diff options
| author | beck <> | 2017-01-23 22:34:38 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-23 22:34:38 +0000 |
| commit | f05c52aa76a00f8868af9655f7175b76580f1fc3 (patch) | |
| tree | cfbe5f284335f8bbcacf78c3fc12dfb19f453f3f /src/lib | |
| parent | d43892e9652017c33ea2cf69639dc9a01090be5f (diff) | |
| download | openbsd-f05c52aa76a00f8868af9655f7175b76580f1fc3.tar.gz openbsd-f05c52aa76a00f8868af9655f7175b76580f1fc3.tar.bz2 openbsd-f05c52aa76a00f8868af9655f7175b76580f1fc3.zip | |
move default_passwd_cb and default_passwd_cb_userdata back into
the ssl_ctx from internal - these are used directly by python
and openvpn and a few other things - we have the set accessors
but the get accessors were added in 1.1 and these roll their
own caveat OPENSSL_VERSION chickenpluckery
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/ssl.h | 13 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 8 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_rsa.c | 34 |
4 files changed, 35 insertions, 30 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 28b7de6667..075c37e853 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.119 2017/01/23 14:35:42 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.120 2017/01/23 22:34:38 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -680,6 +680,17 @@ struct ssl_ctx_st { | |||
| 680 | 680 | ||
| 681 | X509_VERIFY_PARAM *param; | 681 | X509_VERIFY_PARAM *param; |
| 682 | 682 | ||
| 683 | /* | ||
| 684 | * XXX | ||
| 685 | * default_passwd_cb used by python and openvpn, need to keep it until we | ||
| 686 | * add an accessor | ||
| 687 | */ | ||
| 688 | /* Default password callback. */ | ||
| 689 | pem_password_cb *default_passwd_callback; | ||
| 690 | |||
| 691 | /* Default password callback user data. */ | ||
| 692 | void *default_passwd_callback_userdata; | ||
| 693 | |||
| 683 | struct ssl_ctx_internal_st *internal; | 694 | struct ssl_ctx_internal_st *internal; |
| 684 | }; | 695 | }; |
| 685 | 696 | ||
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 20b671022d..7f49648611 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.140 2017/01/23 14:35:42 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.141 2017/01/23 22:34:38 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1858,8 +1858,8 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1858 | if ((ret->internal->cert = ssl_cert_new()) == NULL) | 1858 | if ((ret->internal->cert = ssl_cert_new()) == NULL) |
| 1859 | goto err; | 1859 | goto err; |
| 1860 | 1860 | ||
| 1861 | ret->internal->default_passwd_callback = 0; | 1861 | ret->default_passwd_callback = 0; |
| 1862 | ret->internal->default_passwd_callback_userdata = NULL; | 1862 | ret->default_passwd_callback_userdata = NULL; |
| 1863 | ret->internal->client_cert_cb = 0; | 1863 | ret->internal->client_cert_cb = 0; |
| 1864 | ret->internal->app_gen_cookie_cb = 0; | 1864 | ret->internal->app_gen_cookie_cb = 0; |
| 1865 | ret->internal->app_verify_cookie_cb = 0; | 1865 | ret->internal->app_verify_cookie_cb = 0; |
| @@ -2015,13 +2015,13 @@ SSL_CTX_free(SSL_CTX *a) | |||
| 2015 | void | 2015 | void |
| 2016 | SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) | 2016 | SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) |
| 2017 | { | 2017 | { |
| 2018 | ctx->internal->default_passwd_callback = cb; | 2018 | ctx->default_passwd_callback = cb; |
| 2019 | } | 2019 | } |
| 2020 | 2020 | ||
| 2021 | void | 2021 | void |
| 2022 | SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) | 2022 | SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) |
| 2023 | { | 2023 | { |
| 2024 | ctx->internal->default_passwd_callback_userdata = u; | 2024 | ctx->default_passwd_callback_userdata = u; |
| 2025 | } | 2025 | } |
| 2026 | 2026 | ||
| 2027 | void | 2027 | void |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index d0d72cbfdf..231e0ba333 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.162 2017/01/23 14:35:42 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.163 2017/01/23 22:34:38 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -454,12 +454,6 @@ typedef struct ssl_ctx_internal_st { | |||
| 454 | int (*app_verify_callback)(X509_STORE_CTX *, void *); | 454 | int (*app_verify_callback)(X509_STORE_CTX *, void *); |
| 455 | void *app_verify_arg; | 455 | void *app_verify_arg; |
| 456 | 456 | ||
| 457 | /* Default password callback. */ | ||
| 458 | pem_password_cb *default_passwd_callback; | ||
| 459 | |||
| 460 | /* Default password callback user data. */ | ||
| 461 | void *default_passwd_callback_userdata; | ||
| 462 | |||
| 463 | /* get client cert callback */ | 457 | /* get client cert callback */ |
| 464 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | 458 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
| 465 | 459 | ||
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index cbb1c0b562..82c8cc0a87 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_rsa.c,v 1.23 2017/01/23 05:13:02 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_rsa.c,v 1.24 2017/01/23 22:34:38 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -108,8 +108,8 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type) | |||
| 108 | } else if (type == SSL_FILETYPE_PEM) { | 108 | } else if (type == SSL_FILETYPE_PEM) { |
| 109 | j = ERR_R_PEM_LIB; | 109 | j = ERR_R_PEM_LIB; |
| 110 | x = PEM_read_bio_X509(in, NULL, | 110 | x = PEM_read_bio_X509(in, NULL, |
| 111 | ssl->ctx->internal->default_passwd_callback, | 111 | ssl->ctx->default_passwd_callback, |
| 112 | ssl->ctx->internal->default_passwd_callback_userdata); | 112 | ssl->ctx->default_passwd_callback_userdata); |
| 113 | } else { | 113 | } else { |
| 114 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); | 114 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 115 | goto end; | 115 | goto end; |
| @@ -236,8 +236,8 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) | |||
| 236 | } else if (type == SSL_FILETYPE_PEM) { | 236 | } else if (type == SSL_FILETYPE_PEM) { |
| 237 | j = ERR_R_PEM_LIB; | 237 | j = ERR_R_PEM_LIB; |
| 238 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, | 238 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, |
| 239 | ssl->ctx->internal->default_passwd_callback, | 239 | ssl->ctx->default_passwd_callback, |
| 240 | ssl->ctx->internal->default_passwd_callback_userdata); | 240 | ssl->ctx->default_passwd_callback_userdata); |
| 241 | } else { | 241 | } else { |
| 242 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); | 242 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 243 | goto end; | 243 | goto end; |
| @@ -308,8 +308,8 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) | |||
| 308 | if (type == SSL_FILETYPE_PEM) { | 308 | if (type == SSL_FILETYPE_PEM) { |
| 309 | j = ERR_R_PEM_LIB; | 309 | j = ERR_R_PEM_LIB; |
| 310 | pkey = PEM_read_bio_PrivateKey(in, NULL, | 310 | pkey = PEM_read_bio_PrivateKey(in, NULL, |
| 311 | ssl->ctx->internal->default_passwd_callback, | 311 | ssl->ctx->default_passwd_callback, |
| 312 | ssl->ctx->internal->default_passwd_callback_userdata); | 312 | ssl->ctx->default_passwd_callback_userdata); |
| 313 | } else if (type == SSL_FILETYPE_ASN1) { | 313 | } else if (type == SSL_FILETYPE_ASN1) { |
| 314 | j = ERR_R_ASN1_LIB; | 314 | j = ERR_R_ASN1_LIB; |
| 315 | pkey = d2i_PrivateKey_bio(in, NULL); | 315 | pkey = d2i_PrivateKey_bio(in, NULL); |
| @@ -440,8 +440,8 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) | |||
| 440 | x = d2i_X509_bio(in, NULL); | 440 | x = d2i_X509_bio(in, NULL); |
| 441 | } else if (type == SSL_FILETYPE_PEM) { | 441 | } else if (type == SSL_FILETYPE_PEM) { |
| 442 | j = ERR_R_PEM_LIB; | 442 | j = ERR_R_PEM_LIB; |
| 443 | x = PEM_read_bio_X509(in, NULL, ctx->internal->default_passwd_callback, | 443 | x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, |
| 444 | ctx->internal->default_passwd_callback_userdata); | 444 | ctx->default_passwd_callback_userdata); |
| 445 | } else { | 445 | } else { |
| 446 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); | 446 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 447 | goto end; | 447 | goto end; |
| @@ -526,8 +526,8 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) | |||
| 526 | } else if (type == SSL_FILETYPE_PEM) { | 526 | } else if (type == SSL_FILETYPE_PEM) { |
| 527 | j = ERR_R_PEM_LIB; | 527 | j = ERR_R_PEM_LIB; |
| 528 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, | 528 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, |
| 529 | ctx->internal->default_passwd_callback, | 529 | ctx->default_passwd_callback, |
| 530 | ctx->internal->default_passwd_callback_userdata); | 530 | ctx->default_passwd_callback_userdata); |
| 531 | } else { | 531 | } else { |
| 532 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); | 532 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 533 | goto end; | 533 | goto end; |
| @@ -596,8 +596,8 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) | |||
| 596 | if (type == SSL_FILETYPE_PEM) { | 596 | if (type == SSL_FILETYPE_PEM) { |
| 597 | j = ERR_R_PEM_LIB; | 597 | j = ERR_R_PEM_LIB; |
| 598 | pkey = PEM_read_bio_PrivateKey(in, NULL, | 598 | pkey = PEM_read_bio_PrivateKey(in, NULL, |
| 599 | ctx->internal->default_passwd_callback, | 599 | ctx->default_passwd_callback, |
| 600 | ctx->internal->default_passwd_callback_userdata); | 600 | ctx->default_passwd_callback_userdata); |
| 601 | } else if (type == SSL_FILETYPE_ASN1) { | 601 | } else if (type == SSL_FILETYPE_ASN1) { |
| 602 | j = ERR_R_ASN1_LIB; | 602 | j = ERR_R_ASN1_LIB; |
| 603 | pkey = d2i_PrivateKey_bio(in, NULL); | 603 | pkey = d2i_PrivateKey_bio(in, NULL); |
| @@ -650,8 +650,8 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) | |||
| 650 | 650 | ||
| 651 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ | 651 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ |
| 652 | 652 | ||
| 653 | x = PEM_read_bio_X509_AUX(in, NULL, ctx->internal->default_passwd_callback, | 653 | x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, |
| 654 | ctx->internal->default_passwd_callback_userdata); | 654 | ctx->default_passwd_callback_userdata); |
| 655 | if (x == NULL) { | 655 | if (x == NULL) { |
| 656 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); | 656 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); |
| 657 | goto end; | 657 | goto end; |
| @@ -677,8 +677,8 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) | |||
| 677 | } | 677 | } |
| 678 | 678 | ||
| 679 | while ((ca = PEM_read_bio_X509(in, NULL, | 679 | while ((ca = PEM_read_bio_X509(in, NULL, |
| 680 | ctx->internal->default_passwd_callback, | 680 | ctx->default_passwd_callback, |
| 681 | ctx->internal->default_passwd_callback_userdata)) != NULL) { | 681 | ctx->default_passwd_callback_userdata)) != NULL) { |
| 682 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); | 682 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); |
| 683 | if (!r) { | 683 | if (!r) { |
| 684 | X509_free(ca); | 684 | X509_free(ca); |