We had the password callback for ENGINEs pretty much wrong. And

passwords that were given to the key loading functions were completely ignored, at least in the ncipher code, and then we made the assumption that the callback wanted a prompt as user argument. All that is now changed, and the application author is forced to give a callback function of type pem_callback_cb and possibly an argument for it, just as for all other functions that want to generate password prompting. NOTE: this change creates binary and source incompatibilities with previous versions of OpenSSL [engine]. It's worth it this time, to get it right (or at least better and with a chance that it'll work).
author: Richard Levitte <levitte@openssl.org> 2001-05-25 21:08:56 +0000
committer: Richard Levitte <levitte@openssl.org> 2001-05-25 21:08:56 +0000
commit: 6c1a3e4f5834a117334a0baa36a1d839e2682cca (patch)
tree: 4fe3e655c1b24ac744201a25862db48840448523 /crypto/engine
parent: 76c919c1a3751df1747fc67620263d663c9b7ba1 (diff)
3 files changed, 32 insertions, 40 deletions
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index 3cb52254ff..dc0b5233c3 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -71,6 +71,7 @@
 #endif
 #include <openssl/rand.h>
 #include <openssl/evp.h>
+#include <openssl/pem.h>
 #include <openssl/symhacks.h>
 
 #ifdef  __cplusplus
@@ -262,7 +263,8 @@ typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
 /* Specific control function pointer */
 typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)());
 /* Generic load_key function pointer */
-typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, const char *);
+typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
+	pem_password_cb *callback, void *callback_data);
 
 /* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
  * structures where the pointers have a "structural reference". This means that
@@ -417,9 +419,9 @@ int ENGINE_finish(ENGINE *e);
  * location, handled by the engine.  The storage may be on a card or
  * whatever. */
 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-	const char *passphrase);
+	pem_password_cb *callback, void *callback_data);
 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-	const char *passphrase);
+	pem_password_cb *callback, void *callback_data);
 
 /* This returns a pointer for the current ENGINE structure that
  * is (by default) performing any RSA operations. The value returned
diff --git a/crypto/engine/engine_lib.c b/crypto/engine/engine_lib.c
index 90eb5cd6d5..05e9d393ad 100644
--- a/crypto/engine/engine_lib.c
+++ b/crypto/engine/engine_lib.c
@@ -232,7 +232,7 @@ int ENGINE_finish(ENGINE *e)
 	}
 
 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-	const char *passphrase)
+	pem_password_cb *callback, void *callback_data)
 	{
 	EVP_PKEY *pkey;
 
@@ -257,7 +257,7 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
 			ENGINE_R_NO_LOAD_FUNCTION);
 		return 0;
 		}
-	pkey = e->load_privkey(e, key_id, passphrase);
+	pkey = e->load_privkey(e, key_id, callback, callback_data);
 	if (!pkey)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
@@ -268,7 +268,7 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
 	}
 
 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-	const char *passphrase)
+	pem_password_cb *callback, void *callback_data)
 	{
 	EVP_PKEY *pkey;
 
@@ -293,7 +293,7 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
 			ENGINE_R_NO_LOAD_FUNCTION);
 		return 0;
 		}
-	pkey = e->load_pubkey(e, key_id, passphrase);
+	pkey = e->load_pubkey(e, key_id, callback, callback_data);
 	if (!pkey)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
diff --git a/crypto/engine/hw_ncipher.c b/crypto/engine/hw_ncipher.c
index 597471ff58..b614b6e202 100644
--- a/crypto/engine/hw_ncipher.c
+++ b/crypto/engine/hw_ncipher.c
@@ -58,6 +58,7 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include "cryptlib.h"
@@ -115,9 +116,9 @@ static int hwcrhk_rand_status(void);
 
 /* KM stuff */
 static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
-	const char *passphrase);
+	pem_password_cb *callback, void *callback_data);
 static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
-	const char *passphrase);
+	pem_password_cb *callback, void *callback_data);
 static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 	int ind,long argl, void *argp);
 
@@ -213,7 +214,8 @@ struct HWCryptoHook_MutexValue
    into HWCryptoHook_PassphraseContext */
 struct HWCryptoHook_PassphraseContextValue
 	{
-	void *any;
+	pem_password_cb *password_callback; /* If != NULL, will be called */
+	void *callback_data;
 	};
 
 /* hwcryptohook.h has some typedefs that turn
@@ -651,7 +653,7 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
 	}
 
 static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
-	const char *passphrase)
+	pem_password_cb *callback, void *callback_data)
 	{
 #ifndef OPENSSL_NO_RSA
 	RSA *rtmp = NULL;
@@ -664,6 +666,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
 #if !defined(OPENSSL_NO_RSA)
 	HWCryptoHook_ErrMsgBuf rmsg;
 #endif
+	HWCryptoHook_PassphraseContext ppctx;
 
 	if(!hwcrhk_context)
 		{
@@ -679,8 +682,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
 			ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
+	ppctx.password_callback = callback;
+	ppctx.callback_data = callback_data;
 	if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
-		&rmsg, NULL))
+		&rmsg, &ppctx))
 		{
 		ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
 			ENGINE_R_CHIL_ERROR);
@@ -747,12 +752,12 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
 	}
 
 static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
-	const char *passphrase)
+	pem_password_cb *callback, void *callback_data)
 	{
 	EVP_PKEY *res = NULL;
 
 #ifndef OPENSSL_NO_RSA
-        res = hwcrhk_load_privkey(eng, key_id, passphrase);
+        res = hwcrhk_load_privkey(eng, key_id, callback, callback_data);
 #endif
 
 	if (res)
@@ -1079,38 +1084,23 @@ static int hwcrhk_get_pass(const char *prompt_info,
 	HWCryptoHook_PassphraseContext *ppctx,
 	HWCryptoHook_CallerContext *cactx)
 	{
-	int l = 0;
-	char prompt[1024];
+	pem_password_cb *callback = password_callback;
+	void *callback_data = NULL;
 
-	if (password_callback == NULL)
+	if (ppctx)
 		{
-		ENGINEerr(ENGINE_F_HWCRHK_GET_PASS,ENGINE_R_NO_CALLBACK);
-		return -1;
+		if (ppctx->password_callback)
+			callback = ppctx->password_callback;
+		if (ppctx->callback_data)
+			callback_data = ppctx->callback_data;
 		}
-	if (prompt_info)
+	if (callback == NULL)
 		{
-		strncpy(prompt, "Card: \"", sizeof(prompt));
-		l += 5;
-		strncpy(prompt + l, prompt_info, sizeof(prompt) - l);
-		l += strlen(prompt_info);
-		if (l + 2 < sizeof(prompt))
-			{
-			strncpy(prompt + l, "\"\n", sizeof(prompt) - l);
-			l += 2;
-			}
-		}
-	if (l < sizeof(prompt) - 1)
-		{
-		strncpy(prompt, "Enter Passphrase <enter to cancel>:",
-			sizeof(prompt) - l);
-		l += 35;
+		ENGINEerr(ENGINE_F_HWCRHK_GET_PASS,ENGINE_R_NO_CALLBACK);
+		return -1;
 		}
-	prompt[l] = '\0';
 
-	/* I know, passing on the prompt instead of the user data *is*
-	   a bad thing.  However, that's all we have right now.
-	   --  Richard Levitte */
-	*len_io = password_callback(buf, *len_io, 0, prompt);
+	*len_io = callback(buf, *len_io, 0, callback_data);
 	if(!*len_io)
 		return -1;
 	return 0;
author	Richard Levitte <levitte@openssl.org>	2001-05-25 21:08:56 +0000
committer	Richard Levitte <levitte@openssl.org>	2001-05-25 21:08:56 +0000
commit	6c1a3e4f5834a117334a0baa36a1d839e2682cca (patch)
tree	4fe3e655c1b24ac744201a25862db48840448523 /crypto/engine
parent	76c919c1a3751df1747fc67620263d663c9b7ba1 (diff)