:28:08 -04:00
|
|
|
|
2016-09-23 02:50:27 -04:00
|
|
|
/**
|
2016-09-25 23:14:19 -04:00
|
|
|
* @brief create a private key object according to input private key
|
2016-09-21 22:28:08 -04:00
|
|
|
*/
|
2016-09-25 23:14:19 -04:00
|
|
|
EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
|
2016-09-21 22:28:08 -04:00
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
EVP_PKEY *pkey;
|
|
|
|
|
2016-11-01 01:07:10 -04:00
|
|
|
pkey = ssl_mem_zalloc(sizeof(EVP_PKEY));
|
2017-01-10 07:49:24 -05:00
|
|
|
if (!pkey) {
|
|
|
|
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)");
|
|
|
|
goto no_mem;
|
|
|
|
}
|
2016-09-21 22:28:08 -04:00
|
|
|
|
2020-06-05 08:20:04 -04:00
|
|
|
pkey->ref_counter = 1;
|
|
|
|
|
2016-09-25 23:14:19 -04:00
|
|
|
if (ipk) {
|
|
|
|
pkey->method = ipk->method;
|
|
|
|
} else {
|
|
|
|
pkey->method = EVP_PKEY_method();
|
|
|
|
}
|
2016-09-21 22:28:08 -04:00
|
|
|
|
2016-09-25 23:14:19 -04:00
|
|
|
ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk);
|
2017-01-10 07:49:24 -05:00
|
|
|
if (ret) {
|
|
|
|
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret);
|
|
|
|
goto failed;
|
|
|
|
}
|
2016-09-21 22:28:08 -04:00
|
|
|
|
|
|
|
return pkey;
|
|
|
|
|
2017-01-10 07:49:24 -05:00
|
|
|
failed:
|
2016-11-01 01:07:10 -04:00
|
|
|
ssl_mem_free(pkey);
|
2017-01-10 07:49:24 -05:00
|
|
|
no_mem:
|
2016-09-21 22:28:08 -04:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2016-09-25 23:14:19 -04:00
|
|
|
/**
|
|
|
|
* @brief create a private key object
|
|
|
|
*/
|
|
|
|
EVP_PKEY* EVP_PKEY_new(void)
|
|
|
|
{
|
|
|
|
return __EVP_PKEY_new(NULL);
|
|
|
|
}
|
|
|
|
|
2016-09-23 02:50:27 -04:00
|
|
|
/**
|
|
|
|
* @brief free a private key object
|
2016-09-21 22:28:08 -04:00
|
|
|
*/
|
|
|
|
void EVP_PKEY_free(EVP_PKEY *pkey)
|
|
|
|
{
|
2017-01-10 07:49:24 -05:00
|
|
|
SSL_ASSERT3(pkey);
|
|
|
|
|
2020-06-05 08:20:04 -04:00
|
|
|
if (--pkey->ref_counter > 0) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2016-09-21 22:28:08 -04:00
|
|
|
EVP_PKEY_METHOD_CALL(free, pkey);
|
2016-09-20 04:58:46 -04:00
|
|
|
|
2016-11-01 01:07:10 -04:00
|
|
|
ssl_mem_free(pkey);
|
2016-09-21 22:28:08 -04:00
|
|
|
}
|
|
|
|
|
2016-09-23 02:50:27 -04:00
|
|
|
/**
|
|
|
|
* @brief load a character key context into system context. If '*a' is pointed to the
|
|
|
|
* private key, then load key into it. Or create a new private key object
|
2016-09-21 22:28:08 -04:00
|
|
|
*/
|
2016-09-20 04:58:46 -04:00
|
|
|
EVP_PKEY *d2i_PrivateKey(int type,
|
|
|
|
EVP_PKEY **a,
|
|
|
|
const unsigned char **pp,
|
|
|
|
long length)
|
|
|
|
{
|
2016-09-22 02:42:49 -04:00
|
|
|
int m = 0;
|
2016-09-20 04:58:46 -04:00
|
|
|
int ret;
|
2016-09-21 22:28:08 -04:00
|
|
|
EVP_PKEY *pkey;
|
2016-09-20 04:58:46 -04:00
|
|
|
|
2017-01-10 07:49:24 -05:00
|
|
|
SSL_ASSERT2(pp);
|
|
|
|
SSL_ASSERT2(*pp);
|
|
|
|
SSL_ASSERT2(length);
|
2016-09-20 04:58:46 -04:00
|
|
|
|
2016-09-21 22:28:08 -04:00
|
|
|
if (a && *a) {
|
|
|
|
pkey = *a;
|
|
|
|
} else {
|
|
|
|
pkey = EVP_PKEY_new();;
|
2017-01-10 07:49:24 -05:00
|
|
|
if (!pkey) {
|
|
|
|
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
|
|
|
|
goto failed1;
|
|
|
|
}
|
|
|
|
|
2016-09-22 02:42:49 -04:00
|
|
|
m = 1;
|
2016-09-21 22:28:08 -04:00
|
|
|
}
|
2016-09-20 04:58:46 -04:00
|
|
|
|
2016-09-21 22:28:08 -04:00
|
|
|
ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length);
|
2017-01-10 07:49:24 -05:00
|
|
|
if (ret) {
|
|
|
|
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
|
|
|
|
goto failed2;
|
|
|
|
}
|
2016-09-20 04:58:46 -04:00
|
|
|
|
|
|
|
if (a)
|
|
|
|
*a = pkey;
|
|
|
|
|
|
|
|
return pkey;
|
|
|
|
|
|
|
|
failed2:
|
2016-09-22 02:42:49 -04:00
|
|
|
if (m)
|
|
|
|
EVP_PKEY_free(pkey);
|
2016-09-20 04:58:46 -04:00
|
|
|
failed1:
|
|
|
|
return NULL;
|
|
|
|
}
|
2016-09-21 23:43:59 -04:00
|
|
|
|
2020-06-05 08:20:04 -04:00
|
|
|
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
|
|
|
|
{
|
|
|
|
return d2i_PrivateKey(0, a, (const unsigned char **)&bp->data, bp->dlen);
|
|
|
|
}
|
|
|
|
|
|
|
|
RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **a)
|
|
|
|
{
|
|
|
|
return d2i_PrivateKey_bio(bp, (EVP_PKEY**)a);
|
|
|
|
}
|
|
|
|
|
|
|
|
RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, pem_password_cb *cb, void *u)
|
|
|
|
{
|
|
|
|
return PEM_read_bio_PrivateKey(bp, (EVP_PKEY**)x, cb, u);
|
|
|
|
}
|
|
|
|
|
|
|
|
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **pk, pem_password_cb *cb, void *u)
|
|
|
|
{
|
|
|
|
|
|
|
|
int m = 0;
|
|
|
|
int ret;
|
|
|
|
EVP_PKEY *x;
|
|
|
|
|
|
|
|
SSL_ASSERT2(BIO_method_type(bp) & BIO_TYPE_MEM);
|
|
|
|
if (bp->data == NULL || bp->dlen == 0) {
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
if (pk && *pk) {
|
|
|
|
x = *pk;
|
|
|
|
} else {
|
|
|
|
x = EVP_PKEY_new();
|
|
|
|
if (!x) {
|
|
|
|
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
|
|
|
|
goto failed;
|
|
|
|
}
|
|
|
|
m = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = EVP_PKEY_METHOD_CALL(load, x, bp->data, bp->dlen);
|
|
|
|
if (ret) {
|
|
|
|
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
|
|
|
|
goto failed;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If buffer successfully created a EVP_PKEY from the bio, mark the buffer as consumed
|
|
|
|
bp->data = NULL;
|
|
|
|
bp->dlen = 0;
|
|
|
|
return x;
|
|
|
|
|
|
|
|
failed:
|
|
|
|
if (m) {
|
|
|
|
EVP_PKEY_free(x);
|
|
|
|
}
|
|
|
|
|
|
|
|
return NULL;}
|
2016-09-23 02:50:27 -04:00
|
|
|
/**
|
|
|
|
* @brief set the SSL context private key
|
2016-09-21 23:43:59 -04:00
|
|
|
*/
|
|
|
|
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
|
|
|
|
{
|
2017-01-10 07:49:24 -05:00
|
|
|
SSL_ASSERT1(ctx);
|
|
|
|
SSL_ASSERT1(pkey);
|
2016-09-21 23:43:59 -04:00
|
|
|
|
2016-09-25 23:14:19 -04:00
|
|
|
if (ctx->cert->pkey == pkey)
|
|
|
|
return 1;
|
|
|
|
|
2016-09-22 22:53:18 -04:00
|
|
|
if (ctx->cert->pkey)
|
|
|
|
EVP_PKEY_free(ctx->cert->pkey);
|
|
|
|
|
2020-06-05 08:20:04 -04:00
|
|
|
pkey->ref_counter++;
|
2016-09-21 23:43:59 -04:00
|
|
|
ctx->cert->pkey = pkey;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2016-09-23 02:50:27 -04:00
|
|
|
/**
|
|
|
|
* @brief set the SSL private key
|
2016-09-22 03:56:56 -04:00
|
|
|
*/
|
|
|
|
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
|
|
|
|
{
|
2017-01-10 07:49:24 -05:00
|
|
|
SSL_ASSERT1(ssl);
|
|
|
|
SSL_ASSERT1(pkey);
|
2016-09-22 03:56:56 -04:00
|
|
|
|
2016-09-25 23:14:19 -04:00
|
|
|
if (ssl->cert->pkey == pkey)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
if (ssl->cert->pkey)
|
2016-09-22 22:53:18 -04:00
|
|
|
EVP_PKEY_free(ssl->cert->pkey);
|
|
|
|
|
2016-09-22 03:56:56 -04:00
|
|
|
ssl->cert->pkey = pkey;
|
|
|
|
|
2016-09-22 23:41:57 -04:00
|
|
|
return 1;
|
2016-09-22 03:56:56 -04:00
|
|
|
}
|
|
|
|
|
2016-09-23 02:50:27 -04:00
|
|
|
/**
|
|
|
|
* @brief load private key into the SSL context
|
2016-09-21 23:43:59 -04:00
|
|
|
*/
|
|
|
|
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
|
|
|
|
const unsigned char *d, long len)
|
|
|
|
{
|
|
|
|
int ret;
|
2016-09-25 23:14:19 -04:00
|
|
|
EVP_PKEY *pk;
|
2016-09-21 23:43:59 -04:00
|
|
|
|
2016-09-25 23:14:19 -04:00
|
|
|
pk = d2i_PrivateKey(0, NULL, &d, len);
|
2017-01-10 07:49:24 -05:00
|
|
|
if (!pk) {
|
|
|
|
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
|
|
|
|
goto failed1;
|
|
|
|
}
|
2016-09-21 23:43:59 -04:00
|
|
|
|
2016-09-25 23:14:19 -04:00
|
|
|
ret = SSL_CTX_use_PrivateKey(ctx, pk);
|
2017-01-10 07:49:24 -05:00
|
|
|
if (!ret) {
|
|
|
|
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret);
|
|
|
|
goto failed2;
|
|
|
|
}
|
2016-09-21 23:43:59 -04:00
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
failed2:
|
2016-09-25 23:14:19 -04:00
|
|
|
EVP_PKEY_free(pk);
|
2016-09-21 23:43:59 -04:00
|
|
|
failed1:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-09-23 02:50:27 -04:00
|
|
|
/**
|
|
|
|
* @brief load private key into the SSL
|
2016-09-22 03:56:56 -04:00
|
|
|
*/
|
|
|
|
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
|
|
|
|
const unsigned char *d, long len)
|
|
|
|
{
|
|
|
|
int ret;
|
2016-09-25 23:14:19 -04:00
|
|
|
EVP_PKEY *pk;
|
2016-09-22 22:33:31 -04:00
|
|
|
|
2016-09-25 23:14:19 -04:00
|
|
|
pk = d2i_PrivateKey(0, NULL, &d, len);
|
2017-01-10 07:49:24 -05:00
|
|
|
if (!pk) {
|
|
|
|
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
|
|
|
|
goto failed1;
|
|
|
|
}
|
2016-09-22 03:56:56 -04:00
|
|
|
|
2016-09-25 23:14:19 -04:00
|
|
|
ret = SSL_use_PrivateKey(ssl, pk);
|
2017-01-10 07:49:24 -05:00
|
|
|
if (!ret) {
|
|
|
|
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret);
|
|
|
|
goto failed2;
|
|
|
|
}
|
2016-09-22 04:41:51 -04:00
|
|
|
|
2016-09-22 03:56:56 -04:00
|
|
|
return 1;
|
|
|
|
|
2016-09-22 22:33:31 -04:00
|
|
|
failed2:
|
2016-09-25 23:14:19 -04:00
|
|
|
EVP_PKEY_free(pk);
|
2016-09-22 03:56:56 -04:00
|
|
|
failed1:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-06-05 10:17:01 -04:00
|
|
|
#define ESP_OPENSSL_FILES_IS_SUPPORTED 0
|
2016-09-23 02:50:27 -04:00
|
|
|
/**
|
|
|
|
* @brief load the private key file into SSL context
|
2016-09-22 03:39:28 -04:00
|
|
|
*/
|
|
|
|
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
|
|
|
|
{
|
2020-06-05 08:20:04 -04:00
|
|
|
// Using file name as private key is discouraged
|
2020-06-05 10:17:01 -04:00
|
|
|
SSL_ASSERT1(ESP_OPENSSL_FILES_IS_SUPPORTED);
|
2020-06-05 08:20:04 -04:00
|
|
|
return -1;
|
2016-09-22 03:39:28 -04:00
|
|
|
}
|
|
|
|
|
2016-09-23 02:50:27 -04:00
|
|
|
/**
|
|
|
|
* @brief load the private key file into SSL
|
2016-09-22 03:56:56 -04:00
|
|
|
*/
|
|
|
|
int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
|
|
|
|
{
|
2020-06-05 08:20:04 -04:00
|
|
|
// Using file name as private key is discouraged
|
2020-06-05 10:17:01 -04:00
|
|
|
SSL_ASSERT1(ESP_OPENSSL_FILES_IS_SUPPORTED);
|
2020-06-05 08:20:04 -04:00
|
|
|
return -1;
|
2016-09-22 03:56:56 -04:00
|
|
|
}
|
|
|
|
|
2016-09-23 02:50:27 -04:00
|
|
|
/**
|
|
|
|
* @brief load the RSA ASN1 private key into SSL context
|
2016-09-22 03:39:28 -04:00
|
|
|
*/
|
|
|
|
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
|
|
|
|
{
|
|
|
|
return SSL_CTX_use_PrivateKey_ASN1(0, ctx, d, len);
|
|
|
|
}
|
2020-06-05 08:20:04 -04:00
|
|
|
|
|
|
|
void RSA_free (RSA *r)
|
|
|
|
{
|
|
|
|
EVP_PKEY_free(r);
|
|
|
|
}
|