summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_rsa.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 13:10:35 +0000
committerjsing <>2014-04-14 13:10:35 +0000
commitb12a89b75a526f5ae9bbd6bfff6053e21295fd2a (patch)
tree7ee2ebf15684ee99e649ef8b3b2dd289398f6325 /src/lib/libssl/ssl_rsa.c
parentabb7d374248574dba5fd92eb363fdf180c877abc (diff)
downloadopenbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.tar.gz
openbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.tar.bz2
openbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/ssl_rsa.c')
-rw-r--r--src/lib/libssl/ssl_rsa.c882
1 files changed, 416 insertions, 466 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 60e7b66859..078df55f06 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -66,135 +66,126 @@
66 66
67static int ssl_set_cert(CERT *c, X509 *x509); 67static int ssl_set_cert(CERT *c, X509 *x509);
68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); 68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
69int SSL_use_certificate(SSL *ssl, X509 *x) 69int
70 { 70SSL_use_certificate(SSL *ssl, X509 *x)
71 if (x == NULL) 71{
72 { 72 if (x == NULL) {
73 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); 73 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
74 return(0); 74 return (0);
75 } 75 }
76 if (!ssl_cert_inst(&ssl->cert)) 76 if (!ssl_cert_inst(&ssl->cert)) {
77 { 77 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
78 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); 78 return (0);
79 return(0);
80 }
81 return(ssl_set_cert(ssl->cert,x));
82 } 79 }
80 return (ssl_set_cert(ssl->cert, x));
81}
83 82
84#ifndef OPENSSL_NO_STDIO 83#ifndef OPENSSL_NO_STDIO
85int SSL_use_certificate_file(SSL *ssl, const char *file, int type) 84int
86 { 85SSL_use_certificate_file(SSL *ssl, const char *file, int type)
86{
87 int j; 87 int j;
88 BIO *in; 88 BIO *in;
89 int ret=0; 89 int ret = 0;
90 X509 *x=NULL; 90 X509 *x = NULL;
91 91
92 in=BIO_new(BIO_s_file_internal()); 92 in = BIO_new(BIO_s_file_internal());
93 if (in == NULL) 93 if (in == NULL) {
94 { 94 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
95 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
96 goto end; 95 goto end;
97 } 96 }
98 97
99 if (BIO_read_filename(in,file) <= 0) 98 if (BIO_read_filename(in, file) <= 0) {
100 { 99 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
101 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
102 goto end; 100 goto end;
103 } 101 }
104 if (type == SSL_FILETYPE_ASN1) 102 if (type == SSL_FILETYPE_ASN1) {
105 { 103 j = ERR_R_ASN1_LIB;
106 j=ERR_R_ASN1_LIB; 104 x = d2i_X509_bio(in, NULL);
107 x=d2i_X509_bio(in,NULL); 105 } else if (type == SSL_FILETYPE_PEM) {
108 } 106 j = ERR_R_PEM_LIB;
109 else if (type == SSL_FILETYPE_PEM) 107 x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
110 { 108 } else {
111 j=ERR_R_PEM_LIB; 109 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
112 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
113 }
114 else
115 {
116 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
117 goto end; 110 goto end;
118 } 111 }
119 112
120 if (x == NULL) 113 if (x == NULL) {
121 { 114 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
122 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
123 goto end; 115 goto end;
124 } 116 }
125 117
126 ret=SSL_use_certificate(ssl,x); 118 ret = SSL_use_certificate(ssl, x);
127end: 119end:
128 if (x != NULL) X509_free(x); 120 if (x != NULL)
129 if (in != NULL) BIO_free(in); 121 X509_free(x);
130 return(ret); 122 if (in != NULL)
131 } 123 BIO_free(in);
124 return (ret);
125}
132#endif 126#endif
133 127
134int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) 128int
135 { 129SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
130{
136 X509 *x; 131 X509 *x;
137 int ret; 132 int ret;
138 133
139 x=d2i_X509(NULL,&d,(long)len); 134 x = d2i_X509(NULL, &d,(long)len);
140 if (x == NULL) 135 if (x == NULL) {
141 { 136 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
142 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); 137 return (0);
143 return(0); 138 }
144 }
145 139
146 ret=SSL_use_certificate(ssl,x); 140 ret = SSL_use_certificate(ssl, x);
147 X509_free(x); 141 X509_free(x);
148 return(ret); 142 return (ret);
149 } 143}
150 144
151#ifndef OPENSSL_NO_RSA 145#ifndef OPENSSL_NO_RSA
152int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) 146int
153 { 147SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
148{
154 EVP_PKEY *pkey; 149 EVP_PKEY *pkey;
155 int ret; 150 int ret;
156 151
157 if (rsa == NULL) 152 if (rsa == NULL) {
158 { 153 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 154 return (0);
160 return(0); 155 }
161 } 156 if (!ssl_cert_inst(&ssl->cert)) {
162 if (!ssl_cert_inst(&ssl->cert)) 157 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
163 { 158 return (0);
164 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); 159 }
165 return(0); 160 if ((pkey = EVP_PKEY_new()) == NULL) {
166 } 161 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
167 if ((pkey=EVP_PKEY_new()) == NULL) 162 return (0);
168 { 163 }
169 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
170 return(0);
171 }
172 164
173 RSA_up_ref(rsa); 165 RSA_up_ref(rsa);
174 EVP_PKEY_assign_RSA(pkey,rsa); 166 EVP_PKEY_assign_RSA(pkey, rsa);
175 167
176 ret=ssl_set_pkey(ssl->cert,pkey); 168 ret = ssl_set_pkey(ssl->cert, pkey);
177 EVP_PKEY_free(pkey); 169 EVP_PKEY_free(pkey);
178 return(ret); 170 return (ret);
179 } 171}
180#endif 172#endif
181 173
182static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) 174static int
183 { 175ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
176{
184 int i; 177 int i;
185 178
186 i=ssl_cert_type(NULL,pkey); 179 i = ssl_cert_type(NULL, pkey);
187 if (i < 0) 180 if (i < 0) {
188 { 181 SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
189 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); 182 return (0);
190 return(0); 183 }
191 }
192 184
193 if (c->pkeys[i].x509 != NULL) 185 if (c->pkeys[i].x509 != NULL) {
194 {
195 EVP_PKEY *pktmp; 186 EVP_PKEY *pktmp;
196 pktmp = X509_get_pubkey(c->pkeys[i].x509); 187 pktmp = X509_get_pubkey(c->pkeys[i].x509);
197 EVP_PKEY_copy_parameters(pktmp,pkey); 188 EVP_PKEY_copy_parameters(pktmp, pkey);
198 EVP_PKEY_free(pktmp); 189 EVP_PKEY_free(pktmp);
199 ERR_clear_error(); 190 ERR_clear_error();
200 191
@@ -203,217 +194,200 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
203 * for smart cards. */ 194 * for smart cards. */
204 if ((pkey->type == EVP_PKEY_RSA) && 195 if ((pkey->type == EVP_PKEY_RSA) &&
205 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) 196 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
206 ; 197;
207 else 198 else
208#endif 199#endif
209 if (!X509_check_private_key(c->pkeys[i].x509,pkey)) 200 if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
210 {
211 X509_free(c->pkeys[i].x509); 201 X509_free(c->pkeys[i].x509);
212 c->pkeys[i].x509 = NULL; 202 c->pkeys[i].x509 = NULL;
213 return 0; 203 return 0;
214 }
215 } 204 }
205 }
216 206
217 if (c->pkeys[i].privatekey != NULL) 207 if (c->pkeys[i].privatekey != NULL)
218 EVP_PKEY_free(c->pkeys[i].privatekey); 208 EVP_PKEY_free(c->pkeys[i].privatekey);
219 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 209 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
220 c->pkeys[i].privatekey=pkey; 210 c->pkeys[i].privatekey = pkey;
221 c->key= &(c->pkeys[i]); 211 c->key = &(c->pkeys[i]);
222 212
223 c->valid=0; 213 c->valid = 0;
224 return(1); 214 return (1);
225 } 215}
226 216
227#ifndef OPENSSL_NO_RSA 217#ifndef OPENSSL_NO_RSA
228#ifndef OPENSSL_NO_STDIO 218#ifndef OPENSSL_NO_STDIO
229int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) 219int
230 { 220SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
231 int j,ret=0; 221{
222 int j, ret = 0;
232 BIO *in; 223 BIO *in;
233 RSA *rsa=NULL; 224 RSA *rsa = NULL;
234 225
235 in=BIO_new(BIO_s_file_internal()); 226 in = BIO_new(BIO_s_file_internal());
236 if (in == NULL) 227 if (in == NULL) {
237 { 228 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
238 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
239 goto end; 229 goto end;
240 } 230 }
241 231
242 if (BIO_read_filename(in,file) <= 0) 232 if (BIO_read_filename(in, file) <= 0) {
243 { 233 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
244 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
245 goto end; 234 goto end;
246 } 235 }
247 if (type == SSL_FILETYPE_ASN1) 236 if (type == SSL_FILETYPE_ASN1) {
248 { 237 j = ERR_R_ASN1_LIB;
249 j=ERR_R_ASN1_LIB; 238 rsa = d2i_RSAPrivateKey_bio(in, NULL);
250 rsa=d2i_RSAPrivateKey_bio(in,NULL); 239 } else if (type == SSL_FILETYPE_PEM) {
251 } 240 j = ERR_R_PEM_LIB;
252 else if (type == SSL_FILETYPE_PEM) 241 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
253 { 242 ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
254 j=ERR_R_PEM_LIB; 243 } else {
255 rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 244 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
256 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
257 }
258 else
259 {
260 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
261 goto end; 245 goto end;
262 } 246 }
263 if (rsa == NULL) 247 if (rsa == NULL) {
264 { 248 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
265 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
266 goto end; 249 goto end;
267 } 250 }
268 ret=SSL_use_RSAPrivateKey(ssl,rsa); 251 ret = SSL_use_RSAPrivateKey(ssl, rsa);
269 RSA_free(rsa); 252 RSA_free(rsa);
270end: 253end:
271 if (in != NULL) BIO_free(in); 254 if (in != NULL)
272 return(ret); 255 BIO_free(in);
273 } 256 return (ret);
257}
274#endif 258#endif
275 259
276int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) 260int
277 { 261SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
262{
278 int ret; 263 int ret;
279 const unsigned char *p; 264 const unsigned char *p;
280 RSA *rsa; 265 RSA *rsa;
281 266
282 p=d; 267 p = d;
283 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) 268 if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
284 { 269 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
285 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 270 return (0);
286 return(0); 271 }
287 }
288 272
289 ret=SSL_use_RSAPrivateKey(ssl,rsa); 273 ret = SSL_use_RSAPrivateKey(ssl, rsa);
290 RSA_free(rsa); 274 RSA_free(rsa);
291 return(ret); 275 return (ret);
292 } 276}
293#endif /* !OPENSSL_NO_RSA */ 277#endif /* !OPENSSL_NO_RSA */
294 278
295int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) 279int
296 { 280SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
281{
297 int ret; 282 int ret;
298 283
299 if (pkey == NULL) 284 if (pkey == NULL) {
300 { 285 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
301 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 286 return (0);
302 return(0); 287 }
303 } 288 if (!ssl_cert_inst(&ssl->cert)) {
304 if (!ssl_cert_inst(&ssl->cert)) 289 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
305 { 290 return (0);
306 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
307 return(0);
308 }
309 ret=ssl_set_pkey(ssl->cert,pkey);
310 return(ret);
311 } 291 }
292 ret = ssl_set_pkey(ssl->cert, pkey);
293 return (ret);
294}
312 295
313#ifndef OPENSSL_NO_STDIO 296#ifndef OPENSSL_NO_STDIO
314int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) 297int
315 { 298SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
316 int j,ret=0; 299{
300 int j, ret = 0;
317 BIO *in; 301 BIO *in;
318 EVP_PKEY *pkey=NULL; 302 EVP_PKEY *pkey = NULL;
319 303
320 in=BIO_new(BIO_s_file_internal()); 304 in = BIO_new(BIO_s_file_internal());
321 if (in == NULL) 305 if (in == NULL) {
322 { 306 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
323 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
324 goto end; 307 goto end;
325 } 308 }
326 309
327 if (BIO_read_filename(in,file) <= 0) 310 if (BIO_read_filename(in, file) <= 0) {
328 { 311 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
329 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
330 goto end; 312 goto end;
331 } 313 }
332 if (type == SSL_FILETYPE_PEM) 314 if (type == SSL_FILETYPE_PEM) {
333 { 315 j = ERR_R_PEM_LIB;
334 j=ERR_R_PEM_LIB; 316 pkey = PEM_read_bio_PrivateKey(in, NULL,
335 pkey=PEM_read_bio_PrivateKey(in,NULL, 317 ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
336 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); 318 } else if (type == SSL_FILETYPE_ASN1) {
337 }
338 else if (type == SSL_FILETYPE_ASN1)
339 {
340 j = ERR_R_ASN1_LIB; 319 j = ERR_R_ASN1_LIB;
341 pkey = d2i_PrivateKey_bio(in,NULL); 320 pkey = d2i_PrivateKey_bio(in, NULL);
342 } 321 } else {
343 else 322 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
344 {
345 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
346 goto end; 323 goto end;
347 } 324 }
348 if (pkey == NULL) 325 if (pkey == NULL) {
349 { 326 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
350 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
351 goto end; 327 goto end;
352 } 328 }
353 ret=SSL_use_PrivateKey(ssl,pkey); 329 ret = SSL_use_PrivateKey(ssl, pkey);
354 EVP_PKEY_free(pkey); 330 EVP_PKEY_free(pkey);
355end: 331end:
356 if (in != NULL) BIO_free(in); 332 if (in != NULL)
357 return(ret); 333 BIO_free(in);
358 } 334 return (ret);
335}
359#endif 336#endif
360 337
361int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) 338int
362 { 339SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
340{
363 int ret; 341 int ret;
364 const unsigned char *p; 342 const unsigned char *p;
365 EVP_PKEY *pkey; 343 EVP_PKEY *pkey;
366 344
367 p=d; 345 p = d;
368 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) 346 if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
369 { 347 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
370 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 348 return (0);
371 return(0); 349 }
372 }
373 350
374 ret=SSL_use_PrivateKey(ssl,pkey); 351 ret = SSL_use_PrivateKey(ssl, pkey);
375 EVP_PKEY_free(pkey); 352 EVP_PKEY_free(pkey);
376 return(ret); 353 return (ret);
354}
355
356int
357SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
358{
359 if (x == NULL) {
360 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
361 return (0);
377 } 362 }
378 363 if (!ssl_cert_inst(&ctx->cert)) {
379int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) 364 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
380 { 365 return (0);
381 if (x == NULL)
382 {
383 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
384 return(0);
385 }
386 if (!ssl_cert_inst(&ctx->cert))
387 {
388 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
389 return(0);
390 }
391 return(ssl_set_cert(ctx->cert, x));
392 } 366 }
367 return (ssl_set_cert(ctx->cert, x));
368}
393 369
394static int ssl_set_cert(CERT *c, X509 *x) 370static int
395 { 371ssl_set_cert(CERT *c, X509 *x)
372{
396 EVP_PKEY *pkey; 373 EVP_PKEY *pkey;
397 int i; 374 int i;
398 375
399 pkey=X509_get_pubkey(x); 376 pkey = X509_get_pubkey(x);
400 if (pkey == NULL) 377 if (pkey == NULL) {
401 { 378 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
402 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); 379 return (0);
403 return(0); 380 }
404 }
405 381
406 i=ssl_cert_type(x,pkey); 382 i = ssl_cert_type(x, pkey);
407 if (i < 0) 383 if (i < 0) {
408 { 384 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
409 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
410 EVP_PKEY_free(pkey); 385 EVP_PKEY_free(pkey);
411 return(0); 386 return (0);
412 } 387 }
413 388
414 if (c->pkeys[i].privatekey != NULL) 389 if (c->pkeys[i].privatekey != NULL) {
415 { 390 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
416 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
417 ERR_clear_error(); 391 ERR_clear_error();
418 392
419#ifndef OPENSSL_NO_RSA 393#ifndef OPENSSL_NO_RSA
@@ -421,280 +395,259 @@ static int ssl_set_cert(CERT *c, X509 *x)
421 * for smart cards. */ 395 * for smart cards. */
422 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && 396 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
423 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & 397 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
424 RSA_METHOD_FLAG_NO_CHECK)) 398 RSA_METHOD_FLAG_NO_CHECK))
425 ; 399;
426 else 400 else
427#endif /* OPENSSL_NO_RSA */ 401#endif /* OPENSSL_NO_RSA */
428 if (!X509_check_private_key(x,c->pkeys[i].privatekey)) 402 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
429 {
430 /* don't fail for a cert/key mismatch, just free 403 /* don't fail for a cert/key mismatch, just free
431 * current private key (when switching to a different 404 * current private key (when switching to a different
432 * cert & key, first this function should be used, 405 * cert & key, first this function should be used,
433 * then ssl_set_pkey */ 406 * then ssl_set_pkey */
434 EVP_PKEY_free(c->pkeys[i].privatekey); 407 EVP_PKEY_free(c->pkeys[i].privatekey);
435 c->pkeys[i].privatekey=NULL; 408 c->pkeys[i].privatekey = NULL;
436 /* clear error queue */ 409 /* clear error queue */
437 ERR_clear_error(); 410 ERR_clear_error();
438 }
439 } 411 }
412 }
440 413
441 EVP_PKEY_free(pkey); 414 EVP_PKEY_free(pkey);
442 415
443 if (c->pkeys[i].x509 != NULL) 416 if (c->pkeys[i].x509 != NULL)
444 X509_free(c->pkeys[i].x509); 417 X509_free(c->pkeys[i].x509);
445 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 418 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
446 c->pkeys[i].x509=x; 419 c->pkeys[i].x509 = x;
447 c->key= &(c->pkeys[i]); 420 c->key = &(c->pkeys[i]);
448 421
449 c->valid=0; 422 c->valid = 0;
450 return(1); 423 return (1);
451 } 424}
452 425
453#ifndef OPENSSL_NO_STDIO 426#ifndef OPENSSL_NO_STDIO
454int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) 427int
455 { 428SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
429{
456 int j; 430 int j;
457 BIO *in; 431 BIO *in;
458 int ret=0; 432 int ret = 0;
459 X509 *x=NULL; 433 X509 *x = NULL;
460 434
461 in=BIO_new(BIO_s_file_internal()); 435 in = BIO_new(BIO_s_file_internal());
462 if (in == NULL) 436 if (in == NULL) {
463 { 437 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
464 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
465 goto end; 438 goto end;
466 } 439 }
467 440
468 if (BIO_read_filename(in,file) <= 0) 441 if (BIO_read_filename(in, file) <= 0) {
469 { 442 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
470 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
471 goto end; 443 goto end;
472 } 444 }
473 if (type == SSL_FILETYPE_ASN1) 445 if (type == SSL_FILETYPE_ASN1) {
474 { 446 j = ERR_R_ASN1_LIB;
475 j=ERR_R_ASN1_LIB; 447 x = d2i_X509_bio(in, NULL);
476 x=d2i_X509_bio(in,NULL); 448 } else if (type == SSL_FILETYPE_PEM) {
477 } 449 j = ERR_R_PEM_LIB;
478 else if (type == SSL_FILETYPE_PEM) 450 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
479 { 451 } else {
480 j=ERR_R_PEM_LIB; 452 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
481 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
482 }
483 else
484 {
485 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
486 goto end; 453 goto end;
487 } 454 }
488 455
489 if (x == NULL) 456 if (x == NULL) {
490 { 457 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
491 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
492 goto end; 458 goto end;
493 } 459 }
494 460
495 ret=SSL_CTX_use_certificate(ctx,x); 461 ret = SSL_CTX_use_certificate(ctx, x);
496end: 462end:
497 if (x != NULL) X509_free(x); 463 if (x != NULL)
498 if (in != NULL) BIO_free(in); 464 X509_free(x);
499 return(ret); 465 if (in != NULL)
500 } 466 BIO_free(in);
467 return (ret);
468}
501#endif 469#endif
502 470
503int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) 471int
504 { 472SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
473{
505 X509 *x; 474 X509 *x;
506 int ret; 475 int ret;
507 476
508 x=d2i_X509(NULL,&d,(long)len); 477 x = d2i_X509(NULL, &d,(long)len);
509 if (x == NULL) 478 if (x == NULL) {
510 { 479 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
511 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); 480 return (0);
512 return(0); 481 }
513 }
514 482
515 ret=SSL_CTX_use_certificate(ctx,x); 483 ret = SSL_CTX_use_certificate(ctx, x);
516 X509_free(x); 484 X509_free(x);
517 return(ret); 485 return (ret);
518 } 486}
519 487
520#ifndef OPENSSL_NO_RSA 488#ifndef OPENSSL_NO_RSA
521int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) 489int
522 { 490SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
491{
523 int ret; 492 int ret;
524 EVP_PKEY *pkey; 493 EVP_PKEY *pkey;
525 494
526 if (rsa == NULL) 495 if (rsa == NULL) {
527 { 496 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
528 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 497 return (0);
529 return(0); 498 }
530 } 499 if (!ssl_cert_inst(&ctx->cert)) {
531 if (!ssl_cert_inst(&ctx->cert)) 500 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
532 { 501 return (0);
533 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); 502 }
534 return(0); 503 if ((pkey = EVP_PKEY_new()) == NULL) {
535 } 504 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
536 if ((pkey=EVP_PKEY_new()) == NULL) 505 return (0);
537 { 506 }
538 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
539 return(0);
540 }
541 507
542 RSA_up_ref(rsa); 508 RSA_up_ref(rsa);
543 EVP_PKEY_assign_RSA(pkey,rsa); 509 EVP_PKEY_assign_RSA(pkey, rsa);
544 510
545 ret=ssl_set_pkey(ctx->cert, pkey); 511 ret = ssl_set_pkey(ctx->cert, pkey);
546 EVP_PKEY_free(pkey); 512 EVP_PKEY_free(pkey);
547 return(ret); 513 return (ret);
548 } 514}
549 515
550#ifndef OPENSSL_NO_STDIO 516#ifndef OPENSSL_NO_STDIO
551int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) 517int
552 { 518SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
553 int j,ret=0; 519{
520 int j, ret = 0;
554 BIO *in; 521 BIO *in;
555 RSA *rsa=NULL; 522 RSA *rsa = NULL;
556 523
557 in=BIO_new(BIO_s_file_internal()); 524 in = BIO_new(BIO_s_file_internal());
558 if (in == NULL) 525 if (in == NULL) {
559 { 526 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
560 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
561 goto end; 527 goto end;
562 } 528 }
563 529
564 if (BIO_read_filename(in,file) <= 0) 530 if (BIO_read_filename(in, file) <= 0) {
565 { 531 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
566 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
567 goto end; 532 goto end;
568 } 533 }
569 if (type == SSL_FILETYPE_ASN1) 534 if (type == SSL_FILETYPE_ASN1) {
570 { 535 j = ERR_R_ASN1_LIB;
571 j=ERR_R_ASN1_LIB; 536 rsa = d2i_RSAPrivateKey_bio(in, NULL);
572 rsa=d2i_RSAPrivateKey_bio(in,NULL); 537 } else if (type == SSL_FILETYPE_PEM) {
573 } 538 j = ERR_R_PEM_LIB;
574 else if (type == SSL_FILETYPE_PEM) 539 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
575 { 540 ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
576 j=ERR_R_PEM_LIB; 541 } else {
577 rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 542 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
578 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
579 }
580 else
581 {
582 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
583 goto end; 543 goto end;
584 } 544 }
585 if (rsa == NULL) 545 if (rsa == NULL) {
586 { 546 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
587 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
588 goto end; 547 goto end;
589 } 548 }
590 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); 549 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
591 RSA_free(rsa); 550 RSA_free(rsa);
592end: 551end:
593 if (in != NULL) BIO_free(in); 552 if (in != NULL)
594 return(ret); 553 BIO_free(in);
595 } 554 return (ret);
555}
596#endif 556#endif
597 557
598int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) 558int
599 { 559SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
560{
600 int ret; 561 int ret;
601 const unsigned char *p; 562 const unsigned char *p;
602 RSA *rsa; 563 RSA *rsa;
603 564
604 p=d; 565 p = d;
605 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) 566 if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
606 { 567 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
607 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 568 return (0);
608 return(0); 569 }
609 }
610 570
611 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); 571 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
612 RSA_free(rsa); 572 RSA_free(rsa);
613 return(ret); 573 return (ret);
614 } 574}
615#endif /* !OPENSSL_NO_RSA */ 575#endif /* !OPENSSL_NO_RSA */
616 576
617int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 577int
618 { 578SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
619 if (pkey == NULL) 579{
620 { 580 if (pkey == NULL) {
621 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 581 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
622 return(0); 582 return (0);
623 }
624 if (!ssl_cert_inst(&ctx->cert))
625 {
626 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
627 return(0);
628 }
629 return(ssl_set_pkey(ctx->cert,pkey));
630 } 583 }
584 if (!ssl_cert_inst(&ctx->cert)) {
585 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
586 return (0);
587 }
588 return (ssl_set_pkey(ctx->cert, pkey));
589}
631 590
632#ifndef OPENSSL_NO_STDIO 591#ifndef OPENSSL_NO_STDIO
633int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) 592int
634 { 593SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
635 int j,ret=0; 594{
595 int j, ret = 0;
636 BIO *in; 596 BIO *in;
637 EVP_PKEY *pkey=NULL; 597 EVP_PKEY *pkey = NULL;
638 598
639 in=BIO_new(BIO_s_file_internal()); 599 in = BIO_new(BIO_s_file_internal());
640 if (in == NULL) 600 if (in == NULL) {
641 { 601 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
642 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
643 goto end; 602 goto end;
644 } 603 }
645 604
646 if (BIO_read_filename(in,file) <= 0) 605 if (BIO_read_filename(in, file) <= 0) {
647 { 606 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
648 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
649 goto end; 607 goto end;
650 } 608 }
651 if (type == SSL_FILETYPE_PEM) 609 if (type == SSL_FILETYPE_PEM) {
652 { 610 j = ERR_R_PEM_LIB;
653 j=ERR_R_PEM_LIB; 611 pkey = PEM_read_bio_PrivateKey(in, NULL,
654 pkey=PEM_read_bio_PrivateKey(in,NULL, 612 ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
655 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 613 } else if (type == SSL_FILETYPE_ASN1) {
656 }
657 else if (type == SSL_FILETYPE_ASN1)
658 {
659 j = ERR_R_ASN1_LIB; 614 j = ERR_R_ASN1_LIB;
660 pkey = d2i_PrivateKey_bio(in,NULL); 615 pkey = d2i_PrivateKey_bio(in, NULL);
661 } 616 } else {
662 else 617 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
663 {
664 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
665 goto end; 618 goto end;
666 } 619 }
667 if (pkey == NULL) 620 if (pkey == NULL) {
668 { 621 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
669 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
670 goto end; 622 goto end;
671 } 623 }
672 ret=SSL_CTX_use_PrivateKey(ctx,pkey); 624 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
673 EVP_PKEY_free(pkey); 625 EVP_PKEY_free(pkey);
674end: 626end:
675 if (in != NULL) BIO_free(in); 627 if (in != NULL)
676 return(ret); 628 BIO_free(in);
677 } 629 return (ret);
630}
678#endif 631#endif
679 632
680int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, 633int
681 long len) 634SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
682 { 635 long len)
636{
683 int ret; 637 int ret;
684 const unsigned char *p; 638 const unsigned char *p;
685 EVP_PKEY *pkey; 639 EVP_PKEY *pkey;
686 640
687 p=d; 641 p = d;
688 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) 642 if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
689 { 643 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
690 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 644 return (0);
691 return(0); 645 }
692 }
693 646
694 ret=SSL_CTX_use_PrivateKey(ctx,pkey); 647 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
695 EVP_PKEY_free(pkey); 648 EVP_PKEY_free(pkey);
696 return(ret); 649 return (ret);
697 } 650}
698 651
699 652
700#ifndef OPENSSL_NO_STDIO 653#ifndef OPENSSL_NO_STDIO
@@ -702,82 +655,79 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
702 * possibly followed by a sequence of CA certificates that should be 655 * possibly followed by a sequence of CA certificates that should be
703 * sent to the peer in the Certificate message. 656 * sent to the peer in the Certificate message.
704 */ 657 */
705int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) 658int
706 { 659SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
660{
707 BIO *in; 661 BIO *in;
708 int ret=0; 662 int ret = 0;
709 X509 *x=NULL; 663 X509 *x = NULL;
710 664
711 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ 665 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
712 666
713 in = BIO_new(BIO_s_file_internal()); 667 in = BIO_new(BIO_s_file_internal());
714 if (in == NULL) 668 if (in == NULL) {
715 { 669 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
716 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
717 goto end; 670 goto end;
718 } 671 }
719 672
720 if (BIO_read_filename(in,file) <= 0) 673 if (BIO_read_filename(in, file) <= 0) {
721 { 674 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
722 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
723 goto end; 675 goto end;
724 } 676 }
725 677
726 x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback, 678 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
727 ctx->default_passwd_callback_userdata); 679 ctx->default_passwd_callback_userdata);
728 if (x == NULL) 680 if (x == NULL) {
729 { 681 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
730 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
731 goto end; 682 goto end;
732 } 683 }
733 684
734 ret = SSL_CTX_use_certificate(ctx, x); 685 ret = SSL_CTX_use_certificate(ctx, x);
735 686
736 if (ERR_peek_error() != 0) 687 if (ERR_peek_error() != 0)
737 ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ 688 ret = 0;
738 if (ret) 689 /* Key/certificate mismatch doesn't imply ret==0 ... */
739 { 690 if (ret) {
740 /* If we could set up our certificate, now proceed to 691 /* If we could set up our certificate, now proceed to
741 * the CA certificates. 692 * the CA certificates.
742 */ 693 */
743 X509 *ca; 694 X509 *ca;
744 int r; 695 int r;
745 unsigned long err; 696 unsigned long err;
746 697
747 if (ctx->extra_certs != NULL) 698 if (ctx->extra_certs != NULL) {
748 {
749 sk_X509_pop_free(ctx->extra_certs, X509_free); 699 sk_X509_pop_free(ctx->extra_certs, X509_free);
750 ctx->extra_certs = NULL; 700 ctx->extra_certs = NULL;
751 } 701 }
752 702
753 while ((ca = PEM_read_bio_X509(in, NULL, 703 while ((ca = PEM_read_bio_X509(in, NULL,
754 ctx->default_passwd_callback, 704 ctx->default_passwd_callback,
755 ctx->default_passwd_callback_userdata)) 705 ctx->default_passwd_callback_userdata))
756 != NULL) 706 != NULL) {
757 {
758 r = SSL_CTX_add_extra_chain_cert(ctx, ca); 707 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
759 if (!r) 708 if (!r) {
760 {
761 X509_free(ca); 709 X509_free(ca);
762 ret = 0; 710 ret = 0;
763 goto end; 711 goto end;
764 } 712 }
765 /* Note that we must not free r if it was successfully 713 /* Note that we must not free r if it was successfully
766 * added to the chain (while we must free the main 714 * added to the chain (while we must free the main
767 * certificate, since its reference count is increased 715 * certificate, since its reference count is increased
768 * by SSL_CTX_use_certificate). */ 716 * by SSL_CTX_use_certificate). */
769 } 717 }
770 /* When the while loop ends, it's usually just EOF. */ 718 /* When the while loop ends, it's usually just EOF. */
771 err = ERR_peek_last_error(); 719 err = ERR_peek_last_error();
772 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) 720 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
773 ERR_clear_error(); 721 ERR_clear_error();
774 else 722 else
775 ret = 0; /* some real error */ 723 ret = 0; /* some real error */
776 } 724 }
777 725
778end: 726end:
779 if (x != NULL) X509_free(x); 727 if (x != NULL)
780 if (in != NULL) BIO_free(in); 728 X509_free(x);
781 return(ret); 729 if (in != NULL)
782 } 730 BIO_free(in);
731 return (ret);
732}
783#endif 733#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 10:10:22 +0000