int tls_config_load_file(struct tls_error *error, const char *filetype, const char *filename, char **buf, size_t *len) { struct stat st; int fd = -1; ssize_t n; free(*buf); *buf = NULL; *len = 0; if ((fd = open(filename, O_RDONLY)) == -1) { tls_error_set(error, "failed to open %s file '%s'", filetype, filename); goto err; } if (fstat(fd, &st) != 0) { tls_error_set(error, "failed to stat %s file '%s'", filetype, filename); goto err; } if (st.st_size < 0) goto err; *len = (size_t)st.st_size; if ((*buf = malloc(*len)) == NULL) { tls_error_set(error, "failed to allocate buffer for " "%s file", filetype); goto err; } n = read(fd, *buf, *len); if (n < 0 || (size_t)n != *len) { tls_error_set(error, "failed to read %s file '%s'", filetype, filename); goto err; } close(fd); return 0; err: if (fd != -1) close(fd); freezero(*buf, *len); *buf = NULL; *len = 0; return -1; }
int tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error, X509 **cert) { char *errstr = "unknown"; BIO *cert_bio = NULL; int ssl_err; int rv = -1; X509_free(*cert); *cert = NULL; if (keypair->cert_mem == NULL) { tls_error_set(error, "keypair has no certificate"); goto err; } if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem, keypair->cert_len)) == NULL) { tls_error_set(error, "failed to create certificate bio"); goto err; } if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb, NULL)) == NULL) { if ((ssl_err = ERR_peek_error()) != 0) errstr = ERR_error_string(ssl_err, NULL); tls_error_set(error, "failed to load certificate: %s", errstr); goto err; } rv = 0; err: BIO_free(cert_bio); return (rv); }