diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-12-02 22:04:21 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-12-06 16:38:03 +0100 |
commit | baa88d9d170b95fd6f177b3e5f8d8818e024a55d (patch) | |
tree | 15409ac507a2527785f4ef593aacfd8e5d2af804 /providers | |
parent | Clarify the deprecation warnings in the docs (diff) | |
download | openssl-baa88d9d170b95fd6f177b3e5f8d8818e024a55d.tar.xz openssl-baa88d9d170b95fd6f177b3e5f8d8818e024a55d.zip |
Fix pvk encoder to properly query for the passphrase
The passphrase callback data was not properly initialized.
Fixes #17054
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/encode_decode/encode_key2ms.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/providers/implementations/encode_decode/encode_key2ms.c b/providers/implementations/encode_decode/encode_key2ms.c index 3933a0d420..81528fefb6 100644 --- a/providers/implementations/encode_decode/encode_key2ms.c +++ b/providers/implementations/encode_decode/encode_key2ms.c @@ -47,8 +47,7 @@ static int write_msblob(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout, } static int write_pvk(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout, - EVP_PKEY *pkey, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + EVP_PKEY *pkey) { BIO *out = NULL; int ret = 0; @@ -56,7 +55,7 @@ static int write_pvk(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout, out = ossl_bio_new_from_core_bio(ctx->provctx, cout); ret = i2b_PVK_bio_ex(out, pkey, ctx->pvk_encr_level, - ossl_pw_pem_password, &ctx->pwdata, libctx, NULL); + ossl_pw_pvk_password, &ctx->pwdata, libctx, NULL); BIO_free(out); return ret; @@ -81,6 +80,7 @@ static void key2ms_freectx(void *vctx) { struct key2ms_ctx_st *ctx = vctx; + ossl_pw_clear_passphrase_data(&ctx->pwdata); OPENSSL_free(ctx); } @@ -154,8 +154,10 @@ static int key2pvk_encode(void *vctx, const void *key, int selection, if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0) return 0; /* Error */ - if ((pkey = EVP_PKEY_new()) != NULL && set1_key(pkey, key)) - ok = write_pvk(ctx, cout, pkey, pw_cb, pw_cbarg); + if ((pkey = EVP_PKEY_new()) != NULL && set1_key(pkey, key) + && (pw_cb == NULL + || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pw_cb, pw_cbarg))) + ok = write_pvk(ctx, cout, pkey); EVP_PKEY_free(pkey); return ok; } |