-Wall implies -Wuninitialized.
[openssl.git] / ssl / ssl_rsa.c
1 /* ssl/ssl_rsa.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include "bio.h"
61 #include "objects.h"
62 #include "evp.h"
63 #include "x509.h"
64 #include "pem.h"
65 #include "ssl_locl.h"
66
67 #ifndef NOPROTO
68 static int ssl_set_cert(CERT *c, X509 *x509);
69 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
70 #else
71 static int ssl_set_cert();
72 static int ssl_set_pkey();
73 #endif
74
75 int SSL_use_certificate(SSL *ssl, X509 *x)
76         {
77         if (x == NULL)
78                 {
79                 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
80                 return(0);
81                 }
82         if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) 
83                 {
84                 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
85                 return(0);
86                 }
87         return(ssl_set_cert(ssl->cert,x));
88         }
89
90 #ifndef NO_STDIO
91 int SSL_use_certificate_file(SSL *ssl, char *file, int type)
92         {
93         int j;
94         BIO *in;
95         int ret=0;
96         X509 *x=NULL;
97
98         in=BIO_new(BIO_s_file_internal());
99         if (in == NULL)
100                 {
101                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
102                 goto end;
103                 }
104
105         if (BIO_read_filename(in,file) <= 0)
106                 {
107                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
108                 goto end;
109                 }
110         if (type == SSL_FILETYPE_ASN1)
111                 {
112                 j=ERR_R_ASN1_LIB;
113                 x=d2i_X509_bio(in,NULL);
114                 }
115         else if (type == SSL_FILETYPE_PEM)
116                 {
117                 j=ERR_R_PEM_LIB;
118                 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback);
119                 }
120         else
121                 {
122                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
123                 goto end;
124                 }
125
126         if (x == NULL)
127                 {
128                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
129                 goto end;
130                 }
131
132         ret=SSL_use_certificate(ssl,x);
133 end:
134         if (x != NULL) X509_free(x);
135         if (in != NULL) BIO_free(in);
136         return(ret);
137         }
138 #endif
139
140 int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
141         {
142         X509 *x;
143         int ret;
144
145         x=d2i_X509(NULL,&d,(long)len);
146         if (x == NULL)
147                 {
148                 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
149                 return(0);
150                 }
151
152         ret=SSL_use_certificate(ssl,x);
153         X509_free(x);
154         return(ret);
155         }
156
157 #ifndef NO_RSA
158 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
159         {
160         EVP_PKEY *pkey;
161         int ret;
162
163         if (rsa == NULL)
164                 {
165                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
166                 return(0);
167                 }
168         if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) 
169                 {
170                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
171                 return(0);
172                 }
173         if ((pkey=EVP_PKEY_new()) == NULL)
174                 {
175                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
176                 return(0);
177                 }
178
179         CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
180         EVP_PKEY_assign_RSA(pkey,rsa);
181
182         ret=ssl_set_pkey(ssl->cert,pkey);
183         EVP_PKEY_free(pkey);
184         return(ret);
185         }
186 #endif
187
188 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
189         {
190         int i,ok=0,bad=0;
191
192         i=ssl_cert_type(NULL,pkey);
193         if (i < 0)
194                 {
195                 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
196                 return(0);
197                 }
198
199         if (c->pkeys[i].x509 != NULL)
200                 {
201                 EVP_PKEY *pktmp;
202                 pktmp = X509_get_pubkey(c->pkeys[i].x509);
203                 EVP_PKEY_copy_parameters(pktmp,pkey);
204                 EVP_PKEY_free(pktmp);
205                 ERR_clear_error();
206
207 #ifndef NO_RSA
208                 /* Don't check the public/private key, this is mostly
209                  * for smart cards. */
210                 if ((pkey->type == EVP_PKEY_RSA) &&
211                         (RSA_flags(pkey->pkey.rsa) &
212                          RSA_METHOD_FLAG_NO_CHECK))
213                          ok=1;
214                 else
215 #endif
216                         if (!X509_check_private_key(c->pkeys[i].x509,pkey))
217                         {
218                         if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
219                                 {
220                                 i=(i == SSL_PKEY_DH_RSA)?
221                                         SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
222
223                                 if (c->pkeys[i].x509 == NULL)
224                                         ok=1;
225                                 else
226                                         {
227                                         if (!X509_check_private_key(
228                                                 c->pkeys[i].x509,pkey))
229                                                 bad=1;
230                                         else
231                                                 ok=1;
232                                         }
233                                 }
234                         else
235                                 bad=1;
236                         }
237                 else
238                         ok=1;
239                 }
240         else
241                 ok=1;
242
243         if (bad)
244                 {
245                 X509_free(c->pkeys[i].x509);
246                 c->pkeys[i].x509=NULL;
247                 return(0);
248                 }
249
250         if (c->pkeys[i].privatekey != NULL)
251                 EVP_PKEY_free(c->pkeys[i].privatekey);
252         CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
253         c->pkeys[i].privatekey=pkey;
254         c->key= &(c->pkeys[i]);
255
256         c->valid=0;
257         return(1);
258         }
259
260 #ifndef NO_RSA
261 #ifndef NO_STDIO
262 int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type)
263         {
264         int j,ret=0;
265         BIO *in;
266         RSA *rsa=NULL;
267
268         in=BIO_new(BIO_s_file_internal());
269         if (in == NULL)
270                 {
271                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
272                 goto end;
273                 }
274
275         if (BIO_read_filename(in,file) <= 0)
276                 {
277                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
278                 goto end;
279                 }
280         if      (type == SSL_FILETYPE_ASN1)
281                 {
282                 j=ERR_R_ASN1_LIB;
283                 rsa=d2i_RSAPrivateKey_bio(in,NULL);
284                 }
285         else if (type == SSL_FILETYPE_PEM)
286                 {
287                 j=ERR_R_PEM_LIB;
288                 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
289                         ssl->ctx->default_passwd_callback);
290                 }
291         else
292                 {
293                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
294                 goto end;
295                 }
296         if (rsa == NULL)
297                 {
298                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
299                 goto end;
300                 }
301         ret=SSL_use_RSAPrivateKey(ssl,rsa);
302         RSA_free(rsa);
303 end:
304         if (in != NULL) BIO_free(in);
305         return(ret);
306         }
307 #endif
308
309 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
310         {
311         int ret;
312         unsigned char *p;
313         RSA *rsa;
314
315         p=d;
316         if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
317                 {
318                 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
319                 return(0);
320                 }
321
322         ret=SSL_use_RSAPrivateKey(ssl,rsa);
323         RSA_free(rsa);
324         return(ret);
325         }
326 #endif /* !NO_RSA */
327
328 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
329         {
330         int ret;
331
332         if (pkey == NULL)
333                 {
334                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
335                 return(0);
336                 }
337         if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) 
338                 {
339                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
340                 return(0);
341                 }
342         ret=ssl_set_pkey(ssl->cert,pkey);
343         return(ret);
344         }
345
346 #ifndef NO_STDIO
347 int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type)
348         {
349         int j,ret=0;
350         BIO *in;
351         EVP_PKEY *pkey=NULL;
352
353         in=BIO_new(BIO_s_file_internal());
354         if (in == NULL)
355                 {
356                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
357                 goto end;
358                 }
359
360         if (BIO_read_filename(in,file) <= 0)
361                 {
362                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
363                 goto end;
364                 }
365         if (type == SSL_FILETYPE_PEM)
366                 {
367                 j=ERR_R_PEM_LIB;
368                 pkey=PEM_read_bio_PrivateKey(in,NULL,
369                         ssl->ctx->default_passwd_callback);
370                 }
371         else
372                 {
373                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
374                 goto end;
375                 }
376         if (pkey == NULL)
377                 {
378                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
379                 goto end;
380                 }
381         ret=SSL_use_PrivateKey(ssl,pkey);
382         EVP_PKEY_free(pkey);
383 end:
384         if (in != NULL) BIO_free(in);
385         return(ret);
386         }
387 #endif
388
389 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
390         {
391         int ret;
392         unsigned char *p;
393         EVP_PKEY *pkey;
394
395         p=d;
396         if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
397                 {
398                 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
399                 return(0);
400                 }
401
402         ret=SSL_use_PrivateKey(ssl,pkey);
403         EVP_PKEY_free(pkey);
404         return(ret);
405         }
406
407 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
408         {
409         if (x == NULL)
410                 {
411                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
412                 return(0);
413                 }
414         if (!ssl_cert_instantiate(&ctx->default_cert, NULL))
415                 {
416                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
417                 return(0);
418                 }
419         return(ssl_set_cert(ctx->default_cert,x));
420         }
421
422 static int ssl_set_cert(CERT *c, X509 *x)
423         {
424         EVP_PKEY *pkey;
425         int i,ok=0,bad=0;
426
427         pkey=X509_get_pubkey(x);
428         if (pkey == NULL)
429                 {
430                 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
431                 return(0);
432                 }
433
434         i=ssl_cert_type(x,pkey);
435         if (i < 0)
436                 {
437                 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
438                 EVP_PKEY_free(pkey);
439                 return(0);
440                 }
441
442         if (c->pkeys[i].privatekey != NULL)
443                 {
444                 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
445                 ERR_clear_error();
446
447 #ifndef NO_RSA
448                 /* Don't check the public/private key, this is mostly
449                  * for smart cards. */
450                 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
451                         (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
452                          RSA_METHOD_FLAG_NO_CHECK))
453                          ok=1;
454                 else
455 #endif
456                 {
457                 if (!X509_check_private_key(x,c->pkeys[i].privatekey))
458                         {
459                         if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
460                                 {
461                                 i=(i == SSL_PKEY_DH_RSA)?
462                                         SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
463
464                                 if (c->pkeys[i].privatekey == NULL)
465                                         ok=1;
466                                 else
467                                         {
468                                         if (!X509_check_private_key(x,
469                                                 c->pkeys[i].privatekey))
470                                                 bad=1;
471                                         else
472                                                 ok=1;
473                                         }
474                                 }
475                         else
476                                 bad=1;
477                         }
478                 else
479                         ok=1;
480                 } /* NO_RSA */
481                 }
482         else
483                 ok=1;
484
485         EVP_PKEY_free(pkey);
486         if (bad)
487                 {
488                 EVP_PKEY_free(c->pkeys[i].privatekey);
489                 c->pkeys[i].privatekey=NULL;
490                 }
491
492         if (c->pkeys[i].x509 != NULL)
493                 X509_free(c->pkeys[i].x509);
494         CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
495         c->pkeys[i].x509=x;
496         c->key= &(c->pkeys[i]);
497
498         c->valid=0;
499         return(1);
500         }
501
502 #ifndef NO_STDIO
503 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type)
504         {
505         int j;
506         BIO *in;
507         int ret=0;
508         X509 *x=NULL;
509
510         in=BIO_new(BIO_s_file_internal());
511         if (in == NULL)
512                 {
513                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
514                 goto end;
515                 }
516
517         if (BIO_read_filename(in,file) <= 0)
518                 {
519                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
520                 goto end;
521                 }
522         if (type == SSL_FILETYPE_ASN1)
523                 {
524                 j=ERR_R_ASN1_LIB;
525                 x=d2i_X509_bio(in,NULL);
526                 }
527         else if (type == SSL_FILETYPE_PEM)
528                 {
529                 j=ERR_R_PEM_LIB;
530                 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback);
531                 }
532         else
533                 {
534                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
535                 goto end;
536                 }
537
538         if (x == NULL)
539                 {
540                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
541                 goto end;
542                 }
543
544         ret=SSL_CTX_use_certificate(ctx,x);
545 end:
546         if (x != NULL) X509_free(x);
547         if (in != NULL) BIO_free(in);
548         return(ret);
549         }
550 #endif
551
552 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
553         {
554         X509 *x;
555         int ret;
556
557         x=d2i_X509(NULL,&d,(long)len);
558         if (x == NULL)
559                 {
560                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
561                 return(0);
562                 }
563
564         ret=SSL_CTX_use_certificate(ctx,x);
565         X509_free(x);
566         return(ret);
567         }
568
569 #ifndef NO_RSA
570 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
571         {
572         int ret;
573         EVP_PKEY *pkey;
574
575         if (rsa == NULL)
576                 {
577                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
578                 return(0);
579                 }
580         if (!ssl_cert_instantiate(&ctx->default_cert, NULL))
581                 {
582                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
583                 return(0);
584                 }
585         if ((pkey=EVP_PKEY_new()) == NULL)
586                 {
587                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
588                 return(0);
589                 }
590
591         CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
592         EVP_PKEY_assign_RSA(pkey,rsa);
593
594         ret=ssl_set_pkey(ctx->default_cert,pkey);
595         EVP_PKEY_free(pkey);
596         return(ret);
597         }
598
599 #ifndef NO_STDIO
600 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type)
601         {
602         int j,ret=0;
603         BIO *in;
604         RSA *rsa=NULL;
605
606         in=BIO_new(BIO_s_file_internal());
607         if (in == NULL)
608                 {
609                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
610                 goto end;
611                 }
612
613         if (BIO_read_filename(in,file) <= 0)
614                 {
615                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
616                 goto end;
617                 }
618         if      (type == SSL_FILETYPE_ASN1)
619                 {
620                 j=ERR_R_ASN1_LIB;
621                 rsa=d2i_RSAPrivateKey_bio(in,NULL);
622                 }
623         else if (type == SSL_FILETYPE_PEM)
624                 {
625                 j=ERR_R_PEM_LIB;
626                 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
627                         ctx->default_passwd_callback);
628                 }
629         else
630                 {
631                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
632                 goto end;
633                 }
634         if (rsa == NULL)
635                 {
636                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
637                 goto end;
638                 }
639         ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
640         RSA_free(rsa);
641 end:
642         if (in != NULL) BIO_free(in);
643         return(ret);
644         }
645 #endif
646
647 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
648         {
649         int ret;
650         unsigned char *p;
651         RSA *rsa;
652
653         p=d;
654         if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
655                 {
656                 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
657                 return(0);
658                 }
659
660         ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
661         RSA_free(rsa);
662         return(ret);
663         }
664 #endif /* !NO_RSA */
665
666 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
667         {
668         if (pkey == NULL)
669                 {
670                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
671                 return(0);
672                 }
673         if (!ssl_cert_instantiate(&ctx->default_cert, NULL))
674                 {
675                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
676                 return(0);
677                 }
678         return(ssl_set_pkey(ctx->default_cert,pkey));
679         }
680
681 #ifndef NO_STDIO
682 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type)
683         {
684         int j,ret=0;
685         BIO *in;
686         EVP_PKEY *pkey=NULL;
687
688         in=BIO_new(BIO_s_file_internal());
689         if (in == NULL)
690                 {
691                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
692                 goto end;
693                 }
694
695         if (BIO_read_filename(in,file) <= 0)
696                 {
697                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
698                 goto end;
699                 }
700         if (type == SSL_FILETYPE_PEM)
701                 {
702                 j=ERR_R_PEM_LIB;
703                 pkey=PEM_read_bio_PrivateKey(in,NULL,
704                         ctx->default_passwd_callback);
705                 }
706         else
707                 {
708                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
709                 goto end;
710                 }
711         if (pkey == NULL)
712                 {
713                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
714                 goto end;
715                 }
716         ret=SSL_CTX_use_PrivateKey(ctx,pkey);
717         EVP_PKEY_free(pkey);
718 end:
719         if (in != NULL) BIO_free(in);
720         return(ret);
721         }
722 #endif
723
724 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
725              long len)
726         {
727         int ret;
728         unsigned char *p;
729         EVP_PKEY *pkey;
730
731         p=d;
732         if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
733                 {
734                 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
735                 return(0);
736                 }
737
738         ret=SSL_CTX_use_PrivateKey(ctx,pkey);
739         EVP_PKEY_free(pkey);
740         return(ret);
741         }
742
743