1 files changed, 0 insertions, 817 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index fb0bd4d045..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,817 +0,0 @@
-/* ssl/ssl_rsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/bio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-static int ssl_set_cert(CERT *c, X509 *x509);
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-int SSL_use_certificate(SSL *ssl, X509 *x)
-        {
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ssl->cert))
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        return(ssl_set_cert(ssl->cert,x));
-        }
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
-        {
-        int j;
-        BIO *in;
-        int ret=0;
-        X509 *x=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                x=d2i_X509_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
-                goto end;
-                }
-        ret=SSL_use_certificate(ssl,x);
-end:
-        if (x != NULL) X509_free(x);
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
-        {
-        X509 *x;
-        int ret;
-        x=d2i_X509(NULL,&d,(long)len);
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_use_certificate(ssl,x);
-        X509_free(x);
-        return(ret);
-        }
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
-        {
-        EVP_PKEY *pkey;
-        int ret;
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ssl->cert))
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        if ((pkey=EVP_PKEY_new()) == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
-                return(0);
-                }
-        RSA_up_ref(rsa);
-        EVP_PKEY_assign_RSA(pkey,rsa);
-        ret=ssl_set_pkey(ssl->cert,pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-#endif
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
-        {
-        int i,ok=0,bad=0;
-        i=ssl_cert_type(NULL,pkey);
-        if (i < 0)
-                {
-                SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                return(0);
-                }
-        if (c->pkeys[i].x509 != NULL)
-                {
-                EVP_PKEY *pktmp;
-                pktmp = X509_get_pubkey(c->pkeys[i].x509);
-                EVP_PKEY_copy_parameters(pktmp,pkey);
-                EVP_PKEY_free(pktmp);
-                ERR_clear_error();
-#ifndef OPENSSL_NO_RSA
-                /* Don't check the public/private key, this is mostly
-                 * for smart cards. */
-                if ((pkey->type == EVP_PKEY_RSA) &&
-                        (RSA_flags(pkey->pkey.rsa) &
-                         RSA_METHOD_FLAG_NO_CHECK))
-                         ok=1;
-                else
-#endif
-                     if (!X509_check_private_key(c->pkeys[i].x509,pkey))
-                        {
-                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
-                                {
-                                i=(i == SSL_PKEY_DH_RSA)?
-                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-                                if (c->pkeys[i].x509 == NULL)
-                                        ok=1;
-                                else
-                                        {
-                                        if (!X509_check_private_key(
-                                                c->pkeys[i].x509,pkey))
-                                                bad=1;
-                                        else
-                                                ok=1;
-                                        }
-                                }
-                        else
-                                bad=1;
-                        }
-                else
-                        ok=1;
-                }
-        else
-                ok=1;
-        if (bad)
-                {
-                X509_free(c->pkeys[i].x509);
-                c->pkeys[i].x509=NULL;
-                return(0);
-                }
-        ERR_clear_error(); /* make sure no error from X509_check_private_key()
-                            * is left if we have chosen to ignore it */
-        if (c->pkeys[i].privatekey != NULL)
-                EVP_PKEY_free(c->pkeys[i].privatekey);
-        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-        c->pkeys[i].privatekey=pkey;
-        c->key= &(c->pkeys[i]);
-        c->valid=0;
-        return(1);
-        }
-#ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        RSA *rsa=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if      (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                rsa=d2i_RSAPrivateKey_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-                        ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_use_RSAPrivateKey(ssl,rsa);
-        RSA_free(rsa);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
-        {
-        int ret;
-        const unsigned char *p;
-        RSA *rsa;
-        p=d;
-        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_use_RSAPrivateKey(ssl,rsa);
-        RSA_free(rsa);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_RSA */
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
-        {
-        int ret;
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ssl->cert))
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        ret=ssl_set_pkey(ssl->cert,pkey);
-        return(ret);
-        }
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        EVP_PKEY *pkey=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                pkey=PEM_read_bio_PrivateKey(in,NULL,
-                        ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_use_PrivateKey(ssl,pkey);
-        EVP_PKEY_free(pkey);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
-        {
-        int ret;
-        unsigned char *p;
-        EVP_PKEY *pkey;
-        p=d;
-        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_use_PrivateKey(ssl,pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
-        {
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ctx->cert))
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        return(ssl_set_cert(ctx->cert, x));
-        }
-static int ssl_set_cert(CERT *c, X509 *x)
-        {
-        EVP_PKEY *pkey;
-        int i,ok=0,bad=0;
-        pkey=X509_get_pubkey(x);
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
-                return(0);
-                }
-        i=ssl_cert_type(x,pkey);
-        if (i < 0)
-                {
-                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                EVP_PKEY_free(pkey);
-                return(0);
-                }
-        if (c->pkeys[i].privatekey != NULL)
-                {
-                EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
-                ERR_clear_error();
-#ifndef OPENSSL_NO_RSA
-                /* Don't check the public/private key, this is mostly
-                 * for smart cards. */
-                if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
-                        (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
-                         RSA_METHOD_FLAG_NO_CHECK))
-                         ok=1;
-                else
-#endif
-                {
-                if (!X509_check_private_key(x,c->pkeys[i].privatekey))
-                        {
-                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
-                                {
-                                i=(i == SSL_PKEY_DH_RSA)?
-                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-                                if (c->pkeys[i].privatekey == NULL)
-                                        ok=1;
-                                else
-                                        {
-                                        if (!X509_check_private_key(x,
-                                                c->pkeys[i].privatekey))
-                                                bad=1;
-                                        else
-                                                ok=1;
-                                        }
-                                }
-                        else
-                                bad=1;
-                        }
-                else
-                        ok=1;
-                } /* OPENSSL_NO_RSA */
-                }
-        else
-                ok=1;
-        EVP_PKEY_free(pkey);
-        if (bad)
-                {
-                EVP_PKEY_free(c->pkeys[i].privatekey);
-                c->pkeys[i].privatekey=NULL;
-                }
-        if (c->pkeys[i].x509 != NULL)
-                X509_free(c->pkeys[i].x509);
-        CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-        c->pkeys[i].x509=x;
-        c->key= &(c->pkeys[i]);
-        c->valid=0;
-        return(1);
-        }
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
-        {
-        int j;
-        BIO *in;
-        int ret=0;
-        X509 *x=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                x=d2i_X509_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
-                goto end;
-                }
-        ret=SSL_CTX_use_certificate(ctx,x);
-end:
-        if (x != NULL) X509_free(x);
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
-        {
-        X509 *x;
-        int ret;
-        x=d2i_X509(NULL,&d,(long)len);
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_CTX_use_certificate(ctx,x);
-        X509_free(x);
-        return(ret);
-        }
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
-        {
-        int ret;
-        EVP_PKEY *pkey;
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ctx->cert))
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        if ((pkey=EVP_PKEY_new()) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
-                return(0);
-                }
-        RSA_up_ref(rsa);
-        EVP_PKEY_assign_RSA(pkey,rsa);
-        ret=ssl_set_pkey(ctx->cert, pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        RSA *rsa=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if      (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                rsa=d2i_RSAPrivateKey_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-                        ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
-        RSA_free(rsa);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
-        {
-        int ret;
-        const unsigned char *p;
-        RSA *rsa;
-        p=d;
-        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
-        RSA_free(rsa);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_RSA */
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
-        {
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ctx->cert))
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        return(ssl_set_pkey(ctx->cert,pkey));
-        }
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        EVP_PKEY *pkey=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                pkey=PEM_read_bio_PrivateKey(in,NULL,
-                        ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
-        EVP_PKEY_free(pkey);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
-             long len)
-        {
-        int ret;
-        unsigned char *p;
-        EVP_PKEY *pkey;
-        p=d;
-        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-#ifndef OPENSSL_NO_STDIO
-/* Read a file that contains our certificate in "PEM" format,
- * possibly followed by a sequence of CA certificates that should be
- * sent to the peer in the Certificate message.
- */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
-        {
-        BIO *in;
-        int ret=0;
-        X509 *x=NULL;
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
-                goto end;
-                }
-        ret=SSL_CTX_use_certificate(ctx,x);
-        if (ERR_peek_error() != 0)
-                ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
-        if (ret)
-                {
-                /* If we could set up our certificate, now proceed to
-                 * the CA certificates.
-                 */
-                X509 *ca;
-                int r;
-                unsigned long err;
-                
-                if (ctx->extra_certs != NULL) 
-                        {
-                        sk_X509_pop_free(ctx->extra_certs, X509_free);
-                        ctx->extra_certs = NULL;
-                        }
-                while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
-                        != NULL)
-                        {
-                        r = SSL_CTX_add_extra_chain_cert(ctx, ca);
-                        if (!r) 
-                                {
-                                X509_free(ca);
-                                ret = 0;
-                                goto end;
-                                }
-                        /* Note that we must not free r if it was successfully
-                         * added to the chain (while we must free the main
-                         * certificate, since its reference count is increased
-                         * by SSL_CTX_use_certificate). */
-                        }
-                /* When the while loop ends, it's usually just EOF. */
-                err = ERR_peek_last_error();
-                if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
-                        ERR_clear_error();
-                else 
-                        ret = 0; /* some real error */
-                }
-end:
-        if (x != NULL) X509_free(x);
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif

diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c deleted file mode 100644 index fb0bd4d045..0000000000 --- a/src/lib/libssl/ssl_rsa.c +++ /dev/null
@@ -1,817 +0,0 @@
1	/* ssl/ssl_rsa.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60	#include "ssl_locl.h"
61	#include <openssl/bio.h>
62	#include <openssl/objects.h>
63	#include <openssl/evp.h>
64	#include <openssl/x509.h>
65	#include <openssl/pem.h>
66
67	static int ssl_set_cert(CERT c, X509 x509);
68	static int ssl_set_pkey(CERT c, EVP_PKEY pkey);
69	int SSL_use_certificate(SSL ssl, X509 x)
70	{
71	if (x == NULL)
72	{
73	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
74	return(0);
75	}
76	if (!ssl_cert_inst(&ssl->cert))
77	{
78	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
79	return(0);
80	}
81	return(ssl_set_cert(ssl->cert,x));
82	}
83
84	#ifndef OPENSSL_NO_STDIO
85	int SSL_use_certificate_file(SSL ssl, const char file, int type)
86	{
87	int j;
88	BIO *in;
89	int ret=0;
90	X509 *x=NULL;
91
92	in=BIO_new(BIO_s_file_internal());
93	if (in == NULL)
94	{
95	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
96	goto end;
97	}
98
99	if (BIO_read_filename(in,file) <= 0)
100	{
101	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
102	goto end;
103	}
104	if (type == SSL_FILETYPE_ASN1)
105	{
106	j=ERR_R_ASN1_LIB;
107	x=d2i_X509_bio(in,NULL);
108	}
109	else if (type == SSL_FILETYPE_PEM)
110	{
111	j=ERR_R_PEM_LIB;
112	x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
113	}
114	else
115	{
116	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
117	goto end;
118	}
119
120	if (x == NULL)
121	{
122	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
123	goto end;
124	}
125
126	ret=SSL_use_certificate(ssl,x);
127	end:
128	if (x != NULL) X509_free(x);
129	if (in != NULL) BIO_free(in);
130	return(ret);
131	}
132	#endif
133
134	int SSL_use_certificate_ASN1(SSL ssl, unsigned char d, int len)
135	{
136	X509 *x;
137	int ret;
138
139	x=d2i_X509(NULL,&d,(long)len);
140	if (x == NULL)
141	{
142	SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
143	return(0);
144	}
145
146	ret=SSL_use_certificate(ssl,x);
147	X509_free(x);
148	return(ret);
149	}
150
151	#ifndef OPENSSL_NO_RSA
152	int SSL_use_RSAPrivateKey(SSL ssl, RSA rsa)
153	{
154	EVP_PKEY *pkey;
155	int ret;
156
157	if (rsa == NULL)
158	{
159	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
160	return(0);
161	}
162	if (!ssl_cert_inst(&ssl->cert))
163	{
164	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
165	return(0);
166	}
167	if ((pkey=EVP_PKEY_new()) == NULL)
168	{
169	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
170	return(0);
171	}
172
173	RSA_up_ref(rsa);
174	EVP_PKEY_assign_RSA(pkey,rsa);
175
176	ret=ssl_set_pkey(ssl->cert,pkey);
177	EVP_PKEY_free(pkey);
178	return(ret);
179	}
180	#endif
181
182	static int ssl_set_pkey(CERT c, EVP_PKEY pkey)
183	{
184	int i,ok=0,bad=0;
185
186	i=ssl_cert_type(NULL,pkey);
187	if (i < 0)
188	{
189	SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
190	return(0);
191	}
192
193	if (c->pkeys[i].x509 != NULL)
194	{
195	EVP_PKEY *pktmp;
196	pktmp = X509_get_pubkey(c->pkeys[i].x509);
197	EVP_PKEY_copy_parameters(pktmp,pkey);
198	EVP_PKEY_free(pktmp);
199	ERR_clear_error();
200
201	#ifndef OPENSSL_NO_RSA
202	/* Don't check the public/private key, this is mostly
203	* for smart cards. */
204	if ((pkey->type == EVP_PKEY_RSA) &&
205	(RSA_flags(pkey->pkey.rsa) &
206	RSA_METHOD_FLAG_NO_CHECK))
207	ok=1;
208	else
209	#endif
210	if (!X509_check_private_key(c->pkeys[i].x509,pkey))
211	{
212	if ((i == SSL_PKEY_DH_RSA) \|\| (i == SSL_PKEY_DH_DSA))
213	{
214	i=(i == SSL_PKEY_DH_RSA)?
215	SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
216
217	if (c->pkeys[i].x509 == NULL)
218	ok=1;
219	else
220	{
221	if (!X509_check_private_key(
222	c->pkeys[i].x509,pkey))
223	bad=1;
224	else
225	ok=1;
226	}
227	}
228	else
229	bad=1;
230	}
231	else
232	ok=1;
233	}
234	else
235	ok=1;
236
237	if (bad)
238	{
239	X509_free(c->pkeys[i].x509);
240	c->pkeys[i].x509=NULL;
241	return(0);
242	}
243
244	ERR_clear_error(); /* make sure no error from X509_check_private_key()
245	* is left if we have chosen to ignore it */
246	if (c->pkeys[i].privatekey != NULL)
247	EVP_PKEY_free(c->pkeys[i].privatekey);
248	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
249	c->pkeys[i].privatekey=pkey;
250	c->key= &(c->pkeys[i]);
251
252	c->valid=0;
253	return(1);
254	}
255
256	#ifndef OPENSSL_NO_RSA
257	#ifndef OPENSSL_NO_STDIO
258	int SSL_use_RSAPrivateKey_file(SSL ssl, const char file, int type)
259	{
260	int j,ret=0;
261	BIO *in;
262	RSA *rsa=NULL;
263
264	in=BIO_new(BIO_s_file_internal());
265	if (in == NULL)
266	{
267	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
268	goto end;
269	}
270
271	if (BIO_read_filename(in,file) <= 0)
272	{
273	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
274	goto end;
275	}
276	if (type == SSL_FILETYPE_ASN1)
277	{
278	j=ERR_R_ASN1_LIB;
279	rsa=d2i_RSAPrivateKey_bio(in,NULL);
280	}
281	else if (type == SSL_FILETYPE_PEM)
282	{
283	j=ERR_R_PEM_LIB;
284	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
285	ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
286	}
287	else
288	{
289	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
290	goto end;
291	}
292	if (rsa == NULL)
293	{
294	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
295	goto end;
296	}
297	ret=SSL_use_RSAPrivateKey(ssl,rsa);
298	RSA_free(rsa);
299	end:
300	if (in != NULL) BIO_free(in);
301	return(ret);
302	}
303	#endif
304
305	int SSL_use_RSAPrivateKey_ASN1(SSL ssl, unsigned char d, long len)
306	{
307	int ret;
308	const unsigned char *p;
309	RSA *rsa;
310
311	p=d;
312	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
313	{
314	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
315	return(0);
316	}
317
318	ret=SSL_use_RSAPrivateKey(ssl,rsa);
319	RSA_free(rsa);
320	return(ret);
321	}
322	#endif /* !OPENSSL_NO_RSA */
323
324	int SSL_use_PrivateKey(SSL ssl, EVP_PKEY pkey)
325	{
326	int ret;
327
328	if (pkey == NULL)
329	{
330	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
331	return(0);
332	}
333	if (!ssl_cert_inst(&ssl->cert))
334	{
335	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
336	return(0);
337	}
338	ret=ssl_set_pkey(ssl->cert,pkey);
339	return(ret);
340	}
341
342	#ifndef OPENSSL_NO_STDIO
343	int SSL_use_PrivateKey_file(SSL ssl, const char file, int type)
344	{
345	int j,ret=0;
346	BIO *in;
347	EVP_PKEY *pkey=NULL;
348
349	in=BIO_new(BIO_s_file_internal());
350	if (in == NULL)
351	{
352	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
353	goto end;
354	}
355
356	if (BIO_read_filename(in,file) <= 0)
357	{
358	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
359	goto end;
360	}
361	if (type == SSL_FILETYPE_PEM)
362	{
363	j=ERR_R_PEM_LIB;
364	pkey=PEM_read_bio_PrivateKey(in,NULL,
365	ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
366	}
367	else
368	{
369	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
370	goto end;
371	}
372	if (pkey == NULL)
373	{
374	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
375	goto end;
376	}
377	ret=SSL_use_PrivateKey(ssl,pkey);
378	EVP_PKEY_free(pkey);
379	end:
380	if (in != NULL) BIO_free(in);
381	return(ret);
382	}
383	#endif
384
385	int SSL_use_PrivateKey_ASN1(int type, SSL ssl, unsigned char d, long len)
386	{
387	int ret;
388	unsigned char *p;
389	EVP_PKEY *pkey;
390
391	p=d;
392	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
393	{
394	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
395	return(0);
396	}
397
398	ret=SSL_use_PrivateKey(ssl,pkey);
399	EVP_PKEY_free(pkey);
400	return(ret);
401	}
402
403	int SSL_CTX_use_certificate(SSL_CTX ctx, X509 x)
404	{
405	if (x == NULL)
406	{
407	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
408	return(0);
409	}
410	if (!ssl_cert_inst(&ctx->cert))
411	{
412	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
413	return(0);
414	}
415	return(ssl_set_cert(ctx->cert, x));
416	}
417
418	static int ssl_set_cert(CERT c, X509 x)
419	{
420	EVP_PKEY *pkey;
421	int i,ok=0,bad=0;
422
423	pkey=X509_get_pubkey(x);
424	if (pkey == NULL)
425	{
426	SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
427	return(0);
428	}
429
430	i=ssl_cert_type(x,pkey);
431	if (i < 0)
432	{
433	SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
434	EVP_PKEY_free(pkey);
435	return(0);
436	}
437
438	if (c->pkeys[i].privatekey != NULL)
439	{
440	EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
441	ERR_clear_error();
442
443	#ifndef OPENSSL_NO_RSA
444	/* Don't check the public/private key, this is mostly
445	* for smart cards. */
446	if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
447	(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
448	RSA_METHOD_FLAG_NO_CHECK))
449	ok=1;
450	else
451	#endif
452	{
453	if (!X509_check_private_key(x,c->pkeys[i].privatekey))
454	{
455	if ((i == SSL_PKEY_DH_RSA) \|\| (i == SSL_PKEY_DH_DSA))
456	{
457	i=(i == SSL_PKEY_DH_RSA)?
458	SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
459
460	if (c->pkeys[i].privatekey == NULL)
461	ok=1;
462	else
463	{
464	if (!X509_check_private_key(x,
465	c->pkeys[i].privatekey))
466	bad=1;
467	else
468	ok=1;
469	}
470	}
471	else
472	bad=1;
473	}
474	else
475	ok=1;
476	} /* OPENSSL_NO_RSA */
477	}
478	else
479	ok=1;
480
481	EVP_PKEY_free(pkey);
482	if (bad)
483	{
484	EVP_PKEY_free(c->pkeys[i].privatekey);
485	c->pkeys[i].privatekey=NULL;
486	}
487
488	if (c->pkeys[i].x509 != NULL)
489	X509_free(c->pkeys[i].x509);
490	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
491	c->pkeys[i].x509=x;
492	c->key= &(c->pkeys[i]);
493
494	c->valid=0;
495	return(1);
496	}
497
498	#ifndef OPENSSL_NO_STDIO
499	int SSL_CTX_use_certificate_file(SSL_CTX ctx, const char file, int type)
500	{
501	int j;
502	BIO *in;
503	int ret=0;
504	X509 *x=NULL;
505
506	in=BIO_new(BIO_s_file_internal());
507	if (in == NULL)
508	{
509	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
510	goto end;
511	}
512
513	if (BIO_read_filename(in,file) <= 0)
514	{
515	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
516	goto end;
517	}
518	if (type == SSL_FILETYPE_ASN1)
519	{
520	j=ERR_R_ASN1_LIB;
521	x=d2i_X509_bio(in,NULL);
522	}
523	else if (type == SSL_FILETYPE_PEM)
524	{
525	j=ERR_R_PEM_LIB;
526	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
527	}
528	else
529	{
530	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
531	goto end;
532	}
533
534	if (x == NULL)
535	{
536	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
537	goto end;
538	}
539
540	ret=SSL_CTX_use_certificate(ctx,x);
541	end:
542	if (x != NULL) X509_free(x);
543	if (in != NULL) BIO_free(in);
544	return(ret);
545	}
546	#endif
547
548	int SSL_CTX_use_certificate_ASN1(SSL_CTX ctx, int len, unsigned char d)
549	{
550	X509 *x;
551	int ret;
552
553	x=d2i_X509(NULL,&d,(long)len);
554	if (x == NULL)
555	{
556	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
557	return(0);
558	}
559
560	ret=SSL_CTX_use_certificate(ctx,x);
561	X509_free(x);
562	return(ret);
563	}
564
565	#ifndef OPENSSL_NO_RSA
566	int SSL_CTX_use_RSAPrivateKey(SSL_CTX ctx, RSA rsa)
567	{
568	int ret;
569	EVP_PKEY *pkey;
570
571	if (rsa == NULL)
572	{
573	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
574	return(0);
575	}
576	if (!ssl_cert_inst(&ctx->cert))
577	{
578	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
579	return(0);
580	}
581	if ((pkey=EVP_PKEY_new()) == NULL)
582	{
583	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
584	return(0);
585	}
586
587	RSA_up_ref(rsa);
588	EVP_PKEY_assign_RSA(pkey,rsa);
589
590	ret=ssl_set_pkey(ctx->cert, pkey);
591	EVP_PKEY_free(pkey);
592	return(ret);
593	}
594
595	#ifndef OPENSSL_NO_STDIO
596	int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX ctx, const char file, int type)
597	{
598	int j,ret=0;
599	BIO *in;
600	RSA *rsa=NULL;
601
602	in=BIO_new(BIO_s_file_internal());
603	if (in == NULL)
604	{
605	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
606	goto end;
607	}
608
609	if (BIO_read_filename(in,file) <= 0)
610	{
611	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
612	goto end;
613	}
614	if (type == SSL_FILETYPE_ASN1)
615	{
616	j=ERR_R_ASN1_LIB;
617	rsa=d2i_RSAPrivateKey_bio(in,NULL);
618	}
619	else if (type == SSL_FILETYPE_PEM)
620	{
621	j=ERR_R_PEM_LIB;
622	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
623	ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
624	}
625	else
626	{
627	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
628	goto end;
629	}
630	if (rsa == NULL)
631	{
632	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
633	goto end;
634	}
635	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
636	RSA_free(rsa);
637	end:
638	if (in != NULL) BIO_free(in);
639	return(ret);
640	}
641	#endif
642
643	int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX ctx, unsigned char d, long len)
644	{
645	int ret;
646	const unsigned char *p;
647	RSA *rsa;
648
649	p=d;
650	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
651	{
652	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
653	return(0);
654	}
655
656	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
657	RSA_free(rsa);
658	return(ret);
659	}
660	#endif /* !OPENSSL_NO_RSA */
661
662	int SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY pkey)
663	{
664	if (pkey == NULL)
665	{
666	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
667	return(0);
668	}
669	if (!ssl_cert_inst(&ctx->cert))
670	{
671	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
672	return(0);
673	}
674	return(ssl_set_pkey(ctx->cert,pkey));
675	}
676
677	#ifndef OPENSSL_NO_STDIO
678	int SSL_CTX_use_PrivateKey_file(SSL_CTX ctx, const char file, int type)
679	{
680	int j,ret=0;
681	BIO *in;
682	EVP_PKEY *pkey=NULL;
683
684	in=BIO_new(BIO_s_file_internal());
685	if (in == NULL)
686	{
687	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
688	goto end;
689	}
690
691	if (BIO_read_filename(in,file) <= 0)
692	{
693	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
694	goto end;
695	}
696	if (type == SSL_FILETYPE_PEM)
697	{
698	j=ERR_R_PEM_LIB;
699	pkey=PEM_read_bio_PrivateKey(in,NULL,
700	ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
701	}
702	else
703	{
704	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
705	goto end;
706	}
707	if (pkey == NULL)
708	{
709	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
710	goto end;
711	}
712	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
713	EVP_PKEY_free(pkey);
714	end:
715	if (in != NULL) BIO_free(in);
716	return(ret);
717	}
718	#endif
719
720	int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX ctx, unsigned char d,
721	long len)
722	{
723	int ret;
724	unsigned char *p;
725	EVP_PKEY *pkey;
726
727	p=d;
728	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
729	{
730	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
731	return(0);
732	}
733
734	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
735	EVP_PKEY_free(pkey);
736	return(ret);
737	}
738
739
740	#ifndef OPENSSL_NO_STDIO
741	/* Read a file that contains our certificate in "PEM" format,
742	* possibly followed by a sequence of CA certificates that should be
743	* sent to the peer in the Certificate message.
744	*/
745	int SSL_CTX_use_certificate_chain_file(SSL_CTX ctx, const char file)
746	{
747	BIO *in;
748	int ret=0;
749	X509 *x=NULL;
750
751	in=BIO_new(BIO_s_file_internal());
752	if (in == NULL)
753	{
754	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
755	goto end;
756	}
757
758	if (BIO_read_filename(in,file) <= 0)
759	{
760	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
761	goto end;
762	}
763
764	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
765	if (x == NULL)
766	{
767	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
768	goto end;
769	}
770
771	ret=SSL_CTX_use_certificate(ctx,x);
772	if (ERR_peek_error() != 0)
773	ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
774	if (ret)
775	{
776	/* If we could set up our certificate, now proceed to
777	* the CA certificates.
778	*/
779	X509 *ca;
780	int r;
781	unsigned long err;
782
783	if (ctx->extra_certs != NULL)
784	{
785	sk_X509_pop_free(ctx->extra_certs, X509_free);
786	ctx->extra_certs = NULL;
787	}
788
789	while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
790	!= NULL)
791	{
792	r = SSL_CTX_add_extra_chain_cert(ctx, ca);
793	if (!r)
794	{
795	X509_free(ca);
796	ret = 0;
797	goto end;
798	}
799	/* Note that we must not free r if it was successfully
800	* added to the chain (while we must free the main
801	* certificate, since its reference count is increased
802	* by SSL_CTX_use_certificate). */
803	}
804	/* When the while loop ends, it's usually just EOF. */
805	err = ERR_peek_last_error();
806	if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
807	ERR_clear_error();
808	else
809	ret = 0; /* some real error */
810	}
811
812	end:
813	if (x != NULL) X509_free(x);
814	if (in != NULL) BIO_free(in);
815	return(ret);
816	}
817	#endif