summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>2017-01-23 22:34:39 +0000
committerBob Beck <beck@cvs.openbsd.org>2017-01-23 22:34:39 +0000
commitb5e481f4b4019e537c8311cfa4e2a1d4c12f9d8f (patch)
tree83643e7f34f80b88fe51c78b068889ed6f18eb13 /lib
parenteacee96ec48d5bfa4ac95765a069137815608ba4 (diff)
move default_passwd_cb and default_passwd_cb_userdata back into
the ssl_ctx from internal - these are used directly by python and openvpn and a few other things - we have the set accessors but the get accessors were added in 1.1 and these roll their own caveat OPENSSL_VERSION chickenpluckery
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/ssl.h13
-rw-r--r--lib/libssl/ssl_lib.c10
-rw-r--r--lib/libssl/ssl_locl.h8
-rw-r--r--lib/libssl/ssl_rsa.c34
4 files changed, 35 insertions, 30 deletions
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 28b7de66675..075c37e8535 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.119 2017/01/23 14:35:42 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.120 2017/01/23 22:34:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -680,6 +680,17 @@ struct ssl_ctx_st {
X509_VERIFY_PARAM *param;
+ /*
+ * XXX
+ * default_passwd_cb used by python and openvpn, need to keep it until we
+ * add an accessor
+ */
+ /* Default password callback. */
+ pem_password_cb *default_passwd_callback;
+
+ /* Default password callback user data. */
+ void *default_passwd_callback_userdata;
+
struct ssl_ctx_internal_st *internal;
};
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 20b671022d4..7f49648611f 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.140 2017/01/23 14:35:42 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.141 2017/01/23 22:34:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1858,8 +1858,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
if ((ret->internal->cert = ssl_cert_new()) == NULL)
goto err;
- ret->internal->default_passwd_callback = 0;
- ret->internal->default_passwd_callback_userdata = NULL;
+ ret->default_passwd_callback = 0;
+ ret->default_passwd_callback_userdata = NULL;
ret->internal->client_cert_cb = 0;
ret->internal->app_gen_cookie_cb = 0;
ret->internal->app_verify_cookie_cb = 0;
@@ -2015,13 +2015,13 @@ SSL_CTX_free(SSL_CTX *a)
void
SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
{
- ctx->internal->default_passwd_callback = cb;
+ ctx->default_passwd_callback = cb;
}
void
SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
{
- ctx->internal->default_passwd_callback_userdata = u;
+ ctx->default_passwd_callback_userdata = u;
}
void
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index d0d72cbfdf6..231e0ba3333 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.162 2017/01/23 14:35:42 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.163 2017/01/23 22:34:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -454,12 +454,6 @@ typedef struct ssl_ctx_internal_st {
int (*app_verify_callback)(X509_STORE_CTX *, void *);
void *app_verify_arg;
- /* Default password callback. */
- pem_password_cb *default_passwd_callback;
-
- /* Default password callback user data. */
- void *default_passwd_callback_userdata;
-
/* get client cert callback */
int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c
index cbb1c0b562a..82c8cc0a870 100644
--- a/lib/libssl/ssl_rsa.c
+++ b/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_rsa.c,v 1.23 2017/01/23 05:13:02 jsing Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.24 2017/01/23 22:34:38 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -108,8 +108,8 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type)
} else if (type == SSL_FILETYPE_PEM) {
j = ERR_R_PEM_LIB;
x = PEM_read_bio_X509(in, NULL,
- ssl->ctx->internal->default_passwd_callback,
- ssl->ctx->internal->default_passwd_callback_userdata);
+ ssl->ctx->default_passwd_callback,
+ ssl->ctx->default_passwd_callback_userdata);
} else {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
goto end;
@@ -236,8 +236,8 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
} else if (type == SSL_FILETYPE_PEM) {
j = ERR_R_PEM_LIB;
rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
- ssl->ctx->internal->default_passwd_callback,
- ssl->ctx->internal->default_passwd_callback_userdata);
+ ssl->ctx->default_passwd_callback,
+ ssl->ctx->default_passwd_callback_userdata);
} else {
SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
goto end;
@@ -308,8 +308,8 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
if (type == SSL_FILETYPE_PEM) {
j = ERR_R_PEM_LIB;
pkey = PEM_read_bio_PrivateKey(in, NULL,
- ssl->ctx->internal->default_passwd_callback,
- ssl->ctx->internal->default_passwd_callback_userdata);
+ ssl->ctx->default_passwd_callback,
+ ssl->ctx->default_passwd_callback_userdata);
} else if (type == SSL_FILETYPE_ASN1) {
j = ERR_R_ASN1_LIB;
pkey = d2i_PrivateKey_bio(in, NULL);
@@ -440,8 +440,8 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
x = d2i_X509_bio(in, NULL);
} else if (type == SSL_FILETYPE_PEM) {
j = ERR_R_PEM_LIB;
- x = PEM_read_bio_X509(in, NULL, ctx->internal->default_passwd_callback,
- ctx->internal->default_passwd_callback_userdata);
+ x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
} else {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
goto end;
@@ -526,8 +526,8 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
} else if (type == SSL_FILETYPE_PEM) {
j = ERR_R_PEM_LIB;
rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
- ctx->internal->default_passwd_callback,
- ctx->internal->default_passwd_callback_userdata);
+ ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
} else {
SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
goto end;
@@ -596,8 +596,8 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
if (type == SSL_FILETYPE_PEM) {
j = ERR_R_PEM_LIB;
pkey = PEM_read_bio_PrivateKey(in, NULL,
- ctx->internal->default_passwd_callback,
- ctx->internal->default_passwd_callback_userdata);
+ ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
} else if (type == SSL_FILETYPE_ASN1) {
j = ERR_R_ASN1_LIB;
pkey = d2i_PrivateKey_bio(in, NULL);
@@ -650,8 +650,8 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
- x = PEM_read_bio_X509_AUX(in, NULL, ctx->internal->default_passwd_callback,
- ctx->internal->default_passwd_callback_userdata);
+ x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
if (x == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
goto end;
@@ -677,8 +677,8 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
}
while ((ca = PEM_read_bio_X509(in, NULL,
- ctx->internal->default_passwd_callback,
- ctx->internal->default_passwd_callback_userdata)) != NULL) {
+ ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata)) != NULL) {
r = SSL_CTX_add_extra_chain_cert(ctx, ca);
if (!r) {
X509_free(ca);
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-01 04:14:22 +0000