From patchwork Sun Sep 8 22:42:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 3809 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6bd4:b0:5b9:581e:f939 with SMTP id c20csp1227757max; Sun, 8 Sep 2024 15:43:02 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWrrTM5n9x2Y7/Z51PXgWnm1zbGJX7jXaIbgqBoen0dYkO0vne+vS6rUYPV4+8ebFX8K9u3MgIb8X0=@openvpn.net X-Google-Smtp-Source: AGHT+IHtytcIO2PDx4fwzdpo+wYDXGJEGtp32zRdvE+He09vKkyBfcoX+ysraMfTWkOs7bIx1DYT X-Received: by 2002:a17:90b:f94:b0:2d8:f7e2:f03 with SMTP id 98e67ed59e1d1-2dad50d1a71mr11658622a91.32.1725835382633; Sun, 08 Sep 2024 15:43:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725835382; cv=none; d=google.com; s=arc-20240605; b=L+Uh3G6jzqhrKIAd/lj/qRAOZDcwqzPBFNlvOs2H7dAJYiE1rzJIkGj2CWeQvr1sfB HONvd/y5qbc7jAPwjfd0Wi8xNkajGwClwxCcd1RMAb1gVjNV+gZ9GfAyvGV7OQJ4HqVE LxhWbo1gFfZMPbk3hMrRcvaidZLHbueLa+iIwNCB0G8ohnFrP4LZWlx4VKjOPNE+Cazf WMaomobDncmbNc37z5gcq9ViIXCczNZjrwianH4pTCfkLVkqYIh82VtM2acEPCiwKDFh qLWbztGHo3/PZhfjnV9cUJDztVDxVgf/9aXU4p0Ni56nRaE4FekCtUL4K8Vr5TCx9bQf gl0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=U5L00PIsmWEplpTBIo1Jj+ccOCHBldombAKrcX0St70=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=exODYOYzVyGQbapSdmtiIZbUb0AFKEFgYqTs5zM9zMJb1fnUP69GGyj1ItPpCJ3cxx oC4JSfHPvAHtFe0MXYQrCcpmsY5w70TeGMK774cv1pdnN3LaKo/gaLJ7bC1DhQ02Fsp4 IloTz35bZ6rOACvAsjgBS/AUaQIbeiQHdA5hpuYTX7IDzkuMxZY8uX43JGVXKUyhPh5p 9VW89GAicRP3s+J1Vj31mk2YmNugMRn7vc/sE0oIiXquPMQr9Wg+xuUsDi4lKpLSjD/U hQUOSWdcTpk3yBPEM3wrec6YoEsixXPsOBS1lKy5gc7/kI6hdD811CN46I+t35rEnNz/ zijw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=QK2z5H8t; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=VPP9MjFZ; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=P02xavPQ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2db04029dfdsi3906036a91.49.2024.09.08.15.43.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 08 Sep 2024 15:43:02 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=QK2z5H8t; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=VPP9MjFZ; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=P02xavPQ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1snQc5-0007kp-Pz; Sun, 08 Sep 2024 22:42:33 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1snQc4-0007kh-Rm for openvpn-devel@lists.sourceforge.net; Sun, 08 Sep 2024 22:42:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8zAdrRLu+2Mk0rdYJLKpbfVNtnOE3HmUC4D5+CFelCI=; b=QK2z5H8tdVDshVfSJvGVfh8kYy QC8cSR5T7+WRK0C/E+f8UwWFvOUbjXriV3q8oYfiUH7SzCcQIkOK0cG5QWtqi3jJMLxjtbDK+d9yA d7gPEckFUGNu+mmVP5OKsaQrgVfXwLmKmyF2xIYIpnqgaVGLjmhxABxSeaNmkMd091rw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=8zAdrRLu+2Mk0rdYJLKpbfVNtnOE3HmUC4D5+CFelCI=; b=V PP9MjFZ8uZrnI0F4dsqsUHu9Spe+w1XYC20gwZDcMT/oomlHlTlgn4Bh5PkH/gtqLzscvmv2RLru/ 80uur4IfGKDiMVXbXF0slQGnp1xriUmYWYwx5WlSjk+4VoZtWMTCzAbFVu1P8o8dZMT1tauHK1+YS CXBPAqgZDPdzemdY=; Received: from mail-il1-f178.google.com ([209.85.166.178]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1snQc3-00037C-Lc for openvpn-devel@lists.sourceforge.net; Sun, 08 Sep 2024 22:42:32 +0000 Received: by mail-il1-f178.google.com with SMTP id e9e14a558f8ab-39f4ff22a49so19884705ab.1 for ; Sun, 08 Sep 2024 15:42:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1725835346; x=1726440146; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=8zAdrRLu+2Mk0rdYJLKpbfVNtnOE3HmUC4D5+CFelCI=; b=P02xavPQDPXYC45p71eTQInqNxd3MIZYRZ6tO1Lhwnq25b+HDPAx1oFW2MgBSUFTwR sMyHYg6WdPZfzRlqNMEJN1ZeLLJakX6GtBS1XK3zFUNAe1FIcvQ1VtdeNtKqUTWXP2ff 2NFyj9q85Mn/ITTTHFMI/sbdZjWmEgapQoYUhZLjbLLoZMGsVSwZk+07q3uI7+xDJO++ 7I7fiphwfLM++y+3bRsfDPNWkZyt3j4bCHn4r7keJg0QOqCxOUjhXBit5pPivDLzhfeJ XGwKYld0GSLp+fnNLu0eLqKWmaDPHl3bNkE9/PlG76azj2NOQyqWKU/ch7xIdsPk018R J21A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725835346; x=1726440146; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8zAdrRLu+2Mk0rdYJLKpbfVNtnOE3HmUC4D5+CFelCI=; b=sxPR+9U9vrLbe0NAF2Dvomdrv1Rav227JvWYaBrSzstbbW2HPF8M77nYpDWWaX8It/ wTzeSnRd5VD2XRAmkoDhgSm6mAe3avXy4L6Ahj5RkD7fvr7WKoiIjZFKHOzL6+fUIOo7 u2vPb9P8AEAWjUqvRdzSy/kdzsNN2jIDVkYVwyD0Rfy90+gxrb2T+d3nFK+aiekryQeE jz7SFB6wmKF/gS3s4ePvvAN3YpoSNTbNSFKYor3JeUW71Q56BGG8Lo+pAjQkoa8wgAeJ 4vGFUQELA9XXvahY30sv1rBY3kdD3PGqXZ2uonhouYU9kEGSDjrvM4EgHtaKpZTydKkA 6WgQ== X-Gm-Message-State: AOJu0Yyi04b4dPLWEFYxlR/6PF0591S99MPH73lAPaTz2f6VBtBaIVzQ GpBU+MMj6F0yUC6m2czZH7wH2FpXsacrFSL2RXehMkV76TXrNQHdcIbSnsQx X-Received: by 2002:a05:6e02:1fce:b0:39d:300f:e8ff with SMTP id e9e14a558f8ab-3a052238407mr90815275ab.6.1725835345594; Sun, 08 Sep 2024 15:42:25 -0700 (PDT) Received: from neptune.lan (bras-base-tnhlon4053w-grc-06-70-31-86-39.dsl.bell.ca. [70.31.86.39]) by smtp.gmail.com with ESMTPSA id e9e14a558f8ab-3a058fe5648sm10991165ab.40.2024.09.08.15.42.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Sep 2024 15:42:25 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 8 Sep 2024 18:42:20 -0400 Message-Id: <20240908224220.478684-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair This was missed in commit 3512e8d3ad Also add a comment to clarify how pem_password_callback is accessed in ui_reader(). Change-Id: I82835ff8e1e31e067efd81bfb6e8cd19ee004d9c Signed-off-by: Selva Nair --- src/openvpn/ssl_openssl.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.178 listed in list.dnswl.org] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.178 listed in wl.mailspike.net] X-Headers-End: 1snQc3-00037C-Lc Subject: [Openvpn-devel] [PATCH] Initialize before use struct user_pass in ui_reader() X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1809669562014870140?= X-GMAIL-MSGID: =?utf-8?q?1809669562014870140?= From: Selva Nair This was missed in commit 3512e8d3ad Also add a comment to clarify how pem_password_callback is accessed in ui_reader(). Change-Id: I82835ff8e1e31e067efd81bfb6e8cd19ee004d9c Signed-off-by: Selva Nair Acked-by: Gert Doering --- src/openvpn/ssl_openssl.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 05555a38..0d845f4a 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -776,7 +776,9 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name) #if defined(HAVE_OPENSSL_STORE_API) /** - * A wrapper for pem_password_callback for use with OpenSSL UI_METHOD. + * A wrapper for password callback for use with OpenSSL UI_METHOD. + * The callback is obtained using SSL_CTX_get_default_passwd_cb() + * which is set to pem_password_callback() in tls_ctx_set_options(). */ static int ui_reader(UI *ui, UI_STRING *uis) @@ -791,6 +793,7 @@ ui_reader(UI *ui, UI_STRING *uis) if (strstr(prompt, "PKCS#11")) { struct user_pass up; + CLEAR(up); get_user_pass(&up, NULL, "PKCS#11 token", GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY); UI_set_result(ui, uis, up.password); purge_user_pass(&up, true);