From 023ec151df447fbb12bba8dddb0bf1396c44014e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Thu, 28 Feb 2002 10:52:56 +0000
Subject: [PATCH 1/1] Add 'void *' argument to app_verify_callback.

Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
---
 CHANGES                                      | 16 ++++++++
 demos/easy_tls/easy-tls.c                    |  6 +--
 doc/ssl/SSL_CTX_set_cert_verify_callback.pod | 40 ++++++++++----------
 ssl/ssl.h                                    |  8 ++--
 ssl/ssl_cert.c                               |  4 ++
 ssl/ssl_lib.c                                |  9 +----
 ssl/ssltest.c                                | 36 ++++++++++++++++++
 test/testssl                                 |  3 ++
 8 files changed, 89 insertions(+), 33 deletions(-)

diff --git a/CHANGES b/CHANGES
index 223d889cc4..77185b700a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -43,6 +43,22 @@
          *) applies to 0.9.6a ... 0.9.6d and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Fix the 'app_verify_callback' interface so that the user-defined
+     argument is actually passed to the callback: In the
+     SSL_CTX_set_cert_verify_callback() prototype, the callback
+     declaration has been changed from
+          int (*cb)()
+     into
+          int (*cb)(X509_STORE_CTX *,void *);
+     in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
+          i=s->ctx->app_verify_callback(&ctx)
+     has been changed into
+          i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
+
+     To update applications using SSL_CTX_set_cert_verify_callback(),
+     a dummy argument can be added to their callback functions.
+     [D. K. Smetters <smetters@parc.xerox.com>]
+
   +) Added the '4758cca' ENGINE to support IBM 4758 cards.
      [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe]
 
diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c
index f79076a42b..25aedb94d9 100644
--- a/demos/easy_tls/easy-tls.c
+++ b/demos/easy_tls/easy-tls.c
@@ -1,7 +1,7 @@
 /* -*- Mode: C; c-file-style: "bsd" -*- */
 /*
  * easy-tls.c -- generic TLS proxy.
- * $Id: easy-tls.c,v 1.2 2001/09/24 07:54:09 bodo Exp $
+ * $Id: easy-tls.c,v 1.3 2002/02/28 10:52:01 bodo Exp $
  */
 /*
  (c) Copyright 1999 Bodo Moeller.  All rights reserved.
@@ -73,7 +73,7 @@
  */
 
 static char const rcsid[] =
-"$Id: easy-tls.c,v 1.2 2001/09/24 07:54:09 bodo Exp $";
+"$Id: easy-tls.c,v 1.3 2002/02/28 10:52:01 bodo Exp $";
 
 #include <assert.h>
 #include <errno.h>
@@ -568,7 +568,7 @@ no_passphrase_callback(char *buf, int num, int w, void *arg)
 }
 
 static int
-verify_dont_fail_cb(X509_STORE_CTX *c)
+verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)
 {
     int i;
     
diff --git a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
index 723fc140d4..c0f4f85708 100644
--- a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
+++ b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
@@ -8,38 +8,36 @@ SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure
 
  #include <openssl/ssl.h>
 
- void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(),
-                                       char *arg);
- int (*callback)();
+ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);
 
 =head1 DESCRIPTION
 
 SSL_CTX_set_cert_verify_callback() sets the verification callback function for
-B<ctx>. SSL objects, that are created from B<ctx> inherit the setting valid at
-the time, L<SSL_new(3)|SSL_new(3)> is called. B<arg> is currently ignored.
+I<ctx>. SSL objects that are created from I<ctx> inherit the setting valid at
+the time when L<SSL_new(3)|SSL_new(3)> is called.
 
 =head1 NOTES
 
 Whenever a certificate is verified during a SSL/TLS handshake, a verification
 function is called. If the application does not explicitly specify a
 verification callback function, the built-in verification function is used.
-If a verification callback B<callback> is specified via
+If a verification callback I<callback> is specified via
 SSL_CTX_set_cert_verify_callback(), the supplied callback function is called
-instead. By setting B<callback> to NULL, the default behaviour is restored.
+instead. By setting I<callback> to NULL, the default behaviour is restored.
 
-When the verification must be performed, B<callback> will be called with
-the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments B<arg>
-that can be specified when setting B<callback> are currently ignored.
+When the verification must be performed, I<callback> will be called with
+the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The 
+argument I<arg> is specified by the application when setting I<callback>.
 
-B<callback> should return 1 to indicate verification success and 0 to
-indicate verification failure. If SSL_VERIFY_PEER is set and B<callback>
+I<callback> should return 1 to indicate verification success and 0 to
+indicate verification failure. If SSL_VERIFY_PEER is set and I<callback>
 returns 0, the handshake will fail. As the verification procedure may
 allow to continue the connection in case of failure (by always returning 1)
 the verification result must be set in any case using the B<error>
-member of B<x509_store_ctx>, so that the calling application will be informed
+member of I<x509_store_ctx> so that the calling application will be informed
 about the detailed result of the verification procedure! 
 
-Within B<x509_store_ctx>, B<callback> has access to the B<verify_callback>
+Within I<x509_store_ctx>, I<callback> has access to the I<verify_callback>
 function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
 
 =head1 WARNINGS
@@ -56,12 +54,6 @@ the B<verify_callback> function.
 
 =head1 BUGS
 
-It is possible to specify arguments to be passed to the verification callback.
-Currently they are however not passed but ignored.
-
-The B<callback> function is not specified via a prototype, so that no
-type checking takes place.
-
 =head1 RETURN VALUES
 
 SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.
@@ -72,4 +64,12 @@ L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
 L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
 L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
 
+=head1 HISTORY
+
+Previous to OpenSSL 0.9.7, the I<arg> argument to B<SSL_CTX_set_cert_verify_callback>
+was ignored, and I<callback> was called simply as
+ int (*callback)(X509_STORE_CTX *)
+To compile software written for previous versions of OpenSSL, a dummy
+argument will have to be added to I<callback>.
+
 =cut
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 05fa9eef34..af4a7e829e 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -607,8 +607,10 @@ struct ssl_ctx_st
 	int references;
 
 	/* if defined, these override the X509_verify_cert() calls */
-	int (*app_verify_callback)();
-	char *app_verify_arg; /* never used; should be void * */
+	int (*app_verify_callback)(X509_STORE_CTX *, void *);
+	void *app_verify_arg;
+	/* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+	 * ('app_verify_callback' was called with just one argument) */
 
 	/* Default password callback. */
 	pem_password_cb *default_passwd_callback;
@@ -1232,7 +1234,7 @@ int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
 void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
 			int (*callback)(int, X509_STORE_CTX *));
 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(),char *arg);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
 #ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
 #endif
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index d78584715a..1a873d2cb7 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -483,7 +483,11 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 		X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
 
 	if (s->ctx->app_verify_callback != NULL)
+#if 1 /* new with OpenSSL 0.9.7 */
+		i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); 
+#else
 		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
+#endif
 	else
 		{
 #ifndef OPENSSL_NO_X509_VERIFY
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index eaf1abdd1b..df307a80c5 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1443,15 +1443,10 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
 	ctx->default_passwd_callback_userdata=u;
 	}
 
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
 	{
-	/* now
-	 *     int (*cb)(X509_STORE_CTX *),
-	 * but should be
-	 *     int (*cb)(X509_STORE_CTX *, void *arg)
-	 */
 	ctx->app_verify_callback=cb;
-	ctx->app_verify_arg=arg; /* never used */
+	ctx->app_verify_arg=arg;
 	}
 
 void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 7d6b53eed1..2ef9ae7601 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -158,6 +158,10 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
 static void free_tmp_rsa(void);
 #endif
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
+#define APP_CALLBACK "Test Callback Argument"
+static char *app_verify_arg = APP_CALLBACK;
+
 #ifndef OPENSSL_NO_DH
 static DH *get_dh512(void);
 static DH *get_dh1024(void);
@@ -336,6 +340,7 @@ int main(int argc, char *argv[])
 	int tls1=0,ssl2=0,ssl3=0,ret=1;
 	int client_auth=0;
 	int server_auth=0,i;
+	int app_verify=0;
 	char *server_cert=TEST_SERVER_CERT;
 	char *server_key=NULL;
 	char *client_cert=TEST_CLIENT_CERT;
@@ -489,6 +494,10 @@ int main(int argc, char *argv[])
 			{
 			comp = COMP_RLE;
 			}
+		else if	(strcmp(*argv,"-app_verify") == 0)
+			{
+			app_verify = 1;
+			}
 		else
 			{
 			fprintf(stderr,"unknown option %s\n",*argv);
@@ -640,12 +649,20 @@ bad:
 		SSL_CTX_set_verify(s_ctx,
 			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
 			verify_callback);
+		if (app_verify) 
+			{
+			SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
+			}
 		}
 	if (server_auth)
 		{
 		BIO_printf(bio_err,"server authentication\n");
 		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
 			verify_callback);
+		if (app_verify) 
+			{
+			SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
+			}
 		}
 	
 	{
@@ -1433,6 +1450,25 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	return(ok);
 	}
 
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
+	{
+	char *s = NULL,buf[256];
+	int ok=1;
+
+	fprintf(stderr, "In app_verify_callback, allowing cert. ");
+	fprintf(stderr, "Arg is: %s\n", (char *)arg);
+	fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n",
+			(unsigned int)ctx, (unsigned int)ctx->cert);
+	if (ctx->cert)
+		s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
+	if (s != NULL)
+		{
+			fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
+		}
+
+	return(ok);
+	}
+
 #ifndef OPENSSL_NO_RSA
 static RSA *rsa_tmp=NULL;
 
diff --git a/test/testssl b/test/testssl
index 3ca5c8010b..ba5e41c861 100644
--- a/test/testssl
+++ b/test/testssl
@@ -116,6 +116,9 @@ $ssltest -bio_pair -client_auth $CA $extra || exit 1
 echo test sslv2/sslv3 with both client and server authentication via BIO pair
 $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
 
+echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
+$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
+
 #############################################################################
 
 echo test tls1 with 1024bit anonymous DH, multiple handshakes
-- 
2.34.1