134 static void init_pem_load_state(pem_load_state_t *st, SSL_CTX *ctx, SSL *ssl,  in init_pem_load_state()  argument
137     st->origin = origin;  in init_pem_load_state()
138     st->source = origin;  in init_pem_load_state()
139     st->keysrc = 0;  in init_pem_load_state()
140     st->pembio = 0;  in init_pem_load_state()
141     st->ctx = ctx;  in init_pem_load_state()
142     st->ssl = ssl;  in init_pem_load_state()
143     st->pkey = 0;  in init_pem_load_state()
144     st->cert = 0;  in init_pem_load_state()
145     st->chain = 0;  in init_pem_load_state()
146     st->keynum = 0;  in init_pem_load_state()
147     st->objnum = 0;  in init_pem_load_state()
148     st->state = PEM_LOAD_STATE_INIT;  in init_pem_load_state()
149     st->mixed = 0;  in init_pem_load_state()
154 static int use_chain(pem_load_state_t *st)  in use_chain()  argument
164     if (st->ctx)  in use_chain()
165 	ret = SSL_CTX_use_cert_and_key(st->ctx, st->cert, st->pkey, st->chain,  in use_chain()
168 	ret = SSL_use_cert_and_key(st->ssl, st->cert, st->pkey, st->chain,  in use_chain()
175     X509_free(st->cert);  in use_chain()
176     st->cert = 0;  in use_chain()
177     EVP_PKEY_free(st->pkey);  in use_chain()
178     st->pkey = 0;  in use_chain()
179     sk_X509_pop_free(st->chain, X509_free);  in use_chain()
180     st->chain = 0;  in use_chain()
187 static void load_cert(pem_load_state_t *st, unsigned char *buf,  in load_cert()  argument
197     if (!st->mixed && st->state == PEM_LOAD_STATE_INIT) {  in load_cert()
198 	msg_warn("error loading chain from %s: key not first", st->source);  in load_cert()
201 	st->state = PEM_LOAD_STATE_NOGO;  in load_cert()
206 		 st->objnum, st->source);  in load_cert()
207 	st->state = PEM_LOAD_STATE_FAIL;  in load_cert()
212 		 " excess data", st->objnum, st->source);  in load_cert()
214 	st->state = PEM_LOAD_STATE_NOGO;  in load_cert()
225     switch (st->state) {  in load_cert()
227 	st->cert = cert;  in load_cert()
228 	st->state = st->mixed ? PEM_LOAD_STATE_BOTH : PEM_LOAD_STATE_CERT;  in load_cert()
231 	st->cert = cert;  in load_cert()
232 	st->state = PEM_LOAD_STATE_CERT;  in load_cert()
236 	if ((!st->chain && (st->chain = sk_X509_new_null()) == 0)  in load_cert()
237 	    || !sk_X509_push(st->chain, cert)) {  in load_cert()
239 	    st->state = PEM_LOAD_STATE_FAIL;  in load_cert()
247 static void load_pkey(pem_load_state_t *st, int pkey_type,  in load_pkey()  argument
278     switch (st->state) {  in load_pkey()
285 	if (!st->mixed && !use_chain(st)) {  in load_pkey()
288 		     st->keynum, st->keysrc);  in load_pkey()
289 	    st->state = PEM_LOAD_STATE_FAIL;  in load_pkey()
297 		     st->objnum, st->source);  in load_pkey()
298 	    st->state = PEM_LOAD_STATE_FAIL;  in load_pkey()
304 		     " %s: excess data", st->objnum, st->source);  in load_pkey()
306 	    st->state = PEM_LOAD_STATE_NOGO;  in load_pkey()
310 	st->pkey = pkey;  in load_pkey()
311 	if (st->state == PEM_LOAD_STATE_INIT)  in load_pkey()
312 	    st->state = PEM_LOAD_STATE_PKEY;  in load_pkey()
313 	else if (st->mixed)  in load_pkey()
314 	    st->state = PEM_LOAD_STATE_BOTH;  in load_pkey()
316 	    st->state = PEM_LOAD_STATE_PKEY;  in load_pkey()
325 	if (st->mixed) {  in load_pkey()
327 		     st->objnum, st->source, st->keynum);  in load_pkey()
333 		 st->keynum, st->keysrc);  in load_pkey()
334 	st->state = PEM_LOAD_STATE_NOGO;  in load_pkey()
338 	msg_error("%s: internal error: bad state: %d", myname, st->state);  in load_pkey()
339 	st->state = PEM_LOAD_STATE_NOGO;  in load_pkey()
346 static int load_pem_object(pem_load_state_t *st)  in load_pem_object()  argument
354     if (!PEM_read_bio(st->pembio, &name, &header, &buf, &buflen)) {  in load_pem_object()
356 	    return (st->state = PEM_LOAD_STATE_FAIL);  in load_pem_object()
364 	load_cert(st, buf, buflen);  in load_pem_object()
372 	load_pkey(st, pkey_type, buf, buflen);  in load_pem_object()
373     } else if (!st->mixed) {  in load_pem_object()
374 	msg_warn("loading %s: ignoring PEM type: %s", st->source, name);  in load_pem_object()
379     return (st->state);  in load_pem_object()
384 static int load_pem_bio(pem_load_state_t *st, int more)  in load_pem_bio()  argument
386     int     state = st->state;  in load_pem_bio()
402     for (st->objnum = 1; state > PEM_LOAD_STATE_DONE; ++st->objnum) {  in load_pem_bio()
403 	state = load_pem_object(st);  in load_pem_bio()
404 	if ((st->mixed && st->keynum == 0 &&  in load_pem_bio()
406 	    || (!st->mixed && state == PEM_LOAD_STATE_PKEY)) {  in load_pem_bio()
408 	    st->keynum = st->objnum;  in load_pem_bio()
409 	    st->keysrc = st->source;  in load_pem_bio()
413     BIO_free(st->pembio);  in load_pem_bio()
422     switch (st->state) {  in load_pem_bio()
429 	msg_warn("No PEM data in %s", st->origin);  in load_pem_bio()
432 	msg_warn("No certs for key at index %d in %s", st->keynum, st->keysrc);  in load_pem_bio()
435 	if (st->mixed) {  in load_pem_bio()
436 	    msg_warn("No private key found in %s", st->origin);  in load_pem_bio()
442 	if (use_chain(st))  in load_pem_bio()
445 		 st->keynum, st->keysrc);  in load_pem_bio()
450     EVP_PKEY_free(st->pkey);  in load_pem_bio()
451     X509_free(st->cert);  in load_pem_bio()
452     sk_X509_pop_free(st->chain, X509_free);  in load_pem_bio()
455 	     st->origin, st->ctx ? "disabling TLS support" :  in load_pem_bio()
464     pem_load_state_t st;  in load_chain_files()  local
470     init_pem_load_state(&st, ctx, 0, chain_files);  in load_chain_files()
472 	st.source = *filep;  in load_chain_files()
473 	if ((st.pembio = BIO_new_file(st.source, "r")) == NULL) {  in load_chain_files()
474 	    msg_warn("error opening chain file: %s: %m", st.source);  in load_chain_files()
475 	    st.state = PEM_LOAD_STATE_NOGO;  in load_chain_files()
480 	ret = load_pem_bio(&st, more);  in load_chain_files()
490     pem_load_state_t st;  in load_mixed_file()  local
492     init_pem_load_state(&st, ctx, 0, file);  in load_mixed_file()
493     if ((st.pembio = BIO_new_file(st.source, "r")) == NULL) {  in load_mixed_file()
494 	msg_warn("error opening chain file: %s: %m", st.source);  in load_mixed_file()
497     st.mixed = 1;  in load_mixed_file()
499     return load_pem_bio(&st, PEM_LOAD_READ_LAST);  in load_mixed_file()
621     pem_load_state_t st;  in tls_load_pem_chain()  local
626     init_pem_load_state(&st, 0, ssl, vstring_str(obuf));  in tls_load_pem_chain()
628     if ((st.pembio = BIO_new_mem_buf(pem, -1)) == NULL) {  in tls_load_pem_chain()
629 	msg_warn("error opening memory BIO for %s", st.origin);  in tls_load_pem_chain()
634     return (load_pem_bio(&st, PEM_LOAD_READ_LAST));  in tls_load_pem_chain()