generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

oops, not yet ;-)

Browse Source
This commit is contained in:
Dr. Stephen Henson 2012-04-23 21:58:29 +00:00
parent 579d553464
commit ce33b42bc6
8 changed files with 25 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apps/s_cb.c
View File

@ -285,19 +285,6 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
return 1; return 1;
} }
typedef struct
{
X509 *cert;
EVP_PKEY *key;
STACK_OF(X509) *chain;
struct ssl_excert_st *next;
} SSL_EXCERT;
static int set_cert_cb(SSL *ssl, void *arg)
{
return 1;
}
int ssl_print_sigalgs(BIO *out, SSL *s) int ssl_print_sigalgs(BIO *out, SSL *s)
{ {
int i, nsig; int i, nsig;

7
ssl/s3_clnt.c
View File

@ -3161,13 +3161,6 @@ int ssl3_send_client_certificate(SSL *s)
if (s->state == SSL3_ST_CW_CERT_A) if (s->state == SSL3_ST_CW_CERT_A)
{ {
/* Let cert callback update client certificates if required */
if (s->cert->cert_cb
&& s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
{
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
return 0;
}
if (ssl3_check_client_certificate(s)) if (ssl3_check_client_certificate(s))
s->state=SSL3_ST_CW_CERT_C; s->state=SSL3_ST_CW_CERT_C;
else else

8
ssl/s3_srvr.c
View File

@ -1341,14 +1341,6 @@ int ssl3_get_client_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED); SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
goto f_err; goto f_err;
} }
/* Let cert callback update server certificates if required */
if (s->cert->cert_cb
&& s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
{
al=SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR);
goto f_err;
}
ciphers=NULL; ciphers=NULL;
c=ssl3_choose_cipher(s,s->session->ciphers, c=ssl3_choose_cipher(s,s->session->ciphers,
SSL_get_ciphers(s)); SSL_get_ciphers(s));

4
ssl/ssl.h
View File

@ -1759,7 +1759,6 @@ int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
void SSL_set_verify(SSL *s, int mode, void SSL_set_verify(SSL *s, int mode,
int (*callback)(int ok,X509_STORE_CTX *ctx)); int (*callback)(int ok,X509_STORE_CTX *ctx));
void SSL_set_verify_depth(SSL *s, int depth); void SSL_set_verify_depth(SSL *s, int depth);
void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg);
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
#endif #endif
@ -1838,7 +1837,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
int (*callback)(int, X509_STORE_CTX *)); int (*callback)(int, X509_STORE_CTX *));
void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg);
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
#endif #endif
@ -1894,7 +1892,6 @@ char *SSL_get_srp_username(SSL *s);
char *SSL_get_srp_userinfo(SSL *s); char *SSL_get_srp_userinfo(SSL *s);
#endif #endif
void SSL_certs_clear(SSL *s);
void SSL_free(SSL *ssl); void SSL_free(SSL *ssl);
int SSL_accept(SSL *ssl); int SSL_accept(SSL *ssl);
int SSL_connect(SSL *ssl); int SSL_connect(SSL *ssl);
@ -2390,7 +2387,6 @@ void ERR_load_SSL_strings(void);
#define SSL_R_CA_DN_TOO_LONG 132 #define SSL_R_CA_DN_TOO_LONG 132
#define SSL_R_CCS_RECEIVED_EARLY 133 #define SSL_R_CCS_RECEIVED_EARLY 133
#define SSL_R_CERTIFICATE_VERIFY_FAILED 134 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134
#define SSL_R_CERT_CB_ERROR 371
#define SSL_R_CERT_LENGTH_MISMATCH 135 #define SSL_R_CERT_LENGTH_MISMATCH 135
#define SSL_R_CHALLENGE_IS_DIFFERENT 136 #define SSL_R_CHALLENGE_IS_DIFFERENT 136
#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137

62
ssl/ssl_cert.c
View File

@ -345,9 +345,6 @@ CERT *ssl_cert_dup(CERT *cert)
ret->sigalgs = NULL; ret->sigalgs = NULL;
ret->sigalgslen = 0; ret->sigalgslen = 0;
ret->cert_cb = cert->cert_cb;
ret->cert_cb_arg = cert->cert_cb_arg;
return(ret); return(ret);
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
@ -366,36 +363,21 @@ err:
EC_KEY_free(ret->ecdh_tmp); EC_KEY_free(ret->ecdh_tmp);
#endif #endif
ssl_cert_clear_certs(ret); for (i = 0; i < SSL_PKEY_NUM; i++)
{
CERT_PKEY *rpk = ret->pkeys + i;
if (rpk->x509 != NULL)
X509_free(rpk->x509);
if (rpk->privatekey != NULL)
EVP_PKEY_free(rpk->privatekey);
if (rpk->chain)
sk_X509_pop_free(rpk->chain, X509_free);
}
return NULL; return NULL;
} }
/* Free up and clear all certificates and chains */
void ssl_cert_clear_certs(CERT *c)
{
int i;
for (i = 0; i<SSL_PKEY_NUM; i++)
{
CERT_PKEY *cpk = c->pkeys + i;
if (cpk->x509)
{
X509_free(cpk->x509);
cpk->x509 = NULL;
}
if (cpk->privatekey)
{
EVP_PKEY_free(cpk->privatekey);
cpk->privatekey = NULL;
}
if (cpk->chain)
{
sk_X509_pop_free(cpk->chain, X509_free);
cpk->chain = NULL;
}
}
}
void ssl_cert_free(CERT *c) void ssl_cert_free(CERT *c)
{ {
@ -427,8 +409,20 @@ void ssl_cert_free(CERT *c)
if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
#endif #endif
ssl_cert_clear_certs(c); for (i=0; i<SSL_PKEY_NUM; i++)
{
CERT_PKEY *cpk = c->pkeys + i;
if (cpk->x509 != NULL)
X509_free(cpk->x509);
if (cpk->privatekey != NULL)
EVP_PKEY_free(cpk->privatekey);
if (cpk->chain)
sk_X509_pop_free(cpk->chain, X509_free);
#if 0
if (c->pkeys[i].publickey != NULL)
EVP_PKEY_free(c->pkeys[i].publickey);
#endif
}
if (c->sigalgs) if (c->sigalgs)
OPENSSL_free(c->sigalgs); OPENSSL_free(c->sigalgs);
OPENSSL_free(c); OPENSSL_free(c);
@ -516,12 +510,6 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x)
return 1; return 1;
} }
void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg)
{
c->cert_cb = cb;
c->cert_cb_arg = arg;
}
SESS_CERT *ssl_sess_cert_new(void) SESS_CERT *ssl_sess_cert_new(void)
{ {
SESS_CERT *ret; SESS_CERT *ret;

1
ssl/ssl_err.c
View File

@ -345,7 +345,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
{ERR_REASON(SSL_R_CERT_CB_ERROR) ,"cert cb error"},
{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},

16
ssl/ssl_lib.c
View File

@ -526,12 +526,6 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
return X509_VERIFY_PARAM_set1(ssl->param, vpm); return X509_VERIFY_PARAM_set1(ssl->param, vpm);
} }
void SSL_certs_clear(SSL *s)
{
if (s->cert)
ssl_cert_clear_certs(s->cert);
}
void SSL_free(SSL *s) void SSL_free(SSL *s)
{ {
int i; int i;
@ -2043,16 +2037,6 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
X509_VERIFY_PARAM_set_depth(ctx->param, depth); X509_VERIFY_PARAM_set_depth(ctx->param, depth);
} }
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg)
{
ssl_cert_set_cert_cb(c->cert, cb, arg);
}
void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg)
{
ssl_cert_set_cert_cb(s->cert, cb, arg);
}
void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
{ {
CERT_PKEY *cpk; CERT_PKEY *cpk;

11
ssl/ssl_locl.h
View File

@ -512,15 +512,6 @@ typedef struct cert_st
TLS_SIGALGS *sigalgs; TLS_SIGALGS *sigalgs;
/* Size of above array */ /* Size of above array */
size_t sigalgslen; size_t sigalgslen;
/* Certificate setup callback: if set is called whenever a
* certificate may be required (client or server). the callback
* can then examine any appropriate parameters and setup any
* certificates required. This allows advanced applications
* to select certificates on the fly: for example based on
* supported signature algorithms or curves.
*/
int (*cert_cb)(SSL *ssl, void *arg);
void *cert_cb_arg;
int references; /* >1 only if SSL_copy_session_id is used */ int references; /* >1 only if SSL_copy_session_id is used */
} CERT; } CERT;
@ -831,7 +822,6 @@ int ssl_clear_bad_session(SSL *s);
CERT *ssl_cert_new(void); CERT *ssl_cert_new(void);
CERT *ssl_cert_dup(CERT *cert); CERT *ssl_cert_dup(CERT *cert);
int ssl_cert_inst(CERT **o); int ssl_cert_inst(CERT **o);
void ssl_cert_clear_certs(CERT *c);
void ssl_cert_free(CERT *c); void ssl_cert_free(CERT *c);
SESS_CERT *ssl_sess_cert_new(void); SESS_CERT *ssl_sess_cert_new(void);
void ssl_sess_cert_free(SESS_CERT *sc); void ssl_sess_cert_free(SESS_CERT *sc);
@ -859,7 +849,6 @@ int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain);
int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain); int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain);
int ssl_cert_add0_chain_cert(CERT *c, X509 *x); int ssl_cert_add0_chain_cert(CERT *c, X509 *x);
int ssl_cert_add1_chain_cert(CERT *c, X509 *x); int ssl_cert_add1_chain_cert(CERT *c, X509 *x);
void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg);
int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l); int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);