summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorguenther <>2014-06-22 19:09:37 +0000
committerguenther <>2014-06-22 19:09:37 +0000
commit26c04e45e4a4fe29f02fdd9853562b4237b2139f (patch)
tree55e7a318a61f732bbf05125f39b18994e206d9cd
parentcb803576289954e210dc3fc384c71ceaad77666e (diff)
downloadopenbsd-26c04e45e4a4fe29f02fdd9853562b4237b2139f.tar.gz
openbsd-26c04e45e4a4fe29f02fdd9853562b4237b2139f.tar.bz2
openbsd-26c04e45e4a4fe29f02fdd9853562b4237b2139f.zip
KNF, particularly wrapped lines of calls to PEM_read_bio_FOO() and
multiline comments ok jsing@
Diffstat
-rw-r--r--src/lib/libssl/src/ssl/ssl_rsa.c68
-rw-r--r--src/lib/libssl/ssl_rsa.c68
2 files changed, 88 insertions, 48 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_rsa.c b/src/lib/libssl/src/ssl/ssl_rsa.c
index 10276a4b2d..c1d24cad52 100644
--- a/src/lib/libssl/src/ssl/ssl_rsa.c
+++ b/src/lib/libssl/src/ssl/ssl_rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_rsa.c,v 1.14 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_rsa.c,v 1.15 2014/06/22 19:09:37 guenther Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -103,7 +103,9 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type)
103 x = d2i_X509_bio(in, NULL); 103 x = d2i_X509_bio(in, NULL);
104 } else if (type == SSL_FILETYPE_PEM) { 104 } else if (type == SSL_FILETYPE_PEM) {
105 j = ERR_R_PEM_LIB; 105 j = ERR_R_PEM_LIB;
106 x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); 106 x = PEM_read_bio_X509(in, NULL,
107 ssl->ctx->default_passwd_callback,
108 ssl->ctx->default_passwd_callback_userdata);
107 } else { 109 } else {
108 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); 110 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
109 goto end; 111 goto end;
@@ -184,8 +186,10 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
184 EVP_PKEY_free(pktmp); 186 EVP_PKEY_free(pktmp);
185 ERR_clear_error(); 187 ERR_clear_error();
186 188
187 /* Don't check the public/private key, this is mostly 189 /*
188 * for smart cards. */ 190 * Don't check the public/private key, this is mostly
191 * for smart cards.
192 */
189 if ((pkey->type == EVP_PKEY_RSA) && 193 if ((pkey->type == EVP_PKEY_RSA) &&
190 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) 194 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
191; 195;
@@ -230,7 +234,8 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
230 } else if (type == SSL_FILETYPE_PEM) { 234 } else if (type == SSL_FILETYPE_PEM) {
231 j = ERR_R_PEM_LIB; 235 j = ERR_R_PEM_LIB;
232 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 236 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
233 ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); 237 ssl->ctx->default_passwd_callback,
238 ssl->ctx->default_passwd_callback_userdata);
234 } else { 239 } else {
235 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 240 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
236 goto end; 241 goto end;
@@ -301,7 +306,8 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
301 if (type == SSL_FILETYPE_PEM) { 306 if (type == SSL_FILETYPE_PEM) {
302 j = ERR_R_PEM_LIB; 307 j = ERR_R_PEM_LIB;
303 pkey = PEM_read_bio_PrivateKey(in, NULL, 308 pkey = PEM_read_bio_PrivateKey(in, NULL,
304 ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); 309 ssl->ctx->default_passwd_callback,
310 ssl->ctx->default_passwd_callback_userdata);
305 } else if (type == SSL_FILETYPE_ASN1) { 311 } else if (type == SSL_FILETYPE_ASN1) {
306 j = ERR_R_ASN1_LIB; 312 j = ERR_R_ASN1_LIB;
307 pkey = d2i_PrivateKey_bio(in, NULL); 313 pkey = d2i_PrivateKey_bio(in, NULL);
@@ -375,18 +381,22 @@ ssl_set_cert(CERT *c, X509 *x)
375 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); 381 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
376 ERR_clear_error(); 382 ERR_clear_error();
377 383
378 /* Don't check the public/private key, this is mostly 384 /*
379 * for smart cards. */ 385 * Don't check the public/private key, this is mostly
386 * for smart cards.
387 */
380 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && 388 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
381 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & 389 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
382 RSA_METHOD_FLAG_NO_CHECK)) 390 RSA_METHOD_FLAG_NO_CHECK))
383; 391;
384 else 392 else
385 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { 393 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
386 /* don't fail for a cert/key mismatch, just free 394 /*
395 * don't fail for a cert/key mismatch, just free
387 * current private key (when switching to a different 396 * current private key (when switching to a different
388 * cert & key, first this function should be used, 397 * cert & key, first this function should be used,
389 * then ssl_set_pkey */ 398 * then ssl_set_pkey
399 */
390 EVP_PKEY_free(c->pkeys[i].privatekey); 400 EVP_PKEY_free(c->pkeys[i].privatekey);
391 c->pkeys[i].privatekey = NULL; 401 c->pkeys[i].privatekey = NULL;
392 /* clear error queue */ 402 /* clear error queue */
@@ -429,7 +439,8 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
429 x = d2i_X509_bio(in, NULL); 439 x = d2i_X509_bio(in, NULL);
430 } else if (type == SSL_FILETYPE_PEM) { 440 } else if (type == SSL_FILETYPE_PEM) {
431 j = ERR_R_PEM_LIB; 441 j = ERR_R_PEM_LIB;
432 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); 442 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
443 ctx->default_passwd_callback_userdata);
433 } else { 444 } else {
434 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); 445 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
435 goto end; 446 goto end;
@@ -515,7 +526,8 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
515 } else if (type == SSL_FILETYPE_PEM) { 526 } else if (type == SSL_FILETYPE_PEM) {
516 j = ERR_R_PEM_LIB; 527 j = ERR_R_PEM_LIB;
517 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 528 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
518 ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); 529 ctx->default_passwd_callback,
530 ctx->default_passwd_callback_userdata);
519 } else { 531 } else {
520 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 532 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
521 goto end; 533 goto end;
@@ -553,7 +565,8 @@ int
553SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 565SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
554{ 566{
555 if (pkey == NULL) { 567 if (pkey == NULL) {
556 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); 568 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,
569 ERR_R_PASSED_NULL_PARAMETER);
557 return (0); 570 return (0);
558 } 571 }
559 if (!ssl_cert_inst(&ctx->cert)) { 572 if (!ssl_cert_inst(&ctx->cert)) {
@@ -583,12 +596,14 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
583 if (type == SSL_FILETYPE_PEM) { 596 if (type == SSL_FILETYPE_PEM) {
584 j = ERR_R_PEM_LIB; 597 j = ERR_R_PEM_LIB;
585 pkey = PEM_read_bio_PrivateKey(in, NULL, 598 pkey = PEM_read_bio_PrivateKey(in, NULL,
586 ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); 599 ctx->default_passwd_callback,
600 ctx->default_passwd_callback_userdata);
587 } else if (type == SSL_FILETYPE_ASN1) { 601 } else if (type == SSL_FILETYPE_ASN1) {
588 j = ERR_R_ASN1_LIB; 602 j = ERR_R_ASN1_LIB;
589 pkey = d2i_PrivateKey_bio(in, NULL); 603 pkey = d2i_PrivateKey_bio(in, NULL);
590 } else { 604 } else {
591 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 605 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,
606 SSL_R_BAD_SSL_FILETYPE);
592 goto end; 607 goto end;
593 } 608 }
594 if (pkey == NULL) { 609 if (pkey == NULL) {
@@ -622,7 +637,8 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
622} 637}
623 638
624 639
625/* Read a file that contains our certificate in "PEM" format, 640/*
641 * Read a file that contains our certificate in "PEM" format,
626 * possibly followed by a sequence of CA certificates that should be 642 * possibly followed by a sequence of CA certificates that should be
627 * sent to the peer in the Certificate message. 643 * sent to the peer in the Certificate message.
628 */ 644 */
@@ -647,7 +663,7 @@ SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
647 } 663 }
648 664
649 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, 665 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
650 ctx->default_passwd_callback_userdata); 666 ctx->default_passwd_callback_userdata);
651 if (x == NULL) { 667 if (x == NULL) {
652 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); 668 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
653 goto end; 669 goto end;
@@ -659,7 +675,8 @@ SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
659 ret = 0; 675 ret = 0;
660 /* Key/certificate mismatch doesn't imply ret==0 ... */ 676 /* Key/certificate mismatch doesn't imply ret==0 ... */
661 if (ret) { 677 if (ret) {
662 /* If we could set up our certificate, now proceed to 678 /*
679 * If we could set up our certificate, now proceed to
663 * the CA certificates. 680 * the CA certificates.
664 */ 681 */
665 X509 *ca; 682 X509 *ca;
@@ -672,23 +689,26 @@ SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
672 } 689 }
673 690
674 while ((ca = PEM_read_bio_X509(in, NULL, 691 while ((ca = PEM_read_bio_X509(in, NULL,
675 ctx->default_passwd_callback, 692 ctx->default_passwd_callback,
676 ctx->default_passwd_callback_userdata)) 693 ctx->default_passwd_callback_userdata)) != NULL) {
677 != NULL) {
678 r = SSL_CTX_add_extra_chain_cert(ctx, ca); 694 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
679 if (!r) { 695 if (!r) {
680 X509_free(ca); 696 X509_free(ca);
681 ret = 0; 697 ret = 0;
682 goto end; 698 goto end;
683 } 699 }
684 /* Note that we must not free r if it was successfully 700 /*
701 * Note that we must not free r if it was successfully
685 * added to the chain (while we must free the main 702 * added to the chain (while we must free the main
686 * certificate, since its reference count is increased 703 * certificate, since its reference count is increased
687 * by SSL_CTX_use_certificate). */ 704 * by SSL_CTX_use_certificate).
705 */
688 } 706 }
707
689 /* When the while loop ends, it's usually just EOF. */ 708 /* When the while loop ends, it's usually just EOF. */
690 err = ERR_peek_last_error(); 709 err = ERR_peek_last_error();
691 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) 710 if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
711 ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
692 ERR_clear_error(); 712 ERR_clear_error();
693 else 713 else
694 ret = 0; /* some real error */ 714 ret = 0; /* some real error */
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 10276a4b2d..c1d24cad52 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_rsa.c,v 1.14 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_rsa.c,v 1.15 2014/06/22 19:09:37 guenther Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -103,7 +103,9 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type)
103 x = d2i_X509_bio(in, NULL); 103 x = d2i_X509_bio(in, NULL);
104 } else if (type == SSL_FILETYPE_PEM) { 104 } else if (type == SSL_FILETYPE_PEM) {
105 j = ERR_R_PEM_LIB; 105 j = ERR_R_PEM_LIB;
106 x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); 106 x = PEM_read_bio_X509(in, NULL,
107 ssl->ctx->default_passwd_callback,
108 ssl->ctx->default_passwd_callback_userdata);
107 } else { 109 } else {
108 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); 110 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
109 goto end; 111 goto end;
@@ -184,8 +186,10 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
184 EVP_PKEY_free(pktmp); 186 EVP_PKEY_free(pktmp);
185 ERR_clear_error(); 187 ERR_clear_error();
186 188
187 /* Don't check the public/private key, this is mostly 189 /*
188 * for smart cards. */ 190 * Don't check the public/private key, this is mostly
191 * for smart cards.
192 */
189 if ((pkey->type == EVP_PKEY_RSA) && 193 if ((pkey->type == EVP_PKEY_RSA) &&
190 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) 194 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
191; 195;
@@ -230,7 +234,8 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
230 } else if (type == SSL_FILETYPE_PEM) { 234 } else if (type == SSL_FILETYPE_PEM) {
231 j = ERR_R_PEM_LIB; 235 j = ERR_R_PEM_LIB;
232 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 236 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
233 ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); 237 ssl->ctx->default_passwd_callback,
238 ssl->ctx->default_passwd_callback_userdata);
234 } else { 239 } else {
235 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 240 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
236 goto end; 241 goto end;
@@ -301,7 +306,8 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
301 if (type == SSL_FILETYPE_PEM) { 306 if (type == SSL_FILETYPE_PEM) {
302 j = ERR_R_PEM_LIB; 307 j = ERR_R_PEM_LIB;
303 pkey = PEM_read_bio_PrivateKey(in, NULL, 308 pkey = PEM_read_bio_PrivateKey(in, NULL,
304 ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); 309 ssl->ctx->default_passwd_callback,
310 ssl->ctx->default_passwd_callback_userdata);
305 } else if (type == SSL_FILETYPE_ASN1) { 311 } else if (type == SSL_FILETYPE_ASN1) {
306 j = ERR_R_ASN1_LIB; 312 j = ERR_R_ASN1_LIB;
307 pkey = d2i_PrivateKey_bio(in, NULL); 313 pkey = d2i_PrivateKey_bio(in, NULL);
@@ -375,18 +381,22 @@ ssl_set_cert(CERT *c, X509 *x)
375 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); 381 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
376 ERR_clear_error(); 382 ERR_clear_error();
377 383
378 /* Don't check the public/private key, this is mostly 384 /*
379 * for smart cards. */ 385 * Don't check the public/private key, this is mostly
386 * for smart cards.
387 */
380 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && 388 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
381 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & 389 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
382 RSA_METHOD_FLAG_NO_CHECK)) 390 RSA_METHOD_FLAG_NO_CHECK))
383; 391;
384 else 392 else
385 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { 393 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
386 /* don't fail for a cert/key mismatch, just free 394 /*
395 * don't fail for a cert/key mismatch, just free
387 * current private key (when switching to a different 396 * current private key (when switching to a different
388 * cert & key, first this function should be used, 397 * cert & key, first this function should be used,
389 * then ssl_set_pkey */ 398 * then ssl_set_pkey
399 */
390 EVP_PKEY_free(c->pkeys[i].privatekey); 400 EVP_PKEY_free(c->pkeys[i].privatekey);
391 c->pkeys[i].privatekey = NULL; 401 c->pkeys[i].privatekey = NULL;
392 /* clear error queue */ 402 /* clear error queue */
@@ -429,7 +439,8 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
429 x = d2i_X509_bio(in, NULL); 439 x = d2i_X509_bio(in, NULL);
430 } else if (type == SSL_FILETYPE_PEM) { 440 } else if (type == SSL_FILETYPE_PEM) {
431 j = ERR_R_PEM_LIB; 441 j = ERR_R_PEM_LIB;
432 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); 442 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
443 ctx->default_passwd_callback_userdata);
433 } else { 444 } else {
434 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); 445 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
435 goto end; 446 goto end;
@@ -515,7 +526,8 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
515 } else if (type == SSL_FILETYPE_PEM) { 526 } else if (type == SSL_FILETYPE_PEM) {
516 j = ERR_R_PEM_LIB; 527 j = ERR_R_PEM_LIB;
517 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 528 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
518 ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); 529 ctx->default_passwd_callback,
530 ctx->default_passwd_callback_userdata);
519 } else { 531 } else {
520 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 532 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
521 goto end; 533 goto end;
@@ -553,7 +565,8 @@ int
553SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 565SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
554{ 566{
555 if (pkey == NULL) { 567 if (pkey == NULL) {
556 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); 568 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,
569 ERR_R_PASSED_NULL_PARAMETER);
557 return (0); 570 return (0);
558 } 571 }
559 if (!ssl_cert_inst(&ctx->cert)) { 572 if (!ssl_cert_inst(&ctx->cert)) {
@@ -583,12 +596,14 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
583 if (type == SSL_FILETYPE_PEM) { 596 if (type == SSL_FILETYPE_PEM) {
584 j = ERR_R_PEM_LIB; 597 j = ERR_R_PEM_LIB;
585 pkey = PEM_read_bio_PrivateKey(in, NULL, 598 pkey = PEM_read_bio_PrivateKey(in, NULL,
586 ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); 599 ctx->default_passwd_callback,
600 ctx->default_passwd_callback_userdata);
587 } else if (type == SSL_FILETYPE_ASN1) { 601 } else if (type == SSL_FILETYPE_ASN1) {
588 j = ERR_R_ASN1_LIB; 602 j = ERR_R_ASN1_LIB;
589 pkey = d2i_PrivateKey_bio(in, NULL); 603 pkey = d2i_PrivateKey_bio(in, NULL);
590 } else { 604 } else {
591 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 605 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,
606 SSL_R_BAD_SSL_FILETYPE);
592 goto end; 607 goto end;
593 } 608 }
594 if (pkey == NULL) { 609 if (pkey == NULL) {
@@ -622,7 +637,8 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
622} 637}
623 638
624 639
625/* Read a file that contains our certificate in "PEM" format, 640/*
641 * Read a file that contains our certificate in "PEM" format,
626 * possibly followed by a sequence of CA certificates that should be 642 * possibly followed by a sequence of CA certificates that should be
627 * sent to the peer in the Certificate message. 643 * sent to the peer in the Certificate message.
628 */ 644 */
@@ -647,7 +663,7 @@ SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
647 } 663 }
648 664
649 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, 665 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
650 ctx->default_passwd_callback_userdata); 666 ctx->default_passwd_callback_userdata);
651 if (x == NULL) { 667 if (x == NULL) {
652 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); 668 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
653 goto end; 669 goto end;
@@ -659,7 +675,8 @@ SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
659 ret = 0; 675 ret = 0;
660 /* Key/certificate mismatch doesn't imply ret==0 ... */ 676 /* Key/certificate mismatch doesn't imply ret==0 ... */
661 if (ret) { 677 if (ret) {
662 /* If we could set up our certificate, now proceed to 678 /*
679 * If we could set up our certificate, now proceed to
663 * the CA certificates. 680 * the CA certificates.
664 */ 681 */
665 X509 *ca; 682 X509 *ca;
@@ -672,23 +689,26 @@ SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
672 } 689 }
673 690
674 while ((ca = PEM_read_bio_X509(in, NULL, 691 while ((ca = PEM_read_bio_X509(in, NULL,
675 ctx->default_passwd_callback, 692 ctx->default_passwd_callback,
676 ctx->default_passwd_callback_userdata)) 693 ctx->default_passwd_callback_userdata)) != NULL) {
677 != NULL) {
678 r = SSL_CTX_add_extra_chain_cert(ctx, ca); 694 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
679 if (!r) { 695 if (!r) {
680 X509_free(ca); 696 X509_free(ca);
681 ret = 0; 697 ret = 0;
682 goto end; 698 goto end;
683 } 699 }
684 /* Note that we must not free r if it was successfully 700 /*
701 * Note that we must not free r if it was successfully
685 * added to the chain (while we must free the main 702 * added to the chain (while we must free the main
686 * certificate, since its reference count is increased 703 * certificate, since its reference count is increased
687 * by SSL_CTX_use_certificate). */ 704 * by SSL_CTX_use_certificate).
705 */
688 } 706 }
707
689 /* When the while loop ends, it's usually just EOF. */ 708 /* When the while loop ends, it's usually just EOF. */
690 err = ERR_peek_last_error(); 709 err = ERR_peek_last_error();
691 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) 710 if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
711 ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
692 ERR_clear_error(); 712 ERR_clear_error();
693 else 713 else
694 ret = 0; /* some real error */ 714 ret = 0; /* some real error */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 13:47:53 +0000