ssl/ssl_rsa.c

   1 /* ssl/ssl_rsa.c */
   2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   3  * All rights reserved.
   4  *
   5  * This package is an SSL implementation written
   6  * by Eric Young (eay@cryptsoft.com).
   7  * The implementation was written so as to conform with Netscapes SSL.
   8  *
   9  * This library is free for commercial and non-commercial use as long as
  10  * the following conditions are aheared to.  The following conditions
  11  * apply to all code found in this distribution, be it the RC4, RSA,
  12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  13  * included with this distribution is covered by the same copyright terms
  14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15  *
  16  * Copyright remains Eric Young's, and as such any Copyright notices in
  17  * the code are not to be removed.
  18  * If this package is used in a product, Eric Young should be given attribution
  19  * as the author of the parts of the library used.
  20  * This can be in the form of a textual message at program startup or
  21  * in documentation (online or textual) provided with the package.
  22  *
  23  * Redistribution and use in source and binary forms, with or without
  24  * modification, are permitted provided that the following conditions
  25  * are met:
  26  * 1. Redistributions of source code must retain the copyright
  27  *    notice, this list of conditions and the following disclaimer.
  28  * 2. Redistributions in binary form must reproduce the above copyright
  29  *    notice, this list of conditions and the following disclaimer in the
  30  *    documentation and/or other materials provided with the distribution.
  31  * 3. All advertising materials mentioning features or use of this software
  32  *    must display the following acknowledgement:
  33  *    "This product includes cryptographic software written by
  34  *     Eric Young (eay@cryptsoft.com)"
  35  *    The word 'cryptographic' can be left out if the rouines from the library
  36  *    being used are not cryptographic related :-).
  37  * 4. If you include any Windows specific code (or a derivative thereof) from
  38  *    the apps directory (application code) you must include an acknowledgement:
  39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40  *
  41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51  * SUCH DAMAGE.
  52  *
  53  * The licence and distribution terms for any publically available version or
  54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  55  * copied and put under another distribution licence
  56  * [including the GNU Public Licence.]
  57  */
  58
  59 #include <stdio.h>
  60 #include "bio.h"
  61 #include "objects.h"
  62 #include "evp.h"
  63 #include "x509.h"
  64 #include "pem.h"
  65 #include "ssl_locl.h"
  66
  67 #ifndef NOPROTO
  68 static int ssl_set_cert(CERT *c, X509 *x509);
  69 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
  70 #else
  71 static int ssl_set_cert();
  72 static int ssl_set_pkey();
  73 #endif
  74
  75 int SSL_use_certificate(SSL *ssl, X509 *x)
  76         {
  77         if (x == NULL)
  78                 {
  79                 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
  80                 return(0);
  81                 }
  82         if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert))
  83                 {
  84                 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
  85                 return(0);
  86                 }
  87         return(ssl_set_cert(ssl->cert,x));
  88         }
  89
  90 #ifndef NO_STDIO
  91 int SSL_use_certificate_file(SSL *ssl, char *file, int type)
  92         {
  93         int j;
  94         BIO *in;
  95         int ret=0;
  96         X509 *x=NULL;
  97
  98         in=BIO_new(BIO_s_file_internal());
  99         if (in == NULL)
 100                 {
 101                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
 102                 goto end;
 103                 }
 104
 105         if (BIO_read_filename(in,file) <= 0)
 106                 {
 107                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
 108                 goto end;
 109                 }
 110         if (type == SSL_FILETYPE_ASN1)
 111                 {
 112                 j=ERR_R_ASN1_LIB;
 113                 x=d2i_X509_bio(in,NULL);
 114                 }
 115         else if (type == SSL_FILETYPE_PEM)
 116                 {
 117                 j=ERR_R_PEM_LIB;
 118                 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback);
 119                 }
 120         else
 121                 {
 122                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
 123                 goto end;
 124                 }
 125
 126         if (x == NULL)
 127                 {
 128                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
 129                 goto end;
 130                 }
 131
 132         ret=SSL_use_certificate(ssl,x);
 133 end:
 134         if (x != NULL) X509_free(x);
 135         if (in != NULL) BIO_free(in);
 136         return(ret);
 137         }
 138 #endif
 139
 140 int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
 141         {
 142         X509 *x;
 143         int ret;
 144
 145         x=d2i_X509(NULL,&d,(long)len);
 146         if (x == NULL)
 147                 {
 148                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
 149                 return(0);
 150                 }
 151
 152         ret=SSL_use_certificate(ssl,x);
 153         X509_free(x);
 154         return(ret);
 155         }
 156
 157 #ifndef NO_RSA
 158 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 159         {
 160         EVP_PKEY *pkey;
 161         int ret;
 162
 163         if (rsa == NULL)
 164                 {
 165                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 166                 return(0);
 167                 }
 168         if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert))
 169                 {
 170                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
 171                 return(0);
 172                 }
 173         if ((pkey=EVP_PKEY_new()) == NULL)
 174                 {
 175                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
 176                 return(0);
 177                 }
 178
 179         CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
 180         EVP_PKEY_assign_RSA(pkey,rsa);
 181
 182         ret=ssl_set_pkey(ssl->cert,pkey);
 183         EVP_PKEY_free(pkey);
 184         return(ret);
 185         }
 186 #endif
 187
 188 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 189         {
 190         int i,ok=0,bad=0;
 191
 192         i=ssl_cert_type(NULL,pkey);
 193         if (i < 0)
 194                 {
 195                 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
 196                 return(0);
 197                 }
 198
 199         if (c->pkeys[i].x509 != NULL)
 200                 {
 201                 EVP_PKEY *pktmp;
 202                 pktmp = X509_get_pubkey(c->pkeys[i].x509);
 203                 EVP_PKEY_copy_parameters(pktmp,pkey);
 204                 EVP_PKEY_free(pktmp);
 205                 ERR_clear_error();
 206
 207 #ifndef NO_RSA
 208                 /* Don't check the public/private key, this is mostly
 209                  * for smart cards. */
 210                 if ((pkey->type == EVP_PKEY_RSA) &&
 211                         (RSA_flags(pkey->pkey.rsa) &
 212                          RSA_METHOD_FLAG_NO_CHECK))
 213                          ok=1;
 214                 else
 215 #endif
 216                         if (!X509_check_private_key(c->pkeys[i].x509,pkey))
 217                         {
 218                         if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
 219                                 {
 220                                 i=(i == SSL_PKEY_DH_RSA)?
 221                                         SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
 222
 223                                 if (c->pkeys[i].x509 == NULL)
 224                                         ok=1;
 225                                 else
 226                                         {
 227                                         if (!X509_check_private_key(
 228                                                 c->pkeys[i].x509,pkey))
 229                                                 bad=1;
 230                                         else
 231                                                 ok=1;
 232                                         }
 233                                 }
 234                         else
 235                                 bad=1;
 236                         }
 237                 else
 238                         ok=1;
 239                 }
 240         else
 241                 ok=1;
 242
 243         if (bad)
 244                 {
 245                 X509_free(c->pkeys[i].x509);
 246                 c->pkeys[i].x509=NULL;
 247                 return(0);
 248                 }
 249
 250         if (c->pkeys[i].privatekey != NULL)
 251                 EVP_PKEY_free(c->pkeys[i].privatekey);
 252         CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
 253         c->pkeys[i].privatekey=pkey;
 254         c->key= &(c->pkeys[i]);
 255
 256         c->valid=0;
 257         return(1);
 258         }
 259
 260 #ifndef NO_RSA
 261 #ifndef NO_STDIO
 262 int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type)
 263         {
 264         int j,ret=0;
 265         BIO *in;
 266         RSA *rsa=NULL;
 267
 268         in=BIO_new(BIO_s_file_internal());
 269         if (in == NULL)
 270                 {
 271                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
 272                 goto end;
 273                 }
 274
 275         if (BIO_read_filename(in,file) <= 0)
 276                 {
 277                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
 278                 goto end;
 279                 }
 280         if      (type == SSL_FILETYPE_ASN1)
 281                 {
 282                 j=ERR_R_ASN1_LIB;
 283                 rsa=d2i_RSAPrivateKey_bio(in,NULL);
 284                 }
 285         else if (type == SSL_FILETYPE_PEM)
 286                 {
 287                 j=ERR_R_PEM_LIB;
 288                 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
 289                         ssl->ctx->default_passwd_callback);
 290                 }
 291         else
 292                 {
 293                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
 294                 goto end;
 295                 }
 296         if (rsa == NULL)
 297                 {
 298                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
 299                 goto end;
 300                 }
 301         ret=SSL_use_RSAPrivateKey(ssl,rsa);
 302         RSA_free(rsa);
 303 end:
 304         if (in != NULL) BIO_free(in);
 305         return(ret);
 306         }
 307 #endif
 308
 309 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
 310         {
 311         int ret;
 312         unsigned char *p;
 313         RSA *rsa;
 314
 315         p=d;
 316         if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
 317                 {
 318                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
 319                 return(0);
 320                 }
 321
 322         ret=SSL_use_RSAPrivateKey(ssl,rsa);
 323         RSA_free(rsa);
 324         return(ret);
 325         }
 326 #endif /* !NO_RSA */
 327
 328 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
 329         {
 330         int ret;
 331
 332         if (pkey == NULL)
 333                 {
 334                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 335                 return(0);
 336                 }
 337         if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert))
 338                 {
 339                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
 340                 return(0);
 341                 }
 342         ret=ssl_set_pkey(ssl->cert,pkey);
 343         return(ret);
 344         }
 345
 346 #ifndef NO_STDIO
 347 int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type)
 348         {
 349         int j,ret=0;
 350         BIO *in;
 351         EVP_PKEY *pkey=NULL;
 352
 353         in=BIO_new(BIO_s_file_internal());
 354         if (in == NULL)
 355                 {
 356                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
 357                 goto end;
 358                 }
 359
 360         if (BIO_read_filename(in,file) <= 0)
 361                 {
 362                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
 363                 goto end;
 364                 }
 365         if (type == SSL_FILETYPE_PEM)
 366                 {
 367                 j=ERR_R_PEM_LIB;
 368                 pkey=PEM_read_bio_PrivateKey(in,NULL,
 369                         ssl->ctx->default_passwd_callback);
 370                 }
 371         else
 372                 {
 373                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
 374                 goto end;
 375                 }
 376         if (pkey == NULL)
 377                 {
 378                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
 379                 goto end;
 380                 }
 381         ret=SSL_use_PrivateKey(ssl,pkey);
 382         EVP_PKEY_free(pkey);
 383 end:
 384         if (in != NULL) BIO_free(in);
 385         return(ret);
 386         }
 387 #endif
 388
 389 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
 390         {
 391         int ret;
 392         unsigned char *p;
 393         EVP_PKEY *pkey;
 394
 395         p=d;
 396         if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
 397                 {
 398                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
 399                 return(0);
 400                 }
 401
 402         ret=SSL_use_PrivateKey(ssl,pkey);
 403         EVP_PKEY_free(pkey);
 404         return(ret);
 405         }
 406
 407 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
 408         {
 409         if (x == NULL)
 410                 {
 411                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
 412                 return(0);
 413                 }
 414         if (!ssl_cert_instantiate(&ctx->default_cert, NULL))
 415                 {
 416                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 417                 return(0);
 418                 }
 419         return(ssl_set_cert(ctx->default_cert,x));
 420         }
 421
 422 static int ssl_set_cert(CERT *c, X509 *x)
 423         {
 424         EVP_PKEY *pkey;
 425         int i,ok=0,bad=0;
 426
 427         pkey=X509_get_pubkey(x);
 428         if (pkey == NULL)
 429                 {
 430                 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
 431                 return(0);
 432                 }
 433
 434         i=ssl_cert_type(x,pkey);
 435         if (i < 0)
 436                 {
 437                 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
 438                 EVP_PKEY_free(pkey);
 439                 return(0);
 440                 }
 441
 442         if (c->pkeys[i].privatekey != NULL)
 443                 {
 444                 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
 445                 ERR_clear_error();
 446
 447 #ifndef NO_RSA
 448                 /* Don't check the public/private key, this is mostly
 449                  * for smart cards. */
 450                 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
 451                         (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
 452                          RSA_METHOD_FLAG_NO_CHECK))
 453                          ok=1;
 454                 else
 455 #endif
 456                 {
 457                 if (!X509_check_private_key(x,c->pkeys[i].privatekey))
 458                         {
 459                         if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
 460                                 {
 461                                 i=(i == SSL_PKEY_DH_RSA)?
 462                                         SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
 463
 464                                 if (c->pkeys[i].privatekey == NULL)
 465                                         ok=1;
 466                                 else
 467                                         {
 468                                         if (!X509_check_private_key(x,
 469                                                 c->pkeys[i].privatekey))
 470                                                 bad=1;
 471                                         else
 472                                                 ok=1;
 473                                         }
 474                                 }
 475                         else
 476                                 bad=1;
 477                         }
 478                 else
 479                         ok=1;
 480                 } /* NO_RSA */
 481                 }
 482         else
 483                 ok=1;
 484
 485         EVP_PKEY_free(pkey);
 486         if (bad)
 487                 {
 488                 EVP_PKEY_free(c->pkeys[i].privatekey);
 489                 c->pkeys[i].privatekey=NULL;
 490                 }
 491
 492         if (c->pkeys[i].x509 != NULL)
 493                 X509_free(c->pkeys[i].x509);
 494         CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
 495         c->pkeys[i].x509=x;
 496         c->key= &(c->pkeys[i]);
 497
 498         c->valid=0;
 499         return(1);
 500         }
 501
 502 #ifndef NO_STDIO
 503 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type)
 504         {
 505         int j;
 506         BIO *in;
 507         int ret=0;
 508         X509 *x=NULL;
 509
 510         in=BIO_new(BIO_s_file_internal());
 511         if (in == NULL)
 512                 {
 513                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
 514                 goto end;
 515                 }
 516
 517         if (BIO_read_filename(in,file) <= 0)
 518                 {
 519                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
 520                 goto end;
 521                 }
 522         if (type == SSL_FILETYPE_ASN1)
 523                 {
 524                 j=ERR_R_ASN1_LIB;
 525                 x=d2i_X509_bio(in,NULL);
 526                 }
 527         else if (type == SSL_FILETYPE_PEM)
 528                 {
 529                 j=ERR_R_PEM_LIB;
 530                 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback);
 531                 }
 532         else
 533                 {
 534                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
 535                 goto end;
 536                 }
 537
 538         if (x == NULL)
 539                 {
 540                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
 541                 goto end;
 542                 }
 543
 544         ret=SSL_CTX_use_certificate(ctx,x);
 545 end:
 546         if (x != NULL) X509_free(x);
 547         if (in != NULL) BIO_free(in);
 548         return(ret);
 549         }
 550 #endif
 551
 552 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
 553         {
 554         X509 *x;
 555         int ret;
 556
 557         x=d2i_X509(NULL,&d,(long)len);
 558         if (x == NULL)
 559                 {
 560                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
 561                 return(0);
 562                 }
 563
 564         ret=SSL_CTX_use_certificate(ctx,x);
 565         X509_free(x);
 566         return(ret);
 567         }
 568
 569 #ifndef NO_RSA
 570 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 571         {
 572         int ret;
 573         EVP_PKEY *pkey;
 574
 575         if (rsa == NULL)
 576                 {
 577                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 578                 return(0);
 579                 }
 580         if (!ssl_cert_instantiate(&ctx->default_cert, NULL))
 581                 {
 582                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
 583                 return(0);
 584                 }
 585         if ((pkey=EVP_PKEY_new()) == NULL)
 586                 {
 587                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
 588                 return(0);
 589                 }
 590
 591         CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
 592         EVP_PKEY_assign_RSA(pkey,rsa);
 593
 594         ret=ssl_set_pkey(ctx->default_cert,pkey);
 595         EVP_PKEY_free(pkey);
 596         return(ret);
 597         }
 598
 599 #ifndef NO_STDIO
 600 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type)
 601         {
 602         int j,ret=0;
 603         BIO *in;
 604         RSA *rsa=NULL;
 605
 606         in=BIO_new(BIO_s_file_internal());
 607         if (in == NULL)
 608                 {
 609                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
 610                 goto end;
 611                 }
 612
 613         if (BIO_read_filename(in,file) <= 0)
 614                 {
 615                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
 616                 goto end;
 617                 }
 618         if      (type == SSL_FILETYPE_ASN1)
 619                 {
 620                 j=ERR_R_ASN1_LIB;
 621                 rsa=d2i_RSAPrivateKey_bio(in,NULL);
 622                 }
 623         else if (type == SSL_FILETYPE_PEM)
 624                 {
 625                 j=ERR_R_PEM_LIB;
 626                 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
 627                         ctx->default_passwd_callback);
 628                 }
 629         else
 630                 {
 631                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
 632                 goto end;
 633                 }
 634         if (rsa == NULL)
 635                 {
 636                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
 637                 goto end;
 638                 }
 639         ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
 640         RSA_free(rsa);
 641 end:
 642         if (in != NULL) BIO_free(in);
 643         return(ret);
 644         }
 645 #endif
 646
 647 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
 648         {
 649         int ret;
 650         unsigned char *p;
 651         RSA *rsa;
 652
 653         p=d;
 654         if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
 655                 {
 656                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
 657                 return(0);
 658                 }
 659
 660         ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
 661         RSA_free(rsa);
 662         return(ret);
 663         }
 664 #endif /* !NO_RSA */
 665
 666 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 667         {
 668         if (pkey == NULL)
 669                 {
 670                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 671                 return(0);
 672                 }
 673         if (!ssl_cert_instantiate(&ctx->default_cert, NULL))
 674                 {
 675                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
 676                 return(0);
 677                 }
 678         return(ssl_set_pkey(ctx->default_cert,pkey));
 679         }
 680
 681 #ifndef NO_STDIO
 682 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type)
 683         {
 684         int j,ret=0;
 685         BIO *in;
 686         EVP_PKEY *pkey=NULL;
 687
 688         in=BIO_new(BIO_s_file_internal());
 689         if (in == NULL)
 690                 {
 691                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
 692                 goto end;
 693                 }
 694
 695         if (BIO_read_filename(in,file) <= 0)
 696                 {
 697                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
 698                 goto end;
 699                 }
 700         if (type == SSL_FILETYPE_PEM)
 701                 {
 702                 j=ERR_R_PEM_LIB;
 703                 pkey=PEM_read_bio_PrivateKey(in,NULL,
 704                         ctx->default_passwd_callback);
 705                 }
 706         else
 707                 {
 708                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
 709                 goto end;
 710                 }
 711         if (pkey == NULL)
 712                 {
 713                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
 714                 goto end;
 715                 }
 716         ret=SSL_CTX_use_PrivateKey(ctx,pkey);
 717         EVP_PKEY_free(pkey);
 718 end:
 719         if (in != NULL) BIO_free(in);
 720         return(ret);
 721         }
 722 #endif
 723
 724 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
 725              long len)
 726         {
 727         int ret;
 728         unsigned char *p;
 729         EVP_PKEY *pkey;
 730
 731         p=d;
 732         if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
 733                 {
 734                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
 735                 return(0);
 736                 }
 737
 738         ret=SSL_CTX_use_PrivateKey(ctx,pkey);
 739         EVP_PKEY_free(pkey);
 740         return(ret);
 741         }
 742
 743