diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-06-29 16:24:59 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-07-02 15:33:34 +0200 |
| commit | 66a7c9f34b46edd462d647ae2febe8276bb9b4f7 (patch) | |
| tree | dff5f1d161135e8fe7022cf601a60d661dcdf2ed /crypto/pem | |
| parent | fbbd425336144455f4a976acd7b890352ef7ed38 (diff) | |
pem_read_bio_key: Add passphrase caching to avoid asking for password twice
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)
Diffstat (limited to 'crypto/pem')
| -rw-r--r-- | crypto/pem/pem_pkey.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 4a029daa95..f9346486dd 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -11,7 +11,6 @@ #define OPENSSL_SUPPRESS_DEPRECATED #include <stdio.h> -#include "internal/cryptlib.h" #include <openssl/buffer.h> #include <openssl/objects.h> #include <openssl/evp.h> @@ -22,6 +21,8 @@ #include <openssl/dh.h> #include <openssl/decoder.h> #include <openssl/ui.h> +#include "internal/cryptlib.h" +#include "internal/passphrase.h" #include "crypto/asn1.h" #include "crypto/x509.h" #include "crypto/evp.h" @@ -208,9 +209,10 @@ static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x, const char *propq, int selection) { - EVP_PKEY *ret; + EVP_PKEY *ret = NULL; BIO *new_bio = NULL; int pos; + struct ossl_passphrase_data_st pwdata = { 0 }; if ((pos = BIO_tell(bp)) < 0) { new_bio = BIO_new(BIO_f_readbuffer()); @@ -220,17 +222,28 @@ static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x, pos = BIO_tell(bp); } + if (cb == NULL) + cb = PEM_def_callback; + + if (!ossl_pw_set_pem_password_cb(&pwdata, cb, u) + || !ossl_pw_enable_passphrase_caching(&pwdata)) + goto err; + ERR_set_mark(); - ret = pem_read_bio_key_decoder(bp, x, cb, u, libctx, propq, selection); + ret = pem_read_bio_key_decoder(bp, x, ossl_pw_pem_password, &pwdata, + libctx, propq, selection); if (ret == NULL && (BIO_seek(bp, pos) < 0 - || (ret = pem_read_bio_key_legacy(bp, x, cb, u, + || (ret = pem_read_bio_key_legacy(bp, x, + ossl_pw_pem_password, &pwdata, libctx, propq, selection)) == NULL)) ERR_clear_last_mark(); else ERR_pop_to_mark(); + err: + ossl_pw_clear_passphrase_data(&pwdata); if (new_bio != NULL) { BIO_pop(new_bio); BIO_free(new_bio); |