From d609c8ec719b355164a9fd97465715761d05c0a4 Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 29 Jun 2022 21:13:34 +0000 Subject: Make ssl_set_{cert,pkey} take an ssl/ctx ok beck jsing --- src/lib/libssl/ssl_rsa.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index f2d3b8dd00..11edb6f76e 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.40 2022/06/29 21:12:19 tb Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.41 2022/06/29 21:13:34 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,8 +68,8 @@ static int ssl_get_password_cb_and_arg(SSL_CTX *ctx, SSL *ssl, pem_password_cb **passwd_cb, void **passwd_arg); -static int ssl_set_cert(SSL_CERT *c, X509 *x509); -static int ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey); +static int ssl_set_cert(SSL_CTX *ctx, SSL *ssl, X509 *x509); +static int ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey); static int use_certificate_chain_bio(SSL_CTX *ctx, SSL *ssl, BIO *in); static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file); @@ -80,7 +80,7 @@ SSL_use_certificate(SSL *ssl, X509 *x) SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); return (0); } - return (ssl_set_cert(ssl->cert, x)); + return ssl_set_cert(NULL, ssl, x); } int @@ -161,14 +161,15 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) RSA_up_ref(rsa); EVP_PKEY_assign_RSA(pkey, rsa); - ret = ssl_set_pkey(ssl->cert, pkey); + ret = ssl_set_pkey(NULL, ssl, pkey); EVP_PKEY_free(pkey); return (ret); } static int -ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey) +ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey) { + SSL_CERT *c; int i; i = ssl_cert_type(pkey); @@ -177,6 +178,9 @@ ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey) return (0); } + if ((c = ssl_get0_cert(ctx, ssl)) == NULL) + return (0); + if (c->pkeys[i].x509 != NULL) { EVP_PKEY *pktmp; pktmp = X509_get_pubkey(c->pkeys[i].x509); @@ -272,7 +276,7 @@ SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); return (0); } - ret = ssl_set_pkey(ssl->cert, pkey); + ret = ssl_set_pkey(NULL, ssl, pkey); return (ret); } @@ -339,7 +343,7 @@ SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); return (0); } - return (ssl_set_cert(ctx->internal->cert, x)); + return ssl_set_cert(ctx, NULL, x); } static int @@ -356,11 +360,15 @@ ssl_get_password_cb_and_arg(SSL_CTX *ctx, SSL *ssl, } static int -ssl_set_cert(SSL_CERT *c, X509 *x) +ssl_set_cert(SSL_CTX *ctx, SSL *ssl, X509 *x) { + SSL_CERT *c; EVP_PKEY *pkey; int i; + if ((c = ssl_get0_cert(ctx, ssl)) == NULL) + return (0); + pkey = X509_get_pubkey(x); if (pkey == NULL) { SSLerrorx(SSL_R_X509_LIB); @@ -488,7 +496,7 @@ SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) RSA_up_ref(rsa); EVP_PKEY_assign_RSA(pkey, rsa); - ret = ssl_set_pkey(ctx->internal->cert, pkey); + ret = ssl_set_pkey(ctx, NULL, pkey); EVP_PKEY_free(pkey); return (ret); } @@ -556,7 +564,7 @@ SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); return (0); } - return (ssl_set_pkey(ctx->internal->cert, pkey)); + return ssl_set_pkey(ctx, NULL, pkey); } int @@ -644,7 +652,7 @@ use_certificate_chain_bio(SSL_CTX *ctx, SSL *ssl, BIO *in) if ((cert = ssl_get0_cert(ctx, ssl)) == NULL) goto err; - if (!ssl_set_cert(cert, x)) + if (!ssl_set_cert(ctx, ssl, x)) goto err; if (!ssl_cert_set0_chain(cert, NULL)) -- cgit v1.2.3-55-g6feb