summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl.h13
-rw-r--r--src/lib/libssl/ssl_lib.c10
-rw-r--r--src/lib/libssl/ssl_locl.h8
-rw-r--r--src/lib/libssl/ssl_rsa.c34
4 files changed, 35 insertions, 30 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 28b7de6667..075c37e853 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.119 2017/01/23 14:35:42 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.120 2017/01/23 22:34:38 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -680,6 +680,17 @@ struct ssl_ctx_st {
680 680
681 X509_VERIFY_PARAM *param; 681 X509_VERIFY_PARAM *param;
682 682
683 /*
684 * XXX
685 * default_passwd_cb used by python and openvpn, need to keep it until we
686 * add an accessor
687 */
688 /* Default password callback. */
689 pem_password_cb *default_passwd_callback;
690
691 /* Default password callback user data. */
692 void *default_passwd_callback_userdata;
693
683 struct ssl_ctx_internal_st *internal; 694 struct ssl_ctx_internal_st *internal;
684}; 695};
685 696
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 20b671022d..7f49648611 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.140 2017/01/23 14:35:42 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.141 2017/01/23 22:34:38 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1858,8 +1858,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
1858 if ((ret->internal->cert = ssl_cert_new()) == NULL) 1858 if ((ret->internal->cert = ssl_cert_new()) == NULL)
1859 goto err; 1859 goto err;
1860 1860
1861 ret->internal->default_passwd_callback = 0; 1861 ret->default_passwd_callback = 0;
1862 ret->internal->default_passwd_callback_userdata = NULL; 1862 ret->default_passwd_callback_userdata = NULL;
1863 ret->internal->client_cert_cb = 0; 1863 ret->internal->client_cert_cb = 0;
1864 ret->internal->app_gen_cookie_cb = 0; 1864 ret->internal->app_gen_cookie_cb = 0;
1865 ret->internal->app_verify_cookie_cb = 0; 1865 ret->internal->app_verify_cookie_cb = 0;
@@ -2015,13 +2015,13 @@ SSL_CTX_free(SSL_CTX *a)
2015void 2015void
2016SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 2016SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
2017{ 2017{
2018 ctx->internal->default_passwd_callback = cb; 2018 ctx->default_passwd_callback = cb;
2019} 2019}
2020 2020
2021void 2021void
2022SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 2022SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
2023{ 2023{
2024 ctx->internal->default_passwd_callback_userdata = u; 2024 ctx->default_passwd_callback_userdata = u;
2025} 2025}
2026 2026
2027void 2027void
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index d0d72cbfdf..231e0ba333 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.162 2017/01/23 14:35:42 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.163 2017/01/23 22:34:38 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -454,12 +454,6 @@ typedef struct ssl_ctx_internal_st {
454 int (*app_verify_callback)(X509_STORE_CTX *, void *); 454 int (*app_verify_callback)(X509_STORE_CTX *, void *);
455 void *app_verify_arg; 455 void *app_verify_arg;
456 456
457 /* Default password callback. */
458 pem_password_cb *default_passwd_callback;
459
460 /* Default password callback user data. */
461 void *default_passwd_callback_userdata;
462
463 /* get client cert callback */ 457 /* get client cert callback */
464 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); 458 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
465 459
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index cbb1c0b562..82c8cc0a87 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_rsa.c,v 1.23 2017/01/23 05:13:02 jsing Exp $ */ 1/* $OpenBSD: ssl_rsa.c,v 1.24 2017/01/23 22:34:38 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -108,8 +108,8 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type)
108 } else if (type == SSL_FILETYPE_PEM) { 108 } else if (type == SSL_FILETYPE_PEM) {
109 j = ERR_R_PEM_LIB; 109 j = ERR_R_PEM_LIB;
110 x = PEM_read_bio_X509(in, NULL, 110 x = PEM_read_bio_X509(in, NULL,
111 ssl->ctx->internal->default_passwd_callback, 111 ssl->ctx->default_passwd_callback,
112 ssl->ctx->internal->default_passwd_callback_userdata); 112 ssl->ctx->default_passwd_callback_userdata);
113 } else { 113 } else {
114 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); 114 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
115 goto end; 115 goto end;
@@ -236,8 +236,8 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
236 } else if (type == SSL_FILETYPE_PEM) { 236 } else if (type == SSL_FILETYPE_PEM) {
237 j = ERR_R_PEM_LIB; 237 j = ERR_R_PEM_LIB;
238 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 238 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
239 ssl->ctx->internal->default_passwd_callback, 239 ssl->ctx->default_passwd_callback,
240 ssl->ctx->internal->default_passwd_callback_userdata); 240 ssl->ctx->default_passwd_callback_userdata);
241 } else { 241 } else {
242 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 242 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
243 goto end; 243 goto end;
@@ -308,8 +308,8 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
308 if (type == SSL_FILETYPE_PEM) { 308 if (type == SSL_FILETYPE_PEM) {
309 j = ERR_R_PEM_LIB; 309 j = ERR_R_PEM_LIB;
310 pkey = PEM_read_bio_PrivateKey(in, NULL, 310 pkey = PEM_read_bio_PrivateKey(in, NULL,
311 ssl->ctx->internal->default_passwd_callback, 311 ssl->ctx->default_passwd_callback,
312 ssl->ctx->internal->default_passwd_callback_userdata); 312 ssl->ctx->default_passwd_callback_userdata);
313 } else if (type == SSL_FILETYPE_ASN1) { 313 } else if (type == SSL_FILETYPE_ASN1) {
314 j = ERR_R_ASN1_LIB; 314 j = ERR_R_ASN1_LIB;
315 pkey = d2i_PrivateKey_bio(in, NULL); 315 pkey = d2i_PrivateKey_bio(in, NULL);
@@ -440,8 +440,8 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
440 x = d2i_X509_bio(in, NULL); 440 x = d2i_X509_bio(in, NULL);
441 } else if (type == SSL_FILETYPE_PEM) { 441 } else if (type == SSL_FILETYPE_PEM) {
442 j = ERR_R_PEM_LIB; 442 j = ERR_R_PEM_LIB;
443 x = PEM_read_bio_X509(in, NULL, ctx->internal->default_passwd_callback, 443 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
444 ctx->internal->default_passwd_callback_userdata); 444 ctx->default_passwd_callback_userdata);
445 } else { 445 } else {
446 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); 446 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
447 goto end; 447 goto end;
@@ -526,8 +526,8 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
526 } else if (type == SSL_FILETYPE_PEM) { 526 } else if (type == SSL_FILETYPE_PEM) {
527 j = ERR_R_PEM_LIB; 527 j = ERR_R_PEM_LIB;
528 rsa = PEM_read_bio_RSAPrivateKey(in, NULL, 528 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
529 ctx->internal->default_passwd_callback, 529 ctx->default_passwd_callback,
530 ctx->internal->default_passwd_callback_userdata); 530 ctx->default_passwd_callback_userdata);
531 } else { 531 } else {
532 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); 532 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
533 goto end; 533 goto end;
@@ -596,8 +596,8 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
596 if (type == SSL_FILETYPE_PEM) { 596 if (type == SSL_FILETYPE_PEM) {
597 j = ERR_R_PEM_LIB; 597 j = ERR_R_PEM_LIB;
598 pkey = PEM_read_bio_PrivateKey(in, NULL, 598 pkey = PEM_read_bio_PrivateKey(in, NULL,
599 ctx->internal->default_passwd_callback, 599 ctx->default_passwd_callback,
600 ctx->internal->default_passwd_callback_userdata); 600 ctx->default_passwd_callback_userdata);
601 } else if (type == SSL_FILETYPE_ASN1) { 601 } else if (type == SSL_FILETYPE_ASN1) {
602 j = ERR_R_ASN1_LIB; 602 j = ERR_R_ASN1_LIB;
603 pkey = d2i_PrivateKey_bio(in, NULL); 603 pkey = d2i_PrivateKey_bio(in, NULL);
@@ -650,8 +650,8 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
650 650
651 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ 651 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
652 652
653 x = PEM_read_bio_X509_AUX(in, NULL, ctx->internal->default_passwd_callback, 653 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
654 ctx->internal->default_passwd_callback_userdata); 654 ctx->default_passwd_callback_userdata);
655 if (x == NULL) { 655 if (x == NULL) {
656 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); 656 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
657 goto end; 657 goto end;
@@ -677,8 +677,8 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
677 } 677 }
678 678
679 while ((ca = PEM_read_bio_X509(in, NULL, 679 while ((ca = PEM_read_bio_X509(in, NULL,
680 ctx->internal->default_passwd_callback, 680 ctx->default_passwd_callback,
681 ctx->internal->default_passwd_callback_userdata)) != NULL) { 681 ctx->default_passwd_callback_userdata)) != NULL) {
682 r = SSL_CTX_add_extra_chain_cert(ctx, ca); 682 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
683 if (!r) { 683 if (!r) {
684 X509_free(ca); 684 X509_free(ca);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-30 23:38:10 +0000