This commit was manufactured by cvs2git to create tag 'tb_20220504'.tb_20220504

author: cvs2svn <admin@example.com> 2022-05-04 18:02:08 +0000
committer: cvs2svn <admin@example.com> 2022-05-04 18:02:08 +0000
commit: 3c94dc45dfb15483d76c47a128ec352cc0b655ac (patch)
tree: a7cfb4512c784e9518f1b1c2f4009295b8766ef4 /src/lib/libssl/ssl_rsa.c
parent: f32cca700e59c0fd1ddd8f1fd4b35a5401be28fe (diff)
download: openbsd-tb_20220504.tar.gz
openbsd-tb_20220504.tar.bz2
openbsd-tb_20220504.zip
1 files changed, 0 insertions, 715 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index f5c90fca8b..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,715 +0,0 @@
-/* $OpenBSD: ssl_rsa.c,v 1.39 2022/02/03 16:33:12 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-#include "ssl_locl.h"
-static int ssl_set_cert(SSL_CERT *c, X509 *x509);
-static int ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey);
-static int use_certificate_chain_bio(BIO *in, SSL_CERT *cert,
-    pem_password_cb *passwd_cb, void *passwd_arg);
-static int use_certificate_chain_file(const char *file, SSL_CERT *cert,
-    pem_password_cb *passwd_cb, void *passwd_arg);
-int
-SSL_use_certificate(SSL *ssl, X509 *x)
-{
-        if (x == NULL) {
-                SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        return (ssl_set_cert(ssl->cert, x));
-}
-int
-SSL_use_certificate_file(SSL *ssl, const char *file, int type)
-{
-        int j;
-        BIO *in;
-        int ret = 0;
-        X509 *x = NULL;
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerror(ssl, ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerror(ssl, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                x = d2i_X509_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                x = PEM_read_bio_X509(in, NULL,
-                    ssl->ctx->default_passwd_callback,
-                    ssl->ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (x == NULL) {
-                SSLerror(ssl, j);
-                goto end;
-        }
-        ret = SSL_use_certificate(ssl, x);
- end:
-        X509_free(x);
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
-{
-        X509 *x;
-        int ret;
-        x = d2i_X509(NULL, &d, (long)len);
-        if (x == NULL) {
-                SSLerror(ssl, ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_use_certificate(ssl, x);
-        X509_free(x);
-        return (ret);
-}
-int
-SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
-{
-        EVP_PKEY *pkey;
-        int ret;
-        if (rsa == NULL) {
-                SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        if ((pkey = EVP_PKEY_new()) == NULL) {
-                SSLerror(ssl, ERR_R_EVP_LIB);
-                return (0);
-        }
-        RSA_up_ref(rsa);
-        EVP_PKEY_assign_RSA(pkey, rsa);
-        ret = ssl_set_pkey(ssl->cert, pkey);
-        EVP_PKEY_free(pkey);
-        return (ret);
-}
-static int
-ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey)
-{
-        int i;
-        i = ssl_cert_type(pkey);
-        if (i < 0) {
-                SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                return (0);
-        }
-        if (c->pkeys[i].x509 != NULL) {
-                EVP_PKEY *pktmp;
-                pktmp = X509_get_pubkey(c->pkeys[i].x509);
-                EVP_PKEY_copy_parameters(pktmp, pkey);
-                EVP_PKEY_free(pktmp);
-                ERR_clear_error();
-                /*
-                 * Don't check the public/private key, this is mostly
-                 * for smart cards.
-                 */
-                if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA ||
-                    !(RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK)) {
-                        if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
-                                X509_free(c->pkeys[i].x509);
-                                c->pkeys[i].x509 = NULL;
-                                return 0;
-                        }
-                }
-        }
-        EVP_PKEY_free(c->pkeys[i].privatekey);
-        EVP_PKEY_up_ref(pkey);
-        c->pkeys[i].privatekey = pkey;
-        c->key = &(c->pkeys[i]);
-        c->valid = 0;
-        return (1);
-}
-int
-SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        RSA *rsa = NULL;
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerror(ssl, ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerror(ssl, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                rsa = d2i_RSAPrivateKey_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
-                    ssl->ctx->default_passwd_callback,
-                    ssl->ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (rsa == NULL) {
-                SSLerror(ssl, j);
-                goto end;
-        }
-        ret = SSL_use_RSAPrivateKey(ssl, rsa);
-        RSA_free(rsa);
- end:
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
-{
-        int ret;
-        RSA *rsa;
-        if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
-                SSLerror(ssl, ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_use_RSAPrivateKey(ssl, rsa);
-        RSA_free(rsa);
-        return (ret);
-}
-int
-SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
-{
-        int ret;
-        if (pkey == NULL) {
-                SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        ret = ssl_set_pkey(ssl->cert, pkey);
-        return (ret);
-}
-int
-SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        EVP_PKEY *pkey = NULL;
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerror(ssl, ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerror(ssl, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                pkey = PEM_read_bio_PrivateKey(in, NULL,
-                    ssl->ctx->default_passwd_callback,
-                    ssl->ctx->default_passwd_callback_userdata);
-        } else if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                pkey = d2i_PrivateKey_bio(in, NULL);
-        } else {
-                SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (pkey == NULL) {
-                SSLerror(ssl, j);
-                goto end;
-        }
-        ret = SSL_use_PrivateKey(ssl, pkey);
-        EVP_PKEY_free(pkey);
- end:
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
-{
-        int ret;
-        EVP_PKEY *pkey;
-        if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
-                SSLerror(ssl, ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_use_PrivateKey(ssl, pkey);
-        EVP_PKEY_free(pkey);
-        return (ret);
-}
-int
-SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
-{
-        if (x == NULL) {
-                SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        return (ssl_set_cert(ctx->internal->cert, x));
-}
-static int
-ssl_set_cert(SSL_CERT *c, X509 *x)
-{
-        EVP_PKEY *pkey;
-        int i;
-        pkey = X509_get_pubkey(x);
-        if (pkey == NULL) {
-                SSLerrorx(SSL_R_X509_LIB);
-                return (0);
-        }
-        i = ssl_cert_type(pkey);
-        if (i < 0) {
-                SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                EVP_PKEY_free(pkey);
-                return (0);
-        }
-        if (c->pkeys[i].privatekey != NULL) {
-                EVP_PKEY *priv_key = c->pkeys[i].privatekey;
-                EVP_PKEY_copy_parameters(pkey, priv_key);
-                ERR_clear_error();
-                /*
-                 * Don't check the public/private key, this is mostly
-                 * for smart cards.
-                 */
-                if (EVP_PKEY_id(priv_key) != EVP_PKEY_RSA ||
-                    !(RSA_flags(EVP_PKEY_get0_RSA(priv_key)) & RSA_METHOD_FLAG_NO_CHECK)) {
-                        if (!X509_check_private_key(x, priv_key)) {
-                                /*
-                                 * don't fail for a cert/key mismatch, just free
-                                 * current private key (when switching to a
-                                 * different cert & key, first this function
-                                 * should be used, then ssl_set_pkey.
-                                 */
-                                EVP_PKEY_free(c->pkeys[i].privatekey);
-                                c->pkeys[i].privatekey = NULL;
-                                ERR_clear_error();
-                        }
-                }
-        }
-        EVP_PKEY_free(pkey);
-        X509_free(c->pkeys[i].x509);
-        X509_up_ref(x);
-        c->pkeys[i].x509 = x;
-        c->key = &(c->pkeys[i]);
-        c->valid = 0;
-        return (1);
-}
-int
-SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
-{
-        int j;
-        BIO *in;
-        int ret = 0;
-        X509 *x = NULL;
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerrorx(ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerrorx(ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                x = d2i_X509_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
-                    ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (x == NULL) {
-                SSLerrorx(j);
-                goto end;
-        }
-        ret = SSL_CTX_use_certificate(ctx, x);
- end:
-        X509_free(x);
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
-{
-        X509 *x;
-        int ret;
-        x = d2i_X509(NULL, &d, (long)len);
-        if (x == NULL) {
-                SSLerrorx(ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_CTX_use_certificate(ctx, x);
-        X509_free(x);
-        return (ret);
-}
-int
-SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
-{
-        int ret;
-        EVP_PKEY *pkey;
-        if (rsa == NULL) {
-                SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        if ((pkey = EVP_PKEY_new()) == NULL) {
-                SSLerrorx(ERR_R_EVP_LIB);
-                return (0);
-        }
-        RSA_up_ref(rsa);
-        EVP_PKEY_assign_RSA(pkey, rsa);
-        ret = ssl_set_pkey(ctx->internal->cert, pkey);
-        EVP_PKEY_free(pkey);
-        return (ret);
-}
-int
-SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        RSA *rsa = NULL;
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerrorx(ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerrorx(ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                rsa = d2i_RSAPrivateKey_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
-                    ctx->default_passwd_callback,
-                    ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (rsa == NULL) {
-                SSLerrorx(j);
-                goto end;
-        }
-        ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
-        RSA_free(rsa);
- end:
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
-{
-        int ret;
-        RSA *rsa;
-        if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
-                SSLerrorx(ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
-        RSA_free(rsa);
-        return (ret);
-}
-int
-SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
-{
-        if (pkey == NULL) {
-                SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        return (ssl_set_pkey(ctx->internal->cert, pkey));
-}
-int
-SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        EVP_PKEY *pkey = NULL;
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerrorx(ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerrorx(ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                pkey = PEM_read_bio_PrivateKey(in, NULL,
-                    ctx->default_passwd_callback,
-                    ctx->default_passwd_callback_userdata);
-        } else if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                pkey = d2i_PrivateKey_bio(in, NULL);
-        } else {
-                SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (pkey == NULL) {
-                SSLerrorx(j);
-                goto end;
-        }
-        ret = SSL_CTX_use_PrivateKey(ctx, pkey);
-        EVP_PKEY_free(pkey);
- end:
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
-    long len)
-{
-        int ret;
-        EVP_PKEY *pkey;
-        if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
-                SSLerrorx(ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_CTX_use_PrivateKey(ctx, pkey);
-        EVP_PKEY_free(pkey);
-        return (ret);
-}
-/*
- * Read a bio that contains our certificate in "PEM" format,
- * possibly followed by a sequence of CA certificates that should be
- * sent to the peer in the Certificate message.
- */
-static int
-use_certificate_chain_bio(BIO *in, SSL_CERT *cert, pem_password_cb *passwd_cb,
-    void *passwd_arg)
-{
-        X509 *ca, *x = NULL;
-        unsigned long err;
-        int ret = 0;
-        if ((x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_arg)) ==
-            NULL) {
-                SSLerrorx(ERR_R_PEM_LIB);
-                goto err;
-        }
-        if (!ssl_set_cert(cert, x))
-                goto err;
-        if (!ssl_cert_set0_chain(cert, NULL))
-                goto err;
-        /* Process any additional CA certificates. */
-        while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_arg)) !=
-            NULL) {
-                if (!ssl_cert_add0_chain_cert(cert, ca)) {
-                        X509_free(ca);
-                        goto err;
-                }
-        }
-        /* When the while loop ends, it's usually just EOF. */
-        err = ERR_peek_last_error();
-        if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
-            ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
-                ERR_clear_error();
-                ret = 1;
-        }
- err:
-        X509_free(x);
-        return (ret);
-}
-int
-use_certificate_chain_file(const char *file, SSL_CERT *cert,
-    pem_password_cb *passwd_cb, void *passwd_arg)
-{
-        BIO *in;
-        int ret = 0;
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerrorx(ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerrorx(ERR_R_SYS_LIB);
-                goto end;
-        }
-        ret = use_certificate_chain_bio(in, cert, passwd_cb, passwd_arg);
- end:
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
-{
-        return use_certificate_chain_file(file, ctx->internal->cert,
-            ctx->default_passwd_callback,
-            ctx->default_passwd_callback_userdata);
-}
-int
-SSL_use_certificate_chain_file(SSL *ssl, const char *file)
-{
-        return use_certificate_chain_file(file, ssl->cert,
-            ssl->ctx->default_passwd_callback,
-            ssl->ctx->default_passwd_callback_userdata);
-}
-int
-SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len)
-{
-        BIO *in;
-        int ret = 0;
-        in = BIO_new_mem_buf(buf, len);
-        if (in == NULL) {
-                SSLerrorx(ERR_R_BUF_LIB);
-                goto end;
-        }
-        ret = use_certificate_chain_bio(in, ctx->internal->cert,
-            ctx->default_passwd_callback,
-            ctx->default_passwd_callback_userdata);
- end:
-        BIO_free(in);
-        return (ret);
-}
author	cvs2svn <admin@example.com>	2022-05-04 18:02:08 +0000
committer	cvs2svn <admin@example.com>	2022-05-04 18:02:08 +0000
commit	3c94dc45dfb15483d76c47a128ec352cc0b655ac (patch)
tree	a7cfb4512c784e9518f1b1c2f4009295b8766ef4 /src/lib/libssl/ssl_rsa.c
parent	f32cca700e59c0fd1ddd8f1fd4b35a5401be28fe (diff)
download	openbsd-tb_20220504.tar.gz openbsd-tb_20220504.tar.bz2 openbsd-tb_20220504.zip

diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c deleted file mode 100644 index f5c90fca8b..0000000000 --- a/src/lib/libssl/ssl_rsa.c +++ /dev/null
@@ -1,715 +0,0 @@
1	/* $OpenBSD: ssl_rsa.c,v 1.39 2022/02/03 16:33:12 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60
61	#include <openssl/bio.h>
62	#include <openssl/evp.h>
63	#include <openssl/objects.h>
64	#include <openssl/pem.h>
65	#include <openssl/x509.h>
66
67	#include "ssl_locl.h"
68
69	static int ssl_set_cert(SSL_CERT c, X509 x509);
70	static int ssl_set_pkey(SSL_CERT c, EVP_PKEY pkey);
71	static int use_certificate_chain_bio(BIO in, SSL_CERT cert,
72	pem_password_cb passwd_cb, void passwd_arg);
73	static int use_certificate_chain_file(const char file, SSL_CERT cert,
74	pem_password_cb passwd_cb, void passwd_arg);
75
76	int
77	SSL_use_certificate(SSL ssl, X509 x)
78	{
79	if (x == NULL) {
80	SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
81	return (0);
82	}
83	return (ssl_set_cert(ssl->cert, x));
84	}
85
86	int
87	SSL_use_certificate_file(SSL ssl, const char file, int type)
88	{
89	int j;
90	BIO *in;
91	int ret = 0;
92	X509 *x = NULL;
93
94	in = BIO_new(BIO_s_file());
95	if (in == NULL) {
96	SSLerror(ssl, ERR_R_BUF_LIB);
97	goto end;
98	}
99
100	if (BIO_read_filename(in, file) <= 0) {
101	SSLerror(ssl, ERR_R_SYS_LIB);
102	goto end;
103	}
104	if (type == SSL_FILETYPE_ASN1) {
105	j = ERR_R_ASN1_LIB;
106	x = d2i_X509_bio(in, NULL);
107	} else if (type == SSL_FILETYPE_PEM) {
108	j = ERR_R_PEM_LIB;
109	x = PEM_read_bio_X509(in, NULL,
110	ssl->ctx->default_passwd_callback,
111	ssl->ctx->default_passwd_callback_userdata);
112	} else {
113	SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
114	goto end;
115	}
116
117	if (x == NULL) {
118	SSLerror(ssl, j);
119	goto end;
120	}
121
122	ret = SSL_use_certificate(ssl, x);
123	end:
124	X509_free(x);
125	BIO_free(in);
126	return (ret);
127	}
128
129	int
130	SSL_use_certificate_ASN1(SSL ssl, const unsigned char d, int len)
131	{
132	X509 *x;
133	int ret;
134
135	x = d2i_X509(NULL, &d, (long)len);
136	if (x == NULL) {
137	SSLerror(ssl, ERR_R_ASN1_LIB);
138	return (0);
139	}
140
141	ret = SSL_use_certificate(ssl, x);
142	X509_free(x);
143	return (ret);
144	}
145
146	int
147	SSL_use_RSAPrivateKey(SSL ssl, RSA rsa)
148	{
149	EVP_PKEY *pkey;
150	int ret;
151
152	if (rsa == NULL) {
153	SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
154	return (0);
155	}
156	if ((pkey = EVP_PKEY_new()) == NULL) {
157	SSLerror(ssl, ERR_R_EVP_LIB);
158	return (0);
159	}
160
161	RSA_up_ref(rsa);
162	EVP_PKEY_assign_RSA(pkey, rsa);
163
164	ret = ssl_set_pkey(ssl->cert, pkey);
165	EVP_PKEY_free(pkey);
166	return (ret);
167	}
168
169	static int
170	ssl_set_pkey(SSL_CERT c, EVP_PKEY pkey)
171	{
172	int i;
173
174	i = ssl_cert_type(pkey);
175	if (i < 0) {
176	SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
177	return (0);
178	}
179
180	if (c->pkeys[i].x509 != NULL) {
181	EVP_PKEY *pktmp;
182	pktmp = X509_get_pubkey(c->pkeys[i].x509);
183	EVP_PKEY_copy_parameters(pktmp, pkey);
184	EVP_PKEY_free(pktmp);
185	ERR_clear_error();
186
187	/*
188	* Don't check the public/private key, this is mostly
189	* for smart cards.
190	*/
191	if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA \|\|
192	!(RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK)) {
193	if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
194	X509_free(c->pkeys[i].x509);
195	c->pkeys[i].x509 = NULL;
196	return 0;
197	}
198	}
199	}
200
201	EVP_PKEY_free(c->pkeys[i].privatekey);
202	EVP_PKEY_up_ref(pkey);
203	c->pkeys[i].privatekey = pkey;
204	c->key = &(c->pkeys[i]);
205
206	c->valid = 0;
207	return (1);
208	}
209
210	int
211	SSL_use_RSAPrivateKey_file(SSL ssl, const char file, int type)
212	{
213	int j, ret = 0;
214	BIO *in;
215	RSA *rsa = NULL;
216
217	in = BIO_new(BIO_s_file());
218	if (in == NULL) {
219	SSLerror(ssl, ERR_R_BUF_LIB);
220	goto end;
221	}
222
223	if (BIO_read_filename(in, file) <= 0) {
224	SSLerror(ssl, ERR_R_SYS_LIB);
225	goto end;
226	}
227	if (type == SSL_FILETYPE_ASN1) {
228	j = ERR_R_ASN1_LIB;
229	rsa = d2i_RSAPrivateKey_bio(in, NULL);
230	} else if (type == SSL_FILETYPE_PEM) {
231	j = ERR_R_PEM_LIB;
232	rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
233	ssl->ctx->default_passwd_callback,
234	ssl->ctx->default_passwd_callback_userdata);
235	} else {
236	SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
237	goto end;
238	}
239	if (rsa == NULL) {
240	SSLerror(ssl, j);
241	goto end;
242	}
243	ret = SSL_use_RSAPrivateKey(ssl, rsa);
244	RSA_free(rsa);
245	end:
246	BIO_free(in);
247	return (ret);
248	}
249
250	int
251	SSL_use_RSAPrivateKey_ASN1(SSL ssl, const unsigned char d, long len)
252	{
253	int ret;
254	RSA *rsa;
255
256	if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
257	SSLerror(ssl, ERR_R_ASN1_LIB);
258	return (0);
259	}
260
261	ret = SSL_use_RSAPrivateKey(ssl, rsa);
262	RSA_free(rsa);
263	return (ret);
264	}
265
266	int
267	SSL_use_PrivateKey(SSL ssl, EVP_PKEY pkey)
268	{
269	int ret;
270
271	if (pkey == NULL) {
272	SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
273	return (0);
274	}
275	ret = ssl_set_pkey(ssl->cert, pkey);
276	return (ret);
277	}
278
279	int
280	SSL_use_PrivateKey_file(SSL ssl, const char file, int type)
281	{
282	int j, ret = 0;
283	BIO *in;
284	EVP_PKEY *pkey = NULL;
285
286	in = BIO_new(BIO_s_file());
287	if (in == NULL) {
288	SSLerror(ssl, ERR_R_BUF_LIB);
289	goto end;
290	}
291
292	if (BIO_read_filename(in, file) <= 0) {
293	SSLerror(ssl, ERR_R_SYS_LIB);
294	goto end;
295	}
296	if (type == SSL_FILETYPE_PEM) {
297	j = ERR_R_PEM_LIB;
298	pkey = PEM_read_bio_PrivateKey(in, NULL,
299	ssl->ctx->default_passwd_callback,
300	ssl->ctx->default_passwd_callback_userdata);
301	} else if (type == SSL_FILETYPE_ASN1) {
302	j = ERR_R_ASN1_LIB;
303	pkey = d2i_PrivateKey_bio(in, NULL);
304	} else {
305	SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
306	goto end;
307	}
308	if (pkey == NULL) {
309	SSLerror(ssl, j);
310	goto end;
311	}
312	ret = SSL_use_PrivateKey(ssl, pkey);
313	EVP_PKEY_free(pkey);
314	end:
315	BIO_free(in);
316	return (ret);
317	}
318
319	int
320	SSL_use_PrivateKey_ASN1(int type, SSL ssl, const unsigned char d, long len)
321	{
322	int ret;
323	EVP_PKEY *pkey;
324
325	if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
326	SSLerror(ssl, ERR_R_ASN1_LIB);
327	return (0);
328	}
329
330	ret = SSL_use_PrivateKey(ssl, pkey);
331	EVP_PKEY_free(pkey);
332	return (ret);
333	}
334
335	int
336	SSL_CTX_use_certificate(SSL_CTX ctx, X509 x)
337	{
338	if (x == NULL) {
339	SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
340	return (0);
341	}
342	return (ssl_set_cert(ctx->internal->cert, x));
343	}
344
345	static int
346	ssl_set_cert(SSL_CERT c, X509 x)
347	{
348	EVP_PKEY *pkey;
349	int i;
350
351	pkey = X509_get_pubkey(x);
352	if (pkey == NULL) {
353	SSLerrorx(SSL_R_X509_LIB);
354	return (0);
355	}
356
357	i = ssl_cert_type(pkey);
358	if (i < 0) {
359	SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
360	EVP_PKEY_free(pkey);
361	return (0);
362	}
363
364	if (c->pkeys[i].privatekey != NULL) {
365	EVP_PKEY *priv_key = c->pkeys[i].privatekey;
366
367	EVP_PKEY_copy_parameters(pkey, priv_key);
368	ERR_clear_error();
369
370	/*
371	* Don't check the public/private key, this is mostly
372	* for smart cards.
373	*/
374	if (EVP_PKEY_id(priv_key) != EVP_PKEY_RSA \|\|
375	!(RSA_flags(EVP_PKEY_get0_RSA(priv_key)) & RSA_METHOD_FLAG_NO_CHECK)) {
376	if (!X509_check_private_key(x, priv_key)) {
377	/*
378	* don't fail for a cert/key mismatch, just free
379	* current private key (when switching to a
380	* different cert & key, first this function
381	* should be used, then ssl_set_pkey.
382	*/
383	EVP_PKEY_free(c->pkeys[i].privatekey);
384	c->pkeys[i].privatekey = NULL;
385	ERR_clear_error();
386	}
387	}
388	}
389
390	EVP_PKEY_free(pkey);
391
392	X509_free(c->pkeys[i].x509);
393	X509_up_ref(x);
394	c->pkeys[i].x509 = x;
395	c->key = &(c->pkeys[i]);
396
397	c->valid = 0;
398	return (1);
399	}
400
401	int
402	SSL_CTX_use_certificate_file(SSL_CTX ctx, const char file, int type)
403	{
404	int j;
405	BIO *in;
406	int ret = 0;
407	X509 *x = NULL;
408
409	in = BIO_new(BIO_s_file());
410	if (in == NULL) {
411	SSLerrorx(ERR_R_BUF_LIB);
412	goto end;
413	}
414
415	if (BIO_read_filename(in, file) <= 0) {
416	SSLerrorx(ERR_R_SYS_LIB);
417	goto end;
418	}
419	if (type == SSL_FILETYPE_ASN1) {
420	j = ERR_R_ASN1_LIB;
421	x = d2i_X509_bio(in, NULL);
422	} else if (type == SSL_FILETYPE_PEM) {
423	j = ERR_R_PEM_LIB;
424	x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
425	ctx->default_passwd_callback_userdata);
426	} else {
427	SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
428	goto end;
429	}
430
431	if (x == NULL) {
432	SSLerrorx(j);
433	goto end;
434	}
435
436	ret = SSL_CTX_use_certificate(ctx, x);
437	end:
438	X509_free(x);
439	BIO_free(in);
440	return (ret);
441	}
442
443	int
444	SSL_CTX_use_certificate_ASN1(SSL_CTX ctx, int len, const unsigned char d)
445	{
446	X509 *x;
447	int ret;
448
449	x = d2i_X509(NULL, &d, (long)len);
450	if (x == NULL) {
451	SSLerrorx(ERR_R_ASN1_LIB);
452	return (0);
453	}
454
455	ret = SSL_CTX_use_certificate(ctx, x);
456	X509_free(x);
457	return (ret);
458	}
459
460	int
461	SSL_CTX_use_RSAPrivateKey(SSL_CTX ctx, RSA rsa)
462	{
463	int ret;
464	EVP_PKEY *pkey;
465
466	if (rsa == NULL) {
467	SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
468	return (0);
469	}
470	if ((pkey = EVP_PKEY_new()) == NULL) {
471	SSLerrorx(ERR_R_EVP_LIB);
472	return (0);
473	}
474
475	RSA_up_ref(rsa);
476	EVP_PKEY_assign_RSA(pkey, rsa);
477
478	ret = ssl_set_pkey(ctx->internal->cert, pkey);
479	EVP_PKEY_free(pkey);
480	return (ret);
481	}
482
483	int
484	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX ctx, const char file, int type)
485	{
486	int j, ret = 0;
487	BIO *in;
488	RSA *rsa = NULL;
489
490	in = BIO_new(BIO_s_file());
491	if (in == NULL) {
492	SSLerrorx(ERR_R_BUF_LIB);
493	goto end;
494	}
495
496	if (BIO_read_filename(in, file) <= 0) {
497	SSLerrorx(ERR_R_SYS_LIB);
498	goto end;
499	}
500	if (type == SSL_FILETYPE_ASN1) {
501	j = ERR_R_ASN1_LIB;
502	rsa = d2i_RSAPrivateKey_bio(in, NULL);
503	} else if (type == SSL_FILETYPE_PEM) {
504	j = ERR_R_PEM_LIB;
505	rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
506	ctx->default_passwd_callback,
507	ctx->default_passwd_callback_userdata);
508	} else {
509	SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
510	goto end;
511	}
512	if (rsa == NULL) {
513	SSLerrorx(j);
514	goto end;
515	}
516	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
517	RSA_free(rsa);
518	end:
519	BIO_free(in);
520	return (ret);
521	}
522
523	int
524	SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX ctx, const unsigned char d, long len)
525	{
526	int ret;
527	RSA *rsa;
528
529	if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
530	SSLerrorx(ERR_R_ASN1_LIB);
531	return (0);
532	}
533
534	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
535	RSA_free(rsa);
536	return (ret);
537	}
538
539	int
540	SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY pkey)
541	{
542	if (pkey == NULL) {
543	SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
544	return (0);
545	}
546	return (ssl_set_pkey(ctx->internal->cert, pkey));
547	}
548
549	int
550	SSL_CTX_use_PrivateKey_file(SSL_CTX ctx, const char file, int type)
551	{
552	int j, ret = 0;
553	BIO *in;
554	EVP_PKEY *pkey = NULL;
555
556	in = BIO_new(BIO_s_file());
557	if (in == NULL) {
558	SSLerrorx(ERR_R_BUF_LIB);
559	goto end;
560	}
561
562	if (BIO_read_filename(in, file) <= 0) {
563	SSLerrorx(ERR_R_SYS_LIB);
564	goto end;
565	}
566	if (type == SSL_FILETYPE_PEM) {
567	j = ERR_R_PEM_LIB;
568	pkey = PEM_read_bio_PrivateKey(in, NULL,
569	ctx->default_passwd_callback,
570	ctx->default_passwd_callback_userdata);
571	} else if (type == SSL_FILETYPE_ASN1) {
572	j = ERR_R_ASN1_LIB;
573	pkey = d2i_PrivateKey_bio(in, NULL);
574	} else {
575	SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
576	goto end;
577	}
578	if (pkey == NULL) {
579	SSLerrorx(j);
580	goto end;
581	}
582	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
583	EVP_PKEY_free(pkey);
584	end:
585	BIO_free(in);
586	return (ret);
587	}
588
589	int
590	SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX ctx, const unsigned char d,
591	long len)
592	{
593	int ret;
594	EVP_PKEY *pkey;
595
596	if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
597	SSLerrorx(ERR_R_ASN1_LIB);
598	return (0);
599	}
600
601	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
602	EVP_PKEY_free(pkey);
603	return (ret);
604	}
605
606
607	/*
608	* Read a bio that contains our certificate in "PEM" format,
609	* possibly followed by a sequence of CA certificates that should be
610	* sent to the peer in the Certificate message.
611	*/
612	static int
613	use_certificate_chain_bio(BIO in, SSL_CERT cert, pem_password_cb *passwd_cb,
614	void *passwd_arg)
615	{
616	X509 ca, x = NULL;
617	unsigned long err;
618	int ret = 0;
619
620	if ((x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_arg)) ==
621	NULL) {
622	SSLerrorx(ERR_R_PEM_LIB);
623	goto err;
624	}
625
626	if (!ssl_set_cert(cert, x))
627	goto err;
628
629	if (!ssl_cert_set0_chain(cert, NULL))
630	goto err;
631
632	/* Process any additional CA certificates. */
633	while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_arg)) !=
634	NULL) {
635	if (!ssl_cert_add0_chain_cert(cert, ca)) {
636	X509_free(ca);
637	goto err;
638	}
639	}
640
641	/* When the while loop ends, it's usually just EOF. */
642	err = ERR_peek_last_error();
643	if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
644	ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
645	ERR_clear_error();
646	ret = 1;
647	}
648
649	err:
650	X509_free(x);
651
652	return (ret);
653	}
654
655	int
656	use_certificate_chain_file(const char file, SSL_CERT cert,
657	pem_password_cb passwd_cb, void passwd_arg)
658	{
659	BIO *in;
660	int ret = 0;
661
662	in = BIO_new(BIO_s_file());
663	if (in == NULL) {
664	SSLerrorx(ERR_R_BUF_LIB);
665	goto end;
666	}
667
668	if (BIO_read_filename(in, file) <= 0) {
669	SSLerrorx(ERR_R_SYS_LIB);
670	goto end;
671	}
672
673	ret = use_certificate_chain_bio(in, cert, passwd_cb, passwd_arg);
674
675	end:
676	BIO_free(in);
677	return (ret);
678	}
679
680	int
681	SSL_CTX_use_certificate_chain_file(SSL_CTX ctx, const char file)
682	{
683	return use_certificate_chain_file(file, ctx->internal->cert,
684	ctx->default_passwd_callback,
685	ctx->default_passwd_callback_userdata);
686	}
687
688	int
689	SSL_use_certificate_chain_file(SSL ssl, const char file)
690	{
691	return use_certificate_chain_file(file, ssl->cert,
692	ssl->ctx->default_passwd_callback,
693	ssl->ctx->default_passwd_callback_userdata);
694	}
695
696	int
697	SSL_CTX_use_certificate_chain_mem(SSL_CTX ctx, void buf, int len)
698	{
699	BIO *in;
700	int ret = 0;
701
702	in = BIO_new_mem_buf(buf, len);
703	if (in == NULL) {
704	SSLerrorx(ERR_R_BUF_LIB);
705	goto end;
706	}
707
708	ret = use_certificate_chain_bio(in, ctx->internal->cert,
709	ctx->default_passwd_callback,
710	ctx->default_passwd_callback_userdata);
711
712	end:
713	BIO_free(in);
714	return (ret);
715	}