mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 16:58:41 -05:00
OpenSSL: Remove unnecessary os_strdup() from password callback
There's no need to make an extra copy of private_key_passwd for SSL_{CTX_,}set_default_passwd_cb(). Signed-off-by: David Benjamin <davidben@google.com>
This commit is contained in:
parent
b65353a767
commit
149143e31d
@ -3039,19 +3039,11 @@ static int tls_connection_private_key(struct tls_data *data,
|
|||||||
size_t private_key_blob_len)
|
size_t private_key_blob_len)
|
||||||
{
|
{
|
||||||
SSL_CTX *ssl_ctx = data->ssl;
|
SSL_CTX *ssl_ctx = data->ssl;
|
||||||
char *passwd;
|
|
||||||
int ok;
|
int ok;
|
||||||
|
|
||||||
if (private_key == NULL && private_key_blob == NULL)
|
if (private_key == NULL && private_key_blob == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (private_key_passwd) {
|
|
||||||
passwd = os_strdup(private_key_passwd);
|
|
||||||
if (passwd == NULL)
|
|
||||||
return -1;
|
|
||||||
} else
|
|
||||||
passwd = NULL;
|
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||||
#ifndef LIBRESSL_VERSION_NUMBER
|
#ifndef LIBRESSL_VERSION_NUMBER
|
||||||
#ifndef OPENSSL_IS_BORINGSSL
|
#ifndef OPENSSL_IS_BORINGSSL
|
||||||
@ -3060,13 +3052,15 @@ static int tls_connection_private_key(struct tls_data *data,
|
|||||||
* from the SSL object. See OpenSSL commit d61461a75253.
|
* from the SSL object. See OpenSSL commit d61461a75253.
|
||||||
*/
|
*/
|
||||||
SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb);
|
SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb);
|
||||||
SSL_set_default_passwd_cb_userdata(conn->ssl, passwd);
|
SSL_set_default_passwd_cb_userdata(conn->ssl,
|
||||||
|
(void *) private_key_passwd);
|
||||||
#endif /* !BoringSSL */
|
#endif /* !BoringSSL */
|
||||||
#endif /* !LibreSSL */
|
#endif /* !LibreSSL */
|
||||||
#endif /* >= 1.1.0f && */
|
#endif /* >= 1.1.0f && */
|
||||||
/* Keep these for OpenSSL < 1.1.0f */
|
/* Keep these for OpenSSL < 1.1.0f */
|
||||||
SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
|
SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
|
||||||
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
|
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx,
|
||||||
|
(void *) private_key_passwd);
|
||||||
|
|
||||||
ok = 0;
|
ok = 0;
|
||||||
while (private_key_blob) {
|
while (private_key_blob) {
|
||||||
@ -3098,7 +3092,8 @@ static int tls_connection_private_key(struct tls_data *data,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (tls_read_pkcs12_blob(data, conn->ssl, private_key_blob,
|
if (tls_read_pkcs12_blob(data, conn->ssl, private_key_blob,
|
||||||
private_key_blob_len, passwd) == 0) {
|
private_key_blob_len,
|
||||||
|
private_key_passwd) == 0) {
|
||||||
wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
|
wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
|
||||||
"OK");
|
"OK");
|
||||||
ok = 1;
|
ok = 1;
|
||||||
@ -3130,8 +3125,8 @@ static int tls_connection_private_key(struct tls_data *data,
|
|||||||
__func__);
|
__func__);
|
||||||
#endif /* OPENSSL_NO_STDIO */
|
#endif /* OPENSSL_NO_STDIO */
|
||||||
|
|
||||||
if (tls_read_pkcs12(data, conn->ssl, private_key, passwd)
|
if (tls_read_pkcs12(data, conn->ssl, private_key,
|
||||||
== 0) {
|
private_key_passwd) == 0) {
|
||||||
wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file "
|
wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file "
|
||||||
"--> OK");
|
"--> OK");
|
||||||
ok = 1;
|
ok = 1;
|
||||||
@ -3152,12 +3147,10 @@ static int tls_connection_private_key(struct tls_data *data,
|
|||||||
tls_show_errors(MSG_INFO, __func__,
|
tls_show_errors(MSG_INFO, __func__,
|
||||||
"Failed to load private key");
|
"Failed to load private key");
|
||||||
tls_clear_default_passwd_cb(ssl_ctx, conn->ssl);
|
tls_clear_default_passwd_cb(ssl_ctx, conn->ssl);
|
||||||
os_free(passwd);
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
ERR_clear_error();
|
ERR_clear_error();
|
||||||
tls_clear_default_passwd_cb(ssl_ctx, conn->ssl);
|
tls_clear_default_passwd_cb(ssl_ctx, conn->ssl);
|
||||||
os_free(passwd);
|
|
||||||
|
|
||||||
if (!SSL_check_private_key(conn->ssl)) {
|
if (!SSL_check_private_key(conn->ssl)) {
|
||||||
tls_show_errors(MSG_INFO, __func__, "Private key failed "
|
tls_show_errors(MSG_INFO, __func__, "Private key failed "
|
||||||
@ -3175,20 +3168,13 @@ static int tls_global_private_key(struct tls_data *data,
|
|||||||
const char *private_key_passwd)
|
const char *private_key_passwd)
|
||||||
{
|
{
|
||||||
SSL_CTX *ssl_ctx = data->ssl;
|
SSL_CTX *ssl_ctx = data->ssl;
|
||||||
char *passwd;
|
|
||||||
|
|
||||||
if (private_key == NULL)
|
if (private_key == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (private_key_passwd) {
|
|
||||||
passwd = os_strdup(private_key_passwd);
|
|
||||||
if (passwd == NULL)
|
|
||||||
return -1;
|
|
||||||
} else
|
|
||||||
passwd = NULL;
|
|
||||||
|
|
||||||
SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
|
SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
|
||||||
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
|
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx,
|
||||||
|
(void *) private_key_passwd);
|
||||||
if (
|
if (
|
||||||
#ifndef OPENSSL_NO_STDIO
|
#ifndef OPENSSL_NO_STDIO
|
||||||
SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
|
SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
|
||||||
@ -3196,16 +3182,14 @@ static int tls_global_private_key(struct tls_data *data,
|
|||||||
SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
|
SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
|
||||||
SSL_FILETYPE_PEM) != 1 &&
|
SSL_FILETYPE_PEM) != 1 &&
|
||||||
#endif /* OPENSSL_NO_STDIO */
|
#endif /* OPENSSL_NO_STDIO */
|
||||||
tls_read_pkcs12(data, NULL, private_key, passwd)) {
|
tls_read_pkcs12(data, NULL, private_key, private_key_passwd)) {
|
||||||
tls_show_errors(MSG_INFO, __func__,
|
tls_show_errors(MSG_INFO, __func__,
|
||||||
"Failed to load private key");
|
"Failed to load private key");
|
||||||
tls_clear_default_passwd_cb(ssl_ctx, NULL);
|
tls_clear_default_passwd_cb(ssl_ctx, NULL);
|
||||||
os_free(passwd);
|
|
||||||
ERR_clear_error();
|
ERR_clear_error();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
tls_clear_default_passwd_cb(ssl_ctx, NULL);
|
tls_clear_default_passwd_cb(ssl_ctx, NULL);
|
||||||
os_free(passwd);
|
|
||||||
ERR_clear_error();
|
ERR_clear_error();
|
||||||
|
|
||||||
if (!SSL_CTX_check_private_key(ssl_ctx)) {
|
if (!SSL_CTX_check_private_key(ssl_ctx)) {
|
||||||
|
Loading…
Reference in New Issue
Block a user