1 files changed, 0 insertions, 815 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index 03828b6632..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,815 +0,0 @@
-/* ssl/ssl_rsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/bio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-static int ssl_set_cert(CERT *c, X509 *x509);
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-int SSL_use_certificate(SSL *ssl, X509 *x)
-        {
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ssl->cert))
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        return(ssl_set_cert(ssl->cert,x));
-        }
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
-        {
-        int j;
-        BIO *in;
-        int ret=0;
-        X509 *x=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                x=d2i_X509_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
-                goto end;
-                }
-        ret=SSL_use_certificate(ssl,x);
-end:
-        if (x != NULL) X509_free(x);
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
-        {
-        X509 *x;
-        int ret;
-        x=d2i_X509(NULL,&d,(long)len);
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_use_certificate(ssl,x);
-        X509_free(x);
-        return(ret);
-        }
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
-        {
-        EVP_PKEY *pkey;
-        int ret;
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ssl->cert))
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        if ((pkey=EVP_PKEY_new()) == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
-                return(0);
-                }
-        RSA_up_ref(rsa);
-        EVP_PKEY_assign_RSA(pkey,rsa);
-        ret=ssl_set_pkey(ssl->cert,pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-#endif
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
-        {
-        int i,ok=0,bad=0;
-        i=ssl_cert_type(NULL,pkey);
-        if (i < 0)
-                {
-                SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                return(0);
-                }
-        if (c->pkeys[i].x509 != NULL)
-                {
-                EVP_PKEY *pktmp;
-                pktmp = X509_get_pubkey(c->pkeys[i].x509);
-                EVP_PKEY_copy_parameters(pktmp,pkey);
-                EVP_PKEY_free(pktmp);
-                ERR_clear_error();
-#ifndef OPENSSL_NO_RSA
-                /* Don't check the public/private key, this is mostly
-                 * for smart cards. */
-                if ((pkey->type == EVP_PKEY_RSA) &&
-                        (RSA_flags(pkey->pkey.rsa) &
-                         RSA_METHOD_FLAG_NO_CHECK))
-                         ok=1;
-                else
-#endif
-                        if (!X509_check_private_key(c->pkeys[i].x509,pkey))
-                        {
-                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
-                                {
-                                i=(i == SSL_PKEY_DH_RSA)?
-                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-                                if (c->pkeys[i].x509 == NULL)
-                                        ok=1;
-                                else
-                                        {
-                                        if (!X509_check_private_key(
-                                                c->pkeys[i].x509,pkey))
-                                                bad=1;
-                                        else
-                                                ok=1;
-                                        }
-                                }
-                        else
-                                bad=1;
-                        }
-                else
-                        ok=1;
-                }
-        else
-                ok=1;
-        if (bad)
-                {
-                X509_free(c->pkeys[i].x509);
-                c->pkeys[i].x509=NULL;
-                return(0);
-                }
-        if (c->pkeys[i].privatekey != NULL)
-                EVP_PKEY_free(c->pkeys[i].privatekey);
-        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-        c->pkeys[i].privatekey=pkey;
-        c->key= &(c->pkeys[i]);
-        c->valid=0;
-        return(1);
-        }
-#ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        RSA *rsa=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if      (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                rsa=d2i_RSAPrivateKey_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-                        ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_use_RSAPrivateKey(ssl,rsa);
-        RSA_free(rsa);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
-        {
-        int ret;
-        const unsigned char *p;
-        RSA *rsa;
-        p=d;
-        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_use_RSAPrivateKey(ssl,rsa);
-        RSA_free(rsa);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_RSA */
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
-        {
-        int ret;
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ssl->cert))
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        ret=ssl_set_pkey(ssl->cert,pkey);
-        return(ret);
-        }
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        EVP_PKEY *pkey=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                pkey=PEM_read_bio_PrivateKey(in,NULL,
-                        ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_use_PrivateKey(ssl,pkey);
-        EVP_PKEY_free(pkey);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
-        {
-        int ret;
-        unsigned char *p;
-        EVP_PKEY *pkey;
-        p=d;
-        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_use_PrivateKey(ssl,pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
-        {
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ctx->cert))
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        return(ssl_set_cert(ctx->cert, x));
-        }
-static int ssl_set_cert(CERT *c, X509 *x)
-        {
-        EVP_PKEY *pkey;
-        int i,ok=0,bad=0;
-        pkey=X509_get_pubkey(x);
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
-                return(0);
-                }
-        i=ssl_cert_type(x,pkey);
-        if (i < 0)
-                {
-                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                EVP_PKEY_free(pkey);
-                return(0);
-                }
-        if (c->pkeys[i].privatekey != NULL)
-                {
-                EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
-                ERR_clear_error();
-#ifndef OPENSSL_NO_RSA
-                /* Don't check the public/private key, this is mostly
-                 * for smart cards. */
-                if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
-                        (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
-                         RSA_METHOD_FLAG_NO_CHECK))
-                         ok=1;
-                else
-#endif
-                {
-                if (!X509_check_private_key(x,c->pkeys[i].privatekey))
-                        {
-                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
-                                {
-                                i=(i == SSL_PKEY_DH_RSA)?
-                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-                                if (c->pkeys[i].privatekey == NULL)
-                                        ok=1;
-                                else
-                                        {
-                                        if (!X509_check_private_key(x,
-                                                c->pkeys[i].privatekey))
-                                                bad=1;
-                                        else
-                                                ok=1;
-                                        }
-                                }
-                        else
-                                bad=1;
-                        }
-                else
-                        ok=1;
-                } /* OPENSSL_NO_RSA */
-                }
-        else
-                ok=1;
-        EVP_PKEY_free(pkey);
-        if (bad)
-                {
-                EVP_PKEY_free(c->pkeys[i].privatekey);
-                c->pkeys[i].privatekey=NULL;
-                }
-        if (c->pkeys[i].x509 != NULL)
-                X509_free(c->pkeys[i].x509);
-        CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-        c->pkeys[i].x509=x;
-        c->key= &(c->pkeys[i]);
-        c->valid=0;
-        return(1);
-        }
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
-        {
-        int j;
-        BIO *in;
-        int ret=0;
-        X509 *x=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                x=d2i_X509_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
-                goto end;
-                }
-        ret=SSL_CTX_use_certificate(ctx,x);
-end:
-        if (x != NULL) X509_free(x);
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
-        {
-        X509 *x;
-        int ret;
-        x=d2i_X509(NULL,&d,(long)len);
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_CTX_use_certificate(ctx,x);
-        X509_free(x);
-        return(ret);
-        }
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
-        {
-        int ret;
-        EVP_PKEY *pkey;
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ctx->cert))
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        if ((pkey=EVP_PKEY_new()) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
-                return(0);
-                }
-        RSA_up_ref(rsa);
-        EVP_PKEY_assign_RSA(pkey,rsa);
-        ret=ssl_set_pkey(ctx->cert, pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        RSA *rsa=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if      (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                rsa=d2i_RSAPrivateKey_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-                        ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
-        RSA_free(rsa);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
-        {
-        int ret;
-        const unsigned char *p;
-        RSA *rsa;
-        p=d;
-        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
-        RSA_free(rsa);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_RSA */
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
-        {
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ctx->cert))
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        return(ssl_set_pkey(ctx->cert,pkey));
-        }
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        EVP_PKEY *pkey=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                pkey=PEM_read_bio_PrivateKey(in,NULL,
-                        ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
-        EVP_PKEY_free(pkey);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
-             long len)
-        {
-        int ret;
-        unsigned char *p;
-        EVP_PKEY *pkey;
-        p=d;
-        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-#ifndef OPENSSL_NO_STDIO
-/* Read a file that contains our certificate in "PEM" format,
- * possibly followed by a sequence of CA certificates that should be
- * sent to the peer in the Certificate message.
- */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
-        {
-        BIO *in;
-        int ret=0;
-        X509 *x=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
-                goto end;
-                }
-        ret=SSL_CTX_use_certificate(ctx,x);
-        if (ERR_peek_error() != 0)
-                ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
-        if (ret)
-                {
-                /* If we could set up our certificate, now proceed to
-                 * the CA certificates.
-                 */
-                X509 *ca;
-                int r;
-                unsigned long err;
-                
-                if (ctx->extra_certs != NULL) 
-                        {
-                        sk_X509_pop_free(ctx->extra_certs, X509_free);
-                        ctx->extra_certs = NULL;
-                        }
-                while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
-                        != NULL)
-                        {
-                        r = SSL_CTX_add_extra_chain_cert(ctx, ca);
-                        if (!r) 
-                                {
-                                X509_free(ca);
-                                ret = 0;
-                                goto end;
-                                }
-                        /* Note that we must not free r if it was successfully
-                         * added to the chain (while we must free the main
-                         * certificate, since its reference count is increased
-                         * by SSL_CTX_use_certificate). */
-                        }
-                /* When the while loop ends, it's usually just EOF. */
-                err = ERR_peek_last_error();
-                if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
-                        (void)ERR_get_error();
-                else 
-                        ret = 0; /* some real error */
-                }
-end:
-        if (x != NULL) X509_free(x);
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif

diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c deleted file mode 100644 index 03828b6632..0000000000 --- a/src/lib/libssl/ssl_rsa.c +++ /dev/null
@@ -1,815 +0,0 @@
1	/* ssl/ssl_rsa.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60	#include "ssl_locl.h"
61	#include <openssl/bio.h>
62	#include <openssl/objects.h>
63	#include <openssl/evp.h>
64	#include <openssl/x509.h>
65	#include <openssl/pem.h>
66
67	static int ssl_set_cert(CERT c, X509 x509);
68	static int ssl_set_pkey(CERT c, EVP_PKEY pkey);
69	int SSL_use_certificate(SSL ssl, X509 x)
70	{
71	if (x == NULL)
72	{
73	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
74	return(0);
75	}
76	if (!ssl_cert_inst(&ssl->cert))
77	{
78	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
79	return(0);
80	}
81	return(ssl_set_cert(ssl->cert,x));
82	}
83
84	#ifndef OPENSSL_NO_STDIO
85	int SSL_use_certificate_file(SSL ssl, const char file, int type)
86	{
87	int j;
88	BIO *in;
89	int ret=0;
90	X509 *x=NULL;
91
92	in=BIO_new(BIO_s_file_internal());
93	if (in == NULL)
94	{
95	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
96	goto end;
97	}
98
99	if (BIO_read_filename(in,file) <= 0)
100	{
101	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
102	goto end;
103	}
104	if (type == SSL_FILETYPE_ASN1)
105	{
106	j=ERR_R_ASN1_LIB;
107	x=d2i_X509_bio(in,NULL);
108	}
109	else if (type == SSL_FILETYPE_PEM)
110	{
111	j=ERR_R_PEM_LIB;
112	x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
113	}
114	else
115	{
116	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
117	goto end;
118	}
119
120	if (x == NULL)
121	{
122	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
123	goto end;
124	}
125
126	ret=SSL_use_certificate(ssl,x);
127	end:
128	if (x != NULL) X509_free(x);
129	if (in != NULL) BIO_free(in);
130	return(ret);
131	}
132	#endif
133
134	int SSL_use_certificate_ASN1(SSL ssl, unsigned char d, int len)
135	{
136	X509 *x;
137	int ret;
138
139	x=d2i_X509(NULL,&d,(long)len);
140	if (x == NULL)
141	{
142	SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
143	return(0);
144	}
145
146	ret=SSL_use_certificate(ssl,x);
147	X509_free(x);
148	return(ret);
149	}
150
151	#ifndef OPENSSL_NO_RSA
152	int SSL_use_RSAPrivateKey(SSL ssl, RSA rsa)
153	{
154	EVP_PKEY *pkey;
155	int ret;
156
157	if (rsa == NULL)
158	{
159	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
160	return(0);
161	}
162	if (!ssl_cert_inst(&ssl->cert))
163	{
164	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
165	return(0);
166	}
167	if ((pkey=EVP_PKEY_new()) == NULL)
168	{
169	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
170	return(0);
171	}
172
173	RSA_up_ref(rsa);
174	EVP_PKEY_assign_RSA(pkey,rsa);
175
176	ret=ssl_set_pkey(ssl->cert,pkey);
177	EVP_PKEY_free(pkey);
178	return(ret);
179	}
180	#endif
181
182	static int ssl_set_pkey(CERT c, EVP_PKEY pkey)
183	{
184	int i,ok=0,bad=0;
185
186	i=ssl_cert_type(NULL,pkey);
187	if (i < 0)
188	{
189	SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
190	return(0);
191	}
192
193	if (c->pkeys[i].x509 != NULL)
194	{
195	EVP_PKEY *pktmp;
196	pktmp = X509_get_pubkey(c->pkeys[i].x509);
197	EVP_PKEY_copy_parameters(pktmp,pkey);
198	EVP_PKEY_free(pktmp);
199	ERR_clear_error();
200
201	#ifndef OPENSSL_NO_RSA
202	/* Don't check the public/private key, this is mostly
203	* for smart cards. */
204	if ((pkey->type == EVP_PKEY_RSA) &&
205	(RSA_flags(pkey->pkey.rsa) &
206	RSA_METHOD_FLAG_NO_CHECK))
207	ok=1;
208	else
209	#endif
210	if (!X509_check_private_key(c->pkeys[i].x509,pkey))
211	{
212	if ((i == SSL_PKEY_DH_RSA) \|\| (i == SSL_PKEY_DH_DSA))
213	{
214	i=(i == SSL_PKEY_DH_RSA)?
215	SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
216
217	if (c->pkeys[i].x509 == NULL)
218	ok=1;
219	else
220	{
221	if (!X509_check_private_key(
222	c->pkeys[i].x509,pkey))
223	bad=1;
224	else
225	ok=1;
226	}
227	}
228	else
229	bad=1;
230	}
231	else
232	ok=1;
233	}
234	else
235	ok=1;
236
237	if (bad)
238	{
239	X509_free(c->pkeys[i].x509);
240	c->pkeys[i].x509=NULL;
241	return(0);
242	}
243
244	if (c->pkeys[i].privatekey != NULL)
245	EVP_PKEY_free(c->pkeys[i].privatekey);
246	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
247	c->pkeys[i].privatekey=pkey;
248	c->key= &(c->pkeys[i]);
249
250	c->valid=0;
251	return(1);
252	}
253
254	#ifndef OPENSSL_NO_RSA
255	#ifndef OPENSSL_NO_STDIO
256	int SSL_use_RSAPrivateKey_file(SSL ssl, const char file, int type)
257	{
258	int j,ret=0;
259	BIO *in;
260	RSA *rsa=NULL;
261
262	in=BIO_new(BIO_s_file_internal());
263	if (in == NULL)
264	{
265	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
266	goto end;
267	}
268
269	if (BIO_read_filename(in,file) <= 0)
270	{
271	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
272	goto end;
273	}
274	if (type == SSL_FILETYPE_ASN1)
275	{
276	j=ERR_R_ASN1_LIB;
277	rsa=d2i_RSAPrivateKey_bio(in,NULL);
278	}
279	else if (type == SSL_FILETYPE_PEM)
280	{
281	j=ERR_R_PEM_LIB;
282	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
283	ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
284	}
285	else
286	{
287	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
288	goto end;
289	}
290	if (rsa == NULL)
291	{
292	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
293	goto end;
294	}
295	ret=SSL_use_RSAPrivateKey(ssl,rsa);
296	RSA_free(rsa);
297	end:
298	if (in != NULL) BIO_free(in);
299	return(ret);
300	}
301	#endif
302
303	int SSL_use_RSAPrivateKey_ASN1(SSL ssl, unsigned char d, long len)
304	{
305	int ret;
306	const unsigned char *p;
307	RSA *rsa;
308
309	p=d;
310	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
311	{
312	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
313	return(0);
314	}
315
316	ret=SSL_use_RSAPrivateKey(ssl,rsa);
317	RSA_free(rsa);
318	return(ret);
319	}
320	#endif /* !OPENSSL_NO_RSA */
321
322	int SSL_use_PrivateKey(SSL ssl, EVP_PKEY pkey)
323	{
324	int ret;
325
326	if (pkey == NULL)
327	{
328	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
329	return(0);
330	}
331	if (!ssl_cert_inst(&ssl->cert))
332	{
333	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
334	return(0);
335	}
336	ret=ssl_set_pkey(ssl->cert,pkey);
337	return(ret);
338	}
339
340	#ifndef OPENSSL_NO_STDIO
341	int SSL_use_PrivateKey_file(SSL ssl, const char file, int type)
342	{
343	int j,ret=0;
344	BIO *in;
345	EVP_PKEY *pkey=NULL;
346
347	in=BIO_new(BIO_s_file_internal());
348	if (in == NULL)
349	{
350	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
351	goto end;
352	}
353
354	if (BIO_read_filename(in,file) <= 0)
355	{
356	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
357	goto end;
358	}
359	if (type == SSL_FILETYPE_PEM)
360	{
361	j=ERR_R_PEM_LIB;
362	pkey=PEM_read_bio_PrivateKey(in,NULL,
363	ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
364	}
365	else
366	{
367	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
368	goto end;
369	}
370	if (pkey == NULL)
371	{
372	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
373	goto end;
374	}
375	ret=SSL_use_PrivateKey(ssl,pkey);
376	EVP_PKEY_free(pkey);
377	end:
378	if (in != NULL) BIO_free(in);
379	return(ret);
380	}
381	#endif
382
383	int SSL_use_PrivateKey_ASN1(int type, SSL ssl, unsigned char d, long len)
384	{
385	int ret;
386	unsigned char *p;
387	EVP_PKEY *pkey;
388
389	p=d;
390	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
391	{
392	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
393	return(0);
394	}
395
396	ret=SSL_use_PrivateKey(ssl,pkey);
397	EVP_PKEY_free(pkey);
398	return(ret);
399	}
400
401	int SSL_CTX_use_certificate(SSL_CTX ctx, X509 x)
402	{
403	if (x == NULL)
404	{
405	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
406	return(0);
407	}
408	if (!ssl_cert_inst(&ctx->cert))
409	{
410	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
411	return(0);
412	}
413	return(ssl_set_cert(ctx->cert, x));
414	}
415
416	static int ssl_set_cert(CERT c, X509 x)
417	{
418	EVP_PKEY *pkey;
419	int i,ok=0,bad=0;
420
421	pkey=X509_get_pubkey(x);
422	if (pkey == NULL)
423	{
424	SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
425	return(0);
426	}
427
428	i=ssl_cert_type(x,pkey);
429	if (i < 0)
430	{
431	SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
432	EVP_PKEY_free(pkey);
433	return(0);
434	}
435
436	if (c->pkeys[i].privatekey != NULL)
437	{
438	EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
439	ERR_clear_error();
440
441	#ifndef OPENSSL_NO_RSA
442	/* Don't check the public/private key, this is mostly
443	* for smart cards. */
444	if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
445	(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
446	RSA_METHOD_FLAG_NO_CHECK))
447	ok=1;
448	else
449	#endif
450	{
451	if (!X509_check_private_key(x,c->pkeys[i].privatekey))
452	{
453	if ((i == SSL_PKEY_DH_RSA) \|\| (i == SSL_PKEY_DH_DSA))
454	{
455	i=(i == SSL_PKEY_DH_RSA)?
456	SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
457
458	if (c->pkeys[i].privatekey == NULL)
459	ok=1;
460	else
461	{
462	if (!X509_check_private_key(x,
463	c->pkeys[i].privatekey))
464	bad=1;
465	else
466	ok=1;
467	}
468	}
469	else
470	bad=1;
471	}
472	else
473	ok=1;
474	} /* OPENSSL_NO_RSA */
475	}
476	else
477	ok=1;
478
479	EVP_PKEY_free(pkey);
480	if (bad)
481	{
482	EVP_PKEY_free(c->pkeys[i].privatekey);
483	c->pkeys[i].privatekey=NULL;
484	}
485
486	if (c->pkeys[i].x509 != NULL)
487	X509_free(c->pkeys[i].x509);
488	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
489	c->pkeys[i].x509=x;
490	c->key= &(c->pkeys[i]);
491
492	c->valid=0;
493	return(1);
494	}
495
496	#ifndef OPENSSL_NO_STDIO
497	int SSL_CTX_use_certificate_file(SSL_CTX ctx, const char file, int type)
498	{
499	int j;
500	BIO *in;
501	int ret=0;
502	X509 *x=NULL;
503
504	in=BIO_new(BIO_s_file_internal());
505	if (in == NULL)
506	{
507	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
508	goto end;
509	}
510
511	if (BIO_read_filename(in,file) <= 0)
512	{
513	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
514	goto end;
515	}
516	if (type == SSL_FILETYPE_ASN1)
517	{
518	j=ERR_R_ASN1_LIB;
519	x=d2i_X509_bio(in,NULL);
520	}
521	else if (type == SSL_FILETYPE_PEM)
522	{
523	j=ERR_R_PEM_LIB;
524	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
525	}
526	else
527	{
528	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
529	goto end;
530	}
531
532	if (x == NULL)
533	{
534	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
535	goto end;
536	}
537
538	ret=SSL_CTX_use_certificate(ctx,x);
539	end:
540	if (x != NULL) X509_free(x);
541	if (in != NULL) BIO_free(in);
542	return(ret);
543	}
544	#endif
545
546	int SSL_CTX_use_certificate_ASN1(SSL_CTX ctx, int len, unsigned char d)
547	{
548	X509 *x;
549	int ret;
550
551	x=d2i_X509(NULL,&d,(long)len);
552	if (x == NULL)
553	{
554	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
555	return(0);
556	}
557
558	ret=SSL_CTX_use_certificate(ctx,x);
559	X509_free(x);
560	return(ret);
561	}
562
563	#ifndef OPENSSL_NO_RSA
564	int SSL_CTX_use_RSAPrivateKey(SSL_CTX ctx, RSA rsa)
565	{
566	int ret;
567	EVP_PKEY *pkey;
568
569	if (rsa == NULL)
570	{
571	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
572	return(0);
573	}
574	if (!ssl_cert_inst(&ctx->cert))
575	{
576	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
577	return(0);
578	}
579	if ((pkey=EVP_PKEY_new()) == NULL)
580	{
581	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
582	return(0);
583	}
584
585	RSA_up_ref(rsa);
586	EVP_PKEY_assign_RSA(pkey,rsa);
587
588	ret=ssl_set_pkey(ctx->cert, pkey);
589	EVP_PKEY_free(pkey);
590	return(ret);
591	}
592
593	#ifndef OPENSSL_NO_STDIO
594	int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX ctx, const char file, int type)
595	{
596	int j,ret=0;
597	BIO *in;
598	RSA *rsa=NULL;
599
600	in=BIO_new(BIO_s_file_internal());
601	if (in == NULL)
602	{
603	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
604	goto end;
605	}
606
607	if (BIO_read_filename(in,file) <= 0)
608	{
609	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
610	goto end;
611	}
612	if (type == SSL_FILETYPE_ASN1)
613	{
614	j=ERR_R_ASN1_LIB;
615	rsa=d2i_RSAPrivateKey_bio(in,NULL);
616	}
617	else if (type == SSL_FILETYPE_PEM)
618	{
619	j=ERR_R_PEM_LIB;
620	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
621	ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
622	}
623	else
624	{
625	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
626	goto end;
627	}
628	if (rsa == NULL)
629	{
630	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
631	goto end;
632	}
633	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
634	RSA_free(rsa);
635	end:
636	if (in != NULL) BIO_free(in);
637	return(ret);
638	}
639	#endif
640
641	int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX ctx, unsigned char d, long len)
642	{
643	int ret;
644	const unsigned char *p;
645	RSA *rsa;
646
647	p=d;
648	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
649	{
650	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
651	return(0);
652	}
653
654	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
655	RSA_free(rsa);
656	return(ret);
657	}
658	#endif /* !OPENSSL_NO_RSA */
659
660	int SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY pkey)
661	{
662	if (pkey == NULL)
663	{
664	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
665	return(0);
666	}
667	if (!ssl_cert_inst(&ctx->cert))
668	{
669	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
670	return(0);
671	}
672	return(ssl_set_pkey(ctx->cert,pkey));
673	}
674
675	#ifndef OPENSSL_NO_STDIO
676	int SSL_CTX_use_PrivateKey_file(SSL_CTX ctx, const char file, int type)
677	{
678	int j,ret=0;
679	BIO *in;
680	EVP_PKEY *pkey=NULL;
681
682	in=BIO_new(BIO_s_file_internal());
683	if (in == NULL)
684	{
685	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
686	goto end;
687	}
688
689	if (BIO_read_filename(in,file) <= 0)
690	{
691	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
692	goto end;
693	}
694	if (type == SSL_FILETYPE_PEM)
695	{
696	j=ERR_R_PEM_LIB;
697	pkey=PEM_read_bio_PrivateKey(in,NULL,
698	ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
699	}
700	else
701	{
702	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
703	goto end;
704	}
705	if (pkey == NULL)
706	{
707	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
708	goto end;
709	}
710	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
711	EVP_PKEY_free(pkey);
712	end:
713	if (in != NULL) BIO_free(in);
714	return(ret);
715	}
716	#endif
717
718	int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX ctx, unsigned char d,
719	long len)
720	{
721	int ret;
722	unsigned char *p;
723	EVP_PKEY *pkey;
724
725	p=d;
726	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
727	{
728	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
729	return(0);
730	}
731
732	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
733	EVP_PKEY_free(pkey);
734	return(ret);
735	}
736
737
738	#ifndef OPENSSL_NO_STDIO
739	/* Read a file that contains our certificate in "PEM" format,
740	* possibly followed by a sequence of CA certificates that should be
741	* sent to the peer in the Certificate message.
742	*/
743	int SSL_CTX_use_certificate_chain_file(SSL_CTX ctx, const char file)
744	{
745	BIO *in;
746	int ret=0;
747	X509 *x=NULL;
748
749	in=BIO_new(BIO_s_file_internal());
750	if (in == NULL)
751	{
752	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
753	goto end;
754	}
755
756	if (BIO_read_filename(in,file) <= 0)
757	{
758	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
759	goto end;
760	}
761
762	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
763	if (x == NULL)
764	{
765	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
766	goto end;
767	}
768
769	ret=SSL_CTX_use_certificate(ctx,x);
770	if (ERR_peek_error() != 0)
771	ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
772	if (ret)
773	{
774	/* If we could set up our certificate, now proceed to
775	* the CA certificates.
776	*/
777	X509 *ca;
778	int r;
779	unsigned long err;
780
781	if (ctx->extra_certs != NULL)
782	{
783	sk_X509_pop_free(ctx->extra_certs, X509_free);
784	ctx->extra_certs = NULL;
785	}
786
787	while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
788	!= NULL)
789	{
790	r = SSL_CTX_add_extra_chain_cert(ctx, ca);
791	if (!r)
792	{
793	X509_free(ca);
794	ret = 0;
795	goto end;
796	}
797	/* Note that we must not free r if it was successfully
798	* added to the chain (while we must free the main
799	* certificate, since its reference count is increased
800	* by SSL_CTX_use_certificate). */
801	}
802	/* When the while loop ends, it's usually just EOF. */
803	err = ERR_peek_last_error();
804	if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
805	(void)ERR_get_error();
806	else
807	ret = 0; /* some real error */
808	}
809
810	end:
811	if (x != NULL) X509_free(x);
812	if (in != NULL) BIO_free(in);
813	return(ret);
814	}
815	#endif