diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_rsa.c | 50 |
2 files changed, 40 insertions, 15 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index e7ff6cec2a..36c9ef02bd 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.182 2021/02/20 08:33:17 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.183 2021/03/19 19:51:07 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1357,6 +1357,9 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); | |||
| 1357 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); | 1357 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); |
| 1358 | int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); | 1358 | int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); |
| 1359 | int SSL_use_certificate_file(SSL *ssl, const char *file, int type); | 1359 | int SSL_use_certificate_file(SSL *ssl, const char *file, int type); |
| 1360 | #if defined(LIBRESSL_INTERNAL) | ||
| 1361 | int SSL_use_certificate_chain_file(SSL *ssl, const char *file); | ||
| 1362 | #endif | ||
| 1360 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); | 1363 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); |
| 1361 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); | 1364 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); |
| 1362 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); | 1365 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); |
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 0936c0bd4c..18ae5307d3 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_rsa.c,v 1.31 2019/03/25 16:46:48 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_rsa.c,v 1.32 2021/03/19 19:51:07 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -68,7 +68,10 @@ | |||
| 68 | 68 | ||
| 69 | static int ssl_set_cert(CERT *c, X509 *x509); | 69 | static int ssl_set_cert(CERT *c, X509 *x509); |
| 70 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); | 70 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); |
| 71 | static int ssl_ctx_use_certificate_chain_bio(SSL_CTX *, BIO *); | 71 | static int use_certificate_chain_bio(BIO *in, CERT *cert, |
| 72 | pem_password_cb *passwd_cb, void *passwd_arg); | ||
| 73 | static int use_certificate_chain_file(const char *file, CERT *cert, | ||
| 74 | pem_password_cb *passwd_cb, void *passwd_arg); | ||
| 72 | 75 | ||
| 73 | int | 76 | int |
| 74 | SSL_use_certificate(SSL *ssl, X509 *x) | 77 | SSL_use_certificate(SSL *ssl, X509 *x) |
| @@ -609,29 +612,29 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, | |||
| 609 | * sent to the peer in the Certificate message. | 612 | * sent to the peer in the Certificate message. |
| 610 | */ | 613 | */ |
| 611 | static int | 614 | static int |
| 612 | ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) | 615 | use_certificate_chain_bio(BIO *in, CERT *cert, pem_password_cb *passwd_cb, |
| 616 | void *passwd_arg) | ||
| 613 | { | 617 | { |
| 614 | X509 *ca, *x = NULL; | 618 | X509 *ca, *x = NULL; |
| 615 | unsigned long err; | 619 | unsigned long err; |
| 616 | int ret = 0; | 620 | int ret = 0; |
| 617 | 621 | ||
| 618 | if ((x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, | 622 | if ((x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_arg)) == |
| 619 | ctx->default_passwd_callback_userdata)) == NULL) { | 623 | NULL) { |
| 620 | SSLerrorx(ERR_R_PEM_LIB); | 624 | SSLerrorx(ERR_R_PEM_LIB); |
| 621 | goto err; | 625 | goto err; |
| 622 | } | 626 | } |
| 623 | 627 | ||
| 624 | if (!SSL_CTX_use_certificate(ctx, x)) | 628 | if (!ssl_set_cert(cert, x)) |
| 625 | goto err; | 629 | goto err; |
| 626 | 630 | ||
| 627 | if (!ssl_cert_set0_chain(ctx->internal->cert, NULL)) | 631 | if (!ssl_cert_set0_chain(cert, NULL)) |
| 628 | goto err; | 632 | goto err; |
| 629 | 633 | ||
| 630 | /* Process any additional CA certificates. */ | 634 | /* Process any additional CA certificates. */ |
| 631 | while ((ca = PEM_read_bio_X509(in, NULL, | 635 | while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_arg)) != |
| 632 | ctx->default_passwd_callback, | 636 | NULL) { |
| 633 | ctx->default_passwd_callback_userdata)) != NULL) { | 637 | if (!ssl_cert_add0_chain_cert(cert, ca)) { |
| 634 | if (!ssl_cert_add0_chain_cert(ctx->internal->cert, ca)) { | ||
| 635 | X509_free(ca); | 638 | X509_free(ca); |
| 636 | goto err; | 639 | goto err; |
| 637 | } | 640 | } |
| @@ -652,7 +655,8 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) | |||
| 652 | } | 655 | } |
| 653 | 656 | ||
| 654 | int | 657 | int |
| 655 | SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | 658 | use_certificate_chain_file(const char *file, CERT *cert, |
| 659 | pem_password_cb *passwd_cb, void *passwd_arg) | ||
| 656 | { | 660 | { |
| 657 | BIO *in; | 661 | BIO *in; |
| 658 | int ret = 0; | 662 | int ret = 0; |
| @@ -668,7 +672,7 @@ SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | |||
| 668 | goto end; | 672 | goto end; |
| 669 | } | 673 | } |
| 670 | 674 | ||
| 671 | ret = ssl_ctx_use_certificate_chain_bio(ctx, in); | 675 | ret = use_certificate_chain_bio(in, cert, passwd_cb, passwd_arg); |
| 672 | 676 | ||
| 673 | end: | 677 | end: |
| 674 | BIO_free(in); | 678 | BIO_free(in); |
| @@ -676,6 +680,22 @@ end: | |||
| 676 | } | 680 | } |
| 677 | 681 | ||
| 678 | int | 682 | int |
| 683 | SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | ||
| 684 | { | ||
| 685 | return use_certificate_chain_file(file, ctx->internal->cert, | ||
| 686 | ctx->default_passwd_callback, | ||
| 687 | ctx->default_passwd_callback_userdata); | ||
| 688 | } | ||
| 689 | |||
| 690 | int | ||
| 691 | SSL_use_certificate_chain_file(SSL *ssl, const char *file) | ||
| 692 | { | ||
| 693 | return use_certificate_chain_file(file, ssl->cert, | ||
| 694 | ssl->ctx->default_passwd_callback, | ||
| 695 | ssl->ctx->default_passwd_callback_userdata); | ||
| 696 | } | ||
| 697 | |||
| 698 | int | ||
| 679 | SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) | 699 | SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) |
| 680 | { | 700 | { |
| 681 | BIO *in; | 701 | BIO *in; |
| @@ -687,7 +707,9 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) | |||
| 687 | goto end; | 707 | goto end; |
| 688 | } | 708 | } |
| 689 | 709 | ||
| 690 | ret = ssl_ctx_use_certificate_chain_bio(ctx, in); | 710 | ret = use_certificate_chain_bio(in, ctx->internal->cert, |
| 711 | ctx->default_passwd_callback, | ||
| 712 | ctx->default_passwd_callback_userdata); | ||
| 691 | 713 | ||
| 692 | end: | 714 | end: |
| 693 | BIO_free(in); | 715 | BIO_free(in); |