diff options
| author | Matt Caswell <matt@openssl.org> | 2023-07-31 12:32:16 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-08-01 20:08:28 +0200 |
| commit | 0d0791eedff7f0747503d816184810aa093f523e (patch) | |
| tree | f5a4e6fb517a2526816526d6f47c004e1265f96d /crypto/pem | |
| parent | 564e5b754a4680dfad38585dd73bcf025567b448 (diff) | |
The PEM_read_bio_Parameters() function should not ask for a password
The PEM_read_bio_Parameters[_ex] function does not have the capability
of specifying a password callback. We should not use the fallback password
callback in this case because it will attempt to send a prompt for the
password which might not be the correct thing to do. We should just not
use a password in that case.
Fixes #21588
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21603)
Diffstat (limited to 'crypto/pem')
| -rw-r--r-- | crypto/pem/pem_pkey.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 3e76852c67..284b144fd6 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -366,10 +366,19 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, return ret; } +static int no_password_cb(char *buf, int num, int rwflag, void *userdata) +{ + return -1; +} + EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, OSSL_LIB_CTX *libctx, const char *propq) { - return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq, + /* + * PEM_read_bio_Parameters(_ex) should never ask for a password. Any attempt + * to get a password just fails. + */ + return pem_read_bio_key(bp, x, no_password_cb, NULL, libctx, propq, EVP_PKEY_KEY_PARAMETERS); } |