diff options
| -rw-r--r-- | lib/libssl/ssl_cert.c | 68 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 9 |
2 files changed, 74 insertions, 3 deletions
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 313ff3ae5ca..ab76939116e 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.72 2018/11/19 14:42:01 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.73 2019/03/25 16:24:57 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -275,6 +275,12 @@ ssl_cert_dup(CERT *cert) SSLerrorx(SSL_R_LIBRARY_BUG); } } + + if (cert->pkeys[i].chain != NULL) { + if ((ret->pkeys[i].chain = + X509_chain_up_ref(cert->pkeys[i].chain)) == NULL) + goto err; + } } /* @@ -291,12 +297,13 @@ ssl_cert_dup(CERT *cert) return (ret); -err: + err: DH_free(ret->dh_tmp); for (i = 0; i < SSL_PKEY_NUM; i++) { X509_free(ret->pkeys[i].x509); EVP_PKEY_free(ret->pkeys[i].privatekey); + sk_X509_pop_free(ret->pkeys[i].chain, X509_free); } free (ret); return NULL; @@ -320,11 +327,68 @@ ssl_cert_free(CERT *c) for (i = 0; i < SSL_PKEY_NUM; i++) { X509_free(c->pkeys[i].x509); EVP_PKEY_free(c->pkeys[i].privatekey); + sk_X509_pop_free(c->pkeys[i].chain, X509_free); } free(c); } +int +ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain) +{ + if (c->key == NULL) + return 0; + + sk_X509_pop_free(c->key->chain, X509_free); + c->key->chain = chain; + + return 1; +} + +int +ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain) +{ + STACK_OF(X509) *new_chain = NULL; + + if (chain != NULL) { + if ((new_chain = X509_chain_up_ref(chain)) == NULL) + return 0; + } + if (!ssl_cert_set0_chain(c, new_chain)) { + sk_X509_pop_free(new_chain, X509_free); + return 0; + } + + return 1; +} + +int +ssl_cert_add0_chain_cert(CERT *c, X509 *cert) +{ + if (c->key == NULL) + return 0; + + if (c->key->chain == NULL) { + if ((c->key->chain = sk_X509_new_null()) == NULL) + return 0; + } + if (!sk_X509_push(c->key->chain, cert)) + return 0; + + return 1; +} + +int +ssl_cert_add1_chain_cert(CERT *c, X509 *cert) +{ + if (!ssl_cert_add0_chain_cert(c, cert)) + return 0; + + X509_up_ref(cert); + + return 1; +} + SESS_CERT * ssl_sess_cert_new(void) { diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 82674121b4d..509183a7faa 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.238 2019/02/25 19:40:05 tb Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.239 2019/03/25 16:24:57 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -961,6 +961,7 @@ typedef struct dtls1_state_internal_st { typedef struct cert_pkey_st { X509 *x509; EVP_PKEY *privatekey; + STACK_OF(X509) *chain; /* sigalg to use when signing */ const struct ssl_sigalg *sigalg; } CERT_PKEY; @@ -1081,9 +1082,15 @@ void ssl_clear_cipher_state(SSL *s); void ssl_clear_cipher_read_state(SSL *s); void ssl_clear_cipher_write_state(SSL *s); int ssl_clear_bad_session(SSL *s); + CERT *ssl_cert_new(void); CERT *ssl_cert_dup(CERT *cert); void ssl_cert_free(CERT *c); +int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain); +int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain); +int ssl_cert_add0_chain_cert(CERT *c, X509 *cert); +int ssl_cert_add1_chain_cert(CERT *c, X509 *cert); + SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); int ssl_get_new_session(SSL *s, int session); |