Fix return values when adding serverinfo fails.

[openssl.git] / ssl / ssl_rsa.c

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 31ce9bdbd155c9503249d0f5e780a2027cd7e5c2..f23137cd8abd3de234ef7237d13d8b275ba4f03b 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -216,7 +216,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
     CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
     c->pkeys[i].privatekey = pkey;
     c->key = &(c->pkeys[i]);
-    c->valid = 0;
     return (1);
 }
 
@@ -416,11 +415,10 @@ static int ssl_set_cert(CERT *c, X509 *x)
     EVP_PKEY_free(pkey);
 
     X509_free(c->pkeys[i].x509);
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x);
     c->pkeys[i].x509 = x;
     c->key = &(c->pkeys[i]);
 
-    c->valid = 0;
     return (1);
 }
 
@@ -740,7 +738,6 @@ int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
 }
 #endif
 
-#ifndef OPENSSL_NO_TLSEXT
 static int serverinfo_find_extension(const unsigned char *serverinfo,
                                      size_t serverinfo_length,
                                      unsigned int extension_type,
@@ -750,31 +747,31 @@ static int serverinfo_find_extension(const unsigned char *serverinfo,
     *extension_data = NULL;
     *extension_length = 0;
     if (serverinfo == NULL || serverinfo_length == 0)
-        return 0;
+        return -1;
     for (;;) {
         unsigned int type = 0;
         size_t len = 0;
 
         /* end of serverinfo */
         if (serverinfo_length == 0)
-            return -1;          /* Extension not found */
+            return 0;           /* Extension not found */
 
         /* read 2-byte type field */
         if (serverinfo_length < 2)
-            return 0;           /* Error */
+            return -1;          /* Error */
         type = (serverinfo[0] << 8) + serverinfo[1];
         serverinfo += 2;
         serverinfo_length -= 2;
 
         /* read 2-byte len field */
         if (serverinfo_length < 2)
-            return 0;           /* Error */
+            return -1;          /* Error */
         len = (serverinfo[0] << 8) + serverinfo[1];
         serverinfo += 2;
         serverinfo_length -= 2;
 
         if (len > serverinfo_length)
-            return 0;           /* Error */
+            return -1;          /* Error */
 
         if (type == extension_type) {
             *extension_data = serverinfo;
@@ -814,10 +811,12 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
         /* Find the relevant extension from the serverinfo */
         int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
                                                ext_type, out, outlen);
+        if (retval == -1) {
+            *al = SSL_AD_DECODE_ERROR;
+            return -1;          /* Error */
+        }
         if (retval == 0)
-            return 0;           /* Error */
-        if (retval == -1)
-            return -1;          /* No extension found, don't send extension */
+            return 0;           /* No extension found, don't send extension */
         return 1;               /* Send extension */
     }
     return -1;                  /* No serverinfo data found, don't send
@@ -912,7 +911,7 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
     return 1;
 }
 
-# ifndef OPENSSL_NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
 {
     unsigned char *serverinfo = NULL;
@@ -1002,5 +1001,4 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
     BIO_free(bin);
     return ret;
 }
-# endif                         /* OPENSSL_NO_STDIO */
-#endif                          /* OPENSSL_NO_TLSEXT */
+#endif                         /* OPENSSL_NO_STDIO */