X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fssl_rsa.c;h=330390519bb6a9dd2390eacba8c6745b9316ce10;hb=dc90f64d563f2c9709749d0731d6b26c6bce5325;hp=ba0c7f5117de6f7812d67d4af1fb0f512c3d85c4;hpb=303c002898915c5636dfa9d295b9de38db65207a;p=oweals%2Fopenssl.git diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index ba0c7f5117..330390519b 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -57,12 +57,12 @@ */ #include +#include "ssl_locl.h" #include #include #include #include #include -#include "ssl_locl.h" static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); @@ -73,7 +73,7 @@ int SSL_use_certificate(SSL *ssl, X509 *x) SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) + if (!ssl_cert_inst(&ssl->cert)) { SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); return(0); @@ -81,7 +81,7 @@ int SSL_use_certificate(SSL *ssl, X509 *x) return(ssl_set_cert(ssl->cert,x)); } -#ifndef NO_STDIO +#ifndef OPENSSL_NO_STDIO int SSL_use_certificate_file(SSL *ssl, const char *file, int type) { int j; @@ -109,7 +109,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) else if (type == SSL_FILETYPE_PEM) { j=ERR_R_PEM_LIB; - x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback); + x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); } else { @@ -148,7 +148,7 @@ int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len) return(ret); } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) { EVP_PKEY *pkey; @@ -159,7 +159,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) + if (!ssl_cert_inst(&ssl->cert)) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); return(0); @@ -170,7 +170,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) return(0); } - CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); + RSA_up_ref(rsa); EVP_PKEY_assign_RSA(pkey,rsa); ret=ssl_set_pkey(ssl->cert,pkey); @@ -198,7 +198,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) EVP_PKEY_free(pktmp); ERR_clear_error(); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA /* Don't check the public/private key, this is mostly * for smart cards. */ if ((pkey->type == EVP_PKEY_RSA) && @@ -207,7 +207,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) ok=1; else #endif - if (!X509_check_private_key(c->pkeys[i].x509,pkey)) + if (!X509_check_private_key(c->pkeys[i].x509,pkey)) { if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) { @@ -241,6 +241,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) return(0); } + ERR_clear_error(); /* make sure no error from X509_check_private_key() + * is left if we have chosen to ignore it */ if (c->pkeys[i].privatekey != NULL) EVP_PKEY_free(c->pkeys[i].privatekey); CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); @@ -251,8 +253,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) return(1); } -#ifndef NO_RSA -#ifndef NO_STDIO +#ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_STDIO int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) { int j,ret=0; @@ -280,7 +282,7 @@ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) { j=ERR_R_PEM_LIB; rsa=PEM_read_bio_RSAPrivateKey(in,NULL, - ssl->ctx->default_passwd_callback); + ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); } else { @@ -303,7 +305,7 @@ end: int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) { int ret; - unsigned char *p; + const unsigned char *p; RSA *rsa; p=d; @@ -317,7 +319,7 @@ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) RSA_free(rsa); return(ret); } -#endif /* !NO_RSA */ +#endif /* !OPENSSL_NO_RSA */ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { @@ -328,7 +330,7 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if (!ssl_cert_instantiate(&ssl->cert, ssl->ctx->default_cert)) + if (!ssl_cert_inst(&ssl->cert)) { SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); return(0); @@ -337,7 +339,7 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) return(ret); } -#ifndef NO_STDIO +#ifndef OPENSSL_NO_STDIO int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) { int j,ret=0; @@ -360,7 +362,7 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) { j=ERR_R_PEM_LIB; pkey=PEM_read_bio_PrivateKey(in,NULL, - ssl->ctx->default_passwd_callback); + ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); } else { @@ -405,12 +407,12 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if (!ssl_cert_instantiate(&ctx->default_cert, NULL)) + if (!ssl_cert_inst(&ctx->cert)) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); return(0); } - return(ssl_set_cert(ctx->default_cert,x)); + return(ssl_set_cert(ctx->cert, x)); } static int ssl_set_cert(CERT *c, X509 *x) @@ -438,7 +440,7 @@ static int ssl_set_cert(CERT *c, X509 *x) EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); ERR_clear_error(); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA /* Don't check the public/private key, this is mostly * for smart cards. */ if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && @@ -471,7 +473,7 @@ static int ssl_set_cert(CERT *c, X509 *x) } else ok=1; - } /* NO_RSA */ + } /* OPENSSL_NO_RSA */ } else ok=1; @@ -493,7 +495,7 @@ static int ssl_set_cert(CERT *c, X509 *x) return(1); } -#ifndef NO_STDIO +#ifndef OPENSSL_NO_STDIO int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) { int j; @@ -521,7 +523,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) else if (type == SSL_FILETYPE_PEM) { j=ERR_R_PEM_LIB; - x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback); + x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); } else { @@ -560,7 +562,7 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d) return(ret); } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) { int ret; @@ -571,7 +573,7 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if (!ssl_cert_instantiate(&ctx->default_cert, NULL)) + if (!ssl_cert_inst(&ctx->cert)) { SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); return(0); @@ -582,15 +584,15 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) return(0); } - CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); + RSA_up_ref(rsa); EVP_PKEY_assign_RSA(pkey,rsa); - ret=ssl_set_pkey(ctx->default_cert,pkey); + ret=ssl_set_pkey(ctx->cert, pkey); EVP_PKEY_free(pkey); return(ret); } -#ifndef NO_STDIO +#ifndef OPENSSL_NO_STDIO int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) { int j,ret=0; @@ -618,7 +620,7 @@ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) { j=ERR_R_PEM_LIB; rsa=PEM_read_bio_RSAPrivateKey(in,NULL, - ctx->default_passwd_callback); + ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); } else { @@ -641,7 +643,7 @@ end: int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len) { int ret; - unsigned char *p; + const unsigned char *p; RSA *rsa; p=d; @@ -655,7 +657,7 @@ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len) RSA_free(rsa); return(ret); } -#endif /* !NO_RSA */ +#endif /* !OPENSSL_NO_RSA */ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { @@ -664,15 +666,15 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if (!ssl_cert_instantiate(&ctx->default_cert, NULL)) + if (!ssl_cert_inst(&ctx->cert)) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); return(0); } - return(ssl_set_pkey(ctx->default_cert,pkey)); + return(ssl_set_pkey(ctx->cert,pkey)); } -#ifndef NO_STDIO +#ifndef OPENSSL_NO_STDIO int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { int j,ret=0; @@ -695,7 +697,7 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { j=ERR_R_PEM_LIB; pkey=PEM_read_bio_PrivateKey(in,NULL, - ctx->default_passwd_callback); + ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); } else { @@ -735,7 +737,7 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, } -#ifndef NO_STDIO +#ifndef OPENSSL_NO_STDIO /* Read a file that contains our certificate in "PEM" format, * possibly followed by a sequence of CA certificates that should be * sent to the peer in the Certificate message. @@ -759,7 +761,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) goto end; } - x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback); + x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); if (x == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); @@ -784,7 +786,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) ctx->extra_certs = NULL; } - while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback)) + while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata)) != NULL) { r = SSL_CTX_add_extra_chain_cert(ctx, ca); @@ -794,15 +796,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) ret = 0; goto end; } - /* Note that we must not free r if it was succesully + /* Note that we must not free r if it was successfully * added to the chain (while we must free the main * certificate, since its reference count is increased * by SSL_CTX_use_certificate). */ } /* When the while loop ends, it's usually just EOF. */ - err = ERR_peek_error(); + err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) - (void) ERR_get_error(); + (void)ERR_get_error(); else ret = 0; /* some real error */ }