Workarounds to make broken programs happy (such as s_client and s_server).
[openssl.git] / ssl / ssl_rsa.c
1 /* ssl/ssl_rsa.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include <openssl/bio.h>
61 #include <openssl/objects.h>
62 #include <openssl/evp.h>
63 #include <openssl/x509.h>
64 #include <openssl/pem.h>
65 #include "ssl_locl.h"
66
67 static int ssl_set_cert(CERT *c, X509 *x509);
68 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
69 int SSL_use_certificate(SSL *ssl, X509 *x)
70         {
71         if (x == NULL)
72                 {
73                 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
74                 return(0);
75                 }
76         if (!ssl_cert_inst(&ssl->cert))
77                 {
78                 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
79                 return(0);
80                 }
81         return(ssl_set_cert(ssl->cert,x));
82         }
83
84 #ifndef NO_STDIO
85 int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
86         {
87         int j;
88         BIO *in;
89         int ret=0;
90         X509 *x=NULL;
91
92         in=BIO_new(BIO_s_file_internal());
93         if (in == NULL)
94                 {
95                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
96                 goto end;
97                 }
98
99         if (BIO_read_filename(in,file) <= 0)
100                 {
101                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
102                 goto end;
103                 }
104         if (type == SSL_FILETYPE_ASN1)
105                 {
106                 j=ERR_R_ASN1_LIB;
107                 x=d2i_X509_bio(in,NULL);
108                 }
109         else if (type == SSL_FILETYPE_PEM)
110                 {
111                 j=ERR_R_PEM_LIB;
112                 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
113                 }
114         else
115                 {
116                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
117                 goto end;
118                 }
119
120         if (x == NULL)
121                 {
122                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
123                 goto end;
124                 }
125
126         ret=SSL_use_certificate(ssl,x);
127 end:
128         if (x != NULL) X509_free(x);
129         if (in != NULL) BIO_free(in);
130         return(ret);
131         }
132 #endif
133
134 int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
135         {
136         X509 *x;
137         int ret;
138
139         x=d2i_X509(NULL,&d,(long)len);
140         if (x == NULL)
141                 {
142                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
143                 return(0);
144                 }
145
146         ret=SSL_use_certificate(ssl,x);
147         X509_free(x);
148         return(ret);
149         }
150
151 #ifndef NO_RSA
152 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
153         {
154         EVP_PKEY *pkey;
155         int ret;
156
157         if (rsa == NULL)
158                 {
159                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
160                 return(0);
161                 }
162         if (!ssl_cert_inst(&ssl->cert))
163                 {
164                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
165                 return(0);
166                 }
167         if ((pkey=EVP_PKEY_new()) == NULL)
168                 {
169                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
170                 return(0);
171                 }
172
173         CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
174         EVP_PKEY_assign_RSA(pkey,rsa);
175
176         ret=ssl_set_pkey(ssl->cert,pkey);
177         EVP_PKEY_free(pkey);
178         return(ret);
179         }
180 #endif
181
182 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
183         {
184         int i,ok=0,bad=0;
185
186         i=ssl_cert_type(NULL,pkey);
187         if (i < 0)
188                 {
189                 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
190                 return(0);
191                 }
192
193         if (c->pkeys[i].x509 != NULL)
194                 {
195                 EVP_PKEY *pktmp;
196                 pktmp = X509_get_pubkey(c->pkeys[i].x509);
197                 EVP_PKEY_copy_parameters(pktmp,pkey);
198                 EVP_PKEY_free(pktmp);
199                 ERR_clear_error();
200
201 #ifndef NO_RSA
202                 /* Don't check the public/private key, this is mostly
203                  * for smart cards. */
204                 if ((pkey->type == EVP_PKEY_RSA) &&
205                         (RSA_flags(pkey->pkey.rsa) &
206                          RSA_METHOD_FLAG_NO_CHECK))
207                          ok=1;
208                 else
209 #endif
210                         if (!X509_check_private_key(c->pkeys[i].x509,pkey))
211                         {
212                         if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
213                                 {
214                                 i=(i == SSL_PKEY_DH_RSA)?
215                                         SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
216
217                                 if (c->pkeys[i].x509 == NULL)
218                                         ok=1;
219                                 else
220                                         {
221                                         if (!X509_check_private_key(
222                                                 c->pkeys[i].x509,pkey))
223                                                 bad=1;
224                                         else
225                                                 ok=1;
226                                         }
227                                 }
228                         else
229                                 bad=1;
230                         }
231                 else
232                         ok=1;
233                 }
234         else
235                 ok=1;
236
237         if (bad)
238                 {
239                 X509_free(c->pkeys[i].x509);
240                 c->pkeys[i].x509=NULL;
241                 return(0);
242                 }
243
244         if (c->pkeys[i].privatekey != NULL)
245                 EVP_PKEY_free(c->pkeys[i].privatekey);
246         CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
247         c->pkeys[i].privatekey=pkey;
248         c->key= &(c->pkeys[i]);
249
250         c->valid=0;
251         return(1);
252         }
253
254 #ifndef NO_RSA
255 #ifndef NO_STDIO
256 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
257         {
258         int j,ret=0;
259         BIO *in;
260         RSA *rsa=NULL;
261
262         in=BIO_new(BIO_s_file_internal());
263         if (in == NULL)
264                 {
265                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
266                 goto end;
267                 }
268
269         if (BIO_read_filename(in,file) <= 0)
270                 {
271                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
272                 goto end;
273                 }
274         if      (type == SSL_FILETYPE_ASN1)
275                 {
276                 j=ERR_R_ASN1_LIB;
277                 rsa=d2i_RSAPrivateKey_bio(in,NULL);
278                 }
279         else if (type == SSL_FILETYPE_PEM)
280                 {
281                 j=ERR_R_PEM_LIB;
282                 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
283                         ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
284                 }
285         else
286                 {
287                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
288                 goto end;
289                 }
290         if (rsa == NULL)
291                 {
292                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
293                 goto end;
294                 }
295         ret=SSL_use_RSAPrivateKey(ssl,rsa);
296         RSA_free(rsa);
297 end:
298         if (in != NULL) BIO_free(in);
299         return(ret);
300         }
301 #endif
302
303 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
304         {
305         int ret;
306         unsigned char *p;
307         RSA *rsa;
308
309         p=d;
310         if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
311                 {
312                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
313                 return(0);
314                 }
315
316         ret=SSL_use_RSAPrivateKey(ssl,rsa);
317         RSA_free(rsa);
318         return(ret);
319         }
320 #endif /* !NO_RSA */
321
322 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
323         {
324         int ret;
325
326         if (pkey == NULL)
327                 {
328                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
329                 return(0);
330                 }
331         if (!ssl_cert_inst(&ssl->cert))
332                 {
333                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
334                 return(0);
335                 }
336         ret=ssl_set_pkey(ssl->cert,pkey);
337         return(ret);
338         }
339
340 #ifndef NO_STDIO
341 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
342         {
343         int j,ret=0;
344         BIO *in;
345         EVP_PKEY *pkey=NULL;
346
347         in=BIO_new(BIO_s_file_internal());
348         if (in == NULL)
349                 {
350                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
351                 goto end;
352                 }
353
354         if (BIO_read_filename(in,file) <= 0)
355                 {
356                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
357                 goto end;
358                 }
359         if (type == SSL_FILETYPE_PEM)
360                 {
361                 j=ERR_R_PEM_LIB;
362                 pkey=PEM_read_bio_PrivateKey(in,NULL,
363                         ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
364                 }
365         else
366                 {
367                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
368                 goto end;
369                 }
370         if (pkey == NULL)
371                 {
372                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
373                 goto end;
374                 }
375         ret=SSL_use_PrivateKey(ssl,pkey);
376         EVP_PKEY_free(pkey);
377 end:
378         if (in != NULL) BIO_free(in);
379         return(ret);
380         }
381 #endif
382
383 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
384         {
385         int ret;
386         unsigned char *p;
387         EVP_PKEY *pkey;
388
389         p=d;
390         if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
391                 {
392                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
393                 return(0);
394                 }
395
396         ret=SSL_use_PrivateKey(ssl,pkey);
397         EVP_PKEY_free(pkey);
398         return(ret);
399         }
400
401 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
402         {
403         if (x == NULL)
404                 {
405                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
406                 return(0);
407                 }
408         if (!ssl_cert_inst(&ctx->cert))
409                 {
410                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
411                 return(0);
412                 }
413         return(ssl_set_cert(ctx->cert, x));
414         }
415
416 static int ssl_set_cert(CERT *c, X509 *x)
417         {
418         EVP_PKEY *pkey;
419         int i,ok=0,bad=0;
420
421         pkey=X509_get_pubkey(x);
422         if (pkey == NULL)
423                 {
424                 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
425                 return(0);
426                 }
427
428         i=ssl_cert_type(x,pkey);
429         if (i < 0)
430                 {
431                 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
432                 EVP_PKEY_free(pkey);
433                 return(0);
434                 }
435
436         if (c->pkeys[i].privatekey != NULL)
437                 {
438                 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
439                 ERR_clear_error();
440
441 #ifndef NO_RSA
442                 /* Don't check the public/private key, this is mostly
443                  * for smart cards. */
444                 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
445                         (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
446                          RSA_METHOD_FLAG_NO_CHECK))
447                          ok=1;
448                 else
449 #endif
450                 {
451                 if (!X509_check_private_key(x,c->pkeys[i].privatekey))
452                         {
453                         if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
454                                 {
455                                 i=(i == SSL_PKEY_DH_RSA)?
456                                         SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
457
458                                 if (c->pkeys[i].privatekey == NULL)
459                                         ok=1;
460                                 else
461                                         {
462                                         if (!X509_check_private_key(x,
463                                                 c->pkeys[i].privatekey))
464                                                 bad=1;
465                                         else
466                                                 ok=1;
467                                         }
468                                 }
469                         else
470                                 bad=1;
471                         }
472                 else
473                         ok=1;
474                 } /* NO_RSA */
475                 }
476         else
477                 ok=1;
478
479         EVP_PKEY_free(pkey);
480         if (bad)
481                 {
482                 EVP_PKEY_free(c->pkeys[i].privatekey);
483                 c->pkeys[i].privatekey=NULL;
484                 }
485
486         if (c->pkeys[i].x509 != NULL)
487                 X509_free(c->pkeys[i].x509);
488         CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
489         c->pkeys[i].x509=x;
490         c->key= &(c->pkeys[i]);
491
492         c->valid=0;
493         return(1);
494         }
495
496 #ifndef NO_STDIO
497 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
498         {
499         int j;
500         BIO *in;
501         int ret=0;
502         X509 *x=NULL;
503
504         in=BIO_new(BIO_s_file_internal());
505         if (in == NULL)
506                 {
507                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
508                 goto end;
509                 }
510
511         if (BIO_read_filename(in,file) <= 0)
512                 {
513                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
514                 goto end;
515                 }
516         if (type == SSL_FILETYPE_ASN1)
517                 {
518                 j=ERR_R_ASN1_LIB;
519                 x=d2i_X509_bio(in,NULL);
520                 }
521         else if (type == SSL_FILETYPE_PEM)
522                 {
523                 j=ERR_R_PEM_LIB;
524                 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
525                 }
526         else
527                 {
528                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
529                 goto end;
530                 }
531
532         if (x == NULL)
533                 {
534                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
535                 goto end;
536                 }
537
538         ret=SSL_CTX_use_certificate(ctx,x);
539 end:
540         if (x != NULL) X509_free(x);
541         if (in != NULL) BIO_free(in);
542         return(ret);
543         }
544 #endif
545
546 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
547         {
548         X509 *x;
549         int ret;
550
551         x=d2i_X509(NULL,&d,(long)len);
552         if (x == NULL)
553                 {
554                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
555                 return(0);
556                 }
557
558         ret=SSL_CTX_use_certificate(ctx,x);
559         X509_free(x);
560         return(ret);
561         }
562
563 #ifndef NO_RSA
564 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
565         {
566         int ret;
567         EVP_PKEY *pkey;
568
569         if (rsa == NULL)
570                 {
571                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
572                 return(0);
573                 }
574         if (!ssl_cert_inst(&ctx->cert))
575                 {
576                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
577                 return(0);
578                 }
579         if ((pkey=EVP_PKEY_new()) == NULL)
580                 {
581                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
582                 return(0);
583                 }
584
585         CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
586         EVP_PKEY_assign_RSA(pkey,rsa);
587
588         ret=ssl_set_pkey(ctx->cert, pkey);
589         EVP_PKEY_free(pkey);
590         return(ret);
591         }
592
593 #ifndef NO_STDIO
594 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
595         {
596         int j,ret=0;
597         BIO *in;
598         RSA *rsa=NULL;
599
600         in=BIO_new(BIO_s_file_internal());
601         if (in == NULL)
602                 {
603                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
604                 goto end;
605                 }
606
607         if (BIO_read_filename(in,file) <= 0)
608                 {
609                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
610                 goto end;
611                 }
612         if      (type == SSL_FILETYPE_ASN1)
613                 {
614                 j=ERR_R_ASN1_LIB;
615                 rsa=d2i_RSAPrivateKey_bio(in,NULL);
616                 }
617         else if (type == SSL_FILETYPE_PEM)
618                 {
619                 j=ERR_R_PEM_LIB;
620                 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
621                         ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
622                 }
623         else
624                 {
625                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
626                 goto end;
627                 }
628         if (rsa == NULL)
629                 {
630                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
631                 goto end;
632                 }
633         ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
634         RSA_free(rsa);
635 end:
636         if (in != NULL) BIO_free(in);
637         return(ret);
638         }
639 #endif
640
641 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
642         {
643         int ret;
644         unsigned char *p;
645         RSA *rsa;
646
647         p=d;
648         if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
649                 {
650                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
651                 return(0);
652                 }
653
654         ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
655         RSA_free(rsa);
656         return(ret);
657         }
658 #endif /* !NO_RSA */
659
660 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
661         {
662         if (pkey == NULL)
663                 {
664                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
665                 return(0);
666                 }
667         if (!ssl_cert_inst(&ctx->cert))
668                 {
669                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
670                 return(0);
671                 }
672         return(ssl_set_pkey(ctx->cert,pkey));
673         }
674
675 #ifndef NO_STDIO
676 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
677         {
678         int j,ret=0;
679         BIO *in;
680         EVP_PKEY *pkey=NULL;
681
682         in=BIO_new(BIO_s_file_internal());
683         if (in == NULL)
684                 {
685                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
686                 goto end;
687                 }
688
689         if (BIO_read_filename(in,file) <= 0)
690                 {
691                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
692                 goto end;
693                 }
694         if (type == SSL_FILETYPE_PEM)
695                 {
696                 j=ERR_R_PEM_LIB;
697                 pkey=PEM_read_bio_PrivateKey(in,NULL,
698                         ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
699                 }
700         else
701                 {
702                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
703                 goto end;
704                 }
705         if (pkey == NULL)
706                 {
707                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
708                 goto end;
709                 }
710         ret=SSL_CTX_use_PrivateKey(ctx,pkey);
711         EVP_PKEY_free(pkey);
712 end:
713         if (in != NULL) BIO_free(in);
714         return(ret);
715         }
716 #endif
717
718 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
719              long len)
720         {
721         int ret;
722         unsigned char *p;
723         EVP_PKEY *pkey;
724
725         p=d;
726         if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
727                 {
728                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
729                 return(0);
730                 }
731
732         ret=SSL_CTX_use_PrivateKey(ctx,pkey);
733         EVP_PKEY_free(pkey);
734         return(ret);
735         }
736
737
738 #ifndef NO_STDIO
739 /* Read a file that contains our certificate in "PEM" format,
740  * possibly followed by a sequence of CA certificates that should be
741  * sent to the peer in the Certificate message.
742  */
743 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
744         {
745         BIO *in;
746         int ret=0;
747         X509 *x=NULL;
748
749         in=BIO_new(BIO_s_file_internal());
750         if (in == NULL)
751                 {
752                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
753                 goto end;
754                 }
755
756         if (BIO_read_filename(in,file) <= 0)
757                 {
758                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
759                 goto end;
760                 }
761
762         x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
763         if (x == NULL)
764                 {
765                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
766                 goto end;
767                 }
768
769         ret=SSL_CTX_use_certificate(ctx,x);
770         if (ERR_peek_error() != 0)
771                 ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
772         if (ret)
773                 {
774                 /* If we could set up our certificate, now proceed to
775                  * the CA certificates.
776                  */
777                 X509 *ca;
778                 int r;
779                 unsigned long err;
780                 
781                 if (ctx->extra_certs != NULL) 
782                         {
783                         sk_X509_pop_free(ctx->extra_certs, X509_free);
784                         ctx->extra_certs = NULL;
785                         }
786
787                 while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
788                         != NULL)
789                         {
790                         r = SSL_CTX_add_extra_chain_cert(ctx, ca);
791                         if (!r) 
792                                 {
793                                 X509_free(ca);
794                                 ret = 0;
795                                 goto end;
796                                 }
797                         /* Note that we must not free r if it was successfully
798                          * added to the chain (while we must free the main
799                          * certificate, since its reference count is increased
800                          * by SSL_CTX_use_certificate). */
801                         }
802                 /* When the while loop ends, it's usually just EOF. */
803                 err = ERR_peek_error();
804                 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
805                         (void) ERR_get_error();
806                 else 
807                         ret = 0; /* some real error */
808                 }
809
810 end:
811         if (x != NULL) X509_free(x);
812         if (in != NULL) BIO_free(in);
813         return(ret);
814         }
815 #endif