1 files changed, 733 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
new file mode 100644
index 0000000000..078df55f06
--- /dev/null
+++ b/src/lib/libssl/ssl_rsa.c
@@ -0,0 +1,733 @@
+/* ssl/ssl_rsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/bio.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+static int ssl_set_cert(CERT *c, X509 *x509);
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
+int
+SSL_use_certificate(SSL *ssl, X509 *x)
+{
+        if (x == NULL) {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
+                return (0);
+        }
+        if (!ssl_cert_inst(&ssl->cert)) {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+                return (0);
+        }
+        return (ssl_set_cert(ssl->cert, x));
+}
+#ifndef OPENSSL_NO_STDIO
+int
+SSL_use_certificate_file(SSL *ssl, const char *file, int type)
+{
+        int j;
+        BIO *in;
+        int ret = 0;
+        X509 *x = NULL;
+        in = BIO_new(BIO_s_file_internal());
+        if (in == NULL) {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+                goto end;
+        }
+        if (BIO_read_filename(in, file) <= 0) {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+                goto end;
+        }
+        if (type == SSL_FILETYPE_ASN1) {
+                j = ERR_R_ASN1_LIB;
+                x = d2i_X509_bio(in, NULL);
+        } else if (type == SSL_FILETYPE_PEM) {
+                j = ERR_R_PEM_LIB;
+                x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
+        } else {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+        }
+        if (x == NULL) {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
+                goto end;
+        }
+        ret = SSL_use_certificate(ssl, x);
+end:
+        if (x != NULL)
+                X509_free(x);
+        if (in != NULL)
+                BIO_free(in);
+        return (ret);
+}
+#endif
+int
+SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
+{
+        X509 *x;
+        int ret;
+        x = d2i_X509(NULL, &d,(long)len);
+        if (x == NULL) {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
+                return (0);
+        }
+        ret = SSL_use_certificate(ssl, x);
+        X509_free(x);
+        return (ret);
+}
+#ifndef OPENSSL_NO_RSA
+int
+SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
+{
+        EVP_PKEY *pkey;
+        int ret;
+        if (rsa == NULL) {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+                return (0);
+        }
+        if (!ssl_cert_inst(&ssl->cert)) {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+                return (0);
+        }
+        if ((pkey = EVP_PKEY_new()) == NULL) {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
+                return (0);
+        }
+        RSA_up_ref(rsa);
+        EVP_PKEY_assign_RSA(pkey, rsa);
+        ret = ssl_set_pkey(ssl->cert, pkey);
+        EVP_PKEY_free(pkey);
+        return (ret);
+}
+#endif
+static int
+ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
+{
+        int i;
+        i = ssl_cert_type(NULL, pkey);
+        if (i < 0) {
+                SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+                return (0);
+        }
+        if (c->pkeys[i].x509 != NULL) {
+                EVP_PKEY *pktmp;
+                pktmp = X509_get_pubkey(c->pkeys[i].x509);
+                EVP_PKEY_copy_parameters(pktmp, pkey);
+                EVP_PKEY_free(pktmp);
+                ERR_clear_error();
+#ifndef OPENSSL_NO_RSA
+                /* Don't check the public/private key, this is mostly
+                 * for smart cards. */
+                if ((pkey->type == EVP_PKEY_RSA) &&
+                        (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
+;
+                else
+#endif
+                if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
+                        X509_free(c->pkeys[i].x509);
+                        c->pkeys[i].x509 = NULL;
+                        return 0;
+                }
+        }
+        if (c->pkeys[i].privatekey != NULL)
+                EVP_PKEY_free(c->pkeys[i].privatekey);
+        CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+        c->pkeys[i].privatekey = pkey;
+        c->key = &(c->pkeys[i]);
+        c->valid = 0;
+        return (1);
+}
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_STDIO
+int
+SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
+{
+        int j, ret = 0;
+        BIO *in;
+        RSA *rsa = NULL;
+        in = BIO_new(BIO_s_file_internal());
+        if (in == NULL) {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
+                goto end;
+        }
+        if (BIO_read_filename(in, file) <= 0) {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
+                goto end;
+        }
+        if (type == SSL_FILETYPE_ASN1) {
+                j = ERR_R_ASN1_LIB;
+                rsa = d2i_RSAPrivateKey_bio(in, NULL);
+        } else if (type == SSL_FILETYPE_PEM) {
+                j = ERR_R_PEM_LIB;
+                rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+                ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
+        } else {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+        }
+        if (rsa == NULL) {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
+                goto end;
+        }
+        ret = SSL_use_RSAPrivateKey(ssl, rsa);
+        RSA_free(rsa);
+end:
+        if (in != NULL)
+                BIO_free(in);
+        return (ret);
+}
+#endif
+int
+SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
+{
+        int ret;
+        const unsigned char *p;
+        RSA *rsa;
+        p = d;
+        if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+                return (0);
+        }
+        ret = SSL_use_RSAPrivateKey(ssl, rsa);
+        RSA_free(rsa);
+        return (ret);
+}
+#endif /* !OPENSSL_NO_RSA */
+int
+SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
+{
+        int ret;
+        if (pkey == NULL) {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+                return (0);
+        }
+        if (!ssl_cert_inst(&ssl->cert)) {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
+                return (0);
+        }
+        ret = ssl_set_pkey(ssl->cert, pkey);
+        return (ret);
+}
+#ifndef OPENSSL_NO_STDIO
+int
+SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
+{
+        int j, ret = 0;
+        BIO *in;
+        EVP_PKEY *pkey = NULL;
+        in = BIO_new(BIO_s_file_internal());
+        if (in == NULL) {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
+                goto end;
+        }
+        if (BIO_read_filename(in, file) <= 0) {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
+                goto end;
+        }
+        if (type == SSL_FILETYPE_PEM) {
+                j = ERR_R_PEM_LIB;
+                pkey = PEM_read_bio_PrivateKey(in, NULL,
+                ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
+        } else if (type == SSL_FILETYPE_ASN1) {
+                j = ERR_R_ASN1_LIB;
+                pkey = d2i_PrivateKey_bio(in, NULL);
+        } else {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+        }
+        if (pkey == NULL) {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
+                goto end;
+        }
+        ret = SSL_use_PrivateKey(ssl, pkey);
+        EVP_PKEY_free(pkey);
+end:
+        if (in != NULL)
+                BIO_free(in);
+        return (ret);
+}
+#endif
+int
+SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
+{
+        int ret;
+        const unsigned char *p;
+        EVP_PKEY *pkey;
+        p = d;
+        if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+                return (0);
+        }
+        ret = SSL_use_PrivateKey(ssl, pkey);
+        EVP_PKEY_free(pkey);
+        return (ret);
+}
+int
+SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
+{
+        if (x == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
+                return (0);
+        }
+        if (!ssl_cert_inst(&ctx->cert)) {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+                return (0);
+        }
+        return (ssl_set_cert(ctx->cert, x));
+}
+static int
+ssl_set_cert(CERT *c, X509 *x)
+{
+        EVP_PKEY *pkey;
+        int i;
+        pkey = X509_get_pubkey(x);
+        if (pkey == NULL) {
+                SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
+                return (0);
+        }
+        i = ssl_cert_type(x, pkey);
+        if (i < 0) {
+                SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+                EVP_PKEY_free(pkey);
+                return (0);
+        }
+        if (c->pkeys[i].privatekey != NULL) {
+                EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
+                ERR_clear_error();
+#ifndef OPENSSL_NO_RSA
+                /* Don't check the public/private key, this is mostly
+                 * for smart cards. */
+                if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
+                        (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
+                RSA_METHOD_FLAG_NO_CHECK))
+;
+                else
+#endif /* OPENSSL_NO_RSA */
+                if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
+                        /* don't fail for a cert/key mismatch, just free
+                         * current private key (when switching to a different
+                         * cert & key, first this function should be used,
+                         * then ssl_set_pkey */
+                        EVP_PKEY_free(c->pkeys[i].privatekey);
+                        c->pkeys[i].privatekey = NULL;
+                        /* clear error queue */
+                        ERR_clear_error();
+                }
+        }
+        EVP_PKEY_free(pkey);
+        if (c->pkeys[i].x509 != NULL)
+                X509_free(c->pkeys[i].x509);
+        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+        c->pkeys[i].x509 = x;
+        c->key = &(c->pkeys[i]);
+        c->valid = 0;
+        return (1);
+}
+#ifndef OPENSSL_NO_STDIO
+int
+SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
+{
+        int j;
+        BIO *in;
+        int ret = 0;
+        X509 *x = NULL;
+        in = BIO_new(BIO_s_file_internal());
+        if (in == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+                goto end;
+        }
+        if (BIO_read_filename(in, file) <= 0) {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+                goto end;
+        }
+        if (type == SSL_FILETYPE_ASN1) {
+                j = ERR_R_ASN1_LIB;
+                x = d2i_X509_bio(in, NULL);
+        } else if (type == SSL_FILETYPE_PEM) {
+                j = ERR_R_PEM_LIB;
+                x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
+        } else {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+        }
+        if (x == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
+                goto end;
+        }
+        ret = SSL_CTX_use_certificate(ctx, x);
+end:
+        if (x != NULL)
+                X509_free(x);
+        if (in != NULL)
+                BIO_free(in);
+        return (ret);
+}
+#endif
+int
+SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
+{
+        X509 *x;
+        int ret;
+        x = d2i_X509(NULL, &d,(long)len);
+        if (x == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
+                return (0);
+        }
+        ret = SSL_CTX_use_certificate(ctx, x);
+        X509_free(x);
+        return (ret);
+}
+#ifndef OPENSSL_NO_RSA
+int
+SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
+{
+        int ret;
+        EVP_PKEY *pkey;
+        if (rsa == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+                return (0);
+        }
+        if (!ssl_cert_inst(&ctx->cert)) {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+                return (0);
+        }
+        if ((pkey = EVP_PKEY_new()) == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
+                return (0);
+        }
+        RSA_up_ref(rsa);
+        EVP_PKEY_assign_RSA(pkey, rsa);
+        ret = ssl_set_pkey(ctx->cert, pkey);
+        EVP_PKEY_free(pkey);
+        return (ret);
+}
+#ifndef OPENSSL_NO_STDIO
+int
+SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+        int j, ret = 0;
+        BIO *in;
+        RSA *rsa = NULL;
+        in = BIO_new(BIO_s_file_internal());
+        if (in == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
+                goto end;
+        }
+        if (BIO_read_filename(in, file) <= 0) {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
+                goto end;
+        }
+        if (type == SSL_FILETYPE_ASN1) {
+                j = ERR_R_ASN1_LIB;
+                rsa = d2i_RSAPrivateKey_bio(in, NULL);
+        } else if (type == SSL_FILETYPE_PEM) {
+                j = ERR_R_PEM_LIB;
+                rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+                ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
+        } else {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+        }
+        if (rsa == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
+                goto end;
+        }
+        ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+        RSA_free(rsa);
+end:
+        if (in != NULL)
+                BIO_free(in);
+        return (ret);
+}
+#endif
+int
+SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
+{
+        int ret;
+        const unsigned char *p;
+        RSA *rsa;
+        p = d;
+        if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+                return (0);
+        }
+        ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+        RSA_free(rsa);
+        return (ret);
+}
+#endif /* !OPENSSL_NO_RSA */
+int
+SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
+{
+        if (pkey == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+                return (0);
+        }
+        if (!ssl_cert_inst(&ctx->cert)) {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
+                return (0);
+        }
+        return (ssl_set_pkey(ctx->cert, pkey));
+}
+#ifndef OPENSSL_NO_STDIO
+int
+SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+        int j, ret = 0;
+        BIO *in;
+        EVP_PKEY *pkey = NULL;
+        in = BIO_new(BIO_s_file_internal());
+        if (in == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
+                goto end;
+        }
+        if (BIO_read_filename(in, file) <= 0) {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
+                goto end;
+        }
+        if (type == SSL_FILETYPE_PEM) {
+                j = ERR_R_PEM_LIB;
+                pkey = PEM_read_bio_PrivateKey(in, NULL,
+                ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
+        } else if (type == SSL_FILETYPE_ASN1) {
+                j = ERR_R_ASN1_LIB;
+                pkey = d2i_PrivateKey_bio(in, NULL);
+        } else {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+        }
+        if (pkey == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
+                goto end;
+        }
+        ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+        EVP_PKEY_free(pkey);
+end:
+        if (in != NULL)
+                BIO_free(in);
+        return (ret);
+}
+#endif
+int
+SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
+    long len)
+{
+        int ret;
+        const unsigned char *p;
+        EVP_PKEY *pkey;
+        p = d;
+        if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+                return (0);
+        }
+        ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+        EVP_PKEY_free(pkey);
+        return (ret);
+}
+#ifndef OPENSSL_NO_STDIO
+/* Read a file that contains our certificate in "PEM" format,
+ * possibly followed by a sequence of CA certificates that should be
+ * sent to the peer in the Certificate message.
+ */
+int
+SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+{
+        BIO *in;
+        int ret = 0;
+        X509 *x = NULL;
+        ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
+        in = BIO_new(BIO_s_file_internal());
+        if (in == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
+                goto end;
+        }
+        if (BIO_read_filename(in, file) <= 0) {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
+                goto end;
+        }
+        x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
+        ctx->default_passwd_callback_userdata);
+        if (x == NULL) {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
+                goto end;
+        }
+        ret = SSL_CTX_use_certificate(ctx, x);
+        if (ERR_peek_error() != 0)
+                ret = 0;
+        /* Key/certificate mismatch doesn't imply ret==0 ... */
+        if (ret) {
+                /* If we could set up our certificate, now proceed to
+                 * the CA certificates.
+                 */
+                X509 *ca;
+                int r;
+                unsigned long err;
+                if (ctx->extra_certs != NULL) {
+                        sk_X509_pop_free(ctx->extra_certs, X509_free);
+                        ctx->extra_certs = NULL;
+                }
+                while ((ca = PEM_read_bio_X509(in, NULL,
+                ctx->default_passwd_callback,
+                ctx->default_passwd_callback_userdata))
+                != NULL) {
+                        r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+                        if (!r) {
+                                X509_free(ca);
+                                ret = 0;
+                                goto end;
+                        }
+                        /* Note that we must not free r if it was successfully
+                         * added to the chain (while we must free the main
+                         * certificate, since its reference count is increased
+                         * by SSL_CTX_use_certificate). */
+                }
+                /* When the while loop ends, it's usually just EOF. */
+                err = ERR_peek_last_error();
+                if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
+                        ERR_clear_error();
+                else
+                        ret = 0; /* some real error */
+        }
+end:
+        if (x != NULL)
+                X509_free(x);
+        if (in != NULL)
+                BIO_free(in);
+        return (ret);
+}
+#endif

diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c new file mode 100644 index 0000000000..078df55f06 --- /dev/null +++ b/src/lib/libssl/ssl_rsa.c
@@ -0,0 +1,733 @@
	1	/* ssl/ssl_rsa.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include "ssl_locl.h"
	61	#include <openssl/bio.h>
	62	#include <openssl/objects.h>
	63	#include <openssl/evp.h>
	64	#include <openssl/x509.h>
	65	#include <openssl/pem.h>
	66
	67	static int ssl_set_cert(CERT c, X509 x509);
	68	static int ssl_set_pkey(CERT c, EVP_PKEY pkey);
	69	int
	70	SSL_use_certificate(SSL ssl, X509 x)
	71	{
	72	if (x == NULL) {
	73	SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
	74	return (0);
	75	}
	76	if (!ssl_cert_inst(&ssl->cert)) {
	77	SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
	78	return (0);
	79	}
	80	return (ssl_set_cert(ssl->cert, x));
	81	}
	82
	83	#ifndef OPENSSL_NO_STDIO
	84	int
	85	SSL_use_certificate_file(SSL ssl, const char file, int type)
	86	{
	87	int j;
	88	BIO *in;
	89	int ret = 0;
	90	X509 *x = NULL;
	91
	92	in = BIO_new(BIO_s_file_internal());
	93	if (in == NULL) {
	94	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
	95	goto end;
	96	}
	97
	98	if (BIO_read_filename(in, file) <= 0) {
	99	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
	100	goto end;
	101	}
	102	if (type == SSL_FILETYPE_ASN1) {
	103	j = ERR_R_ASN1_LIB;
	104	x = d2i_X509_bio(in, NULL);
	105	} else if (type == SSL_FILETYPE_PEM) {
	106	j = ERR_R_PEM_LIB;
	107	x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
	108	} else {
	109	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
	110	goto end;
	111	}
	112
	113	if (x == NULL) {
	114	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
	115	goto end;
	116	}
	117
	118	ret = SSL_use_certificate(ssl, x);
	119	end:
	120	if (x != NULL)
	121	X509_free(x);
	122	if (in != NULL)
	123	BIO_free(in);
	124	return (ret);
	125	}
	126	#endif
	127
	128	int
	129	SSL_use_certificate_ASN1(SSL ssl, const unsigned char d, int len)
	130	{
	131	X509 *x;
	132	int ret;
	133
	134	x = d2i_X509(NULL, &d,(long)len);
	135	if (x == NULL) {
	136	SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
	137	return (0);
	138	}
	139
	140	ret = SSL_use_certificate(ssl, x);
	141	X509_free(x);
	142	return (ret);
	143	}
	144
	145	#ifndef OPENSSL_NO_RSA
	146	int
	147	SSL_use_RSAPrivateKey(SSL ssl, RSA rsa)
	148	{
	149	EVP_PKEY *pkey;
	150	int ret;
	151
	152	if (rsa == NULL) {
	153	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
	154	return (0);
	155	}
	156	if (!ssl_cert_inst(&ssl->cert)) {
	157	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
	158	return (0);
	159	}
	160	if ((pkey = EVP_PKEY_new()) == NULL) {
	161	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
	162	return (0);
	163	}
	164
	165	RSA_up_ref(rsa);
	166	EVP_PKEY_assign_RSA(pkey, rsa);
	167
	168	ret = ssl_set_pkey(ssl->cert, pkey);
	169	EVP_PKEY_free(pkey);
	170	return (ret);
	171	}
	172	#endif
	173
	174	static int
	175	ssl_set_pkey(CERT c, EVP_PKEY pkey)
	176	{
	177	int i;
	178
	179	i = ssl_cert_type(NULL, pkey);
	180	if (i < 0) {
	181	SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
	182	return (0);
	183	}
	184
	185	if (c->pkeys[i].x509 != NULL) {
	186	EVP_PKEY *pktmp;
	187	pktmp = X509_get_pubkey(c->pkeys[i].x509);
	188	EVP_PKEY_copy_parameters(pktmp, pkey);
	189	EVP_PKEY_free(pktmp);
	190	ERR_clear_error();
	191
	192	#ifndef OPENSSL_NO_RSA
	193	/* Don't check the public/private key, this is mostly
	194	* for smart cards. */
	195	if ((pkey->type == EVP_PKEY_RSA) &&
	196	(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
	197	;
	198	else
	199	#endif
	200	if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
	201	X509_free(c->pkeys[i].x509);
	202	c->pkeys[i].x509 = NULL;
	203	return 0;
	204	}
	205	}
	206
	207	if (c->pkeys[i].privatekey != NULL)
	208	EVP_PKEY_free(c->pkeys[i].privatekey);
	209	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
	210	c->pkeys[i].privatekey = pkey;
	211	c->key = &(c->pkeys[i]);
	212
	213	c->valid = 0;
	214	return (1);
	215	}
	216
	217	#ifndef OPENSSL_NO_RSA
	218	#ifndef OPENSSL_NO_STDIO
	219	int
	220	SSL_use_RSAPrivateKey_file(SSL ssl, const char file, int type)
	221	{
	222	int j, ret = 0;
	223	BIO *in;
	224	RSA *rsa = NULL;
	225
	226	in = BIO_new(BIO_s_file_internal());
	227	if (in == NULL) {
	228	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
	229	goto end;
	230	}
	231
	232	if (BIO_read_filename(in, file) <= 0) {
	233	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
	234	goto end;
	235	}
	236	if (type == SSL_FILETYPE_ASN1) {
	237	j = ERR_R_ASN1_LIB;
	238	rsa = d2i_RSAPrivateKey_bio(in, NULL);
	239	} else if (type == SSL_FILETYPE_PEM) {
	240	j = ERR_R_PEM_LIB;
	241	rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
	242	ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
	243	} else {
	244	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
	245	goto end;
	246	}
	247	if (rsa == NULL) {
	248	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
	249	goto end;
	250	}
	251	ret = SSL_use_RSAPrivateKey(ssl, rsa);
	252	RSA_free(rsa);
	253	end:
	254	if (in != NULL)
	255	BIO_free(in);
	256	return (ret);
	257	}
	258	#endif
	259
	260	int
	261	SSL_use_RSAPrivateKey_ASN1(SSL ssl, unsigned char d, long len)
	262	{
	263	int ret;
	264	const unsigned char *p;
	265	RSA *rsa;
	266
	267	p = d;
	268	if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
	269	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
	270	return (0);
	271	}
	272
	273	ret = SSL_use_RSAPrivateKey(ssl, rsa);
	274	RSA_free(rsa);
	275	return (ret);
	276	}
	277	#endif /* !OPENSSL_NO_RSA */
	278
	279	int
	280	SSL_use_PrivateKey(SSL ssl, EVP_PKEY pkey)
	281	{
	282	int ret;
	283
	284	if (pkey == NULL) {
	285	SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
	286	return (0);
	287	}
	288	if (!ssl_cert_inst(&ssl->cert)) {
	289	SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
	290	return (0);
	291	}
	292	ret = ssl_set_pkey(ssl->cert, pkey);
	293	return (ret);
	294	}
	295
	296	#ifndef OPENSSL_NO_STDIO
	297	int
	298	SSL_use_PrivateKey_file(SSL ssl, const char file, int type)
	299	{
	300	int j, ret = 0;
	301	BIO *in;
	302	EVP_PKEY *pkey = NULL;
	303
	304	in = BIO_new(BIO_s_file_internal());
	305	if (in == NULL) {
	306	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
	307	goto end;
	308	}
	309
	310	if (BIO_read_filename(in, file) <= 0) {
	311	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
	312	goto end;
	313	}
	314	if (type == SSL_FILETYPE_PEM) {
	315	j = ERR_R_PEM_LIB;
	316	pkey = PEM_read_bio_PrivateKey(in, NULL,
	317	ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
	318	} else if (type == SSL_FILETYPE_ASN1) {
	319	j = ERR_R_ASN1_LIB;
	320	pkey = d2i_PrivateKey_bio(in, NULL);
	321	} else {
	322	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
	323	goto end;
	324	}
	325	if (pkey == NULL) {
	326	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
	327	goto end;
	328	}
	329	ret = SSL_use_PrivateKey(ssl, pkey);
	330	EVP_PKEY_free(pkey);
	331	end:
	332	if (in != NULL)
	333	BIO_free(in);
	334	return (ret);
	335	}
	336	#endif
	337
	338	int
	339	SSL_use_PrivateKey_ASN1(int type, SSL ssl, const unsigned char d, long len)
	340	{
	341	int ret;
	342	const unsigned char *p;
	343	EVP_PKEY *pkey;
	344
	345	p = d;
	346	if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
	347	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
	348	return (0);
	349	}
	350
	351	ret = SSL_use_PrivateKey(ssl, pkey);
	352	EVP_PKEY_free(pkey);
	353	return (ret);
	354	}
	355
	356	int
	357	SSL_CTX_use_certificate(SSL_CTX ctx, X509 x)
	358	{
	359	if (x == NULL) {
	360	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
	361	return (0);
	362	}
	363	if (!ssl_cert_inst(&ctx->cert)) {
	364	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
	365	return (0);
	366	}
	367	return (ssl_set_cert(ctx->cert, x));
	368	}
	369
	370	static int
	371	ssl_set_cert(CERT c, X509 x)
	372	{
	373	EVP_PKEY *pkey;
	374	int i;
	375
	376	pkey = X509_get_pubkey(x);
	377	if (pkey == NULL) {
	378	SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
	379	return (0);
	380	}
	381
	382	i = ssl_cert_type(x, pkey);
	383	if (i < 0) {
	384	SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
	385	EVP_PKEY_free(pkey);
	386	return (0);
	387	}
	388
	389	if (c->pkeys[i].privatekey != NULL) {
	390	EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
	391	ERR_clear_error();
	392
	393	#ifndef OPENSSL_NO_RSA
	394	/* Don't check the public/private key, this is mostly
	395	* for smart cards. */
	396	if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
	397	(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
	398	RSA_METHOD_FLAG_NO_CHECK))
	399	;
	400	else
	401	#endif /* OPENSSL_NO_RSA */
	402	if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
	403	/* don't fail for a cert/key mismatch, just free
	404	* current private key (when switching to a different
	405	* cert & key, first this function should be used,
	406	* then ssl_set_pkey */
	407	EVP_PKEY_free(c->pkeys[i].privatekey);
	408	c->pkeys[i].privatekey = NULL;
	409	/* clear error queue */
	410	ERR_clear_error();
	411	}
	412	}
	413
	414	EVP_PKEY_free(pkey);
	415
	416	if (c->pkeys[i].x509 != NULL)
	417	X509_free(c->pkeys[i].x509);
	418	CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
	419	c->pkeys[i].x509 = x;
	420	c->key = &(c->pkeys[i]);
	421
	422	c->valid = 0;
	423	return (1);
	424	}
	425
	426	#ifndef OPENSSL_NO_STDIO
	427	int
	428	SSL_CTX_use_certificate_file(SSL_CTX ctx, const char file, int type)
	429	{
	430	int j;
	431	BIO *in;
	432	int ret = 0;
	433	X509 *x = NULL;
	434
	435	in = BIO_new(BIO_s_file_internal());
	436	if (in == NULL) {
	437	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
	438	goto end;
	439	}
	440
	441	if (BIO_read_filename(in, file) <= 0) {
	442	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
	443	goto end;
	444	}
	445	if (type == SSL_FILETYPE_ASN1) {
	446	j = ERR_R_ASN1_LIB;
	447	x = d2i_X509_bio(in, NULL);
	448	} else if (type == SSL_FILETYPE_PEM) {
	449	j = ERR_R_PEM_LIB;
	450	x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
	451	} else {
	452	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
	453	goto end;
	454	}
	455
	456	if (x == NULL) {
	457	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
	458	goto end;
	459	}
	460
	461	ret = SSL_CTX_use_certificate(ctx, x);
	462	end:
	463	if (x != NULL)
	464	X509_free(x);
	465	if (in != NULL)
	466	BIO_free(in);
	467	return (ret);
	468	}
	469	#endif
	470
	471	int
	472	SSL_CTX_use_certificate_ASN1(SSL_CTX ctx, int len, const unsigned char d)
	473	{
	474	X509 *x;
	475	int ret;
	476
	477	x = d2i_X509(NULL, &d,(long)len);
	478	if (x == NULL) {
	479	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
	480	return (0);
	481	}
	482
	483	ret = SSL_CTX_use_certificate(ctx, x);
	484	X509_free(x);
	485	return (ret);
	486	}
	487
	488	#ifndef OPENSSL_NO_RSA
	489	int
	490	SSL_CTX_use_RSAPrivateKey(SSL_CTX ctx, RSA rsa)
	491	{
	492	int ret;
	493	EVP_PKEY *pkey;
	494
	495	if (rsa == NULL) {
	496	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
	497	return (0);
	498	}
	499	if (!ssl_cert_inst(&ctx->cert)) {
	500	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
	501	return (0);
	502	}
	503	if ((pkey = EVP_PKEY_new()) == NULL) {
	504	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
	505	return (0);
	506	}
	507
	508	RSA_up_ref(rsa);
	509	EVP_PKEY_assign_RSA(pkey, rsa);
	510
	511	ret = ssl_set_pkey(ctx->cert, pkey);
	512	EVP_PKEY_free(pkey);
	513	return (ret);
	514	}
	515
	516	#ifndef OPENSSL_NO_STDIO
	517	int
	518	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX ctx, const char file, int type)
	519	{
	520	int j, ret = 0;
	521	BIO *in;
	522	RSA *rsa = NULL;
	523
	524	in = BIO_new(BIO_s_file_internal());
	525	if (in == NULL) {
	526	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
	527	goto end;
	528	}
	529
	530	if (BIO_read_filename(in, file) <= 0) {
	531	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
	532	goto end;
	533	}
	534	if (type == SSL_FILETYPE_ASN1) {
	535	j = ERR_R_ASN1_LIB;
	536	rsa = d2i_RSAPrivateKey_bio(in, NULL);
	537	} else if (type == SSL_FILETYPE_PEM) {
	538	j = ERR_R_PEM_LIB;
	539	rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
	540	ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
	541	} else {
	542	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
	543	goto end;
	544	}
	545	if (rsa == NULL) {
	546	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
	547	goto end;
	548	}
	549	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
	550	RSA_free(rsa);
	551	end:
	552	if (in != NULL)
	553	BIO_free(in);
	554	return (ret);
	555	}
	556	#endif
	557
	558	int
	559	SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX ctx, const unsigned char d, long len)
	560	{
	561	int ret;
	562	const unsigned char *p;
	563	RSA *rsa;
	564
	565	p = d;
	566	if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
	567	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
	568	return (0);
	569	}
	570
	571	ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
	572	RSA_free(rsa);
	573	return (ret);
	574	}
	575	#endif /* !OPENSSL_NO_RSA */
	576
	577	int
	578	SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY pkey)
	579	{
	580	if (pkey == NULL) {
	581	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
	582	return (0);
	583	}
	584	if (!ssl_cert_inst(&ctx->cert)) {
	585	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
	586	return (0);
	587	}
	588	return (ssl_set_pkey(ctx->cert, pkey));
	589	}
	590
	591	#ifndef OPENSSL_NO_STDIO
	592	int
	593	SSL_CTX_use_PrivateKey_file(SSL_CTX ctx, const char file, int type)
	594	{
	595	int j, ret = 0;
	596	BIO *in;
	597	EVP_PKEY *pkey = NULL;
	598
	599	in = BIO_new(BIO_s_file_internal());
	600	if (in == NULL) {
	601	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
	602	goto end;
	603	}
	604
	605	if (BIO_read_filename(in, file) <= 0) {
	606	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
	607	goto end;
	608	}
	609	if (type == SSL_FILETYPE_PEM) {
	610	j = ERR_R_PEM_LIB;
	611	pkey = PEM_read_bio_PrivateKey(in, NULL,
	612	ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
	613	} else if (type == SSL_FILETYPE_ASN1) {
	614	j = ERR_R_ASN1_LIB;
	615	pkey = d2i_PrivateKey_bio(in, NULL);
	616	} else {
	617	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
	618	goto end;
	619	}
	620	if (pkey == NULL) {
	621	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
	622	goto end;
	623	}
	624	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
	625	EVP_PKEY_free(pkey);
	626	end:
	627	if (in != NULL)
	628	BIO_free(in);
	629	return (ret);
	630	}
	631	#endif
	632
	633	int
	634	SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX ctx, const unsigned char d,
	635	long len)
	636	{
	637	int ret;
	638	const unsigned char *p;
	639	EVP_PKEY *pkey;
	640
	641	p = d;
	642	if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
	643	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
	644	return (0);
	645	}
	646
	647	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
	648	EVP_PKEY_free(pkey);
	649	return (ret);
	650	}
	651
	652
	653	#ifndef OPENSSL_NO_STDIO
	654	/* Read a file that contains our certificate in "PEM" format,
	655	* possibly followed by a sequence of CA certificates that should be
	656	* sent to the peer in the Certificate message.
	657	*/
	658	int
	659	SSL_CTX_use_certificate_chain_file(SSL_CTX ctx, const char file)
	660	{
	661	BIO *in;
	662	int ret = 0;
	663	X509 *x = NULL;
	664
	665	ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
	666
	667	in = BIO_new(BIO_s_file_internal());
	668	if (in == NULL) {
	669	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
	670	goto end;
	671	}
	672
	673	if (BIO_read_filename(in, file) <= 0) {
	674	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
	675	goto end;
	676	}
	677
	678	x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
	679	ctx->default_passwd_callback_userdata);
	680	if (x == NULL) {
	681	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
	682	goto end;
	683	}
	684
	685	ret = SSL_CTX_use_certificate(ctx, x);
	686
	687	if (ERR_peek_error() != 0)
	688	ret = 0;
	689	/* Key/certificate mismatch doesn't imply ret==0 ... */
	690	if (ret) {
	691	/* If we could set up our certificate, now proceed to
	692	* the CA certificates.
	693	*/
	694	X509 *ca;
	695	int r;
	696	unsigned long err;
	697
	698	if (ctx->extra_certs != NULL) {
	699	sk_X509_pop_free(ctx->extra_certs, X509_free);
	700	ctx->extra_certs = NULL;
	701	}
	702
	703	while ((ca = PEM_read_bio_X509(in, NULL,
	704	ctx->default_passwd_callback,
	705	ctx->default_passwd_callback_userdata))
	706	!= NULL) {
	707	r = SSL_CTX_add_extra_chain_cert(ctx, ca);
	708	if (!r) {
	709	X509_free(ca);
	710	ret = 0;
	711	goto end;
	712	}
	713	/* Note that we must not free r if it was successfully
	714	* added to the chain (while we must free the main
	715	* certificate, since its reference count is increased
	716	* by SSL_CTX_use_certificate). */
	717	}
	718	/* When the while loop ends, it's usually just EOF. */
	719	err = ERR_peek_last_error();
	720	if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
	721	ERR_clear_error();
	722	else
	723	ret = 0; /* some real error */
	724	}
	725
	726	end:
	727	if (x != NULL)
	728	X509_free(x);
	729	if (in != NULL)
	730	BIO_free(in);
	731	return (ret);
	732	}
	733	#endif