mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
Fix pvk encoder to properly query for the passphrase
The passphrase callback data was not properly initialized. Fixes #17054 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17181)
This commit is contained in:
parent
3dbf824380
commit
baa88d9d17
@ -296,7 +296,8 @@ int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len,
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ossl_pw_pem_password(char *buf, int size, int rwflag, void *userdata)
|
||||
static int ossl_pw_get_password(char *buf, int size, int rwflag,
|
||||
void *userdata, const char *info)
|
||||
{
|
||||
size_t password_len = 0;
|
||||
OSSL_PARAM params[] = {
|
||||
@ -304,13 +305,23 @@ int ossl_pw_pem_password(char *buf, int size, int rwflag, void *userdata)
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
params[0].data = "PEM";
|
||||
params[0].data = (void *)info;
|
||||
if (ossl_pw_get_passphrase(buf, (size_t)size, &password_len, params,
|
||||
rwflag, userdata))
|
||||
return (int)password_len;
|
||||
return -1;
|
||||
}
|
||||
|
||||
int ossl_pw_pem_password(char *buf, int size, int rwflag, void *userdata)
|
||||
{
|
||||
return ossl_pw_get_password(buf, size, rwflag, userdata, "PEM");
|
||||
}
|
||||
|
||||
int ossl_pw_pvk_password(char *buf, int size, int rwflag, void *userdata)
|
||||
{
|
||||
return ossl_pw_get_password(buf, size, rwflag, userdata, "PVK");
|
||||
}
|
||||
|
||||
int ossl_pw_passphrase_callback_enc(char *pass, size_t pass_size,
|
||||
size_t *pass_len,
|
||||
const OSSL_PARAM params[], void *arg)
|
||||
|
@ -114,6 +114,7 @@ int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len,
|
||||
*/
|
||||
|
||||
pem_password_cb ossl_pw_pem_password;
|
||||
pem_password_cb ossl_pw_pvk_password;
|
||||
/* One callback for encoding (verification prompt) and one for decoding */
|
||||
OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_enc;
|
||||
OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_dec;
|
||||
|
@ -47,8 +47,7 @@ static int write_msblob(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout,
|
||||
}
|
||||
|
||||
static int write_pvk(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout,
|
||||
EVP_PKEY *pkey,
|
||||
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
|
||||
EVP_PKEY *pkey)
|
||||
{
|
||||
BIO *out = NULL;
|
||||
int ret = 0;
|
||||
@ -56,7 +55,7 @@ static int write_pvk(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout,
|
||||
|
||||
out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
|
||||
ret = i2b_PVK_bio_ex(out, pkey, ctx->pvk_encr_level,
|
||||
ossl_pw_pem_password, &ctx->pwdata, libctx, NULL);
|
||||
ossl_pw_pvk_password, &ctx->pwdata, libctx, NULL);
|
||||
BIO_free(out);
|
||||
|
||||
return ret;
|
||||
@ -81,6 +80,7 @@ static void key2ms_freectx(void *vctx)
|
||||
{
|
||||
struct key2ms_ctx_st *ctx = vctx;
|
||||
|
||||
ossl_pw_clear_passphrase_data(&ctx->pwdata);
|
||||
OPENSSL_free(ctx);
|
||||
}
|
||||
|
||||
@ -154,8 +154,10 @@ static int key2pvk_encode(void *vctx, const void *key, int selection,
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0)
|
||||
return 0; /* Error */
|
||||
|
||||
if ((pkey = EVP_PKEY_new()) != NULL && set1_key(pkey, key))
|
||||
ok = write_pvk(ctx, cout, pkey, pw_cb, pw_cbarg);
|
||||
if ((pkey = EVP_PKEY_new()) != NULL && set1_key(pkey, key)
|
||||
&& (pw_cb == NULL
|
||||
|| ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pw_cb, pw_cbarg)))
|
||||
ok = write_pvk(ctx, cout, pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
return ok;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user