X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Fssl_rsa.c;h=96353c18bc17615c8eeeb3290dd5f06e9c20fc9f;hb=7bb75a5d08fad1cebd8cfc153c92d1f0c9ff03a0;hp=f23137cd8abd3de234ef7237d13d8b275ba4f03b;hpb=fae11ec714ac8e71d95e824d7102ab5b2ec2e256;p=openssl.git diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index f23137cd8a..96353c18bc 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -90,7 +90,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) int ret = 0; X509 *x = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); goto end; @@ -157,7 +157,10 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) } RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey, rsa); + if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { + RSA_free(rsa); + return 0; + } ret = ssl_set_pkey(ssl->cert, pkey); EVP_PKEY_free(pkey); @@ -192,6 +195,15 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) if (c->pkeys[i].x509 != NULL) { EVP_PKEY *pktmp; pktmp = X509_get_pubkey(c->pkeys[i].x509); + if (pktmp == NULL) { + SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE); + EVP_PKEY_free(pktmp); + return 0; + } + /* + * The return code from EVP_PKEY_copy_parameters is deliberately + * ignored. Some EVP_PKEY types cannot do this. + */ EVP_PKEY_copy_parameters(pktmp, pkey); EVP_PKEY_free(pktmp); ERR_clear_error(); @@ -227,7 +239,7 @@ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) BIO *in; RSA *rsa = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; @@ -299,7 +311,7 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) BIO *in; EVP_PKEY *pkey = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; @@ -386,6 +398,10 @@ static int ssl_set_cert(CERT *c, X509 *x) } if (c->pkeys[i].privatekey != NULL) { + /* + * The return code from EVP_PKEY_copy_parameters is deliberately + * ignored. Some EVP_PKEY types cannot do this. + */ EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); ERR_clear_error(); @@ -430,7 +446,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) int ret = 0; X509 *x = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); goto end; @@ -498,7 +514,10 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) } RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey, rsa); + if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { + RSA_free(rsa); + return 0; + } ret = ssl_set_pkey(ctx->cert, pkey); EVP_PKEY_free(pkey); @@ -512,7 +531,7 @@ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) BIO *in; RSA *rsa = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; @@ -581,7 +600,7 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) BIO *in; EVP_PKEY *pkey = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; @@ -644,11 +663,21 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) BIO *in; int ret = 0; X509 *x = NULL; + pem_password_cb *passwd_callback; + void *passwd_callback_userdata; ERR_clear_error(); /* clear error stack for * SSL_CTX_use_certificate() */ - in = BIO_new(BIO_s_file_internal()); + if (ctx != NULL) { + passwd_callback = ctx->default_passwd_callback; + passwd_callback_userdata = ctx->default_passwd_callback_userdata; + } else { + passwd_callback = ssl->default_passwd_callback; + passwd_callback_userdata = ssl->default_passwd_callback_userdata; + } + + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); goto end; @@ -659,8 +688,8 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); + x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback, + passwd_callback_userdata); if (x == NULL) { SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); goto end; @@ -693,10 +722,9 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - while ((ca = PEM_read_bio_X509(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) - != NULL) { + while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback, + passwd_callback_userdata)) + != NULL) { if (ctx) r = SSL_CTX_add0_chain_cert(ctx, ca); else @@ -911,7 +939,6 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, return 1; } -#ifndef OPENSSL_NO_STDIO int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) { unsigned char *serverinfo = NULL; @@ -931,7 +958,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) goto end; } - bin = BIO_new(BIO_s_file_internal()); + bin = BIO_new(BIO_s_file()); if (bin == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB); goto end; @@ -1001,4 +1028,3 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) BIO_free(bin); return ret; } -#endif /* OPENSSL_NO_STDIO */