1 files changed, 831 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
new file mode 100644
index 0000000000..140475e5fb
--- /dev/null
+++ b/src/lib/libssl/ssl_rsa.c
@@ -0,0 +1,831 @@
+/* ssl/ssl_rsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "bio.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl_locl.h"
+#ifndef NOPROTO
+static int ssl_set_cert(CERT *c, X509 *x509);
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
+#else
+static int ssl_set_cert();
+static int ssl_set_pkey();
+#endif
+int SSL_use_certificate(ssl, x)
+SSL *ssl;
+X509 *x;
+        {
+        CERT *c;
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
+                ssl->cert=c;
+                }
+        c=ssl->cert;
+        return(ssl_set_cert(c,x));
+        }
+#ifndef NO_STDIO
+int SSL_use_certificate_file(ssl, file, type)
+SSL *ssl;
+char *file;
+int type;
+        {
+        int j;
+        BIO *in;
+        int ret=0;
+        X509 *x=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                x=d2i_X509_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
+                goto end;
+                }
+        ret=SSL_use_certificate(ssl,x);
+end:
+        if (x != NULL) X509_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_use_certificate_ASN1(ssl, len, d)
+SSL *ssl;
+int len;
+unsigned char *d;
+        {
+        X509 *x;
+        int ret;
+        x=d2i_X509(NULL,&d,(long)len);
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_use_certificate(ssl,x);
+        X509_free(x);
+        return(ret);
+        }
+#ifndef NO_RSA
+int SSL_use_RSAPrivateKey(ssl, rsa)
+SSL *ssl;
+RSA *rsa;
+        {
+        CERT *c;
+        EVP_PKEY *pkey;
+        int ret;
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
+                ssl->cert=c;
+                }
+        c=ssl->cert;
+        if ((pkey=EVP_PKEY_new()) == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
+                return(0);
+                }
+        CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+        EVP_PKEY_assign_RSA(pkey,rsa);
+        ret=ssl_set_pkey(c,pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
+#endif
+static int ssl_set_pkey(c,pkey)
+CERT *c;
+EVP_PKEY *pkey;
+        {
+        int i,ok=0,bad=0;
+        i=ssl_cert_type(NULL,pkey);
+        if (i < 0)
+                {
+                SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+                return(0);
+                }
+        if (c->pkeys[i].x509 != NULL)
+                {
+#ifndef NO_RSA
+                /* Don't check the public/private key, this is mostly
+                 * for smart cards. */
+                if ((pkey->type == EVP_PKEY_RSA) &&
+                        (RSA_flags(pkey->pkey.rsa) &
+                         RSA_METHOD_FLAG_NO_CHECK))
+                         ok=1;
+                else
+#endif
+                        if (!X509_check_private_key(c->pkeys[i].x509,pkey))
+                        {
+                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
+                                {
+                                i=(i == SSL_PKEY_DH_RSA)?
+                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
+                                if (c->pkeys[i].x509 == NULL)
+                                        ok=1;
+                                else
+                                        {
+                                        if (!X509_check_private_key(
+                                                c->pkeys[i].x509,pkey))
+                                                bad=1;
+                                        else
+                                                ok=1;
+                                        }
+                                }
+                        else
+                                bad=1;
+                        }
+                else
+                        ok=1;
+                }
+        else
+                ok=1;
+        if (bad)
+                {
+                X509_free(c->pkeys[i].x509);
+                c->pkeys[i].x509=NULL;
+                return(0);
+                }
+        if (c->pkeys[i].privatekey != NULL)
+                EVP_PKEY_free(c->pkeys[i].privatekey);
+        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        c->pkeys[i].privatekey=pkey;
+        c->key= &(c->pkeys[i]);
+        c->valid=0;
+        return(1);
+        }
+#ifndef NO_RSA
+#ifndef NO_STDIO
+int SSL_use_RSAPrivateKey_file(ssl, file, type)
+SSL *ssl;
+char *file;
+int type;
+        {
+        int j,ret=0;
+        BIO *in;
+        RSA *rsa=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if      (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                rsa=d2i_RSAPrivateKey_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+                        ssl->ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_use_RSAPrivateKey(ssl,rsa);
+        RSA_free(rsa);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_use_RSAPrivateKey_ASN1(ssl,d,len)
+SSL *ssl;
+unsigned char *d;
+long len;
+        {
+        int ret;
+        unsigned char *p;
+        RSA *rsa;
+        p=d;
+        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_use_RSAPrivateKey(ssl,rsa);
+        RSA_free(rsa);
+        return(ret);
+        }
+#endif /* !NO_RSA */
+int SSL_use_PrivateKey(ssl, pkey)
+SSL *ssl;
+EVP_PKEY *pkey;
+        {
+        CERT *c;
+        int ret;
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
+                ssl->cert=c;
+                }
+        c=ssl->cert;
+        ret=ssl_set_pkey(c,pkey);
+        return(ret);
+        }
+#ifndef NO_STDIO
+int SSL_use_PrivateKey_file(ssl, file, type)
+SSL *ssl;
+char *file;
+int type;
+        {
+        int j,ret=0;
+        BIO *in;
+        EVP_PKEY *pkey=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                pkey=PEM_read_bio_PrivateKey(in,NULL,
+                        ssl->ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_use_PrivateKey(ssl,pkey);
+        EVP_PKEY_free(pkey);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_use_PrivateKey_ASN1(type,ssl,d,len)
+int type;
+SSL *ssl;
+unsigned char *d;
+long len;
+        {
+        int ret;
+        unsigned char *p;
+        EVP_PKEY *pkey;
+        p=d;
+        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_use_PrivateKey(ssl,pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
+int SSL_CTX_use_certificate(ctx, x)
+SSL_CTX *ctx;
+X509 *x;
+        {
+        CERT *c;
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (ctx->default_cert == NULL)
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                ctx->default_cert=c;
+                }
+        c=ctx->default_cert;
+        return(ssl_set_cert(c,x));
+        }
+static int ssl_set_cert(c,x)
+CERT *c;
+X509 *x;
+        {
+        EVP_PKEY *pkey;
+        int i,ok=0,bad=0;
+        pkey=X509_get_pubkey(x);
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
+                return(0);
+                }
+        i=ssl_cert_type(x,pkey);
+        if (i < 0)
+                {
+                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+                return(0);
+                }
+        if (c->pkeys[i].privatekey != NULL)
+                {
+                if (!X509_check_private_key(x,c->pkeys[i].privatekey))
+                        {
+                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
+                                {
+                                i=(i == SSL_PKEY_DH_RSA)?
+                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
+                                if (c->pkeys[i].privatekey == NULL)
+                                        ok=1;
+                                else
+                                        {
+                                        if (!X509_check_private_key(x,
+                                                c->pkeys[i].privatekey))
+                                                bad=1;
+                                        else
+                                                ok=1;
+                                        }
+                                }
+                        else
+                                bad=1;
+                        }
+                else
+                        ok=1;
+                }
+        else
+                ok=1;
+        if (bad)
+                {
+                EVP_PKEY_free(c->pkeys[i].privatekey);
+                c->pkeys[i].privatekey=NULL;
+                }
+        if (c->pkeys[i].x509 != NULL)
+                X509_free(c->pkeys[i].x509);
+        CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+        c->pkeys[i].x509=x;
+        c->key= &(c->pkeys[i]);
+        c->valid=0;
+        return(1);
+        }
+#ifndef NO_STDIO
+int SSL_CTX_use_certificate_file(ctx, file, type)
+SSL_CTX *ctx;
+char *file;
+int type;
+        {
+        int j;
+        BIO *in;
+        int ret=0;
+        X509 *x=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                x=d2i_X509_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
+                goto end;
+                }
+        ret=SSL_CTX_use_certificate(ctx,x);
+end:
+        if (x != NULL) X509_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_CTX_use_certificate_ASN1(ctx, len, d)
+SSL_CTX *ctx;
+int len;
+unsigned char *d;
+        {
+        X509 *x;
+        int ret;
+        x=d2i_X509(NULL,&d,(long)len);
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_CTX_use_certificate(ctx,x);
+        X509_free(x);
+        return(ret);
+        }
+#ifndef NO_RSA
+int SSL_CTX_use_RSAPrivateKey(ctx, rsa)
+SSL_CTX *ctx;
+RSA *rsa;
+        {
+        int ret;
+        CERT *c;
+        EVP_PKEY *pkey;
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if (ctx->default_cert == NULL)
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                ctx->default_cert=c;
+                }
+        c=ctx->default_cert;
+        if ((pkey=EVP_PKEY_new()) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
+                return(0);
+                }
+        CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+        EVP_PKEY_assign_RSA(pkey,rsa);
+        ret=ssl_set_pkey(c,pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }
+#ifndef NO_STDIO
+int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type)
+SSL_CTX *ctx;
+char *file;
+int type;
+        {
+        int j,ret=0;
+        BIO *in;
+        RSA *rsa=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if      (type == SSL_FILETYPE_ASN1)
+                {
+                j=ERR_R_ASN1_LIB;
+                rsa=d2i_RSAPrivateKey_bio(in,NULL);
+                }
+        else if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+                        ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (rsa == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
+        RSA_free(rsa);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len)
+SSL_CTX *ctx;
+unsigned char *d;
+long len;
+        {
+        int ret;
+        unsigned char *p;
+        RSA *rsa;
+        p=d;
+        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
+        RSA_free(rsa);
+        return(ret);
+        }
+#endif /* !NO_RSA */
+int SSL_CTX_use_PrivateKey(ctx, pkey)
+SSL_CTX *ctx;
+EVP_PKEY *pkey;
+        {
+        CERT *c;
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+                
+        if (ctx->default_cert == NULL)
+                {
+                c=ssl_cert_new();
+                if (c == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                ctx->default_cert=c;
+                }
+        c=ctx->default_cert;
+        return(ssl_set_pkey(c,pkey));
+        }
+#ifndef NO_STDIO
+int SSL_CTX_use_PrivateKey_file(ctx, file, type)
+SSL_CTX *ctx;
+char *file;
+int type;
+        {
+        int j,ret=0;
+        BIO *in;
+        EVP_PKEY *pkey=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        if (type == SSL_FILETYPE_PEM)
+                {
+                j=ERR_R_PEM_LIB;
+                pkey=PEM_read_bio_PrivateKey(in,NULL,
+                        ctx->default_passwd_callback);
+                }
+        else
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+                goto end;
+                }
+        if (pkey == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
+                goto end;
+                }
+        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
+        EVP_PKEY_free(pkey);
+end:
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
+int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len)
+int type;
+SSL_CTX *ctx;
+unsigned char *d;
+long len;
+        {
+        int ret;
+        unsigned char *p;
+        EVP_PKEY *pkey;
+        p=d;
+        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+                return(0);
+                }
+        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
+        EVP_PKEY_free(pkey);
+        return(ret);
+        }

diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c new file mode 100644 index 0000000000..140475e5fb --- /dev/null +++ b/src/lib/libssl/ssl_rsa.c
@@ -0,0 +1,831 @@
	1	/* ssl/ssl_rsa.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include "bio.h"
	61	#include "objects.h"
	62	#include "evp.h"
	63	#include "x509.h"
	64	#include "pem.h"
	65	#include "ssl_locl.h"
	66
	67	#ifndef NOPROTO
	68	static int ssl_set_cert(CERT c, X509 x509);
	69	static int ssl_set_pkey(CERT c, EVP_PKEY pkey);
	70	#else
	71	static int ssl_set_cert();
	72	static int ssl_set_pkey();
	73	#endif
	74
	75	int SSL_use_certificate(ssl, x)
	76	SSL *ssl;
	77	X509 *x;
	78	{
	79	CERT *c;
	80
	81	if (x == NULL)
	82	{
	83	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
	84	return(0);
	85	}
	86	if ((ssl->cert == NULL) \|\| (ssl->cert == ssl->ctx->default_cert))
	87	{
	88	c=ssl_cert_new();
	89	if (c == NULL)
	90	{
	91	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
	92	return(0);
	93	}
	94	if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
	95	ssl->cert=c;
	96	}
	97	c=ssl->cert;
	98
	99	return(ssl_set_cert(c,x));
	100	}
	101
	102	#ifndef NO_STDIO
	103	int SSL_use_certificate_file(ssl, file, type)
	104	SSL *ssl;
	105	char *file;
	106	int type;
	107	{
	108	int j;
	109	BIO *in;
	110	int ret=0;
	111	X509 *x=NULL;
	112
	113	in=BIO_new(BIO_s_file_internal());
	114	if (in == NULL)
	115	{
	116	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
	117	goto end;
	118	}
	119
	120	if (BIO_read_filename(in,file) <= 0)
	121	{
	122	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
	123	goto end;
	124	}
	125	if (type == SSL_FILETYPE_ASN1)
	126	{
	127	j=ERR_R_ASN1_LIB;
	128	x=d2i_X509_bio(in,NULL);
	129	}
	130	else if (type == SSL_FILETYPE_PEM)
	131	{
	132	j=ERR_R_PEM_LIB;
	133	x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback);
	134	}
	135	else
	136	{
	137	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
	138	goto end;
	139	}
	140
	141	if (x == NULL)
	142	{
	143	SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
	144	goto end;
	145	}
	146
	147	ret=SSL_use_certificate(ssl,x);
	148	end:
	149	if (x != NULL) X509_free(x);
	150	if (in != NULL) BIO_free(in);
	151	return(ret);
	152	}
	153	#endif
	154
	155	int SSL_use_certificate_ASN1(ssl, len, d)
	156	SSL *ssl;
	157	int len;
	158	unsigned char *d;
	159	{
	160	X509 *x;
	161	int ret;
	162
	163	x=d2i_X509(NULL,&d,(long)len);
	164	if (x == NULL)
	165	{
	166	SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
	167	return(0);
	168	}
	169
	170	ret=SSL_use_certificate(ssl,x);
	171	X509_free(x);
	172	return(ret);
	173	}
	174
	175	#ifndef NO_RSA
	176	int SSL_use_RSAPrivateKey(ssl, rsa)
	177	SSL *ssl;
	178	RSA *rsa;
	179	{
	180	CERT *c;
	181	EVP_PKEY *pkey;
	182	int ret;
	183
	184	if (rsa == NULL)
	185	{
	186	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
	187	return(0);
	188	}
	189
	190	if ((ssl->cert == NULL) \|\| (ssl->cert == ssl->ctx->default_cert))
	191	{
	192	c=ssl_cert_new();
	193	if (c == NULL)
	194	{
	195	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
	196	return(0);
	197	}
	198	if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
	199	ssl->cert=c;
	200	}
	201	c=ssl->cert;
	202	if ((pkey=EVP_PKEY_new()) == NULL)
	203	{
	204	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
	205	return(0);
	206	}
	207
	208	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
	209	EVP_PKEY_assign_RSA(pkey,rsa);
	210
	211	ret=ssl_set_pkey(c,pkey);
	212	EVP_PKEY_free(pkey);
	213	return(ret);
	214	}
	215	#endif
	216
	217	static int ssl_set_pkey(c,pkey)
	218	CERT *c;
	219	EVP_PKEY *pkey;
	220	{
	221	int i,ok=0,bad=0;
	222
	223	i=ssl_cert_type(NULL,pkey);
	224	if (i < 0)
	225	{
	226	SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
	227	return(0);
	228	}
	229
	230	if (c->pkeys[i].x509 != NULL)
	231	{
	232	#ifndef NO_RSA
	233	/* Don't check the public/private key, this is mostly
	234	* for smart cards. */
	235	if ((pkey->type == EVP_PKEY_RSA) &&
	236	(RSA_flags(pkey->pkey.rsa) &
	237	RSA_METHOD_FLAG_NO_CHECK))
	238	ok=1;
	239	else
	240	#endif
	241	if (!X509_check_private_key(c->pkeys[i].x509,pkey))
	242	{
	243	if ((i == SSL_PKEY_DH_RSA) \|\| (i == SSL_PKEY_DH_DSA))
	244	{
	245	i=(i == SSL_PKEY_DH_RSA)?
	246	SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
	247
	248	if (c->pkeys[i].x509 == NULL)
	249	ok=1;
	250	else
	251	{
	252	if (!X509_check_private_key(
	253	c->pkeys[i].x509,pkey))
	254	bad=1;
	255	else
	256	ok=1;
	257	}
	258	}
	259	else
	260	bad=1;
	261	}
	262	else
	263	ok=1;
	264	}
	265	else
	266	ok=1;
	267
	268	if (bad)
	269	{
	270	X509_free(c->pkeys[i].x509);
	271	c->pkeys[i].x509=NULL;
	272	return(0);
	273	}
	274
	275	if (c->pkeys[i].privatekey != NULL)
	276	EVP_PKEY_free(c->pkeys[i].privatekey);
	277	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
	278	c->pkeys[i].privatekey=pkey;
	279	c->key= &(c->pkeys[i]);
	280
	281	c->valid=0;
	282	return(1);
	283	}
	284
	285	#ifndef NO_RSA
	286	#ifndef NO_STDIO
	287	int SSL_use_RSAPrivateKey_file(ssl, file, type)
	288	SSL *ssl;
	289	char *file;
	290	int type;
	291	{
	292	int j,ret=0;
	293	BIO *in;
	294	RSA *rsa=NULL;
	295
	296	in=BIO_new(BIO_s_file_internal());
	297	if (in == NULL)
	298	{
	299	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
	300	goto end;
	301	}
	302
	303	if (BIO_read_filename(in,file) <= 0)
	304	{
	305	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
	306	goto end;
	307	}
	308	if (type == SSL_FILETYPE_ASN1)
	309	{
	310	j=ERR_R_ASN1_LIB;
	311	rsa=d2i_RSAPrivateKey_bio(in,NULL);
	312	}
	313	else if (type == SSL_FILETYPE_PEM)
	314	{
	315	j=ERR_R_PEM_LIB;
	316	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
	317	ssl->ctx->default_passwd_callback);
	318	}
	319	else
	320	{
	321	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
	322	goto end;
	323	}
	324	if (rsa == NULL)
	325	{
	326	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
	327	goto end;
	328	}
	329	ret=SSL_use_RSAPrivateKey(ssl,rsa);
	330	RSA_free(rsa);
	331	end:
	332	if (in != NULL) BIO_free(in);
	333	return(ret);
	334	}
	335	#endif
	336
	337	int SSL_use_RSAPrivateKey_ASN1(ssl,d,len)
	338	SSL *ssl;
	339	unsigned char *d;
	340	long len;
	341	{
	342	int ret;
	343	unsigned char *p;
	344	RSA *rsa;
	345
	346	p=d;
	347	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
	348	{
	349	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
	350	return(0);
	351	}
	352
	353	ret=SSL_use_RSAPrivateKey(ssl,rsa);
	354	RSA_free(rsa);
	355	return(ret);
	356	}
	357	#endif /* !NO_RSA */
	358
	359	int SSL_use_PrivateKey(ssl, pkey)
	360	SSL *ssl;
	361	EVP_PKEY *pkey;
	362	{
	363	CERT *c;
	364	int ret;
	365
	366	if (pkey == NULL)
	367	{
	368	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
	369	return(0);
	370	}
	371
	372	if ((ssl->cert == NULL) \|\| (ssl->cert == ssl->ctx->default_cert))
	373	{
	374	c=ssl_cert_new();
	375	if (c == NULL)
	376	{
	377	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
	378	return(0);
	379	}
	380	if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
	381	ssl->cert=c;
	382	}
	383	c=ssl->cert;
	384
	385	ret=ssl_set_pkey(c,pkey);
	386	return(ret);
	387	}
	388
	389	#ifndef NO_STDIO
	390	int SSL_use_PrivateKey_file(ssl, file, type)
	391	SSL *ssl;
	392	char *file;
	393	int type;
	394	{
	395	int j,ret=0;
	396	BIO *in;
	397	EVP_PKEY *pkey=NULL;
	398
	399	in=BIO_new(BIO_s_file_internal());
	400	if (in == NULL)
	401	{
	402	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
	403	goto end;
	404	}
	405
	406	if (BIO_read_filename(in,file) <= 0)
	407	{
	408	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
	409	goto end;
	410	}
	411	if (type == SSL_FILETYPE_PEM)
	412	{
	413	j=ERR_R_PEM_LIB;
	414	pkey=PEM_read_bio_PrivateKey(in,NULL,
	415	ssl->ctx->default_passwd_callback);
	416	}
	417	else
	418	{
	419	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
	420	goto end;
	421	}
	422	if (pkey == NULL)
	423	{
	424	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
	425	goto end;
	426	}
	427	ret=SSL_use_PrivateKey(ssl,pkey);
	428	EVP_PKEY_free(pkey);
	429	end:
	430	if (in != NULL) BIO_free(in);
	431	return(ret);
	432	}
	433	#endif
	434
	435	int SSL_use_PrivateKey_ASN1(type,ssl,d,len)
	436	int type;
	437	SSL *ssl;
	438	unsigned char *d;
	439	long len;
	440	{
	441	int ret;
	442	unsigned char *p;
	443	EVP_PKEY *pkey;
	444
	445	p=d;
	446	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
	447	{
	448	SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
	449	return(0);
	450	}
	451
	452	ret=SSL_use_PrivateKey(ssl,pkey);
	453	EVP_PKEY_free(pkey);
	454	return(ret);
	455	}
	456
	457	int SSL_CTX_use_certificate(ctx, x)
	458	SSL_CTX *ctx;
	459	X509 *x;
	460	{
	461	CERT *c;
	462
	463	if (x == NULL)
	464	{
	465	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
	466	return(0);
	467	}
	468
	469	if (ctx->default_cert == NULL)
	470	{
	471	c=ssl_cert_new();
	472	if (c == NULL)
	473	{
	474	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
	475	return(0);
	476	}
	477	ctx->default_cert=c;
	478	}
	479	c=ctx->default_cert;
	480
	481	return(ssl_set_cert(c,x));
	482	}
	483
	484	static int ssl_set_cert(c,x)
	485	CERT *c;
	486	X509 *x;
	487	{
	488	EVP_PKEY *pkey;
	489	int i,ok=0,bad=0;
	490
	491	pkey=X509_get_pubkey(x);
	492	if (pkey == NULL)
	493	{
	494	SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
	495	return(0);
	496	}
	497
	498	i=ssl_cert_type(x,pkey);
	499	if (i < 0)
	500	{
	501	SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
	502	return(0);
	503	}
	504
	505	if (c->pkeys[i].privatekey != NULL)
	506	{
	507	if (!X509_check_private_key(x,c->pkeys[i].privatekey))
	508	{
	509	if ((i == SSL_PKEY_DH_RSA) \|\| (i == SSL_PKEY_DH_DSA))
	510	{
	511	i=(i == SSL_PKEY_DH_RSA)?
	512	SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
	513
	514	if (c->pkeys[i].privatekey == NULL)
	515	ok=1;
	516	else
	517	{
	518	if (!X509_check_private_key(x,
	519	c->pkeys[i].privatekey))
	520	bad=1;
	521	else
	522	ok=1;
	523	}
	524	}
	525	else
	526	bad=1;
	527	}
	528	else
	529	ok=1;
	530	}
	531	else
	532	ok=1;
	533
	534	if (bad)
	535	{
	536	EVP_PKEY_free(c->pkeys[i].privatekey);
	537	c->pkeys[i].privatekey=NULL;
	538	}
	539
	540	if (c->pkeys[i].x509 != NULL)
	541	X509_free(c->pkeys[i].x509);
	542	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
	543	c->pkeys[i].x509=x;
	544	c->key= &(c->pkeys[i]);
	545
	546	c->valid=0;
	547	return(1);
	548	}
	549
	550	#ifndef NO_STDIO
	551	int SSL_CTX_use_certificate_file(ctx, file, type)
	552	SSL_CTX *ctx;
	553	char *file;
	554	int type;
	555	{
	556	int j;
	557	BIO *in;
	558	int ret=0;
	559	X509 *x=NULL;
	560
	561	in=BIO_new(BIO_s_file_internal());
	562	if (in == NULL)
	563	{
	564	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
	565	goto end;
	566	}
	567
	568	if (BIO_read_filename(in,file) <= 0)
	569	{
	570	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
	571	goto end;
	572	}
	573	if (type == SSL_FILETYPE_ASN1)
	574	{
	575	j=ERR_R_ASN1_LIB;
	576	x=d2i_X509_bio(in,NULL);
	577	}
	578	else if (type == SSL_FILETYPE_PEM)
	579	{
	580	j=ERR_R_PEM_LIB;
	581	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback);
	582	}
	583	else
	584	{
	585	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
	586	goto end;
	587	}
	588
	589	if (x == NULL)
	590	{
	591	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
	592	goto end;
	593	}
	594
	595	ret=SSL_CTX_use_certificate(ctx,x);
	596	end:
	597	if (x != NULL) X509_free(x);
	598	if (in != NULL) BIO_free(in);
	599	return(ret);
	600	}
	601	#endif
	602
	603	int SSL_CTX_use_certificate_ASN1(ctx, len, d)
	604	SSL_CTX *ctx;
	605	int len;
	606	unsigned char *d;
	607	{
	608	X509 *x;
	609	int ret;
	610
	611	x=d2i_X509(NULL,&d,(long)len);
	612	if (x == NULL)
	613	{
	614	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
	615	return(0);
	616	}
	617
	618	ret=SSL_CTX_use_certificate(ctx,x);
	619	X509_free(x);
	620	return(ret);
	621	}
	622
	623	#ifndef NO_RSA
	624	int SSL_CTX_use_RSAPrivateKey(ctx, rsa)
	625	SSL_CTX *ctx;
	626	RSA *rsa;
	627	{
	628	int ret;
	629	CERT *c;
	630	EVP_PKEY *pkey;
	631
	632	if (rsa == NULL)
	633	{
	634	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
	635	return(0);
	636	}
	637	if (ctx->default_cert == NULL)
	638	{
	639	c=ssl_cert_new();
	640	if (c == NULL)
	641	{
	642	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
	643	return(0);
	644	}
	645	ctx->default_cert=c;
	646	}
	647	c=ctx->default_cert;
	648
	649	if ((pkey=EVP_PKEY_new()) == NULL)
	650	{
	651	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
	652	return(0);
	653	}
	654
	655	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
	656	EVP_PKEY_assign_RSA(pkey,rsa);
	657
	658	ret=ssl_set_pkey(c,pkey);
	659	EVP_PKEY_free(pkey);
	660	return(ret);
	661	}
	662
	663	#ifndef NO_STDIO
	664	int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type)
	665	SSL_CTX *ctx;
	666	char *file;
	667	int type;
	668	{
	669	int j,ret=0;
	670	BIO *in;
	671	RSA *rsa=NULL;
	672
	673	in=BIO_new(BIO_s_file_internal());
	674	if (in == NULL)
	675	{
	676	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
	677	goto end;
	678	}
	679
	680	if (BIO_read_filename(in,file) <= 0)
	681	{
	682	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
	683	goto end;
	684	}
	685	if (type == SSL_FILETYPE_ASN1)
	686	{
	687	j=ERR_R_ASN1_LIB;
	688	rsa=d2i_RSAPrivateKey_bio(in,NULL);
	689	}
	690	else if (type == SSL_FILETYPE_PEM)
	691	{
	692	j=ERR_R_PEM_LIB;
	693	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
	694	ctx->default_passwd_callback);
	695	}
	696	else
	697	{
	698	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
	699	goto end;
	700	}
	701	if (rsa == NULL)
	702	{
	703	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
	704	goto end;
	705	}
	706	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
	707	RSA_free(rsa);
	708	end:
	709	if (in != NULL) BIO_free(in);
	710	return(ret);
	711	}
	712	#endif
	713
	714	int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len)
	715	SSL_CTX *ctx;
	716	unsigned char *d;
	717	long len;
	718	{
	719	int ret;
	720	unsigned char *p;
	721	RSA *rsa;
	722
	723	p=d;
	724	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
	725	{
	726	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
	727	return(0);
	728	}
	729
	730	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
	731	RSA_free(rsa);
	732	return(ret);
	733	}
	734	#endif /* !NO_RSA */
	735
	736	int SSL_CTX_use_PrivateKey(ctx, pkey)
	737	SSL_CTX *ctx;
	738	EVP_PKEY *pkey;
	739	{
	740	CERT *c;
	741
	742	if (pkey == NULL)
	743	{
	744	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
	745	return(0);
	746	}
	747
	748	if (ctx->default_cert == NULL)
	749	{
	750	c=ssl_cert_new();
	751	if (c == NULL)
	752	{
	753	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
	754	return(0);
	755	}
	756	ctx->default_cert=c;
	757	}
	758	c=ctx->default_cert;
	759
	760	return(ssl_set_pkey(c,pkey));
	761	}
	762
	763	#ifndef NO_STDIO
	764	int SSL_CTX_use_PrivateKey_file(ctx, file, type)
	765	SSL_CTX *ctx;
	766	char *file;
	767	int type;
	768	{
	769	int j,ret=0;
	770	BIO *in;
	771	EVP_PKEY *pkey=NULL;
	772
	773	in=BIO_new(BIO_s_file_internal());
	774	if (in == NULL)
	775	{
	776	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
	777	goto end;
	778	}
	779
	780	if (BIO_read_filename(in,file) <= 0)
	781	{
	782	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
	783	goto end;
	784	}
	785	if (type == SSL_FILETYPE_PEM)
	786	{
	787	j=ERR_R_PEM_LIB;
	788	pkey=PEM_read_bio_PrivateKey(in,NULL,
	789	ctx->default_passwd_callback);
	790	}
	791	else
	792	{
	793	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
	794	goto end;
	795	}
	796	if (pkey == NULL)
	797	{
	798	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
	799	goto end;
	800	}
	801	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
	802	EVP_PKEY_free(pkey);
	803	end:
	804	if (in != NULL) BIO_free(in);
	805	return(ret);
	806	}
	807	#endif
	808
	809	int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len)
	810	int type;
	811	SSL_CTX *ctx;
	812	unsigned char *d;
	813	long len;
	814	{
	815	int ret;
	816	unsigned char *p;
	817	EVP_PKEY *pkey;
	818
	819	p=d;
	820	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
	821	{
	822	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
	823	return(0);
	824	}
	825
	826	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
	827	EVP_PKEY_free(pkey);
	828	return(ret);
	829	}
	830
	831