1 files changed, 0 insertions, 751 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index 7481524942..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,751 +0,0 @@
-/* $OpenBSD: ssl_rsa.c,v 1.21 2016/03/11 07:08:45 mmcc Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-static int ssl_set_cert(CERT *c, X509 *x509);
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-static int ssl_ctx_use_certificate_chain_bio(SSL_CTX *, BIO *);
-int
-SSL_use_certificate(SSL *ssl, X509 *x)
-{
-        if (x == NULL) {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        if (!ssl_cert_inst(&ssl->cert)) {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
-        return (ssl_set_cert(ssl->cert, x));
-}
-int
-SSL_use_certificate_file(SSL *ssl, const char *file, int type)
-{
-        int j;
-        BIO *in;
-        int ret = 0;
-        X509 *x = NULL;
-        in = BIO_new(BIO_s_file_internal());
-        if (in == NULL) {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                x = d2i_X509_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                x = PEM_read_bio_X509(in, NULL,
-                    ssl->ctx->default_passwd_callback,
-                    ssl->ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (x == NULL) {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
-                goto end;
-        }
-        ret = SSL_use_certificate(ssl, x);
-end:
-        X509_free(x);
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
-{
-        X509 *x;
-        int ret;
-        x = d2i_X509(NULL, &d,(long)len);
-        if (x == NULL) {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_use_certificate(ssl, x);
-        X509_free(x);
-        return (ret);
-}
-int
-SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
-{
-        EVP_PKEY *pkey;
-        int ret;
-        if (rsa == NULL) {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        if (!ssl_cert_inst(&ssl->cert)) {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
-        if ((pkey = EVP_PKEY_new()) == NULL) {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
-                return (0);
-        }
-        RSA_up_ref(rsa);
-        EVP_PKEY_assign_RSA(pkey, rsa);
-        ret = ssl_set_pkey(ssl->cert, pkey);
-        EVP_PKEY_free(pkey);
-        return (ret);
-}
-static int
-ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
-{
-        int i;
-        i = ssl_cert_type(NULL, pkey);
-        if (i < 0) {
-                SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                return (0);
-        }
-        if (c->pkeys[i].x509 != NULL) {
-                EVP_PKEY *pktmp;
-                pktmp = X509_get_pubkey(c->pkeys[i].x509);
-                EVP_PKEY_copy_parameters(pktmp, pkey);
-                EVP_PKEY_free(pktmp);
-                ERR_clear_error();
-                /*
-                 * Don't check the public/private key, this is mostly
-                 * for smart cards.
-                 */
-                if ((pkey->type == EVP_PKEY_RSA) &&
-                        (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
-;
-                else
-                if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
-                        X509_free(c->pkeys[i].x509);
-                        c->pkeys[i].x509 = NULL;
-                        return 0;
-                }
-        }
-        EVP_PKEY_free(c->pkeys[i].privatekey);
-        CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-        c->pkeys[i].privatekey = pkey;
-        c->key = &(c->pkeys[i]);
-        c->valid = 0;
-        return (1);
-}
-int
-SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        RSA *rsa = NULL;
-        in = BIO_new(BIO_s_file_internal());
-        if (in == NULL) {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                rsa = d2i_RSAPrivateKey_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
-                    ssl->ctx->default_passwd_callback,
-                    ssl->ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (rsa == NULL) {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
-                goto end;
-        }
-        ret = SSL_use_RSAPrivateKey(ssl, rsa);
-        RSA_free(rsa);
-end:
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
-{
-        int ret;
-        const unsigned char *p;
-        RSA *rsa;
-        p = d;
-        if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_use_RSAPrivateKey(ssl, rsa);
-        RSA_free(rsa);
-        return (ret);
-}
-int
-SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
-{
-        int ret;
-        if (pkey == NULL) {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        if (!ssl_cert_inst(&ssl->cert)) {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
-        ret = ssl_set_pkey(ssl->cert, pkey);
-        return (ret);
-}
-int
-SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        EVP_PKEY *pkey = NULL;
-        in = BIO_new(BIO_s_file_internal());
-        if (in == NULL) {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                pkey = PEM_read_bio_PrivateKey(in, NULL,
-                    ssl->ctx->default_passwd_callback,
-                    ssl->ctx->default_passwd_callback_userdata);
-        } else if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                pkey = d2i_PrivateKey_bio(in, NULL);
-        } else {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (pkey == NULL) {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
-                goto end;
-        }
-        ret = SSL_use_PrivateKey(ssl, pkey);
-        EVP_PKEY_free(pkey);
-end:
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
-{
-        int ret;
-        const unsigned char *p;
-        EVP_PKEY *pkey;
-        p = d;
-        if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_use_PrivateKey(ssl, pkey);
-        EVP_PKEY_free(pkey);
-        return (ret);
-}
-int
-SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
-{
-        if (x == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        if (!ssl_cert_inst(&ctx->cert)) {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
-        return (ssl_set_cert(ctx->cert, x));
-}
-static int
-ssl_set_cert(CERT *c, X509 *x)
-{
-        EVP_PKEY *pkey;
-        int i;
-        pkey = X509_get_pubkey(x);
-        if (pkey == NULL) {
-                SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
-                return (0);
-        }
-        i = ssl_cert_type(x, pkey);
-        if (i < 0) {
-                SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                EVP_PKEY_free(pkey);
-                return (0);
-        }
-        if (c->pkeys[i].privatekey != NULL) {
-                EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
-                ERR_clear_error();
-                /*
-                 * Don't check the public/private key, this is mostly
-                 * for smart cards.
-                 */
-                if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
-                        (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
-                RSA_METHOD_FLAG_NO_CHECK))
-;
-                else
-                if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
-                        /*
-                         * don't fail for a cert/key mismatch, just free
-                         * current private key (when switching to a different
-                         * cert & key, first this function should be used,
-                         * then ssl_set_pkey
-                         */
-                        EVP_PKEY_free(c->pkeys[i].privatekey);
-                        c->pkeys[i].privatekey = NULL;
-                        /* clear error queue */
-                        ERR_clear_error();
-                }
-        }
-        EVP_PKEY_free(pkey);
-        X509_free(c->pkeys[i].x509);
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-        c->pkeys[i].x509 = x;
-        c->key = &(c->pkeys[i]);
-        c->valid = 0;
-        return (1);
-}
-int
-SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
-{
-        int j;
-        BIO *in;
-        int ret = 0;
-        X509 *x = NULL;
-        in = BIO_new(BIO_s_file_internal());
-        if (in == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                x = d2i_X509_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
-                    ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (x == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
-                goto end;
-        }
-        ret = SSL_CTX_use_certificate(ctx, x);
-end:
-        X509_free(x);
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
-{
-        X509 *x;
-        int ret;
-        x = d2i_X509(NULL, &d,(long)len);
-        if (x == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_CTX_use_certificate(ctx, x);
-        X509_free(x);
-        return (ret);
-}
-int
-SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
-{
-        int ret;
-        EVP_PKEY *pkey;
-        if (rsa == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        if (!ssl_cert_inst(&ctx->cert)) {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
-        if ((pkey = EVP_PKEY_new()) == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
-                return (0);
-        }
-        RSA_up_ref(rsa);
-        EVP_PKEY_assign_RSA(pkey, rsa);
-        ret = ssl_set_pkey(ctx->cert, pkey);
-        EVP_PKEY_free(pkey);
-        return (ret);
-}
-int
-SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        RSA *rsa = NULL;
-        in = BIO_new(BIO_s_file_internal());
-        if (in == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                rsa = d2i_RSAPrivateKey_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
-                    ctx->default_passwd_callback,
-                    ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (rsa == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
-                goto end;
-        }
-        ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
-        RSA_free(rsa);
-end:
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
-{
-        int ret;
-        const unsigned char *p;
-        RSA *rsa;
-        p = d;
-        if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
-        RSA_free(rsa);
-        return (ret);
-}
-int
-SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
-{
-        if (pkey == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,
-                    ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        if (!ssl_cert_inst(&ctx->cert)) {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
-        return (ssl_set_pkey(ctx->cert, pkey));
-}
-int
-SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        EVP_PKEY *pkey = NULL;
-        in = BIO_new(BIO_s_file_internal());
-        if (in == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                pkey = PEM_read_bio_PrivateKey(in, NULL,
-                    ctx->default_passwd_callback,
-                    ctx->default_passwd_callback_userdata);
-        } else if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                pkey = d2i_PrivateKey_bio(in, NULL);
-        } else {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,
-                    SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (pkey == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
-                goto end;
-        }
-        ret = SSL_CTX_use_PrivateKey(ctx, pkey);
-        EVP_PKEY_free(pkey);
-end:
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
-    long len)
-{
-        int ret;
-        const unsigned char *p;
-        EVP_PKEY *pkey;
-        p = d;
-        if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
-                return (0);
-        }
-        ret = SSL_CTX_use_PrivateKey(ctx, pkey);
-        EVP_PKEY_free(pkey);
-        return (ret);
-}
-/*
- * Read a bio that contains our certificate in "PEM" format,
- * possibly followed by a sequence of CA certificates that should be
- * sent to the peer in the Certificate message.
- */
-static int
-ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
-{
-        int ret = 0;
-        X509 *x = NULL;
-        ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
-        x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
-            ctx->default_passwd_callback_userdata);
-        if (x == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
-                goto end;
-        }
-        ret = SSL_CTX_use_certificate(ctx, x);
-        if (ERR_peek_error() != 0)
-                ret = 0;
-        /* Key/certificate mismatch doesn't imply ret==0 ... */
-        if (ret) {
-                /*
-                 * If we could set up our certificate, now proceed to
-                 * the CA certificates.
-                 */
-                X509 *ca;
-                int r;
-                unsigned long err;
-                if (ctx->extra_certs != NULL) {
-                        sk_X509_pop_free(ctx->extra_certs, X509_free);
-                        ctx->extra_certs = NULL;
-                }
-                while ((ca = PEM_read_bio_X509(in, NULL,
-                    ctx->default_passwd_callback,
-                    ctx->default_passwd_callback_userdata)) != NULL) {
-                        r = SSL_CTX_add_extra_chain_cert(ctx, ca);
-                        if (!r) {
-                                X509_free(ca);
-                                ret = 0;
-                                goto end;
-                        }
-                        /*
-                         * Note that we must not free r if it was successfully
-                         * added to the chain (while we must free the main
-                         * certificate, since its reference count is increased
-                         * by SSL_CTX_use_certificate).
-                         */
-                }
-                /* When the while loop ends, it's usually just EOF. */
-                err = ERR_peek_last_error();
-                if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
-                    ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
-                        ERR_clear_error();
-                else
-                        ret = 0; /* some real error */
-        }
-end:
-        X509_free(x);
-        return (ret);
-}
-int
-SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
-{
-        BIO *in;
-        int ret = 0;
-        in = BIO_new(BIO_s_file_internal());
-        if (in == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
-                goto end;
-        }
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
-                goto end;
-        }
-        ret = ssl_ctx_use_certificate_chain_bio(ctx, in);
-end:
-        BIO_free(in);
-        return (ret);
-}
-int
-SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len)
-{
-        BIO *in;
-        int ret = 0;
-        in = BIO_new_mem_buf(buf, len);
-        if (in == NULL) {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
-                goto end;
-        }
-        ret = ssl_ctx_use_certificate_chain_bio(ctx, in);
-end:
-        BIO_free(in);
-        return (ret);
-}

diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c deleted file mode 100644 index 7481524942..0000000000 --- a/src/lib/libssl/ssl_rsa.c +++ /dev/null
@@ -1,751 +0,0 @@
1	/* $OpenBSD: ssl_rsa.c,v 1.21 2016/03/11 07:08:45 mmcc Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60
61	#include "ssl_locl.h"
62
63	#include <openssl/bio.h>
64	#include <openssl/evp.h>
65	#include <openssl/objects.h>
66	#include <openssl/pem.h>
67	#include <openssl/x509.h>
68
69	static int ssl_set_cert(CERT c, X509 x509);
70	static int ssl_set_pkey(CERT c, EVP_PKEY pkey);
71	static int ssl_ctx_use_certificate_chain_bio(SSL_CTX , BIO );
72
73	int
74	SSL_use_certificate(SSL ssl, X509 x)
75	{
76	if (x == NULL) {
77	SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
78	return (0);
79	}
80	if (!ssl_cert_inst(&ssl->cert)) {
81	SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
82	return (0);
83	}
84	return (ssl_set_cert(ssl->cert, x));
85	}
86
87	int
88	SSL_use_certificate_file(SSL ssl, const char file, int type)
89	{
90	int j;
91	BIO *in;
92	int ret = 0;
93	X509 *x = NULL;
94
95	in = BIO_new(BIO_s_file_internal());
96	if (in == NULL) {
97	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
98	goto end;
99	}
100
101	if (BIO_read_filename(in, file) <= 0) {
102	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
103	goto end;
104	}
105	if (type == SSL_FILETYPE_ASN1) {
106	j = ERR_R_ASN1_LIB;
107	x = d2i_X509_bio(in, NULL);
108	} else if (type == SSL_FILETYPE_PEM) {
109	j = ERR_R_PEM_LIB;
110	x = PEM_read_bio_X509(in, NULL,
111	ssl->ctx->default_passwd_callback,
112	ssl->ctx->default_passwd_callback_userdata);
113	} else {
114	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
115	goto end;
116	}
117
118	if (x == NULL) {
119	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
120	goto end;
121	}
122
123	ret = SSL_use_certificate(ssl, x);
124	end:
125	X509_free(x);
126	BIO_free(in);
127	return (ret);
128	}
129
130	int
131	SSL_use_certificate_ASN1(SSL ssl, const unsigned char d, int len)
132	{
133	X509 *x;
134	int ret;
135
136	x = d2i_X509(NULL, &d,(long)len);
137	if (x == NULL) {
138	SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
139	return (0);
140	}
141
142	ret = SSL_use_certificate(ssl, x);
143	X509_free(x);
144	return (ret);
145	}
146
147	int
148	SSL_use_RSAPrivateKey(SSL ssl, RSA rsa)
149	{
150	EVP_PKEY *pkey;
151	int ret;
152
153	if (rsa == NULL) {
154	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
155	return (0);
156	}
157	if (!ssl_cert_inst(&ssl->cert)) {
158	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
159	return (0);
160	}
161	if ((pkey = EVP_PKEY_new()) == NULL) {
162	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
163	return (0);
164	}
165
166	RSA_up_ref(rsa);
167	EVP_PKEY_assign_RSA(pkey, rsa);
168
169	ret = ssl_set_pkey(ssl->cert, pkey);
170	EVP_PKEY_free(pkey);
171	return (ret);
172	}
173
174	static int
175	ssl_set_pkey(CERT c, EVP_PKEY pkey)
176	{
177	int i;
178
179	i = ssl_cert_type(NULL, pkey);
180	if (i < 0) {
181	SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
182	return (0);
183	}
184
185	if (c->pkeys[i].x509 != NULL) {
186	EVP_PKEY *pktmp;
187	pktmp = X509_get_pubkey(c->pkeys[i].x509);
188	EVP_PKEY_copy_parameters(pktmp, pkey);
189	EVP_PKEY_free(pktmp);
190	ERR_clear_error();
191
192	/*
193	* Don't check the public/private key, this is mostly
194	* for smart cards.
195	*/
196	if ((pkey->type == EVP_PKEY_RSA) &&
197	(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
198	;
199	else
200	if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
201	X509_free(c->pkeys[i].x509);
202	c->pkeys[i].x509 = NULL;
203	return 0;
204	}
205	}
206
207	EVP_PKEY_free(c->pkeys[i].privatekey);
208	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
209	c->pkeys[i].privatekey = pkey;
210	c->key = &(c->pkeys[i]);
211
212	c->valid = 0;
213	return (1);
214	}
215
216	int
217	SSL_use_RSAPrivateKey_file(SSL ssl, const char file, int type)
218	{
219	int j, ret = 0;
220	BIO *in;
221	RSA *rsa = NULL;
222
223	in = BIO_new(BIO_s_file_internal());
224	if (in == NULL) {
225	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
226	goto end;
227	}
228
229	if (BIO_read_filename(in, file) <= 0) {
230	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
231	goto end;
232	}
233	if (type == SSL_FILETYPE_ASN1) {
234	j = ERR_R_ASN1_LIB;
235	rsa = d2i_RSAPrivateKey_bio(in, NULL);
236	} else if (type == SSL_FILETYPE_PEM) {
237	j = ERR_R_PEM_LIB;
238	rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
239	ssl->ctx->default_passwd_callback,
240	ssl->ctx->default_passwd_callback_userdata);
241	} else {
242	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
243	goto end;
244	}
245	if (rsa == NULL) {
246	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
247	goto end;
248	}
249	ret = SSL_use_RSAPrivateKey(ssl, rsa);
250	RSA_free(rsa);
251	end:
252	BIO_free(in);
253	return (ret);
254	}
255
256	int
257	SSL_use_RSAPrivateKey_ASN1(SSL ssl, unsigned char d, long len)
258	{
259	int ret;
260	const unsigned char *p;
261	RSA *rsa;
262
263	p = d;
264	if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
265	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
266	return (0);
267	}
268
269	ret = SSL_use_RSAPrivateKey(ssl, rsa);
270	RSA_free(rsa);
271	return (ret);
272	}
273
274	int
275	SSL_use_PrivateKey(SSL ssl, EVP_PKEY pkey)
276	{
277	int ret;
278
279	if (pkey == NULL) {
280	SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
281	return (0);
282	}
283	if (!ssl_cert_inst(&ssl->cert)) {
284	SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
285	return (0);
286	}
287	ret = ssl_set_pkey(ssl->cert, pkey);
288	return (ret);
289	}
290
291	int
292	SSL_use_PrivateKey_file(SSL ssl, const char file, int type)
293	{
294	int j, ret = 0;
295	BIO *in;
296	EVP_PKEY *pkey = NULL;
297
298	in = BIO_new(BIO_s_file_internal());
299	if (in == NULL) {
300	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
301	goto end;
302	}
303
304	if (BIO_read_filename(in, file) <= 0) {
305	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
306	goto end;
307	}
308	if (type == SSL_FILETYPE_PEM) {
309	j = ERR_R_PEM_LIB;
310	pkey = PEM_read_bio_PrivateKey(in, NULL,
311	ssl->ctx->default_passwd_callback,
312	ssl->ctx->default_passwd_callback_userdata);
313	} else if (type == SSL_FILETYPE_ASN1) {
314	j = ERR_R_ASN1_LIB;
315	pkey = d2i_PrivateKey_bio(in, NULL);
316	} else {
317	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
318	goto end;
319	}
320	if (pkey == NULL) {
321	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
322	goto end;
323	}
324	ret = SSL_use_PrivateKey(ssl, pkey);
325	EVP_PKEY_free(pkey);
326	end:
327	BIO_free(in);
328	return (ret);
329	}
330
331	int
332	SSL_use_PrivateKey_ASN1(int type, SSL ssl, const unsigned char d, long len)
333	{
334	int ret;
335	const unsigned char *p;
336	EVP_PKEY *pkey;
337
338	p = d;
339	if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
340	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
341	return (0);
342	}
343
344	ret = SSL_use_PrivateKey(ssl, pkey);
345	EVP_PKEY_free(pkey);
346	return (ret);
347	}
348
349	int
350	SSL_CTX_use_certificate(SSL_CTX ctx, X509 x)
351	{
352	if (x == NULL) {
353	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
354	return (0);
355	}
356	if (!ssl_cert_inst(&ctx->cert)) {
357	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
358	return (0);
359	}
360	return (ssl_set_cert(ctx->cert, x));
361	}
362
363	static int
364	ssl_set_cert(CERT c, X509 x)
365	{
366	EVP_PKEY *pkey;
367	int i;
368
369	pkey = X509_get_pubkey(x);
370	if (pkey == NULL) {
371	SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
372	return (0);
373	}
374
375	i = ssl_cert_type(x, pkey);
376	if (i < 0) {
377	SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
378	EVP_PKEY_free(pkey);
379	return (0);
380	}
381
382	if (c->pkeys[i].privatekey != NULL) {
383	EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
384	ERR_clear_error();
385
386	/*
387	* Don't check the public/private key, this is mostly
388	* for smart cards.
389	*/
390	if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
391	(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
392	RSA_METHOD_FLAG_NO_CHECK))
393	;
394	else
395	if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
396	/*
397	* don't fail for a cert/key mismatch, just free
398	* current private key (when switching to a different
399	* cert & key, first this function should be used,
400	* then ssl_set_pkey
401	*/
402	EVP_PKEY_free(c->pkeys[i].privatekey);
403	c->pkeys[i].privatekey = NULL;
404	/* clear error queue */
405	ERR_clear_error();
406	}
407	}
408
409	EVP_PKEY_free(pkey);
410
411	X509_free(c->pkeys[i].x509);
412	CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
413	c->pkeys[i].x509 = x;
414	c->key = &(c->pkeys[i]);
415
416	c->valid = 0;
417	return (1);
418	}
419
420	int
421	SSL_CTX_use_certificate_file(SSL_CTX ctx, const char file, int type)
422	{
423	int j;
424	BIO *in;
425	int ret = 0;
426	X509 *x = NULL;
427
428	in = BIO_new(BIO_s_file_internal());
429	if (in == NULL) {
430	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
431	goto end;
432	}
433
434	if (BIO_read_filename(in, file) <= 0) {
435	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
436	goto end;
437	}
438	if (type == SSL_FILETYPE_ASN1) {
439	j = ERR_R_ASN1_LIB;
440	x = d2i_X509_bio(in, NULL);
441	} else if (type == SSL_FILETYPE_PEM) {
442	j = ERR_R_PEM_LIB;
443	x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
444	ctx->default_passwd_callback_userdata);
445	} else {
446	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
447	goto end;
448	}
449
450	if (x == NULL) {
451	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
452	goto end;
453	}
454
455	ret = SSL_CTX_use_certificate(ctx, x);
456	end:
457	X509_free(x);
458	BIO_free(in);
459	return (ret);
460	}
461
462	int
463	SSL_CTX_use_certificate_ASN1(SSL_CTX ctx, int len, const unsigned char d)
464	{
465	X509 *x;
466	int ret;
467
468	x = d2i_X509(NULL, &d,(long)len);
469	if (x == NULL) {
470	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
471	return (0);
472	}
473
474	ret = SSL_CTX_use_certificate(ctx, x);
475	X509_free(x);
476	return (ret);
477	}
478
479	int
480	SSL_CTX_use_RSAPrivateKey(SSL_CTX ctx, RSA rsa)
481	{
482	int ret;
483	EVP_PKEY *pkey;
484
485	if (rsa == NULL) {
486	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
487	return (0);
488	}
489	if (!ssl_cert_inst(&ctx->cert)) {
490	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
491	return (0);
492	}
493	if ((pkey = EVP_PKEY_new()) == NULL) {
494	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
495	return (0);
496	}
497
498	RSA_up_ref(rsa);
499	EVP_PKEY_assign_RSA(pkey, rsa);
500
501	ret = ssl_set_pkey(ctx->cert, pkey);
502	EVP_PKEY_free(pkey);
503	return (ret);
504	}
505
506	int
507	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX ctx, const char file, int type)
508	{
509	int j, ret = 0;
510	BIO *in;
511	RSA *rsa = NULL;
512
513	in = BIO_new(BIO_s_file_internal());
514	if (in == NULL) {
515	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
516	goto end;
517	}
518
519	if (BIO_read_filename(in, file) <= 0) {
520	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
521	goto end;
522	}
523	if (type == SSL_FILETYPE_ASN1) {
524	j = ERR_R_ASN1_LIB;
525	rsa = d2i_RSAPrivateKey_bio(in, NULL);
526	} else if (type == SSL_FILETYPE_PEM) {
527	j = ERR_R_PEM_LIB;
528	rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
529	ctx->default_passwd_callback,
530	ctx->default_passwd_callback_userdata);
531	} else {
532	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
533	goto end;
534	}
535	if (rsa == NULL) {
536	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
537	goto end;
538	}
539	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
540	RSA_free(rsa);
541	end:
542	BIO_free(in);
543	return (ret);
544	}
545
546	int
547	SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX ctx, const unsigned char d, long len)
548	{
549	int ret;
550	const unsigned char *p;
551	RSA *rsa;
552
553	p = d;
554	if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
555	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
556	return (0);
557	}
558
559	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
560	RSA_free(rsa);
561	return (ret);
562	}
563
564	int
565	SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY pkey)
566	{
567	if (pkey == NULL) {
568	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,
569	ERR_R_PASSED_NULL_PARAMETER);
570	return (0);
571	}
572	if (!ssl_cert_inst(&ctx->cert)) {
573	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
574	return (0);
575	}
576	return (ssl_set_pkey(ctx->cert, pkey));
577	}
578
579	int
580	SSL_CTX_use_PrivateKey_file(SSL_CTX ctx, const char file, int type)
581	{
582	int j, ret = 0;
583	BIO *in;
584	EVP_PKEY *pkey = NULL;
585
586	in = BIO_new(BIO_s_file_internal());
587	if (in == NULL) {
588	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
589	goto end;
590	}
591
592	if (BIO_read_filename(in, file) <= 0) {
593	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
594	goto end;
595	}
596	if (type == SSL_FILETYPE_PEM) {
597	j = ERR_R_PEM_LIB;
598	pkey = PEM_read_bio_PrivateKey(in, NULL,
599	ctx->default_passwd_callback,
600	ctx->default_passwd_callback_userdata);
601	} else if (type == SSL_FILETYPE_ASN1) {
602	j = ERR_R_ASN1_LIB;
603	pkey = d2i_PrivateKey_bio(in, NULL);
604	} else {
605	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,
606	SSL_R_BAD_SSL_FILETYPE);
607	goto end;
608	}
609	if (pkey == NULL) {
610	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
611	goto end;
612	}
613	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
614	EVP_PKEY_free(pkey);
615	end:
616	BIO_free(in);
617	return (ret);
618	}
619
620	int
621	SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX ctx, const unsigned char d,
622	long len)
623	{
624	int ret;
625	const unsigned char *p;
626	EVP_PKEY *pkey;
627
628	p = d;
629	if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
630	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
631	return (0);
632	}
633
634	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
635	EVP_PKEY_free(pkey);
636	return (ret);
637	}
638
639
640	/*
641	* Read a bio that contains our certificate in "PEM" format,
642	* possibly followed by a sequence of CA certificates that should be
643	* sent to the peer in the Certificate message.
644	*/
645	static int
646	ssl_ctx_use_certificate_chain_bio(SSL_CTX ctx, BIO in)
647	{
648	int ret = 0;
649	X509 *x = NULL;
650
651	ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
652
653	x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
654	ctx->default_passwd_callback_userdata);
655	if (x == NULL) {
656	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
657	goto end;
658	}
659
660	ret = SSL_CTX_use_certificate(ctx, x);
661
662	if (ERR_peek_error() != 0)
663	ret = 0;
664	/* Key/certificate mismatch doesn't imply ret==0 ... */
665	if (ret) {
666	/*
667	* If we could set up our certificate, now proceed to
668	* the CA certificates.
669	*/
670	X509 *ca;
671	int r;
672	unsigned long err;
673
674	if (ctx->extra_certs != NULL) {
675	sk_X509_pop_free(ctx->extra_certs, X509_free);
676	ctx->extra_certs = NULL;
677	}
678
679	while ((ca = PEM_read_bio_X509(in, NULL,
680	ctx->default_passwd_callback,
681	ctx->default_passwd_callback_userdata)) != NULL) {
682	r = SSL_CTX_add_extra_chain_cert(ctx, ca);
683	if (!r) {
684	X509_free(ca);
685	ret = 0;
686	goto end;
687	}
688	/*
689	* Note that we must not free r if it was successfully
690	* added to the chain (while we must free the main
691	* certificate, since its reference count is increased
692	* by SSL_CTX_use_certificate).
693	*/
694	}
695
696	/* When the while loop ends, it's usually just EOF. */
697	err = ERR_peek_last_error();
698	if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
699	ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
700	ERR_clear_error();
701	else
702	ret = 0; /* some real error */
703	}
704
705	end:
706	X509_free(x);
707	return (ret);
708	}
709
710	int
711	SSL_CTX_use_certificate_chain_file(SSL_CTX ctx, const char file)
712	{
713	BIO *in;
714	int ret = 0;
715
716	in = BIO_new(BIO_s_file_internal());
717	if (in == NULL) {
718	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
719	goto end;
720	}
721
722	if (BIO_read_filename(in, file) <= 0) {
723	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
724	goto end;
725	}
726
727	ret = ssl_ctx_use_certificate_chain_bio(ctx, in);
728
729	end:
730	BIO_free(in);
731	return (ret);
732	}
733
734	int
735	SSL_CTX_use_certificate_chain_mem(SSL_CTX ctx, void buf, int len)
736	{
737	BIO *in;
738	int ret = 0;
739
740	in = BIO_new_mem_buf(buf, len);
741	if (in == NULL) {
742	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
743	goto end;
744	}
745
746	ret = ssl_ctx_use_certificate_chain_bio(ctx, in);
747
748	end:
749	BIO_free(in);
750	return (ret);
751	}