X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_rsa.c;h=6e3d44c79cb9591abd4dc502757642ed5440ddff;hp=7fcd8460a3e5832c385e264f033b154b4f77225b;hb=33f653adf3bff5b0795e22de1f54b7c5472252d0;hpb=a4339ea3ba045b7da038148f0d48ce25f2996971 diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 7fcd8460a3..6e3d44c79c 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -68,11 +68,19 @@ static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); int SSL_use_certificate(SSL *ssl, X509 *x) { + int rv; if (x == NULL) { SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); return(0); } + rv = ssl_security_cert(ssl, NULL, x, 0, 1); + if (rv != 1) + { + SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv); + return 0; + } + if (!ssl_cert_inst(&ssl->cert)) { SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); @@ -288,7 +296,7 @@ end: } #endif -int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) +int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len) { int ret; const unsigned char *p; @@ -393,11 +401,18 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { + int rv; if (x == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); return(0); } + rv = ssl_security_cert(NULL, ctx, x, 0, 1); + if (rv != 1) + { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv); + return 0; + } if (!ssl_cert_inst(&ctx->cert)) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); @@ -796,9 +811,9 @@ end: #ifndef OPENSSL_NO_TLSEXT static int serverinfo_find_extension(const unsigned char *serverinfo, size_t serverinfo_length, - unsigned short extension_type, + unsigned int extension_type, const unsigned char **extension_data, - unsigned short *extension_length) + size_t *extension_length) { *extension_data = NULL; *extension_length = 0; @@ -806,8 +821,8 @@ static int serverinfo_find_extension(const unsigned char *serverinfo, return 0; for (;;) { - unsigned short type = 0; /* uint16 */ - unsigned short len = 0; /* uint16 */ + unsigned int type = 0; + size_t len = 0; /* end of serverinfo */ if (serverinfo_length == 0) @@ -843,22 +858,24 @@ static int serverinfo_find_extension(const unsigned char *serverinfo, return 0; /* Error */ } -static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, +static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - unsigned short inlen, int *al, + size_t inlen, int *al, void *arg) { + if (inlen != 0) { *al = SSL_AD_DECODE_ERROR; return 0; } + return 1; } -static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - void *arg) +static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, + int *al, void *arg) { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; @@ -869,7 +886,7 @@ static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type, { /* Find the relevant extension from the serverinfo */ int retval = serverinfo_find_extension(serverinfo, serverinfo_length, - ext_type, out, outlen); + ext_type, out, outlen); if (retval == 0) return 0; /* Error */ if (retval == -1) @@ -889,8 +906,8 @@ static int serverinfo_process_buffer(const unsigned char *serverinfo, return 0; for (;;) { - unsigned short ext_type = 0; /* uint16 */ - unsigned short len = 0; /* uint16 */ + unsigned int ext_type = 0; + size_t len = 0; /* end of serverinfo */ if (serverinfo_length == 0) @@ -904,8 +921,10 @@ static int serverinfo_process_buffer(const unsigned char *serverinfo, /* Register callbacks for extensions */ ext_type = (serverinfo[0] << 8) + serverinfo[1]; if (ctx && !SSL_CTX_set_custom_srv_ext(ctx, ext_type, - serverinfo_srv_first_cb, - serverinfo_srv_second_cb, NULL)) + serverinfo_srv_add_cb, + NULL, NULL, + serverinfo_srv_parse_cb, + NULL)) return 0; serverinfo += 2;