int
tls_config_load_file(struct tls_error *error, const char *filetype,
const char *filename, char **buf, size_t *len)
{
struct stat st;
int fd = -1;
ssize_t n;
free(*buf);
*buf = NULL;
*len = 0;
if ((fd = open(filename, O_RDONLY)) == -1) {
tls_error_set(error, "failed to open %s file '%s'",
filetype, filename);
goto err;
}
if (fstat(fd, &st) != 0) {
tls_error_set(error, "failed to stat %s file '%s'",
filetype, filename);
goto err;
}
if (st.st_size < 0)
goto err;
*len = (size_t)st.st_size;
if ((*buf = malloc(*len)) == NULL) {
tls_error_set(error, "failed to allocate buffer for "
"%s file", filetype);
goto err;
}
n = read(fd, *buf, *len);
if (n < 0 || (size_t)n != *len) {
tls_error_set(error, "failed to read %s file '%s'",
filetype, filename);
goto err;
}
close(fd);
return 0;
err:
if (fd != -1)
close(fd);
freezero(*buf, *len);
*buf = NULL;
*len = 0;
return -1;
}
int
tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
X509 **cert)
{
char *errstr = "unknown";
BIO *cert_bio = NULL;
int ssl_err;
int rv = -1;
X509_free(*cert);
*cert = NULL;
if (keypair->cert_mem == NULL) {
tls_error_set(error, "keypair has no certificate");
goto err;
}
if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
keypair->cert_len)) == NULL) {
tls_error_set(error, "failed to create certificate bio");
goto err;
}
if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
NULL)) == NULL) {
if ((ssl_err = ERR_peek_error()) != 0)
errstr = ERR_error_string(ssl_err, NULL);
tls_error_set(error, "failed to load certificate: %s", errstr);
goto err;
}
rv = 0;
err:
BIO_free(cert_bio);
return (rv);
}
