Warmcat homepage andy@warmcat.com
libwebsockets
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1755716506, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"2c84a59da80906055cb23366f53e10f6", "commit": {"type":"commit", "time": 1447196564, "time_ofs": 0, "oid_tree": { "oid": "8813cd92bec23d1c450f4303c0ee72b743d68a95", "alias": []}, "oid":{ "oid": "a974e64aaaa8a6f99f55a68d28c07c04ecea2f50", "alias": []}, "msg": "Fix SSL_use_certificate_chain_file", "sig_commit": { "git_time": { "time": 1447196564, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }, "sig_author": { "git_time": { "time": 1447079939, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }}, "body": "Fix SSL_use_certificate_chain_file\n\nThe new function SSL_use_certificate_chain_file was always crashing in\nthe internal function use_certificate_chain_file because it would pass a\nNULL value for SSL_CTX *, but use_certificate_chain_file would\nunconditionally try to dereference it.\n\nReviewed-by: Stephen Henson \u003csteve@openssl.org\u003e\n" , "diff": "diff --git a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod\nindex 9455139..452737f 100644\n--- a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod\n+++ b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod\n@@ -2,7 +2,9 @@\n \n \u003dhead1 NAME\n \n-SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling\n+SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata,\n+SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata - set passwd\n+callback for encrypted PEM file handling\n \n \u003dhead1 SYNOPSIS\n \n@@ -10,6 +12,8 @@ SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set pass\n \n void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);\n void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);\n+ void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);\n+ void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);\n \n int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);\n \n@@ -21,6 +25,9 @@ when loading/storing a PEM certificate with encryption.\n SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B\u003cuserdata\u003e which\n will be provided to the password callback on invocation.\n \n+SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() perform the\n+same function as their SSL_CTX counterparts, but using an SSL object.\n+\n The pem_passwd_cb(), which must be provided by the application, hands back the\n password to be used during decryption. On invocation a pointer to B\u003cuserdata\u003e\n is provided. The pem_passwd_cb must write the password into the provided buffer\n@@ -51,8 +58,7 @@ however not usual, as certificate information is considered public.\n \n \u003dhead1 RETURN VALUES\n \n-SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata()\n-do not provide diagnostic information.\n+These functions do not provide diagnostic information.\n \n \u003dhead1 EXAMPLES\n \ndiff --git a/include/openssl/ssl.h b/include/openssl/ssl.h\nindex 28322eb..cf9f83a 100644\n--- a/include/openssl/ssl.h\n+++ b/include/openssl/ssl.h\n@@ -1514,6 +1514,8 @@ __owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,\n \n void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);\n void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);\n+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);\n+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);\n \n __owur int SSL_CTX_check_private_key(const SSL_CTX *ctx);\n __owur int SSL_check_private_key(const SSL *ctx);\ndiff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c\nindex b6e5127..d8d2244 100644\n--- a/ssl/ssl_lib.c\n+++ b/ssl/ssl_lib.c\n@@ -366,6 +366,9 @@ SSL *SSL_new(SSL_CTX *ctx)\n \n s-\u003everify_result \u003d X509_V_OK;\n \n+ s-\u003edefault_passwd_callback \u003d ctx-\u003edefault_passwd_callback;\n+ s-\u003edefault_passwd_callback_userdata \u003d ctx-\u003edefault_passwd_callback_userdata;\n+\n s-\u003emethod \u003d ctx-\u003emethod;\n \n if (!s-\u003emethod-\u003essl_new(s))\n@@ -1846,6 +1849,16 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)\n ctx-\u003edefault_passwd_callback_userdata \u003d u;\n }\n \n+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)\n+{\n+ s-\u003edefault_passwd_callback \u003d cb;\n+}\n+\n+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)\n+{\n+ s-\u003edefault_passwd_callback_userdata \u003d u;\n+}\n+\n void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,\n int (*cb) (X509_STORE_CTX *, void *),\n void *arg)\n@@ -2535,6 +2548,9 @@ SSL *SSL_dup(SSL *s)\n * ret-\u003einit_off */\n ret-\u003ehit \u003d s-\u003ehit;\n \n+ ret-\u003edefault_passwd_callback \u003d s-\u003edefault_passwd_callback;\n+ ret-\u003edefault_passwd_callback_userdata \u003d s-\u003edefault_passwd_callback_userdata;\n+\n X509_VERIFY_PARAM_inherit(ret-\u003eparam, s-\u003eparam);\n \n /* dup the cipher_list and cipher_list_by_id stacks */\ndiff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h\nindex e174def..03bc35c 100644\n--- a/ssl/ssl_locl.h\n+++ b/ssl/ssl_locl.h\n@@ -1193,6 +1193,12 @@ struct ssl_st {\n int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);\n \n RECORD_LAYER rlayer;\n+\n+ /* Default password callback. */\n+ pem_password_cb *default_passwd_callback;\n+\n+ /* Default password callback user data. */\n+ void *default_passwd_callback_userdata;\n };\n \n \ndiff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c\nindex 9e172b5..be552c1 100644\n--- a/ssl/ssl_rsa.c\n+++ b/ssl/ssl_rsa.c\n@@ -644,10 +644,20 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)\n BIO *in;\n int ret \u003d 0;\n X509 *x \u003d NULL;\n+ pem_password_cb *passwd_callback;\n+ void *passwd_callback_userdata;\n \n ERR_clear_error(); /* clear error stack for\n * SSL_CTX_use_certificate() */\n \n+ if (ctx !\u003d NULL) {\n+ passwd_callback \u003d ctx-\u003edefault_passwd_callback;\n+ passwd_callback_userdata \u003d ctx-\u003edefault_passwd_callback_userdata;\n+ } else {\n+ passwd_callback \u003d ssl-\u003edefault_passwd_callback;\n+ passwd_callback_userdata \u003d ssl-\u003edefault_passwd_callback_userdata;\n+ }\n+\n in \u003d BIO_new(BIO_s_file());\n if (in \u003d\u003d NULL) {\n SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);\n@@ -659,8 +669,8 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)\n goto end;\n }\n \n- x \u003d PEM_read_bio_X509_AUX(in, NULL, ctx-\u003edefault_passwd_callback,\n- ctx-\u003edefault_passwd_callback_userdata);\n+ x \u003d PEM_read_bio_X509_AUX(in, NULL, passwd_callback,\n+ passwd_callback_userdata);\n if (x \u003d\u003d NULL) {\n SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);\n goto end;\n@@ -693,10 +703,9 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)\n goto end;\n }\n \n- while ((ca \u003d PEM_read_bio_X509(in, NULL,\n- ctx-\u003edefault_passwd_callback,\n- ctx-\u003edefault_passwd_callback_userdata))\n- !\u003d NULL) {\n+ while ((ca \u003d PEM_read_bio_X509(in, NULL, passwd_callback,\n+ passwd_callback_userdata))\n+ !\u003d NULL) {\n if (ctx)\n r \u003d SSL_CTX_add0_chain_cert(ctx, ca);\n else\ndiff --git a/util/ssleay.num b/util/ssleay.num\nindex b3f6324..be4c940 100755\n--- a/util/ssleay.num\n+++ b/util/ssleay.num\n@@ -409,3 +409,5 @@ SSL_in_init 443\tEXIST::FUNCTION:\n SSL_in_before 444\tEXIST::FUNCTION:\n SSL_is_init_finished 445\tEXIST::FUNCTION:\n SSL_get_state 446\tEXIST::FUNCTION:\n+SSL_set_default_passwd_cb 447\tEXIST::FUNCTION:\n+SSL_set_default_passwd_cb_userdata 448\tEXIST::FUNCTION:\n","s":{"c":1755716506,"u": 9289}} ],"g": 10856,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}