summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2022-06-29 21:12:19 +0000
committertb <>2022-06-29 21:12:19 +0000
commit99a16176560bba9735072817410c8fe6abe5c098 (patch)
treef4a91403dd87275ae461df32912d6bed233c1b67 /src
parent56d0eb949deb113577f9b7359153a45269b2b0df (diff)
downloadopenbsd-99a16176560bba9735072817410c8fe6abe5c098.tar.gz
openbsd-99a16176560bba9735072817410c8fe6abe5c098.tar.bz2
openbsd-99a16176560bba9735072817410c8fe6abe5c098.zip
Refactor use_certificate_chain_* to take ssl/ctx instead of a cert
ok beck jsing
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/ssl_cert.c11
-rw-r--r--src/lib/libssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/ssl_rsa.c52
3 files changed, 45 insertions, 21 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index ecf8179d51..21937f8513 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.98 2022/06/29 21:08:07 tb Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.99 2022/06/29 21:12:19 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -302,6 +302,15 @@ ssl_cert_free(SSL_CERT *c)
302 free(c); 302 free(c);
303} 303}
304 304
305SSL_CERT *
306ssl_get0_cert(SSL_CTX *ctx, SSL *ssl)
307{
308 if (ssl != NULL)
309 return ssl->cert;
310
311 return ctx->internal->cert;
312}
313
305int 314int
306ssl_cert_set0_chain(SSL_CERT *c, STACK_OF(X509) *chain) 315ssl_cert_set0_chain(SSL_CERT *c, STACK_OF(X509) *chain)
307{ 316{
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 161a8407af..83374fa69f 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.404 2022/06/29 21:10:20 tb Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.405 2022/06/29 21:12:19 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1285,6 +1285,7 @@ void ssl_msg_callback(SSL *s, int is_write, int content_type,
1285SSL_CERT *ssl_cert_new(void); 1285SSL_CERT *ssl_cert_new(void);
1286SSL_CERT *ssl_cert_dup(SSL_CERT *cert); 1286SSL_CERT *ssl_cert_dup(SSL_CERT *cert);
1287void ssl_cert_free(SSL_CERT *c); 1287void ssl_cert_free(SSL_CERT *c);
1288SSL_CERT *ssl_get0_cert(SSL_CTX *ctx, SSL *ssl);
1288int ssl_cert_set0_chain(SSL_CERT *c, STACK_OF(X509) *chain); 1289int ssl_cert_set0_chain(SSL_CERT *c, STACK_OF(X509) *chain);
1289int ssl_cert_set1_chain(SSL_CERT *c, STACK_OF(X509) *chain); 1290int ssl_cert_set1_chain(SSL_CERT *c, STACK_OF(X509) *chain);
1290int ssl_cert_add0_chain_cert(SSL_CERT *c, X509 *cert); 1291int ssl_cert_add0_chain_cert(SSL_CERT *c, X509 *cert);
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index f5c90fca8b..f2d3b8dd00 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_rsa.c,v 1.39 2022/02/03 16:33:12 jsing Exp $ */ 1/* $OpenBSD: ssl_rsa.c,v 1.40 2022/06/29 21:12:19 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -66,12 +66,12 @@
66 66
67#include "ssl_locl.h" 67#include "ssl_locl.h"
68 68
69static int ssl_get_password_cb_and_arg(SSL_CTX *ctx, SSL *ssl,
70 pem_password_cb **passwd_cb, void **passwd_arg);
69static int ssl_set_cert(SSL_CERT *c, X509 *x509); 71static int ssl_set_cert(SSL_CERT *c, X509 *x509);
70static int ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey); 72static int ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey);
71static int use_certificate_chain_bio(BIO *in, SSL_CERT *cert, 73static int use_certificate_chain_bio(SSL_CTX *ctx, SSL *ssl, BIO *in);
72 pem_password_cb *passwd_cb, void *passwd_arg); 74static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file);
73static int use_certificate_chain_file(const char *file, SSL_CERT *cert,
74 pem_password_cb *passwd_cb, void *passwd_arg);
75 75
76int 76int
77SSL_use_certificate(SSL *ssl, X509 *x) 77SSL_use_certificate(SSL *ssl, X509 *x)
@@ -343,6 +343,19 @@ SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
343} 343}
344 344
345static int 345static int
346ssl_get_password_cb_and_arg(SSL_CTX *ctx, SSL *ssl,
347 pem_password_cb **passwd_cb, void **passwd_arg)
348{
349 if (ssl != NULL)
350 ctx = ssl->ctx;
351
352 *passwd_cb = ctx->default_passwd_callback;
353 *passwd_arg = ctx->default_passwd_callback_userdata;
354
355 return 1;
356}
357
358static int
346ssl_set_cert(SSL_CERT *c, X509 *x) 359ssl_set_cert(SSL_CERT *c, X509 *x)
347{ 360{
348 EVP_PKEY *pkey; 361 EVP_PKEY *pkey;
@@ -610,19 +623,27 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
610 * sent to the peer in the Certificate message. 623 * sent to the peer in the Certificate message.
611 */ 624 */
612static int 625static int
613use_certificate_chain_bio(BIO *in, SSL_CERT *cert, pem_password_cb *passwd_cb, 626use_certificate_chain_bio(SSL_CTX *ctx, SSL *ssl, BIO *in)
614 void *passwd_arg)
615{ 627{
628 pem_password_cb *passwd_cb;
629 void *passwd_arg;
630 SSL_CERT *cert;
616 X509 *ca, *x = NULL; 631 X509 *ca, *x = NULL;
617 unsigned long err; 632 unsigned long err;
618 int ret = 0; 633 int ret = 0;
619 634
635 if (!ssl_get_password_cb_and_arg(ctx, ssl, &passwd_cb, &passwd_arg))
636 goto err;
637
620 if ((x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_arg)) == 638 if ((x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_arg)) ==
621 NULL) { 639 NULL) {
622 SSLerrorx(ERR_R_PEM_LIB); 640 SSLerrorx(ERR_R_PEM_LIB);
623 goto err; 641 goto err;
624 } 642 }
625 643
644 if ((cert = ssl_get0_cert(ctx, ssl)) == NULL)
645 goto err;
646
626 if (!ssl_set_cert(cert, x)) 647 if (!ssl_set_cert(cert, x))
627 goto err; 648 goto err;
628 649
@@ -653,8 +674,7 @@ use_certificate_chain_bio(BIO *in, SSL_CERT *cert, pem_password_cb *passwd_cb,
653} 674}
654 675
655int 676int
656use_certificate_chain_file(const char *file, SSL_CERT *cert, 677use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
657 pem_password_cb *passwd_cb, void *passwd_arg)
658{ 678{
659 BIO *in; 679 BIO *in;
660 int ret = 0; 680 int ret = 0;
@@ -670,7 +690,7 @@ use_certificate_chain_file(const char *file, SSL_CERT *cert,
670 goto end; 690 goto end;
671 } 691 }
672 692
673 ret = use_certificate_chain_bio(in, cert, passwd_cb, passwd_arg); 693 ret = use_certificate_chain_bio(ctx, ssl, in);
674 694
675 end: 695 end:
676 BIO_free(in); 696 BIO_free(in);
@@ -680,17 +700,13 @@ use_certificate_chain_file(const char *file, SSL_CERT *cert,
680int 700int
681SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) 701SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
682{ 702{
683 return use_certificate_chain_file(file, ctx->internal->cert, 703 return use_certificate_chain_file(ctx, NULL, file);
684 ctx->default_passwd_callback,
685 ctx->default_passwd_callback_userdata);
686} 704}
687 705
688int 706int
689SSL_use_certificate_chain_file(SSL *ssl, const char *file) 707SSL_use_certificate_chain_file(SSL *ssl, const char *file)
690{ 708{
691 return use_certificate_chain_file(file, ssl->cert, 709 return use_certificate_chain_file(NULL, ssl, file);
692 ssl->ctx->default_passwd_callback,
693 ssl->ctx->default_passwd_callback_userdata);
694} 710}
695 711
696int 712int
@@ -705,9 +721,7 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len)
705 goto end; 721 goto end;
706 } 722 }
707 723
708 ret = use_certificate_chain_bio(in, ctx->internal->cert, 724 ret = use_certificate_chain_bio(ctx, NULL, in);
709 ctx->default_passwd_callback,
710 ctx->default_passwd_callback_userdata);
711 725
712 end: 726 end:
713 BIO_free(in); 727 BIO_free(in);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-23 17:00:29 +0000