Fix SSL_use_certificate_chain_file (a974e64a) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

doc/ssl/SSL_CTX_set_default_passwd_cb.pod

+9 −3

Original line number	Diff line number	Diff line
		@@ -2,7 +2,9 @@

		=head1 NAME

		SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling
		SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata,
		SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata - set passwd
		callback for encrypted PEM file handling

		=head1 SYNOPSIS

		@@ -10,6 +12,8 @@ SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set pass

		void SSL_CTX_set_default_passwd_cb(SSL_CTX ctx, pem_password_cb cb);
		void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX ctx, void u);
		void SSL_set_default_passwd_cb(SSL s, pem_password_cb cb);
		void SSL_set_default_passwd_cb_userdata(SSL s, void u);

		int pem_passwd_cb(char buf, int size, int rwflag, void userdata);

		@@ -21,6 +25,9 @@ when loading/storing a PEM certificate with encryption.
		SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B<userdata> which
		will be provided to the password callback on invocation.

		SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() perform the
		same function as their SSL_CTX counterparts, but using an SSL object.

		The pem_passwd_cb(), which must be provided by the application, hands back the
		password to be used during decryption. On invocation a pointer to B<userdata>
		is provided. The pem_passwd_cb must write the password into the provided buffer
		@@ -51,8 +58,7 @@ however not usual, as certificate information is considered public.

		=head1 RETURN VALUES

		SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata()
		do not provide diagnostic information.
		These functions do not provide diagnostic information.

		=head1 EXAMPLES

include/openssl/ssl.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -1514,6 +1514,8 @@ __owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,

		void SSL_CTX_set_default_passwd_cb(SSL_CTX ctx, pem_password_cb cb);
		void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX ctx, void u);
		void SSL_set_default_passwd_cb(SSL s, pem_password_cb cb);
		void SSL_set_default_passwd_cb_userdata(SSL s, void u);

		__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx);
		__owur int SSL_check_private_key(const SSL *ctx);

ssl/ssl_lib.c

+16 −0

Original line number	Diff line number	Diff line
		@@ -366,6 +366,9 @@ SSL SSL_new(SSL_CTX ctx)

		s->verify_result = X509_V_OK;

		s->default_passwd_callback = ctx->default_passwd_callback;
		s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;

		s->method = ctx->method;

		if (!s->method->ssl_new(s))
		@@ -1846,6 +1849,16 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX ctx, void u)
		ctx->default_passwd_callback_userdata = u;
		}

		void SSL_set_default_passwd_cb(SSL s, pem_password_cb cb)
		{
		s->default_passwd_callback = cb;
		}

		void SSL_set_default_passwd_cb_userdata(SSL s, void u)
		{
		s->default_passwd_callback_userdata = u;
		}

		void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
		int (cb) (X509_STORE_CTX , void *),
		void *arg)
		@@ -2535,6 +2548,9 @@ SSL SSL_dup(SSL s)
		* ret->init_off */
		ret->hit = s->hit;

		ret->default_passwd_callback = s->default_passwd_callback;
		ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;

		X509_VERIFY_PARAM_inherit(ret->param, s->param);

		/* dup the cipher_list and cipher_list_by_id stacks */

ssl/ssl_locl.h

+6 −0

Original line number	Diff line number	Diff line
		@@ -1193,6 +1193,12 @@ struct ssl_st {
		int (not_resumable_session_cb) (SSL ssl, int is_forward_secure);

		RECORD_LAYER rlayer;

		/* Default password callback. */
		pem_password_cb *default_passwd_callback;

		/* Default password callback user data. */
		void *default_passwd_callback_userdata;
		};

ssl/ssl_rsa.c

+15 −6

Original line number	Diff line number	Diff line
		@@ -644,10 +644,20 @@ static int use_certificate_chain_file(SSL_CTX ctx, SSL ssl, const char *file)
		BIO *in;
		int ret = 0;
		X509 *x = NULL;
		pem_password_cb *passwd_callback;
		void *passwd_callback_userdata;

		ERR_clear_error(); /* clear error stack for
		* SSL_CTX_use_certificate() */

		if (ctx != NULL) {
		passwd_callback = ctx->default_passwd_callback;
		passwd_callback_userdata = ctx->default_passwd_callback_userdata;
		} else {
		passwd_callback = ssl->default_passwd_callback;
		passwd_callback_userdata = ssl->default_passwd_callback_userdata;
		}

		in = BIO_new(BIO_s_file());
		if (in == NULL) {
		SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
		@@ -659,8 +669,8 @@ static int use_certificate_chain_file(SSL_CTX ctx, SSL ssl, const char *file)
		goto end;
		}

		x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
		ctx->default_passwd_callback_userdata);
		x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback,
		passwd_callback_userdata);
		if (x == NULL) {
		SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
		goto end;
		@@ -693,9 +703,8 @@ static int use_certificate_chain_file(SSL_CTX ctx, SSL ssl, const char *file)
		goto end;
		}

		while ((ca = PEM_read_bio_X509(in, NULL,
		ctx->default_passwd_callback,
		ctx->default_passwd_callback_userdata))
		while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
		passwd_callback_userdata))
		!= NULL) {
		if (ctx)
		r = SSL_CTX_add0_chain_cert(ctx, ca);