diff options
author | Matt Caswell <matt@openssl.org> | 2015-11-09 14:38:59 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-11-10 23:02:44 +0000 |
commit | a974e64aaaa8a6f99f55a68d28c07c04ecea2f50 (patch) | |
tree | 8813cd92bec23d1c450f4303c0ee72b743d68a95 /ssl | |
parent | 6329b6092b28b656be8a1e4a8363d2e3bcc32053 (diff) |
Fix SSL_use_certificate_chain_file
The new function SSL_use_certificate_chain_file was always crashing in
the internal function use_certificate_chain_file because it would pass a
NULL value for SSL_CTX *, but use_certificate_chain_file would
unconditionally try to dereference it.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 16 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 6 | ||||
-rw-r--r-- | ssl/ssl_rsa.c | 21 |
3 files changed, 37 insertions, 6 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b6e5127f0c..d8d2244ae5 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -366,6 +366,9 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_result = X509_V_OK; + s->default_passwd_callback = ctx->default_passwd_callback; + s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata; + s->method = ctx->method; if (!s->method->ssl_new(s)) @@ -1846,6 +1849,16 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) ctx->default_passwd_callback_userdata = u; } +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb) +{ + s->default_passwd_callback = cb; +} + +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u) +{ + s->default_passwd_callback_userdata = u; +} + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb) (X509_STORE_CTX *, void *), void *arg) @@ -2535,6 +2548,9 @@ SSL *SSL_dup(SSL *s) * ret->init_off */ ret->hit = s->hit; + ret->default_passwd_callback = s->default_passwd_callback; + ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata; + X509_VERIFY_PARAM_inherit(ret->param, s->param); /* dup the cipher_list and cipher_list_by_id stacks */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index e174def656..03bc35cc93 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1193,6 +1193,12 @@ struct ssl_st { int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); RECORD_LAYER rlayer; + + /* Default password callback. */ + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + void *default_passwd_callback_userdata; }; diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 9e172b579c..be552c1d36 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -644,10 +644,20 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) BIO *in; int ret = 0; X509 *x = NULL; + pem_password_cb *passwd_callback; + void *passwd_callback_userdata; ERR_clear_error(); /* clear error stack for * SSL_CTX_use_certificate() */ + if (ctx != NULL) { + passwd_callback = ctx->default_passwd_callback; + passwd_callback_userdata = ctx->default_passwd_callback_userdata; + } else { + passwd_callback = ssl->default_passwd_callback; + passwd_callback_userdata = ssl->default_passwd_callback_userdata; + } + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); @@ -659,8 +669,8 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); + x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback, + passwd_callback_userdata); if (x == NULL) { SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); goto end; @@ -693,10 +703,9 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - while ((ca = PEM_read_bio_X509(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) - != NULL) { + while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback, + passwd_callback_userdata)) + != NULL) { if (ctx) r = SSL_CTX_add0_chain_cert(ctx, ca); else |