The branch openssl-3.0 has been updated
via d635d7481b66a6326087196f616d09c240126b74 (commit)
via 13f0d76361b000ee8cfec0d08cb2a84bacf7fb8b (commit)
via 06082b95fe18dff9354cee02bb0ffec33b00b8cc (commit)
via a2ab3dcde585f49e9a8cdde21571b3a310126eec (commit)
from cdfd6b8a85044ef1c6cf17443d83b21c3736c95c (commit)
- Log -----------------------------------------------------------------
commit d635d7481b66a6326087196f616d09c240126b74
Author: Tomas Mraz <to...@openssl.org>
Date: Thu Dec 2 22:08:25 2021 +0100
test_rsa: Test for PVK format conversion
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit a44eb8421d0e84c069a5fa55ced796878e6b0966)
commit 13f0d76361b000ee8cfec0d08cb2a84bacf7fb8b
Author: Tomas Mraz <to...@openssl.org>
Date: Thu Dec 2 22:07:38 2021 +0100
key_to_type_specific_pem_bio_cb: Use passphrase callback from the arguments
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit c22b6592135bfba95a315e438ac7bfc6db461407)
commit 06082b95fe18dff9354cee02bb0ffec33b00b8cc
Author: Tomas Mraz <to...@openssl.org>
Date: Thu Dec 2 22:06:36 2021 +0100
PVK decoder: prompt for PVK passphrase and not PEM
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit 28257d60577932e66934096d0ee8a5dfaca1191e)
commit a2ab3dcde585f49e9a8cdde21571b3a310126eec
Author: Tomas Mraz <to...@openssl.org>
Date: Thu Dec 2 22:04:21 2021 +0100
Fix pvk encoder to properly query for the passphrase
The passphrase callback data was not properly initialized.
Fixes #17054
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
(cherry picked from commit baa88d9d170b95fd6f177b3e5f8d8818e024a55d)
-----------------------------------------------------------------------
Summary of changes:
crypto/passphrase.c | 15 +++++++++++++--
include/internal/passphrase.h | 1 +
.../implementations/encode_decode/decode_pvk2key.c | 2 +-
.../implementations/encode_decode/encode_key2any.c | 2 +-
.../implementations/encode_decode/encode_key2ms.c | 12 +++++++-----
test/recipes/15-test_rsa.t | 20 +++++++++++++++++---
test/recipes/tconversion.pl | 6 ++++--
7 files changed, 44 insertions(+), 14 deletions(-)
diff --git a/crypto/passphrase.c b/crypto/passphrase.c
index fb8ea1deb1..d61e249440 100644
--- a/crypto/passphrase.c
+++ b/crypto/passphrase.c
@@ -296,7 +296,8 @@ int ossl_pw_get_passphrase(char *pass, size_t pass_size,
size_t *pass_len,
return ret;
}
-int ossl_pw_pem_password(char *buf, int size, int rwflag, void *userdata)
+static int ossl_pw_get_password(char *buf, int size, int rwflag,
+ void *userdata, const char *info)
{
size_t password_len = 0;
OSSL_PARAM params[] = {
@@ -304,13 +305,23 @@ int ossl_pw_pem_password(char *buf, int size, int rwflag,
void *userdata)
OSSL_PARAM_END
};
- params[0].data = "PEM";
+ params[0].data = (void *)info;
if (ossl_pw_get_passphrase(buf, (size_t)size, &password_len, params,
rwflag, userdata))
return (int)password_len;
return -1;
}
+int ossl_pw_pem_password(char *buf, int size, int rwflag, void *userdata)
+{
+ return ossl_pw_get_password(buf, size, rwflag, userdata, "PEM");
+}
+
+int ossl_pw_pvk_password(char *buf, int size, int rwflag, void *userdata)
+{
+ return ossl_pw_get_password(buf, size, rwflag, userdata, "PVK");
+}
+
int ossl_pw_passphrase_callback_enc(char *pass, size_t pass_size,
size_t *pass_len,
const OSSL_PARAM params[], void *arg)
diff --git a/include/internal/passphrase.h b/include/internal/passphrase.h
index ee0be9b128..54d997b0d9 100644
--- a/include/internal/passphrase.h
+++ b/include/internal/passphrase.h
@@ -114,6 +114,7 @@ int ossl_pw_get_passphrase(char *pass, size_t pass_size,
size_t *pass_len,
*/
pem_password_cb ossl_pw_pem_password;
+pem_password_cb ossl_pw_pvk_password;
/* One callback for encoding (verification prompt) and one for decoding */
OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_enc;
OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_dec;
diff --git a/providers/implementations/encode_decode/decode_pvk2key.c
b/providers/implementations/encode_decode/decode_pvk2key.c
index 30b42d2097..32206fe84d 100644
--- a/providers/implementations/encode_decode/decode_pvk2key.c
+++ b/providers/implementations/encode_decode/decode_pvk2key.c
@@ -100,7 +100,7 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin,
int selection,
if (!ossl_pw_set_ossl_passphrase_cb(&pwdata, pw_cb, pw_cbarg))
goto end;
- key = ctx->desc->read_private_key(in, ossl_pw_pem_password, &pwdata,
+ key = ctx->desc->read_private_key(in, ossl_pw_pvk_password, &pwdata,
PROV_LIBCTX_OF(ctx->provctx), NULL);
/*
diff --git a/providers/implementations/encode_decode/encode_key2any.c
b/providers/implementations/encode_decode/encode_key2any.c
index 91269be3a1..c7b01cb2b3 100644
--- a/providers/implementations/encode_decode/encode_key2any.c
+++ b/providers/implementations/encode_decode/encode_key2any.c
@@ -401,7 +401,7 @@ static int key_to_type_specific_pem_bio_cb(BIO *out, const
void *key,
{
return
PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher,
- NULL, 0, ossl_pw_pem_password, &ctx->pwdata) > 0;
+ NULL, 0, cb, cbarg) > 0;
}
static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key,
diff --git a/providers/implementations/encode_decode/encode_key2ms.c
b/providers/implementations/encode_decode/encode_key2ms.c
index 3933a0d420..81528fefb6 100644
--- a/providers/implementations/encode_decode/encode_key2ms.c
+++ b/providers/implementations/encode_decode/encode_key2ms.c
@@ -47,8 +47,7 @@ static int write_msblob(struct key2ms_ctx_st *ctx,
OSSL_CORE_BIO *cout,
}
static int write_pvk(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout,
- EVP_PKEY *pkey,
- OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
+ EVP_PKEY *pkey)
{
BIO *out = NULL;
int ret = 0;
@@ -56,7 +55,7 @@ static int write_pvk(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO
*cout,
out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
ret = i2b_PVK_bio_ex(out, pkey, ctx->pvk_encr_level,
- ossl_pw_pem_password, &ctx->pwdata, libctx, NULL);
+ ossl_pw_pvk_password, &ctx->pwdata, libctx, NULL);
BIO_free(out);
return ret;
@@ -81,6 +80,7 @@ static void key2ms_freectx(void *vctx)
{
struct key2ms_ctx_st *ctx = vctx;
+ ossl_pw_clear_passphrase_data(&ctx->pwdata);
OPENSSL_free(ctx);
}
@@ -154,8 +154,10 @@ static int key2pvk_encode(void *vctx, const void *key, int
selection,
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0)
return 0; /* Error */
- if ((pkey = EVP_PKEY_new()) != NULL && set1_key(pkey, key))
- ok = write_pvk(ctx, cout, pkey, pw_cb, pw_cbarg);
+ if ((pkey = EVP_PKEY_new()) != NULL && set1_key(pkey, key)
+ && (pw_cb == NULL
+ || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pw_cb, pw_cbarg)))
+ ok = write_pvk(ctx, cout, pkey);
EVP_PKEY_free(pkey);
return ok;
}
diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t
index 301368b69b..420a57f8c1 100644
--- a/test/recipes/15-test_rsa.t
+++ b/test/recipes/15-test_rsa.t
@@ -16,7 +16,7 @@ use OpenSSL::Test::Utils;
setup("test_rsa");
-plan tests => 10;
+plan tests => 12;
require_ok(srctop_file('test', 'recipes', 'tconversion.pl'));
@@ -32,7 +32,7 @@ sub run_rsa_tests {
ok(run(app([ 'openssl', $cmd, '-check', '-in', srctop_file('test',
'testrsa.pem'), '-noout'])),
"$cmd -check" );
- SKIP: {
+ SKIP: {
skip "Skipping $cmd conversion test", 3
if disabled("rsa");
@@ -47,7 +47,7 @@ sub run_rsa_tests {
};
}
- SKIP: {
+ SKIP: {
skip "Skipping msblob conversion test", 1
if disabled($cmd) || $cmd eq 'pkey';
@@ -57,4 +57,18 @@ sub run_rsa_tests {
-args => ["rsa", "-pubin", "-pubout"] );
};
}
+ SKIP: {
+ skip "Skipping PVK conversion test", 1
+ if disabled($cmd) || $cmd eq 'pkey' || disabled("rc4")
+ || disabled ("legacy");
+
+ subtest "$cmd conversions -- private key" => sub {
+ tconversion( -type => 'pvk', -prefix => "$cmd-pvk",
+ -in => srctop_file("test", "testrsa.pem"),
+ -args => ["rsa", "-passin", "pass:testpass",
+ "-passout", "pass:testpass",
+ "-provider", "default",
+ "-provider", "legacy"] );
+ };
+ }
}
diff --git a/test/recipes/tconversion.pl b/test/recipes/tconversion.pl
index 87b037b34d..78be03178c 100644
--- a/test/recipes/tconversion.pl
+++ b/test/recipes/tconversion.pl
@@ -19,6 +19,7 @@ my %conversionforms = (
# specific test types as key.
"*" => [ "d", "p" ],
"msb" => [ "d", "p", "msblob" ],
+ "pvk" => [ "d", "p", "pvk" ],
);
sub tconversion {
my %opts = @_;
@@ -45,8 +46,9 @@ sub tconversion {
+ $n # initial conversions from p to all forms (A)
+ $n*$n # conversion from result of A to all forms (B)
+ 1 # comparing original test file to p form of A
- + $n*($n-1); # comparing first conversion to each fom in A
with B
+ + $n*($n-1); # comparing first conversion to each form in A
with B
$totaltests-- if ($testtype eq "p7d"); # no comparison of original test
file
+ $totaltests -= $n if ($testtype eq "pvk"); # no comparisons of the pvk form
plan tests => $totaltests;
my @cmd = ("openssl", @openssl_args);
@@ -91,7 +93,7 @@ sub tconversion {
}
foreach my $to (@conversionforms) {
- next if $to eq "d";
+ next if $to eq "d" or $to eq "pvk";
foreach my $from (@conversionforms) {
is(cmp_text("$prefix-f.$to", "$prefix-ff.$from$to"), 0,
"comparing $to to $from$to");
