From a974e64aaaa8a6f99f55a68d28c07c04ecea2f50 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 9 Nov 2015 14:38:59 +0000 Subject: [PATCH] Fix SSL_use_certificate_chain_file The new function SSL_use_certificate_chain_file was always crashing in the internal function use_certificate_chain_file because it would pass a NULL value for SSL_CTX *, but use_certificate_chain_file would unconditionally try to dereference it. Reviewed-by: Stephen Henson --- doc/ssl/SSL_CTX_set_default_passwd_cb.pod | 12 +++++++++--- include/openssl/ssl.h | 2 ++ ssl/ssl_lib.c | 16 ++++++++++++++++ ssl/ssl_locl.h | 6 ++++++ ssl/ssl_rsa.c | 21 +++++++++++++++------ util/ssleay.num | 2 ++ 6 files changed, 50 insertions(+), 9 deletions(-) diff --git a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod index 945513984b..452737feb9 100644 --- a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod +++ b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod @@ -2,7 +2,9 @@ =head1 NAME -SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, +SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata - set passwd +callback for encrypted PEM file handling =head1 SYNOPSIS @@ -10,6 +12,8 @@ SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set pass void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); + void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); + void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata); @@ -21,6 +25,9 @@ when loading/storing a PEM certificate with encryption. SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B which will be provided to the password callback on invocation. +SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() perform the +same function as their SSL_CTX counterparts, but using an SSL object. + The pem_passwd_cb(), which must be provided by the application, hands back the password to be used during decryption. On invocation a pointer to B is provided. The pem_passwd_cb must write the password into the provided buffer @@ -51,8 +58,7 @@ however not usual, as certificate information is considered public. =head1 RETURN VALUES -SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata() -do not provide diagnostic information. +These functions do not provide diagnostic information. =head1 EXAMPLES diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 28322eb55d..cf9f83a975 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1514,6 +1514,8 @@ __owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); __owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); __owur int SSL_check_private_key(const SSL *ctx); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b6e5127f0c..d8d2244ae5 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -366,6 +366,9 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_result = X509_V_OK; + s->default_passwd_callback = ctx->default_passwd_callback; + s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata; + s->method = ctx->method; if (!s->method->ssl_new(s)) @@ -1846,6 +1849,16 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) ctx->default_passwd_callback_userdata = u; } +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb) +{ + s->default_passwd_callback = cb; +} + +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u) +{ + s->default_passwd_callback_userdata = u; +} + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb) (X509_STORE_CTX *, void *), void *arg) @@ -2535,6 +2548,9 @@ SSL *SSL_dup(SSL *s) * ret->init_off */ ret->hit = s->hit; + ret->default_passwd_callback = s->default_passwd_callback; + ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata; + X509_VERIFY_PARAM_inherit(ret->param, s->param); /* dup the cipher_list and cipher_list_by_id stacks */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index e174def656..03bc35cc93 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1193,6 +1193,12 @@ struct ssl_st { int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); RECORD_LAYER rlayer; + + /* Default password callback. */ + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + void *default_passwd_callback_userdata; }; diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 9e172b579c..be552c1d36 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -644,10 +644,20 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) BIO *in; int ret = 0; X509 *x = NULL; + pem_password_cb *passwd_callback; + void *passwd_callback_userdata; ERR_clear_error(); /* clear error stack for * SSL_CTX_use_certificate() */ + if (ctx != NULL) { + passwd_callback = ctx->default_passwd_callback; + passwd_callback_userdata = ctx->default_passwd_callback_userdata; + } else { + passwd_callback = ssl->default_passwd_callback; + passwd_callback_userdata = ssl->default_passwd_callback_userdata; + } + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); @@ -659,8 +669,8 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); + x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback, + passwd_callback_userdata); if (x == NULL) { SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); goto end; @@ -693,10 +703,9 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - while ((ca = PEM_read_bio_X509(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) - != NULL) { + while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback, + passwd_callback_userdata)) + != NULL) { if (ctx) r = SSL_CTX_add0_chain_cert(ctx, ca); else diff --git a/util/ssleay.num b/util/ssleay.num index b3f63244a4..be4c940b5f 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -409,3 +409,5 @@ SSL_in_init 443 EXIST::FUNCTION: SSL_in_before 444 EXIST::FUNCTION: SSL_is_init_finished 445 EXIST::FUNCTION: SSL_get_state 446 EXIST::FUNCTION: +SSL_set_default_passwd_cb 447 EXIST::FUNCTION: +SSL_set_default_passwd_cb_userdata 448 EXIST::FUNCTION: -- 2.40.0