summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_rsa.c')
-rw-r--r--src/lib/libssl/ssl_rsa.c882
1 files changed, 416 insertions, 466 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 60e7b66859..078df55f06 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -66,135 +66,126 @@
66 66
67static int ssl_set_cert(CERT *c, X509 *x509); 67static int ssl_set_cert(CERT *c, X509 *x509);
68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); 68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
69int SSL_use_certificate(SSL *ssl, X509 *x) 69int
70 { 70SSL_use_certificate(SSL *ssl, X509 *x)
71 if (x == NULL) 71{
72 { 72 if (x == NULL) {
73 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); 73 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
74 return(0); 74 return (0);
75 } 75 }
76 if (!ssl_cert_inst(&ssl->cert)) 76 if (!ssl_cert_inst(&ssl->cert)) {
77 { 77 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
78 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); 78 return (0);
79 return(0);
80 }
81 return(ssl_set_cert(ssl->cert,x));
82 } 79 }
80 return (ssl_set_cert(ssl->cert, x));
81}
83 82
84#ifndef OPENSSL_NO_STDIO 83#ifndef OPENSSL_NO_STDIO
85int SSL_use_certificate_file(SSL *ssl, const char *file, int type) 84int
86 { 85SSL_use_certificate_file(SSL *ssl, const char *file, int type)
86{
87 int j; 87 int j;
88 BIO *in; 88 BIO *in;
89 int ret=0; 89 int ret = 0;
90 X509 *x=NULL; 90 X509 *x = NULL;
91 91
92 in=BIO_new(BIO_s_file_internal()); 92 in = BIO_new(BIO_s_file_internal());
93 if (in == NULL) 93 if (in == NULL) {
94 { 94 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
95 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
96 goto end; 95 goto end;
97 } 96 }
98 97
99 if (BIO_read_filename(in,file) <= 0) 98 if (BIO_read_filename(in, file) <= 0) {
100 { 99 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
101 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
102 goto end; 100 goto end;
103 } 101 }
104 if (type == SSL_FILETYPE_ASN1) 102 if (type == SSL_FILETYPE_ASN1) {
105 { 103 j = ERR_R_ASN1_LIB;
106 j=ERR_R_ASN1_LIB; 104 x = d2i_X509_bio(in, NULL);
107 x=d2i_X509_bio(in,NULL); 105 } else if (type == SSL_FILETYPE_PEM) {
108 } 106 j = ERR_R_PEM_LIB;
109 else if (type == SSL_FILETYPE_PEM) 107 x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
110 { 108 } else {
111 j=ERR_R_PEM_LIB; 109 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
112 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
113 }
114 else
115 {
116 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
117 goto end; 110 goto end;
118 } 111 }
119 112
120 if (x == NULL) 113 if (x == NULL) {
121 { 114 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
122 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
123 goto end; 115 goto end;
124 } 116 }
125 117
126 ret=SSL_use_certificate(ssl,x); 118 ret = SSL_use_certificate(ssl, x);
127end: 119end:
128 if (x != NULL) X509_free(x); 120 if (x != NULL)
129 if (in != NULL) BIO_free(in); 121 X509_free(x);
130 return(ret); 122 if (in != NULL)
131 } 123 BIO_free(in);
124 return (ret);
125}
132#endif 126#endif
133 127
134int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) 128int
135 { 129SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
130{
136 X509 *x; 131 X509 *x;
137 int ret; 132 int ret;
138 133
139 x=d2i_X509(NULL,&d,(long)len); 134 x = d2i_X509(NULL, &d,(long)len);
140 if (x == NULL) 135 if (x == NULL) {
141 { 136 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
142 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); 137 return (0);
143 return(0); 138 }
144 }
145 139
146 ret=SSL_use_certificate(ssl,x); 140 ret = SSL_use_certificate(ssl, x);
147 X509_free(x); 141 X509_free(x);
148 return(ret); 142 return (ret);
149 } 143}
150 144
151#ifndef OPENSSL_NO_RSA 145#ifndef OPENSSL_NO_RSA
152int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) 146int
153 { 147SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
148{
154 EVP_PKEY *pkey; 149 EVP_PKEY *pkey;
155 int ret; 150 int ret;
156 151
157 if (rsa == NULL) 152 if (rsa == NULL) {
158 { 153 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 154 return (0);
160 return(0); 155 }
161 } 156 if (!ssl_cert_inst(&ssl->cert)) {
162 if (!ssl_cert_inst(&ssl->cert)) 157 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
163 { 158 return (0);
164 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); 159 }
165 return(0); 160 if ((pkey = EVP_PKEY_new()) == NULL) {
166 } 161 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
167 if ((pkey=EVP_PKEY_new()) == NULL) 162 return (0);
168 { 163 }
169 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
170 return(0);
171 }
172 164
173 RSA_up_ref(rsa); 165 RSA_up_ref(rsa);
174 EVP_PKEY_assign_RSA(pkey,rsa); 166 EVP_PKEY_assign_RSA(pkey, rsa);
175 167
176 ret=ssl_set_pkey(ssl->cert,pkey); 168 ret = ssl_set_pkey(ssl->cert, pkey);
177 EVP_PKEY_free(pkey); 169 EVP_PKEY_free(pkey);
178 return(ret); 170 return (ret);
179 } 171}
180#endif 172#endif
181 173
182static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) 174static int
183 { 175ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
176{
184 int i; 177 int i;
185 178
186 i=ssl_cert_type(NULL,pkey); 179 i = ssl_cert_type(NULL, pkey);
187 if (i < 0) 180 if (i < 0) {
188 { 181 SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
189 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); 182 return (0);
190 return(0); 183 }
191 }
192 184
193 if (c->pkeys[i].x509 != NULL) 185 if (c->pkeys[i].x509 != NULL) {
194 {
195 EVP_PKEY *pktmp; 186 EVP_PKEY *pktmp;
196 pktmp = X509_get_pubkey(c->pkeys[i].x509); 187 pktmp = X509_get_pubkey(c->pkeys[i].x509);
197 EVP_PKEY_copy_parameters(pktmp,pkey); 188 EVP_PKEY_copy_parameters(pktmp, pkey);
198 EVP_PKEY_free(pktmp); 189 EVP_PKEY_free(pktmp);
199 ERR_clear_error(); 190 ERR_clear_error();
200 191
@@ -203,217 +194,200 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
203 * for smart cards. */ 194 * for smart cards. */
204 if ((pkey->type == EVP_PKEY_RSA) && 195 if ((pkey->type == EVP_PKEY_RSA) &&
205 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) 196 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
206 ; 197;
207 else 198 else
208#endif 199#endif
209 if (!X509_check_private_key(c->pkeys[i].x509,pkey)) 200 if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
210 {
211 X509_free(c->pkeys[i].x509); 201 X509_free(c->pkeys[i].x509);
212 c->pkeys[i].x509 = NULL; 202 c->pkeys[i].x509 = NULL;
213 return 0; 203 return 0;
214 }
215 } 204 }
205 }
216 206
217 if (c->pkeys[i].privatekey != NULL) 207 if (c->pkeys[i].privatekey != NULL)
218 EVP_PKEY_free(c->pkeys[i].privatekey); 208 EVP_PKEY_free(c->pkeys[i].privatekey);
219 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 209 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
220 c->pkeys[i].privatekey=pkey; 210 c->pkeys[i].privatekey = pkey;
221 c->key= &(c->pkeys[i]); 211 c->key = &(c->pkeys[i]);
222 212
223 c->valid=0; 213 c->valid = 0;
224 return(1); 214 return (1);
225 } 215}
226 216
227#ifndef OPENSSL_NO_RSA 217#ifndef OPENSSL_NO_RSA
228#ifndef OPENSSL_NO_STDIO 218#ifndef OPENSSL_NO_STDIO
229int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) 219int
230 { 220SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
231 int j,ret=0; 221{
222 int j, ret = 0;
232 BIO *in; 223 BIO *in;
233 RSA *rsa=NULL; 224 RSA *rsa = NULL;
234 225
235 in=BIO_new(BIO_s_file_internal()); 226 in = BIO_new(BIO_s_file_internal());
236 if (in == NULL) 227 if (in == NULL) {
237 { 228 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
238 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
239 goto end; 229 goto end;
240 } 230 }
241 231
242 if (BIO_read_filename(in,file) <= 0) 232 if (BIO_read_filename(in, file) <= 0) {
243 { 233 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
244 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
245 goto end; 234 goto end;
246 } 235 }
247 if (type == SSL_FILETYPE_ASN1) 236 if (type == SSL_FILETYPE_ASN1) {
248 { 237 j = ERR_R_ASN1_LIB;
249 j=ERR_R_ASN1_LIB; 238 rsa = d2i_RSAPrivateKey_bio(in, NULL);
250 rsa=d2i_RSAPrivateKey_bio(in,NULL); 239 } else if (type == SSL_FILETYPE_PEM) {
251 } 240 j = ERR_R_PEM_LIB;
252 else if (type == SSL_FILETYPE_PEM) 241 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
253 { 242 ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
254 j=ERR_R_PEM_LIB; 243 } else {
255 rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 244 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
256 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
257 }
258 else
259 {
260 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
261 goto end; 245 goto end;
262 } 246 }
263 if (rsa == NULL) 247 if (rsa == NULL) {
264 { 248 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
265 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
266 goto end; 249 goto end;
267 } 250 }
268 ret=SSL_use_RSAPrivateKey(ssl,rsa); 251 ret = SSL_use_RSAPrivateKey(ssl, rsa);
269 RSA_free(rsa); 252 RSA_free(rsa);
270end: 253end:
271 if (in != NULL) BIO_free(in); 254 if (in != NULL)
272 return(ret); 255 BIO_free(in);
273 } 256 return (ret);
257}
274#endif 258#endif
275 259
276int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) 260int
277 { 261SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
262{
278 int ret; 263 int ret;
279 const unsigned char *p; 264 const unsigned char *p;
280 RSA *rsa; 265 RSA *rsa;
281 266
282 p=d; 267 p = d;
283 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) 268 if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
284 { 269 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
285 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 270 return (0);
286 return(0); 271 }
287 }
288 272
289 ret=SSL_use_RSAPrivateKey(ssl,rsa); 273 ret = SSL_use_RSAPrivateKey(ssl, rsa);
290 RSA_free(rsa); 274 RSA_free(rsa);
291 return(ret); 275 return (ret);
292 } 276}
293#endif /* !OPENSSL_NO_RSA */ 277#endif /* !OPENSSL_NO_RSA */
294 278
295int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) 279int
296 { 280SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
281{
297 int ret; 282 int ret;
298 283
299 if (pkey == NULL) 284 if (pkey == NULL) {
300 { 285 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
301 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 286 return (0);
302 return(0); 287 }
303 } 288 if (!ssl_cert_inst(&ssl->cert)) {
304 if (!ssl_cert_inst(&ssl->cert)) 289 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
305 { 290 return (0);
306 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
307 return(0);
308 }
309 ret=ssl_set_pkey(ssl->cert,pkey);
310 return(ret);
311 } 291 }
292 ret = ssl_set_pkey(ssl->cert, pkey);
293 return (ret);
294}
312 295
313#ifndef OPENSSL_NO_STDIO 296#ifndef OPENSSL_NO_STDIO
314int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) 297int
315 { 298SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
316 int j,ret=0; 299{
300 int j, ret = 0;
317 BIO *in; 301 BIO *in;
318 EVP_PKEY *pkey=NULL; 302 EVP_PKEY *pkey = NULL;
319 303
320 in=BIO_new(BIO_s_file_internal()); 304 in = BIO_new(BIO_s_file_internal());
321 if (in == NULL) 305 if (in == NULL) {
322 { 306 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
323 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
324 goto end; 307 goto end;
325 } 308 }
326 309
327 if (BIO_read_filename(in,file) <= 0) 310 if (BIO_read_filename(in, file) <= 0) {
328 { 311 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
329 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
330 goto end; 312 goto end;
331 } 313 }
332 if (type == SSL_FILETYPE_PEM) 314 if (type == SSL_FILETYPE_PEM) {
333 { 315 j = ERR_R_PEM_LIB;
334 j=ERR_R_PEM_LIB; 316 pkey = PEM_read_bio_PrivateKey(in, NULL,
335 pkey=PEM_read_bio_PrivateKey(in,NULL, 317 ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata);
336 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); 318 } else if (type == SSL_FILETYPE_ASN1) {
337 }
338 else if (type == SSL_FILETYPE_ASN1)
339 {
340 j = ERR_R_ASN1_LIB; 319 j = ERR_R_ASN1_LIB;
341 pkey = d2i_PrivateKey_bio(in,NULL); 320 pkey = d2i_PrivateKey_bio(in, NULL);
342 } 321 } else {
343 else 322 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
344 {
345 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
346 goto end; 323 goto end;
347 } 324 }
348 if (pkey == NULL) 325 if (pkey == NULL) {
349 { 326 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
350 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
351 goto end; 327 goto end;
352 } 328 }
353 ret=SSL_use_PrivateKey(ssl,pkey); 329 ret = SSL_use_PrivateKey(ssl, pkey);
354 EVP_PKEY_free(pkey); 330 EVP_PKEY_free(pkey);
355end: 331end:
356 if (in != NULL) BIO_free(in); 332 if (in != NULL)
357 return(ret); 333 BIO_free(in);
358 } 334 return (ret);
335}
359#endif 336#endif
360 337
361int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) 338int
362 { 339SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
340{
363 int ret; 341 int ret;
364 const unsigned char *p; 342 const unsigned char *p;
365 EVP_PKEY *pkey; 343 EVP_PKEY *pkey;
366 344
367 p=d; 345 p = d;
368 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) 346 if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
369 { 347 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
370 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 348 return (0);
371 return(0); 349 }
372 }
373 350
374 ret=SSL_use_PrivateKey(ssl,pkey); 351 ret = SSL_use_PrivateKey(ssl, pkey);
375 EVP_PKEY_free(pkey); 352 EVP_PKEY_free(pkey);
376 return(ret); 353 return (ret);
354}
355
356int
357SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
358{
359 if (x == NULL) {
360 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
361 return (0);
377 } 362 }
378 363 if (!ssl_cert_inst(&ctx->cert)) {
379int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) 364 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
380 { 365 return (0);
381 if (x == NULL)
382 {
383 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
384 return(0);
385 }
386 if (!ssl_cert_inst(&ctx->cert))
387 {
388 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
389 return(0);
390 }
391 return(ssl_set_cert(ctx->cert, x));
392 } 366 }
367 return (ssl_set_cert(ctx->cert, x));
368}
393 369
394static int ssl_set_cert(CERT *c, X509 *x) 370static int
395 { 371ssl_set_cert(CERT *c, X509 *x)
372{
396 EVP_PKEY *pkey; 373 EVP_PKEY *pkey;
397 int i; 374 int i;
398 375
399 pkey=X509_get_pubkey(x); 376 pkey = X509_get_pubkey(x);
400 if (pkey == NULL) 377 if (pkey == NULL) {
401 { 378 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
402 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); 379 return (0);
403 return(0); 380 }
404 }
405 381
406 i=ssl_cert_type(x,pkey); 382 i = ssl_cert_type(x, pkey);
407 if (i < 0) 383 if (i < 0) {
408 { 384 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
409 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
410 EVP_PKEY_free(pkey); 385 EVP_PKEY_free(pkey);
411 return(0); 386 return (0);
412 } 387 }
413 388
414 if (c->pkeys[i].privatekey != NULL) 389 if (c->pkeys[i].privatekey != NULL) {
415 { 390 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
416 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
417 ERR_clear_error(); 391 ERR_clear_error();
418 392
419#ifndef OPENSSL_NO_RSA 393#ifndef OPENSSL_NO_RSA
@@ -421,280 +395,259 @@ static int ssl_set_cert(CERT *c, X509 *x)
421 * for smart cards. */ 395 * for smart cards. */
422 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && 396 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
423 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & 397 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
424 RSA_METHOD_FLAG_NO_CHECK)) 398 RSA_METHOD_FLAG_NO_CHECK))
425 ; 399;
426 else 400 else
427#endif /* OPENSSL_NO_RSA */ 401#endif /* OPENSSL_NO_RSA */
428 if (!X509_check_private_key(x,c->pkeys[i].privatekey)) 402 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
429 {
430 /* don't fail for a cert/key mismatch, just free 403 /* don't fail for a cert/key mismatch, just free
431 * current private key (when switching to a different 404 * current private key (when switching to a different
432 * cert & key, first this function should be used, 405 * cert & key, first this function should be used,
433 * then ssl_set_pkey */ 406 * then ssl_set_pkey */
434 EVP_PKEY_free(c->pkeys[i].privatekey); 407 EVP_PKEY_free(c->pkeys[i].privatekey);
435 c->pkeys[i].privatekey=NULL; 408 c->pkeys[i].privatekey = NULL;
436 /* clear error queue */ 409 /* clear error queue */
437 ERR_clear_error(); 410 ERR_clear_error();
438 }
439 } 411 }
412 }
440 413
441 EVP_PKEY_free(pkey); 414 EVP_PKEY_free(pkey);
442 415
443 if (c->pkeys[i].x509 != NULL) 416 if (c->pkeys[i].x509 != NULL)
444 X509_free(c->pkeys[i].x509); 417 X509_free(c->pkeys[i].x509);
445 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 418 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
446 c->pkeys[i].x509=x; 419 c->pkeys[i].x509 = x;
447 c->key= &(c->pkeys[i]); 420 c->key = &(c->pkeys[i]);
448 421
449 c->valid=0; 422 c->valid = 0;
450 return(1); 423 return (1);
451 } 424}
452 425
453#ifndef OPENSSL_NO_STDIO 426#ifndef OPENSSL_NO_STDIO
454int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) 427int
455 { 428SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
429{
456 int j; 430 int j;
457 BIO *in; 431 BIO *in;
458 int ret=0; 432 int ret = 0;
459 X509 *x=NULL; 433 X509 *x = NULL;
460 434
461 in=BIO_new(BIO_s_file_internal()); 435 in = BIO_new(BIO_s_file_internal());
462 if (in == NULL) 436 if (in == NULL) {
463 { 437 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
464 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
465 goto end; 438 goto end;
466 } 439 }
467 440
468 if (BIO_read_filename(in,file) <= 0) 441 if (BIO_read_filename(in, file) <= 0) {
469 { 442 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
470 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
471 goto end; 443 goto end;
472 } 444 }
473 if (type == SSL_FILETYPE_ASN1) 445 if (type == SSL_FILETYPE_ASN1) {
474 { 446 j = ERR_R_ASN1_LIB;
475 j=ERR_R_ASN1_LIB; 447 x = d2i_X509_bio(in, NULL);
476 x=d2i_X509_bio(in,NULL); 448 } else if (type == SSL_FILETYPE_PEM) {
477 } 449 j = ERR_R_PEM_LIB;
478 else if (type == SSL_FILETYPE_PEM) 450 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
479 { 451 } else {
480 j=ERR_R_PEM_LIB; 452 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
481 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
482 }
483 else
484 {
485 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
486 goto end; 453 goto end;
487 } 454 }
488 455
489 if (x == NULL) 456 if (x == NULL) {
490 { 457 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
491 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
492 goto end; 458 goto end;
493 } 459 }
494 460
495 ret=SSL_CTX_use_certificate(ctx,x); 461 ret = SSL_CTX_use_certificate(ctx, x);
496end: 462end:
497 if (x != NULL) X509_free(x); 463 if (x != NULL)
498 if (in != NULL) BIO_free(in); 464 X509_free(x);
499 return(ret); 465 if (in != NULL)
500 } 466 BIO_free(in);
467 return (ret);
468}
501#endif 469#endif
502 470
503int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) 471int
504 { 472SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
473{
505 X509 *x; 474 X509 *x;
506 int ret; 475 int ret;
507 476
508 x=d2i_X509(NULL,&d,(long)len); 477 x = d2i_X509(NULL, &d,(long)len);
509 if (x == NULL) 478 if (x == NULL) {
510 { 479 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
511 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); 480 return (0);
512 return(0); 481 }
513 }
514 482
515 ret=SSL_CTX_use_certificate(ctx,x); 483 ret = SSL_CTX_use_certificate(ctx, x);
516 X509_free(x); 484 X509_free(x);
517 return(ret); 485 return (ret);
518 } 486}
519 487
520#ifndef OPENSSL_NO_RSA 488#ifndef OPENSSL_NO_RSA
521int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) 489int
522 { 490SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
491{
523 int ret; 492 int ret;
524 EVP_PKEY *pkey; 493 EVP_PKEY *pkey;
525 494
526 if (rsa == NULL) 495 if (rsa == NULL) {
527 { 496 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
528 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 497 return (0);
529 return(0); 498 }
530 } 499 if (!ssl_cert_inst(&ctx->cert)) {
531 if (!ssl_cert_inst(&ctx->cert)) 500 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
532 { 501 return (0);
533 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); 502 }
534 return(0); 503 if ((pkey = EVP_PKEY_new()) == NULL) {
535 } 504 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
536 if ((pkey=EVP_PKEY_new()) == NULL) 505 return (0);
537 { 506 }
538 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
539 return(0);
540 }
541 507
542 RSA_up_ref(rsa); 508 RSA_up_ref(rsa);
543 EVP_PKEY_assign_RSA(pkey,rsa); 509 EVP_PKEY_assign_RSA(pkey, rsa);
544 510
545 ret=ssl_set_pkey(ctx->cert, pkey); 511 ret = ssl_set_pkey(ctx->cert, pkey);
546 EVP_PKEY_free(pkey); 512 EVP_PKEY_free(pkey);
547 return(ret); 513 return (ret);
548 } 514}
549 515
550#ifndef OPENSSL_NO_STDIO 516#ifndef OPENSSL_NO_STDIO
551int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) 517int
552 { 518SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
553 int j,ret=0; 519{
520 int j, ret = 0;
554 BIO *in; 521 BIO *in;
555 RSA *rsa=NULL; 522 RSA *rsa = NULL;
556 523
557 in=BIO_new(BIO_s_file_internal()); 524 in = BIO_new(BIO_s_file_internal());
558 if (in == NULL) 525 if (in == NULL) {
559 { 526 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
560 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
561 goto end; 527 goto end;
562 } 528 }
563 529
564 if (BIO_read_filename(in,file) <= 0) 530 if (BIO_read_filename(in, file) <= 0) {
565 { 531 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
566 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
567 goto end; 532 goto end;
568 } 533 }
569 if (type == SSL_FILETYPE_ASN1) 534 if (type == SSL_FILETYPE_ASN1) {
570 { 535 j = ERR_R_ASN1_LIB;
571 j=ERR_R_ASN1_LIB; 536 rsa = d2i_RSAPrivateKey_bio(in, NULL);
572 rsa=d2i_RSAPrivateKey_bio(in,NULL); 537 } else if (type == SSL_FILETYPE_PEM) {
573 } 538 j = ERR_R_PEM_LIB;
574 else if (type == SSL_FILETYPE_PEM) 539 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
575 { 540 ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
576 j=ERR_R_PEM_LIB; 541 } else {
577 rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 542 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
578 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
579 }
580 else
581 {
582 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
583 goto end; 543 goto end;
584 } 544 }
585 if (rsa == NULL) 545 if (rsa == NULL) {
586 { 546 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
587 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
588 goto end; 547 goto end;
589 } 548 }
590 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); 549 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
591 RSA_free(rsa); 550 RSA_free(rsa);
592end: 551end:
593 if (in != NULL) BIO_free(in); 552 if (in != NULL)
594 return(ret); 553 BIO_free(in);
595 } 554 return (ret);
555}
596#endif 556#endif
597 557
598int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) 558int
599 { 559SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
560{
600 int ret; 561 int ret;
601 const unsigned char *p; 562 const unsigned char *p;
602 RSA *rsa; 563 RSA *rsa;
603 564
604 p=d; 565 p = d;
605 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) 566 if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
606 { 567 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
607 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 568 return (0);
608 return(0); 569 }
609 }
610 570
611 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); 571 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
612 RSA_free(rsa); 572 RSA_free(rsa);
613 return(ret); 573 return (ret);
614 } 574}
615#endif /* !OPENSSL_NO_RSA */ 575#endif /* !OPENSSL_NO_RSA */
616 576
617int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 577int
618 { 578SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
619 if (pkey == NULL) 579{
620 { 580 if (pkey == NULL) {
621 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 581 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
622 return(0); 582 return (0);
623 }
624 if (!ssl_cert_inst(&ctx->cert))
625 {
626 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
627 return(0);
628 }
629 return(ssl_set_pkey(ctx->cert,pkey));
630 } 583 }
584 if (!ssl_cert_inst(&ctx->cert)) {
585 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
586 return (0);
587 }
588 return (ssl_set_pkey(ctx->cert, pkey));
589}
631 590
632#ifndef OPENSSL_NO_STDIO 591#ifndef OPENSSL_NO_STDIO
633int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) 592int
634 { 593SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
635 int j,ret=0; 594{
595 int j, ret = 0;
636 BIO *in; 596 BIO *in;
637 EVP_PKEY *pkey=NULL; 597 EVP_PKEY *pkey = NULL;
638 598
639 in=BIO_new(BIO_s_file_internal()); 599 in = BIO_new(BIO_s_file_internal());
640 if (in == NULL) 600 if (in == NULL) {
641 { 601 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
642 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
643 goto end; 602 goto end;
644 } 603 }
645 604
646 if (BIO_read_filename(in,file) <= 0) 605 if (BIO_read_filename(in, file) <= 0) {
647 { 606 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
648 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
649 goto end; 607 goto end;
650 } 608 }
651 if (type == SSL_FILETYPE_PEM) 609 if (type == SSL_FILETYPE_PEM) {
652 { 610 j = ERR_R_PEM_LIB;
653 j=ERR_R_PEM_LIB; 611 pkey = PEM_read_bio_PrivateKey(in, NULL,
654 pkey=PEM_read_bio_PrivateKey(in,NULL, 612 ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
655 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 613 } else if (type == SSL_FILETYPE_ASN1) {
656 }
657 else if (type == SSL_FILETYPE_ASN1)
658 {
659 j = ERR_R_ASN1_LIB; 614 j = ERR_R_ASN1_LIB;
660 pkey = d2i_PrivateKey_bio(in,NULL); 615 pkey = d2i_PrivateKey_bio(in, NULL);
661 } 616 } else {
662 else 617 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
663 {
664 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
665 goto end; 618 goto end;
666 } 619 }
667 if (pkey == NULL) 620 if (pkey == NULL) {
668 { 621 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
669 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
670 goto end; 622 goto end;
671 } 623 }
672 ret=SSL_CTX_use_PrivateKey(ctx,pkey); 624 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
673 EVP_PKEY_free(pkey); 625 EVP_PKEY_free(pkey);
674end: 626end:
675 if (in != NULL) BIO_free(in); 627 if (in != NULL)
676 return(ret); 628 BIO_free(in);
677 } 629 return (ret);
630}
678#endif 631#endif
679 632
680int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, 633int
681 long len) 634SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
682 { 635 long len)
636{
683 int ret; 637 int ret;
684 const unsigned char *p; 638 const unsigned char *p;
685 EVP_PKEY *pkey; 639 EVP_PKEY *pkey;
686 640
687 p=d; 641 p = d;
688 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) 642 if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
689 { 643 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
690 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); 644 return (0);
691 return(0); 645 }
692 }
693 646
694 ret=SSL_CTX_use_PrivateKey(ctx,pkey); 647 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
695 EVP_PKEY_free(pkey); 648 EVP_PKEY_free(pkey);
696 return(ret); 649 return (ret);
697 } 650}
698 651
699 652
700#ifndef OPENSSL_NO_STDIO 653#ifndef OPENSSL_NO_STDIO
@@ -702,82 +655,79 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
702 * possibly followed by a sequence of CA certificates that should be 655 * possibly followed by a sequence of CA certificates that should be
703 * sent to the peer in the Certificate message. 656 * sent to the peer in the Certificate message.
704 */ 657 */
705int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) 658int
706 { 659SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
660{
707 BIO *in; 661 BIO *in;
708 int ret=0; 662 int ret = 0;
709 X509 *x=NULL; 663 X509 *x = NULL;
710 664
711 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ 665 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
712 666
713 in = BIO_new(BIO_s_file_internal()); 667 in = BIO_new(BIO_s_file_internal());
714 if (in == NULL) 668 if (in == NULL) {
715 { 669 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
716 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
717 goto end; 670 goto end;
718 } 671 }
719 672
720 if (BIO_read_filename(in,file) <= 0) 673 if (BIO_read_filename(in, file) <= 0) {
721 { 674 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
722 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
723 goto end; 675 goto end;
724 } 676 }
725 677
726 x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback, 678 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
727 ctx->default_passwd_callback_userdata); 679 ctx->default_passwd_callback_userdata);
728 if (x == NULL) 680 if (x == NULL) {
729 { 681 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
730 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
731 goto end; 682 goto end;
732 } 683 }
733 684
734 ret = SSL_CTX_use_certificate(ctx, x); 685 ret = SSL_CTX_use_certificate(ctx, x);
735 686
736 if (ERR_peek_error() != 0) 687 if (ERR_peek_error() != 0)
737 ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ 688 ret = 0;
738 if (ret) 689 /* Key/certificate mismatch doesn't imply ret==0 ... */
739 { 690 if (ret) {
740 /* If we could set up our certificate, now proceed to 691 /* If we could set up our certificate, now proceed to
741 * the CA certificates. 692 * the CA certificates.
742 */ 693 */
743 X509 *ca; 694 X509 *ca;
744 int r; 695 int r;
745 unsigned long err; 696 unsigned long err;
746 697
747 if (ctx->extra_certs != NULL) 698 if (ctx->extra_certs != NULL) {
748 {
749 sk_X509_pop_free(ctx->extra_certs, X509_free); 699 sk_X509_pop_free(ctx->extra_certs, X509_free);
750 ctx->extra_certs = NULL; 700 ctx->extra_certs = NULL;
751 } 701 }
752 702
753 while ((ca = PEM_read_bio_X509(in, NULL, 703 while ((ca = PEM_read_bio_X509(in, NULL,
754 ctx->default_passwd_callback, 704 ctx->default_passwd_callback,
755 ctx->default_passwd_callback_userdata)) 705 ctx->default_passwd_callback_userdata))
756 != NULL) 706 != NULL) {
757 {
758 r = SSL_CTX_add_extra_chain_cert(ctx, ca); 707 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
759 if (!r) 708 if (!r) {
760 {
761 X509_free(ca); 709 X509_free(ca);
762 ret = 0; 710 ret = 0;
763 goto end; 711 goto end;
764 } 712 }
765 /* Note that we must not free r if it was successfully 713 /* Note that we must not free r if it was successfully
766 * added to the chain (while we must free the main 714 * added to the chain (while we must free the main
767 * certificate, since its reference count is increased 715 * certificate, since its reference count is increased
768 * by SSL_CTX_use_certificate). */ 716 * by SSL_CTX_use_certificate). */
769 } 717 }
770 /* When the while loop ends, it's usually just EOF. */ 718 /* When the while loop ends, it's usually just EOF. */
771 err = ERR_peek_last_error(); 719 err = ERR_peek_last_error();
772 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) 720 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
773 ERR_clear_error(); 721 ERR_clear_error();
774 else 722 else
775 ret = 0; /* some real error */ 723 ret = 0; /* some real error */
776 } 724 }
777 725
778end: 726end:
779 if (x != NULL) X509_free(x); 727 if (x != NULL)
780 if (in != NULL) BIO_free(in); 728 X509_free(x);
781 return(ret); 729 if (in != NULL)
782 } 730 BIO_free(in);
731 return (ret);
732}
783#endif 733#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 15:09:34 +0000